package org.apache.cxf.rs.security.oauth2.provider;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.MessageBodyReader;
import javax.ws.rs.ext.MessageBodyWriter;
import javax.ws.rs.ext.Provider;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.common.TokenIntrospection;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;

@Produces({MediaType.APPLICATION_JSON})
@Provider
@Consumes({MediaType.APPLICATION_JSON})
/* loaded from: input_file:lib/cxf-rt-rs-security-oauth2-3.2.7.jar:org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.class */
public class OAuthJSONProvider implements MessageBodyWriter<Object>, MessageBodyReader<Object> {
    @Override // javax.ws.rs.ext.MessageBodyWriter
    public long getSize(Object obj, Class<?> cls, Type type, Annotation[] annotationArr, MediaType mediaType) {
        return -1L;
    }

    @Override // javax.ws.rs.ext.MessageBodyWriter
    public boolean isWriteable(Class<?> cls, Type type, Annotation[] annotationArr, MediaType mediaType) {
        return cls == ClientAccessToken.class || cls == OAuthError.class || cls == TokenIntrospection.class;
    }

    @Override // javax.ws.rs.ext.MessageBodyWriter
    public void writeTo(Object obj, Class<?> cls, Type type, Annotation[] annotationArr, MediaType mediaType, MultivaluedMap<String, Object> multivaluedMap, OutputStream outputStream) throws IOException, WebApplicationException {
        if (obj instanceof ClientAccessToken) {
            writeAccessToken((ClientAccessToken) obj, outputStream);
        } else if (obj instanceof TokenIntrospection) {
            writeTokenIntrospection((TokenIntrospection) obj, outputStream);
        } else {
            writeOAuthError((OAuthError) obj, outputStream);
        }
    }

    private void writeTokenIntrospection(TokenIntrospection tokenIntrospection, OutputStream outputStream) throws IOException {
        StringBuilder sb = new StringBuilder();
        sb.append("{");
        appendJsonPair(sb, "active", Boolean.valueOf(tokenIntrospection.isActive()), false);
        if (tokenIntrospection.isActive()) {
            if (tokenIntrospection.getClientId() != null) {
                sb.append(",");
                appendJsonPair(sb, "client_id", tokenIntrospection.getClientId());
            }
            if (tokenIntrospection.getUsername() != null) {
                sb.append(",");
                appendJsonPair(sb, OAuthConstants.RESOURCE_OWNER_NAME, tokenIntrospection.getUsername());
            }
            if (tokenIntrospection.getTokenType() != null) {
                sb.append(",");
                appendJsonPair(sb, OAuthConstants.ACCESS_TOKEN_TYPE, tokenIntrospection.getTokenType());
            }
            if (tokenIntrospection.getScope() != null) {
                sb.append(",");
                appendJsonPair(sb, "scope", tokenIntrospection.getScope());
            }
            if (!StringUtils.isEmpty(tokenIntrospection.getAud())) {
                sb.append(",");
                if (tokenIntrospection.getAud().size() == 1) {
                    appendJsonPair(sb, JwtConstants.CLAIM_AUDIENCE, tokenIntrospection.getAud().get(0));
                } else {
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append("[");
                    List<String> aud = tokenIntrospection.getAud();
                    for (int i = 0; i < aud.size(); i++) {
                        if (i > 0) {
                            sb2.append(",");
                        }
                        sb2.append("\"").append(aud.get(i)).append("\"");
                    }
                    sb2.append("]");
                    appendJsonPair(sb, JwtConstants.CLAIM_AUDIENCE, sb2.toString(), false);
                }
            }
            if (tokenIntrospection.getIss() != null) {
                sb.append(",");
                appendJsonPair(sb, JwtConstants.CLAIM_ISSUER, tokenIntrospection.getIss());
            }
            sb.append(",");
            appendJsonPair(sb, JwtConstants.CLAIM_ISSUED_AT, tokenIntrospection.getIat(), false);
            if (tokenIntrospection.getExp() != null) {
                sb.append(",");
                appendJsonPair(sb, JwtConstants.CLAIM_EXPIRY, tokenIntrospection.getExp(), false);
            }
            if (!tokenIntrospection.getExtensions().isEmpty()) {
                for (Map.Entry<String, String> entry : tokenIntrospection.getExtensions().entrySet()) {
                    sb.append(",");
                    if ("x5t#S256".equals(entry.getKey())) {
                        StringBuilder sb3 = new StringBuilder();
                        sb3.append("{");
                        appendJsonPair(sb3, entry.getKey(), entry.getValue());
                        sb3.append("}");
                        appendJsonPair(sb, JwtConstants.CLAIM_CONFIRMATION, sb3.toString(), false);
                    } else {
                        appendJsonPair(sb, entry.getKey(), entry.getValue());
                    }
                }
            }
        }
        sb.append("}");
        outputStream.write(sb.toString().getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
    }

    private void writeOAuthError(OAuthError oAuthError, OutputStream outputStream) throws IOException {
        StringBuilder sb = new StringBuilder();
        sb.append("{");
        appendJsonPair(sb, "error", oAuthError.getError());
        if (oAuthError.getErrorDescription() != null) {
            sb.append(",");
            appendJsonPair(sb, OAuthConstants.ERROR_DESCRIPTION_KEY, oAuthError.getErrorDescription());
        }
        if (oAuthError.getErrorUri() != null) {
            sb.append(",");
            appendJsonPair(sb, OAuthConstants.ERROR_URI_KEY, oAuthError.getErrorUri());
        }
        sb.append("}");
        outputStream.write(sb.toString().getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
    }

    private void writeAccessToken(ClientAccessToken clientAccessToken, OutputStream outputStream) throws IOException {
        StringBuilder sb = new StringBuilder();
        sb.append("{");
        appendJsonPair(sb, OAuthConstants.ACCESS_TOKEN, clientAccessToken.getTokenKey());
        sb.append(",");
        appendJsonPair(sb, OAuthConstants.ACCESS_TOKEN_TYPE, clientAccessToken.getTokenType());
        if (clientAccessToken.getExpiresIn() != -1) {
            sb.append(",");
            appendJsonPair(sb, OAuthConstants.ACCESS_TOKEN_EXPIRES_IN, Long.valueOf(clientAccessToken.getExpiresIn()), false);
        }
        if (clientAccessToken.getApprovedScope() != null) {
            sb.append(",");
            appendJsonPair(sb, "scope", clientAccessToken.getApprovedScope());
        }
        if (clientAccessToken.getRefreshToken() != null) {
            sb.append(",");
            appendJsonPair(sb, "refresh_token", clientAccessToken.getRefreshToken());
        }
        for (Map.Entry<String, String> entry : clientAccessToken.getParameters().entrySet()) {
            sb.append(",");
            appendJsonPair(sb, entry.getKey(), entry.getValue());
        }
        sb.append("}");
        outputStream.write(sb.toString().getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
    }

    private void appendJsonPair(StringBuilder sb, String str, Object obj) {
        appendJsonPair(sb, str, obj, true);
    }

    private void appendJsonPair(StringBuilder sb, String str, Object obj, boolean z) {
        sb.append("\"").append(str).append("\"");
        sb.append(":");
        if (z) {
            sb.append("\"");
        }
        sb.append(obj);
        if (z) {
            sb.append("\"");
        }
    }

    @Override // javax.ws.rs.ext.MessageBodyReader
    public boolean isReadable(Class<?> cls, Type type, Annotation[] annotationArr, MediaType mediaType) {
        return Map.class.isAssignableFrom(cls) || ClientAccessToken.class.isAssignableFrom(cls) || TokenIntrospection.class.isAssignableFrom(cls);
    }

    @Override // javax.ws.rs.ext.MessageBodyReader
    public Object readFrom(Class<Object> cls, Type type, Annotation[] annotationArr, MediaType mediaType, MultivaluedMap<String, String> multivaluedMap, InputStream inputStream) throws IOException, WebApplicationException {
        if (TokenIntrospection.class.isAssignableFrom(cls)) {
            return fromMapToTokenIntrospection(inputStream);
        }
        Map<String, String> readJSONResponse = readJSONResponse(inputStream);
        if (Map.class.isAssignableFrom(cls)) {
            return readJSONResponse;
        }
        ClientAccessToken fromMapToClientToken = OAuthClientUtils.fromMapToClientToken(readJSONResponse);
        if (fromMapToClientToken == null) {
            throw new WebApplicationException(500);
        }
        return fromMapToClientToken;
    }

    private Object fromMapToTokenIntrospection(InputStream inputStream) throws IOException {
        String str;
        TokenIntrospection tokenIntrospection = new TokenIntrospection();
        Map<String, Object> fromJson = new JsonMapObjectReaderWriter().fromJson(inputStream);
        tokenIntrospection.setActive(((Boolean) fromJson.get("active")).booleanValue());
        String str2 = (String) fromJson.get("client_id");
        if (str2 != null) {
            tokenIntrospection.setClientId(str2);
        }
        String str3 = (String) fromJson.get(OAuthConstants.RESOURCE_OWNER_NAME);
        if (str3 != null) {
            tokenIntrospection.setUsername(str3);
        }
        String str4 = (String) fromJson.get("scope");
        if (str4 != null) {
            tokenIntrospection.setScope(str4);
        }
        String str5 = (String) fromJson.get(OAuthConstants.ACCESS_TOKEN_TYPE);
        if (str5 != null) {
            tokenIntrospection.setTokenType(str5);
        }
        Object obj = fromJson.get(JwtConstants.CLAIM_AUDIENCE);
        if (obj != null) {
            if (obj.getClass() == String.class) {
                tokenIntrospection.setAud(Collections.singletonList((String) obj));
            } else {
                tokenIntrospection.setAud((List) obj);
            }
        }
        String str6 = (String) fromJson.get(JwtConstants.CLAIM_ISSUER);
        if (str6 != null) {
            tokenIntrospection.setIss(str6);
        }
        Long l = (Long) fromJson.get(JwtConstants.CLAIM_ISSUED_AT);
        if (l != null) {
            tokenIntrospection.setIat(l);
        }
        Long l2 = (Long) fromJson.get(JwtConstants.CLAIM_EXPIRY);
        if (l2 != null) {
            tokenIntrospection.setExp(l2);
        }
        Map cast = CastUtils.cast((Map<?, ?>) fromJson.get(JwtConstants.CLAIM_CONFIRMATION));
        if (cast != null && (str = (String) cast.get("x5t#S256")) != null) {
            tokenIntrospection.getExtensions().put("x5t#S256", str);
        }
        return tokenIntrospection;
    }

    public Map<String, String> readJSONResponse(InputStream inputStream) throws IOException {
        String trim = IOUtils.readStringFromStream(inputStream).trim();
        if (trim.length() == 0) {
            return Collections.emptyMap();
        }
        if (!trim.startsWith("{") || !trim.endsWith("}")) {
            throw new IOException("JSON Sequence is broken");
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str : trim.substring(1, trim.length() - 1).trim().split(",")) {
            String trim2 = str.trim();
            if (trim2.length() != 0) {
                int indexOf = trim2.indexOf(":");
                String trim3 = trim2.substring(0, indexOf).trim();
                if (trim3.startsWith("\"") && trim3.endsWith("\"")) {
                    trim3 = trim3.substring(1, trim3.length() - 1);
                }
                String trim4 = trim2.substring(indexOf + 1).trim();
                if (trim4.startsWith("\"") && trim4.endsWith("\"")) {
                    trim4 = trim4.substring(1, trim4.length() - 1);
                }
                linkedHashMap.put(trim3, trim4);
            }
        }
        return linkedHashMap;
    }
}
