package net.krotscheck.kangaroo.authz.oauth2.resource.token;

import java.math.BigInteger;
import java.net.URI;
import java.util.List;
import javax.inject.Inject;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriBuilder;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.oauth2.resource.TokenResponseEntity;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.process.internal.RequestScoped;
import org.hibernate.Session;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/token/AuthorizationCodeGrantHandler.class */
public final class AuthorizationCodeGrantHandler implements ITokenRequestHandler {
    private final Session session;

    /* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/token/AuthorizationCodeGrantHandler$Binder.class */
    public static final class Binder extends AbstractBinder {
        protected void configure() {
            bind(AuthorizationCodeGrantHandler.class).to(ITokenRequestHandler.class).named("authorization_code").in(RequestScoped.class);
        }
    }

    @Inject
    public AuthorizationCodeGrantHandler(Session session) {
        this.session = session;
    }

    @Override // net.krotscheck.kangaroo.authz.oauth2.resource.token.ITokenRequestHandler
    public TokenResponseEntity handle(Client client, MultivaluedMap<String, String> multivaluedMap) {
        if (!client.getType().equals(ClientType.AuthorizationGrant)) {
            throw new RFC6749.InvalidGrantException();
        }
        try {
            BigInteger fromString = IdUtil.fromString(getOne(multivaluedMap, "code"));
            URI build = UriBuilder.fromUri(getOne(multivaluedMap, "redirect_uri")).build(new Object[0]);
            OAuthToken oAuthToken = (OAuthToken) this.session.get(OAuthToken.class, fromString);
            if (oAuthToken == null) {
                throw new RFC6749.InvalidGrantException();
            }
            if (oAuthToken.isExpired()) {
                throw new RFC6749.InvalidGrantException();
            }
            if (!oAuthToken.getClient().equals(client)) {
                throw new RFC6749.InvalidGrantException();
            }
            if (!build.equals(oAuthToken.getRedirect())) {
                throw new RFC6749.InvalidGrantException();
            }
            String str = (String) multivaluedMap.getFirst("state");
            OAuthToken oAuthToken2 = new OAuthToken();
            oAuthToken2.setClient(client);
            oAuthToken2.setTokenType(OAuthTokenType.Bearer);
            oAuthToken2.setExpiresIn(client.getAccessTokenExpireIn());
            oAuthToken2.setScopes(oAuthToken.getScopes());
            oAuthToken2.setIdentity(oAuthToken.getIdentity());
            OAuthToken oAuthToken3 = new OAuthToken();
            oAuthToken3.setClient(client);
            oAuthToken3.setTokenType(OAuthTokenType.Refresh);
            oAuthToken3.setExpiresIn(client.getRefreshTokenExpireIn());
            oAuthToken3.setScopes(oAuthToken.getScopes());
            oAuthToken3.setAuthToken(oAuthToken2);
            oAuthToken3.setIdentity(oAuthToken.getIdentity());
            this.session.save(oAuthToken2);
            this.session.save(oAuthToken3);
            this.session.delete(oAuthToken);
            return TokenResponseEntity.factory(oAuthToken2, oAuthToken3, str);
        } catch (IllegalArgumentException | NullPointerException e) {
            throw new RFC6749.InvalidGrantException();
        }
    }

    private String getOne(MultivaluedMap<String, String> multivaluedMap, String str) {
        List list = (List) multivaluedMap.get(str);
        if (list == null) {
            throw new RFC6749.InvalidRequestException();
        }
        if (list.size() != 1) {
            throw new RFC6749.InvalidRequestException();
        }
        return (String) list.get(0);
    }
}
