package net.krotscheck.kangaroo.authz.oauth2.resource;

import java.net.URI;
import javax.annotation.security.PermitAll;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.database.entity.Authenticator;
import net.krotscheck.kangaroo.authz.common.database.entity.AuthenticatorState;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.util.ValidationUtil;
import net.krotscheck.kangaroo.authz.oauth2.authn.annotation.OAuthFilterChain;
import net.krotscheck.kangaroo.authz.oauth2.authn.factory.CredentialsFactory;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.oauth2.exception.RedirectingException;
import net.krotscheck.kangaroo.authz.oauth2.resource.authorize.IAuthorizeHandler;
import net.krotscheck.kangaroo.common.exception.KangarooException;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.common.hibernate.transaction.Transactional;
import org.glassfish.jersey.internal.inject.InjectionManager;
import org.hibernate.Session;
import org.jvnet.hk2.annotations.Optional;

@Transactional
@Path("/authorize")
@PermitAll
/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/AuthorizationService.class */
public final class AuthorizationService {
    private final Session session;
    private final CredentialsFactory.Credentials credentials;
    private final InjectionManager injector;

    @Inject
    public AuthorizationService(Session session, CredentialsFactory.Credentials credentials, InjectionManager injectionManager) {
        this.session = session;
        this.credentials = credentials;
        this.injector = injectionManager;
    }

    @GET
    @Produces({"application/json"})
    @OAuthFilterChain
    public Response authorizationRequest(@Context UriInfo uriInfo, @Context HttpServletRequest httpServletRequest, @Optional @QueryParam("authenticator") AuthenticatorType authenticatorType, @Optional @QueryParam("response_type") String str, @Optional @QueryParam("redirect_uri") String str2, @Optional @QueryParam("scope") String str3, @Optional @QueryParam("state") String str4) {
        HttpSession session = httpServletRequest.getSession(true);
        Client client = (Client) this.session.get(Client.class, this.credentials.getLogin());
        URI requireValidRedirect = ValidationUtil.requireValidRedirect(str2, client.getRedirects());
        try {
            ValidationUtil.validateResponseType(client, str);
            Authenticator validateAuthenticator = ValidationUtil.validateAuthenticator(authenticatorType, client.getAuthenticators());
            Client client2 = validateAuthenticator.getClient();
            Response handle = ((IAuthorizeHandler) this.injector.getInstance(IAuthorizeHandler.class, client2.getType().toString())).handle(uriInfo, session, validateAuthenticator, requireValidRedirect, ValidationUtil.validateScope(str3, client.getApplication().getScopes()), str4);
            httpServletRequest.changeSessionId();
            return handle;
        } catch (KangarooException e) {
            throw new RedirectingException(e, requireValidRedirect, client.getType());
        }
    }

    @GET
    @Produces({"application/json"})
    @Path("/callback")
    public Response authorizationCallback(@Context UriInfo uriInfo, @Context HttpServletRequest httpServletRequest, @Optional @QueryParam("state") @DefaultValue("") String str) {
        HttpSession session = httpServletRequest.getSession(true);
        AuthenticatorState authenticatorState = getAuthenticatorState(str);
        Client client = authenticatorState.getAuthenticator().getClient();
        try {
            IAuthorizeHandler iAuthorizeHandler = (IAuthorizeHandler) this.injector.getInstance(IAuthorizeHandler.class, client.getType().toString());
            if (iAuthorizeHandler == null) {
                throw new RFC6749.InvalidRequestException();
            }
            Response callback = iAuthorizeHandler.callback(authenticatorState, session, uriInfo);
            httpServletRequest.changeSessionId();
            return callback;
        } catch (KangarooException e) {
            throw new RedirectingException(e, authenticatorState.getClientRedirect(), client.getType());
        }
    }

    private AuthenticatorState getAuthenticatorState(String str) {
        try {
            AuthenticatorState authenticatorState = (AuthenticatorState) this.session.get(AuthenticatorState.class, IdUtil.fromString(str));
            if (authenticatorState == null) {
                throw new RFC6749.InvalidRequestException();
            }
            return authenticatorState;
        } catch (Exception e) {
            throw new RFC6749.InvalidRequestException();
        }
    }
}
