package io.corbel.iam.api;

import com.google.common.base.Optional;
import io.corbel.iam.auth.OauthParams;
import io.corbel.iam.exception.InvalidVersionException;
import io.corbel.iam.exception.MissingBasicParamsException;
import io.corbel.iam.exception.MissingOAuthParamsException;
import io.corbel.iam.exception.NoSuchPrincipalException;
import io.corbel.iam.exception.OauthServerConnectionException;
import io.corbel.iam.exception.UnauthorizedException;
import io.corbel.iam.exception.UnauthorizedTimeException;
import io.corbel.iam.model.GrantType;
import io.corbel.iam.model.TokenGrant;
import io.corbel.iam.model.TokenUpgradeGrant;
import io.corbel.iam.service.AuthorizationService;
import io.corbel.iam.service.UpgradeTokenService;
import io.corbel.iam.utils.TokenCookieFactory;
import io.corbel.lib.ws.auth.AuthorizationInfo;
import io.corbel.lib.ws.model.Error;
import io.dropwizard.auth.Auth;
import java.util.Set;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;

@Path("v1.0/oauth/token")
/* loaded from: input_file:io/corbel/iam/api/TokenResource.class */
public class TokenResource {
    private final AuthorizationService authorizationService;
    private final UpgradeTokenService upgradeTokenService;
    private final TokenCookieFactory tokenCookieFactory;

    public TokenResource(AuthorizationService authorizationService, UpgradeTokenService upgradeTokenService, TokenCookieFactory tokenCookieFactory) {
        this.authorizationService = authorizationService;
        this.upgradeTokenService = upgradeTokenService;
        this.tokenCookieFactory = tokenCookieFactory;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:31:0x0048. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:41:0x009c A[Catch: Exception -> 0x00b7, TryCatch #0 {Exception -> 0x00b7, blocks: (B:27:0x0005, B:30:0x002a, B:31:0x0048, B:32:0x0064, B:36:0x0074, B:40:0x0083, B:41:0x009c, B:44:0x00a4, B:43:0x00ae), top: B:26:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:44:0x00a4 A[Catch: Exception -> 0x00b7, TryCatch #0 {Exception -> 0x00b7, blocks: (B:27:0x0005, B:30:0x002a, B:31:0x0048, B:32:0x0064, B:36:0x0074, B:40:0x0083, B:41:0x009c, B:44:0x00a4, B:43:0x00ae), top: B:26:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:46:0x00ae A[SYNTHETIC] */
    @javax.ws.rs.GET
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.ws.rs.core.Response getTokenWithCode(@javax.ws.rs.core.Context javax.ws.rs.core.UriInfo r6, @javax.ws.rs.QueryParam("grant_type") java.lang.String r7, @javax.ws.rs.QueryParam("assertion") java.lang.String r8, @javax.ws.rs.QueryParam("access_token") java.lang.String r9, @javax.ws.rs.QueryParam("code") java.lang.String r10, @javax.ws.rs.QueryParam("oauth_token") java.lang.String r11, @javax.ws.rs.QueryParam("oauth_verifier") java.lang.String r12, @javax.ws.rs.QueryParam("redirect_uri") java.lang.String r13, @javax.ws.rs.QueryParam("state") java.lang.String r14, @javax.ws.rs.HeaderParam("RequestCookie") boolean r15) {
        /*
            Method dump skipped, instructions count: 309
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.corbel.iam.api.TokenResource.getTokenWithCode(javax.ws.rs.core.UriInfo, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean):javax.ws.rs.core.Response");
    }

    @POST
    public Response getToken(@FormParam("grant_type") String str, @FormParam("assertion") String str2, @HeaderParam("RequestCookie") boolean z) {
        return (str == null || str.isEmpty()) ? IamErrorResponseFactory.getInstance().missingGrantType() : (str2 == null || str2.isEmpty()) ? IamErrorResponseFactory.getInstance().missingAssertion() : str.equals(GrantType.JWT_BEARER) ? doJwtAuthorization(str2, Optional.absent(), z) : IamErrorResponseFactory.getInstance().notSupportedGrantType(str);
    }

    @GET
    @Path("/upgrade")
    public Response upgradeTokenGET(@Auth AuthorizationInfo authorizationInfo, @QueryParam("grant_type") String str, @QueryParam("assertion") String str2) {
        return upgradeToken(authorizationInfo, str, str2);
    }

    @POST
    @Path("/upgrade")
    public Response upgradeTokenPOST(@Auth AuthorizationInfo authorizationInfo, @FormParam("grant_type") String str, @FormParam("assertion") String str2) {
        return upgradeToken(authorizationInfo, str, str2);
    }

    private Response doJwtAuthorization(String str, Optional<OauthParams> optional, boolean z) {
        try {
            TokenGrant authorize = optional.isPresent() ? this.authorizationService.authorize(str, (OauthParams) optional.get()) : this.authorizationService.authorize(str);
            Response.ResponseBuilder type = Response.ok(authorize).type(MediaType.APPLICATION_JSON_TYPE);
            if (z) {
                type.cookie(new NewCookie[]{this.tokenCookieFactory.createCookie(authorize.getAccessToken(), (int) ((authorize.getExpiresAt() - System.currentTimeMillis()) / 1000))});
            }
            return type.build();
        } catch (InvalidVersionException e) {
            return IamErrorResponseFactory.getInstance().unsupportedVersion(e.getMessage());
        } catch (MissingBasicParamsException e2) {
            return IamErrorResponseFactory.getInstance().missingBasicParms();
        } catch (MissingOAuthParamsException e3) {
            return IamErrorResponseFactory.getInstance().missingOauthParms();
        } catch (NoSuchPrincipalException e4) {
            return IamErrorResponseFactory.getInstance().noSuchPrincipal(e4.getMessage());
        } catch (OauthServerConnectionException e5) {
            return IamErrorResponseFactory.getInstance().badGateway(new Error("unavailable", "External OAuth Server fail: " + e5.getOAuthService() + " " + e5.getMessage()));
        } catch (UnauthorizedTimeException e6) {
            return IamErrorResponseFactory.getInstance().unauthorized("invalid_time", e6.getMessage());
        } catch (UnauthorizedException e7) {
            return IamErrorResponseFactory.getInstance().unauthorized(e7.getMessage());
        }
    }

    private Response upgradeToken(@Auth AuthorizationInfo authorizationInfo, @QueryParam("grant_type") String str, @QueryParam("assertion") String str2) {
        if (str2 == null || str2.isEmpty()) {
            return IamErrorResponseFactory.getInstance().missingAssertion();
        }
        if (str == null || str.isEmpty()) {
            return IamErrorResponseFactory.getInstance().missingGrantType();
        }
        if (!str.equals(GrantType.JWT_BEARER)) {
            return IamErrorResponseFactory.getInstance().notSupportedGrantType(str);
        }
        try {
            Set<String> scopesFromTokenToUpgrade = this.upgradeTokenService.getScopesFromTokenToUpgrade(str2);
            this.upgradeTokenService.upgradeToken(str2, authorizationInfo.getTokenReader(), scopesFromTokenToUpgrade);
            return Response.ok(new TokenUpgradeGrant(scopesFromTokenToUpgrade)).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (UnauthorizedException e) {
            return IamErrorResponseFactory.getInstance().unauthorized(e.getMessage());
        }
    }
}
