package net.krotscheck.kangaroo.authz.oauth2.resource.authorize;

import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.SortedMap;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import net.krotscheck.kangaroo.authz.common.authenticator.IAuthenticator;
import net.krotscheck.kangaroo.authz.common.database.entity.ApplicationScope;
import net.krotscheck.kangaroo.authz.common.database.entity.Authenticator;
import net.krotscheck.kangaroo.authz.common.database.entity.AuthenticatorState;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.authz.common.database.entity.UserIdentity;
import net.krotscheck.kangaroo.authz.common.util.ValidationUtil;
import net.krotscheck.kangaroo.authz.oauth2.authn.factory.CredentialsFactory;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.message.BasicNameValuePair;
import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.internal.inject.InjectionManager;
import org.glassfish.jersey.process.internal.RequestScoped;
import org.hibernate.Session;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/authorize/ImplicitHandler.class */
public final class ImplicitHandler implements IAuthorizeHandler {
    private final InjectionManager injector;
    private final Session session;
    private final CredentialsFactory.Credentials credentials;

    /* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/authorize/ImplicitHandler$Binder.class */
    public static final class Binder extends AbstractBinder {
        protected void configure() {
            bind(ImplicitHandler.class).to(IAuthorizeHandler.class).named(ClientType.Implicit.name()).in(RequestScoped.class);
        }
    }

    @Inject
    public ImplicitHandler(InjectionManager injectionManager, Session session, CredentialsFactory.Credentials credentials) {
        this.injector = injectionManager;
        this.session = session;
        this.credentials = credentials;
    }

    @Override // net.krotscheck.kangaroo.authz.oauth2.resource.authorize.IAuthorizeHandler
    public IAuthenticator getAuthenticator(AuthenticatorState authenticatorState) {
        return (IAuthenticator) this.injector.getInstance(IAuthenticator.class, authenticatorState.getAuthenticator().getType().name());
    }

    @Override // net.krotscheck.kangaroo.authz.oauth2.resource.authorize.IAuthorizeHandler
    public Response handle(UriInfo uriInfo, HttpSession httpSession, Authenticator authenticator, URI uri, SortedMap<String, ApplicationScope> sortedMap, String str) {
        List<OAuthToken> contextToken = getContextToken(httpSession);
        if (contextToken.size() == 1) {
            return handleRefresh(contextToken.get(0), httpSession, uri, sortedMap, str);
        }
        if (contextToken.size() > 1) {
            Session session = this.session;
            session.getClass();
            contextToken.forEach((v1) -> {
                r1.delete(v1);
            });
        }
        return handleIssue(uriInfo, authenticator, uri, sortedMap, str);
    }

    private Response handleIssue(UriInfo uriInfo, Authenticator authenticator, URI uri, SortedMap<String, ApplicationScope> sortedMap, String str) {
        IAuthenticator iAuthenticator = (IAuthenticator) this.injector.getInstance(IAuthenticator.class, authenticator.getType().name());
        AuthenticatorState authenticatorState = new AuthenticatorState();
        authenticatorState.setClientState(str);
        authenticatorState.setClientScopes(sortedMap);
        authenticatorState.setClientRedirect(uri);
        authenticatorState.setAuthenticator(authenticator);
        this.session.save(authenticatorState);
        return iAuthenticator.delegate(authenticator, buildCallback(uriInfo, authenticatorState));
    }

    private Response handleRefresh(OAuthToken oAuthToken, HttpSession httpSession, URI uri, SortedMap<String, ApplicationScope> sortedMap, String str) {
        OAuthToken buildBearerToken = buildBearerToken(oAuthToken.getClient(), oAuthToken.getIdentity(), ValidationUtil.revalidateScope(String.join(" ", sortedMap.keySet()), oAuthToken.getScopes(), oAuthToken.getIdentity().getUser().getRole()), uri);
        OAuthToken buildRefreshToken = buildRefreshToken(buildBearerToken);
        net.krotscheck.kangaroo.authz.common.database.entity.HttpSession dbSession = getDbSession(httpSession);
        dbSession.getRefreshTokens().remove(oAuthToken);
        oAuthToken.setHttpSession(null);
        dbSession.getRefreshTokens().add(buildRefreshToken);
        buildRefreshToken.setHttpSession(dbSession);
        this.session.save(buildBearerToken);
        this.session.save(buildRefreshToken);
        if (oAuthToken.getAuthToken() != null) {
            this.session.delete(oAuthToken.getAuthToken());
        }
        this.session.delete(oAuthToken);
        this.session.getTransaction().commit();
        return buildRedirectResponse(uri, str, buildBearerToken);
    }

    @Override // net.krotscheck.kangaroo.authz.oauth2.resource.authorize.IAuthorizeHandler
    public Response callback(AuthenticatorState authenticatorState, HttpSession httpSession, UriInfo uriInfo) {
        UserIdentity authenticate = getAuthenticator(authenticatorState).authenticate(authenticatorState.getAuthenticator(), uriInfo.getPathParameters(), buildCallback(uriInfo, authenticatorState));
        OAuthToken buildBearerToken = buildBearerToken(authenticatorState.getAuthenticator().getClient(), authenticate, ValidationUtil.validateScope(authenticatorState.getClientScopes(), authenticate.getUser().getRole()), authenticatorState.getClientRedirect());
        OAuthToken buildRefreshToken = buildRefreshToken(buildBearerToken);
        buildRefreshToken.setHttpSession(getDbSession(httpSession));
        this.session.delete(authenticatorState);
        this.session.save(buildBearerToken);
        this.session.save(buildRefreshToken);
        this.session.getTransaction().commit();
        return buildRedirectResponse(authenticatorState.getClientRedirect(), authenticatorState.getClientState(), buildBearerToken);
    }

    private Response buildRedirectResponse(URI uri, String str, OAuthToken oAuthToken) {
        UriBuilder fromUri = UriBuilder.fromUri(uri);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("access_token", IdUtil.toString(oAuthToken.getId())));
        arrayList.add(new BasicNameValuePair("token_type", oAuthToken.getTokenType().toString()));
        arrayList.add(new BasicNameValuePair("expires_in", String.valueOf(oAuthToken.getExpiresIn())));
        if (!StringUtils.isEmpty(str)) {
            arrayList.add(new BasicNameValuePair("state", str));
        }
        if (oAuthToken.getScopes().size() > 0) {
            arrayList.add(new BasicNameValuePair("scope", (String) oAuthToken.getScopes().values().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.joining(" "))));
        }
        fromUri.fragment(URLEncodedUtils.format(arrayList, "UTF-8"));
        return Response.status(Response.Status.FOUND).location(fromUri.build(new Object[0])).build();
    }

    private OAuthToken buildBearerToken(Client client, UserIdentity userIdentity, SortedMap<String, ApplicationScope> sortedMap, URI uri) {
        OAuthToken oAuthToken = new OAuthToken();
        oAuthToken.setClient(client);
        oAuthToken.setTokenType(OAuthTokenType.Bearer);
        oAuthToken.setExpiresIn(client.getAccessTokenExpireIn());
        oAuthToken.setScopes(sortedMap);
        oAuthToken.setIdentity(userIdentity);
        oAuthToken.setRedirect(uri);
        return oAuthToken;
    }

    private OAuthToken buildRefreshToken(OAuthToken oAuthToken) {
        Client client = oAuthToken.getClient();
        OAuthToken oAuthToken2 = new OAuthToken();
        oAuthToken2.setClient(client);
        oAuthToken2.setTokenType(OAuthTokenType.Refresh);
        oAuthToken2.setExpiresIn(client.getRefreshTokenExpireIn());
        oAuthToken2.setScopes(oAuthToken.getScopes());
        oAuthToken2.setIdentity(oAuthToken.getIdentity());
        oAuthToken2.setAuthToken(oAuthToken);
        oAuthToken2.setRedirect(oAuthToken.getRedirect());
        return oAuthToken2;
    }

    private net.krotscheck.kangaroo.authz.common.database.entity.HttpSession getDbSession(HttpSession httpSession) {
        return (net.krotscheck.kangaroo.authz.common.database.entity.HttpSession) this.session.get(net.krotscheck.kangaroo.authz.common.database.entity.HttpSession.class, IdUtil.fromString(httpSession.getId()));
    }

    private List<OAuthToken> getContextToken(HttpSession httpSession) {
        net.krotscheck.kangaroo.authz.common.database.entity.HttpSession dbSession = getDbSession(httpSession);
        Client client = (Client) this.session.get(Client.class, this.credentials.getLogin());
        return (List) dbSession.getRefreshTokens().stream().filter(oAuthToken -> {
            return oAuthToken.getClient().equals(client);
        }).filter(oAuthToken2 -> {
            return oAuthToken2.getTokenType().equals(OAuthTokenType.Refresh);
        }).filter(oAuthToken3 -> {
            return !oAuthToken3.isExpired();
        }).collect(Collectors.toList());
    }
}
