package pro.fessional.wings.warlock.service.auth.impl;

import java.time.Duration;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import lombok.Generated;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import pro.fessional.wings.warlock.security.SafeHttpHelper;
import pro.fessional.wings.warlock.service.auth.WarlockOauthService;
import pro.fessional.wings.warlock.service.auth.WarlockTicketService;

/* loaded from: input_file:pro/fessional/wings/warlock/service/auth/impl/WarlockOauthServiceImpl.class */
public class WarlockOauthServiceImpl implements WarlockOauthService {
    protected Duration authCodeTtl;
    protected Duration accessTokenTtl;
    protected WarlockTicketService warlockTicketService;
    private final Pattern scopeSplitter = Pattern.compile("[ ,;]+");

    @Override // pro.fessional.wings.warlock.service.auth.WarlockOauthService
    @NotNull
    public WarlockOauthService.OAuth authorizeCode(@NotNull String str, String str2, String str3, String str4) {
        WarlockOauthService.OAuth oAuth = new WarlockOauthService.OAuth();
        WarlockTicketService.Pass findPass = this.warlockTicketService.findPass(str);
        if (findPass == null) {
            oAuth.put(WarlockOauthService.Error, "unauthorized_client");
            oAuth.put(WarlockOauthService.ErrorDescription, "the client is not allowed to request an authorization code");
            return oAuth;
        }
        if (!checkScope(findPass.getScopes(), str2)) {
            oAuth.put(WarlockOauthService.Error, "invalid_scope");
            oAuth.put(WarlockOauthService.ErrorDescription, "the requested scope is invalid or unknown");
            return oAuth;
        }
        if (!checkRedirect(findPass.getHosts(), str3)) {
            oAuth.put(WarlockOauthService.Error, "invalid_redirect");
            oAuth.put(WarlockOauthService.ErrorDescription, "the redirect_uri is invalid");
            return oAuth;
        }
        WarlockTicketService.SimpleTerm simpleTerm = new WarlockTicketService.SimpleTerm();
        simpleTerm.setType(1);
        simpleTerm.setUserId(findPass.getUserId());
        simpleTerm.setScopes(str2);
        simpleTerm.setClientId(str);
        if (str4 != null) {
            simpleTerm.setSessionId(str4);
        }
        oAuth.put(WarlockOauthService.Code, this.warlockTicketService.encode(simpleTerm, this.authCodeTtl));
        oAuth.put(WarlockOauthService.ExpireIn, Long.valueOf(this.authCodeTtl.toSeconds()));
        return oAuth;
    }

    protected boolean checkScope(Set<String> set, String str) {
        if (set.isEmpty()) {
            return true;
        }
        if (str == null) {
            return false;
        }
        for (String str2 : this.scopeSplitter.split(str)) {
            if (!set.contains(str2)) {
                return false;
            }
        }
        return true;
    }

    protected boolean checkRedirect(Set<String> set, String str) {
        if (str == null || str.isEmpty()) {
            return true;
        }
        return SafeHttpHelper.isSafeRedirect(str, set);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v36, types: [pro.fessional.wings.warlock.service.auth.WarlockTicketService$Term] */
    @Override // pro.fessional.wings.warlock.service.auth.WarlockOauthService
    @NotNull
    public WarlockOauthService.OAuth accessToken(@NotNull String str, @NotNull String str2, String str3) {
        WarlockTicketService.SimpleTerm simpleTerm;
        WarlockTicketService.Pass findPass;
        boolean z;
        WarlockOauthService.OAuth oAuth = new WarlockOauthService.OAuth();
        if (str3 == null || str3.isEmpty()) {
            simpleTerm = new WarlockTicketService.SimpleTerm();
            findPass = this.warlockTicketService.findPass(str);
            z = true;
        } else {
            simpleTerm = this.warlockTicketService.decode(str3);
            if (simpleTerm == null) {
                oAuth.put(WarlockOauthService.Error, "invalid_request");
                oAuth.put(WarlockOauthService.ErrorDescription, "invalid ticket");
                return oAuth;
            }
            findPass = this.warlockTicketService.findPass(str);
            z = false;
        }
        if (findPass == null || !Objects.equals(str2, findPass.getSecret()) || !Objects.equals(str, findPass.getClient())) {
            oAuth.put(WarlockOauthService.Error, "invalid_client");
            oAuth.put(WarlockOauthService.ErrorDescription, "Client authentication failed");
            return oAuth;
        }
        simpleTerm.setType(2);
        if (z) {
            simpleTerm.setUserId(findPass.getUserId());
            simpleTerm.setClientId(findPass.getClient());
            simpleTerm.setScopes(String.join(" ", findPass.getScopes()));
        }
        oAuth.put(WarlockOauthService.AccessToken, this.warlockTicketService.encode(simpleTerm, this.accessTokenTtl));
        oAuth.put(WarlockOauthService.ExpireIn, Long.valueOf(this.accessTokenTtl.toSeconds()));
        oAuth.put(WarlockOauthService.Scope, simpleTerm.getScopes());
        return oAuth;
    }

    @Override // pro.fessional.wings.warlock.service.auth.WarlockOauthService
    @NotNull
    public WarlockOauthService.OAuth revokeToken(@NotNull String str, @NotNull String str2) {
        WarlockOauthService.OAuth oAuth = new WarlockOauthService.OAuth();
        WarlockTicketService.Term decode = this.warlockTicketService.decode(str2);
        if (decode == null || !Objects.equals(str, decode.getClientId())) {
            oAuth.put(WarlockOauthService.Error, "invalid_request");
            oAuth.put(WarlockOauthService.ErrorDescription, "invalid ticket");
        } else {
            this.warlockTicketService.revokeAll(decode.getUserId());
            oAuth.put(WarlockOauthService.AccessToken, "");
            oAuth.put(WarlockOauthService.ExpireIn, 0);
            oAuth.put(WarlockOauthService.Scope, decode.getScopes());
        }
        return oAuth;
    }

    @Generated
    public void setAuthCodeTtl(Duration duration) {
        this.authCodeTtl = duration;
    }

    @Generated
    public void setAccessTokenTtl(Duration duration) {
        this.accessTokenTtl = duration;
    }

    @Generated
    public Duration getAuthCodeTtl() {
        return this.authCodeTtl;
    }

    @Generated
    public Duration getAccessTokenTtl() {
        return this.accessTokenTtl;
    }

    @Generated
    public WarlockTicketService getWarlockTicketService() {
        return this.warlockTicketService;
    }

    @Generated
    public Pattern getScopeSplitter() {
        return this.scopeSplitter;
    }

    @Autowired
    @Generated
    public void setWarlockTicketService(WarlockTicketService warlockTicketService) {
        this.warlockTicketService = warlockTicketService;
    }
}
