package io.corbel.oauth.api;

import io.corbel.lib.token.TokenGrant;
import io.corbel.lib.token.TokenInfo;
import io.corbel.lib.token.factory.TokenFactory;
import io.corbel.lib.token.model.TokenType;
import io.corbel.lib.token.reader.TokenReader;
import io.corbel.lib.ws.api.error.ErrorMessage;
import io.corbel.lib.ws.api.error.ErrorResponseFactory;
import io.corbel.lib.ws.model.Error;
import io.corbel.oauth.model.Client;
import io.corbel.oauth.model.ResponseType;
import io.corbel.oauth.model.User;
import io.corbel.oauth.service.ClientService;
import io.corbel.oauth.service.UserService;
import io.corbel.oauth.session.SessionBuilder;
import io.corbel.oauth.session.SessionCookieFactory;
import io.corbel.oauth.token.TokenExpireTime;
import java.net.URI;
import java.util.Optional;
import javax.ws.rs.CookieParam;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.glassfish.jersey.uri.internal.JerseyUriBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("v1.0/oauth/authorize")
/* loaded from: input_file:io/corbel/oauth/api/AuthorizeResource.class */
public class AuthorizeResource {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizeResource.class);
    private final UserService userService;
    private final TokenFactory tokenFactory;
    private final ClientService clientService;
    private final SessionCookieFactory sessionCookieFactory;
    private final TokenExpireTime tokenExpireTime;
    private final SessionBuilder sessionBuilder;

    public AuthorizeResource(UserService userService, TokenFactory tokenFactory, ClientService clientService, SessionCookieFactory sessionCookieFactory, TokenExpireTime tokenExpireTime, SessionBuilder sessionBuilder) {
        this.userService = userService;
        this.tokenFactory = tokenFactory;
        this.clientService = clientService;
        this.sessionCookieFactory = sessionCookieFactory;
        this.tokenExpireTime = tokenExpireTime;
        this.sessionBuilder = sessionBuilder;
    }

    @GET
    public Response authorize(@QueryParam("response_type") String str, @QueryParam("client_id") String str2, @QueryParam("redirect_uri") String str3, @CookieParam("SID") TokenReader tokenReader, @QueryParam("state") String str4) {
        ResponseType fromString = ResponseType.fromString(str);
        assertRequiredParameter(str2, "client_id");
        return (Response) ((Optional) this.clientService.findByName(str2).map(client -> {
            checkArguments(fromString, client, str3);
            return getTokenResponseFromSession(Optional.ofNullable(tokenReader), fromString, client, str3, Optional.ofNullable(str4));
        }).orElse(Optional.of(ErrorResponseFactory.getInstance().unauthorized()))).orElse(ErrorResponseFactory.getInstance().notfound(new Error("not_found", "OAuth session not found")));
    }

    @POST
    public Response login(@FormParam("username") String str, @FormParam("password") String str2, @FormParam("response_type") String str3, @FormParam("client_id") String str4, @FormParam("redirect_uri") String str5, @FormParam("state") String str6, @CookieParam("SID") TokenReader tokenReader) {
        ResponseType fromString = ResponseType.fromString(str3);
        Optional ofNullable = Optional.ofNullable(str6);
        assertRequiredParameter(str4, "client_id");
        return (Response) this.clientService.findByName(str4).map(client -> {
            return (StringUtils.isBlank(str) && StringUtils.isBlank(str2)) ? tryLoginWithCookieSession(client, str5, Optional.ofNullable(tokenReader), fromString, ofNullable) : tryLoginWithUserCredentials(str, str2, client, str5, fromString, ofNullable);
        }).orElse(ErrorResponseFactory.getInstance().unauthorized());
    }

    private Response tryLoginWithCookieSession(Client client, String str, Optional<TokenReader> optional, ResponseType responseType, Optional<String> optional2) {
        return getTokenResponseFromSession(optional, responseType, client, str, optional2).orElse(ErrorResponseFactory.getInstance().unauthorized());
    }

    private Response tryLoginWithUserCredentials(String str, String str2, Client client, String str3, ResponseType responseType, Optional<String> optional) {
        checkPostArguments(str, str2, responseType, client, str3);
        Optional<String> signinWithUsername = signinWithUsername(str, str2, client.getDomain());
        if (signinWithUsername.isPresent()) {
            return doResponse(signinWithUsername.get(), responseType, client, str3, optional);
        }
        Optional<String> signinWithEmail = signinWithEmail(str, str2, client.getDomain());
        return signinWithEmail.isPresent() ? doResponse(signinWithEmail.get(), responseType, client, str3, optional) : ErrorResponseFactory.getInstance().unauthorized();
    }

    private Optional<String> signinWithUsername(String str, String str2, String str3) {
        return signinInternal(this.userService.findByUserNameAndDomain(str, str3), str2);
    }

    private Optional<String> signinWithEmail(String str, String str2, String str3) {
        return signinInternal(this.userService.getUserByEmailAndDomain(str, str3), str2);
    }

    private Optional<String> signinInternal(User user, String str) {
        return (user == null || !user.checkPassword(str)) ? Optional.empty() : Optional.of(user.getId());
    }

    private Optional<Response> getTokenResponseFromSession(Optional<TokenReader> optional, ResponseType responseType, Client client, String str, Optional<String> optional2) {
        if (!optional.isPresent()) {
            return Optional.empty();
        }
        LOG.debug("Authorizing logged-in user");
        return Optional.of(doResponse(optional.get().getInfo().getUserId(), responseType, client, str, optional2));
    }

    private Response doResponse(String str, ResponseType responseType, Client client, String str2, Optional<String> optional) {
        String createNewSession = this.sessionBuilder.createNewSession(client.getName(), str);
        try {
            TokenGrant createToken = createToken(str, responseType, client.getName());
            NewCookie createCookie = this.sessionCookieFactory.createCookie(createNewSession);
            return responseType == ResponseType.TOKEN ? Response.ok().entity(createToken).cookie(new NewCookie[]{createCookie}).type(MediaType.APPLICATION_JSON_TYPE).build() : Response.seeOther(buildRedirectUri(str2, optional, createToken.getAccessToken())).cookie(new NewCookie[]{createCookie}).build();
        } catch (Exception e) {
            LOG.error("Unexpected error: {}", e.getMessage(), e);
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
    }

    private TokenGrant createToken(String str, ResponseType responseType, String str2) {
        TokenType valueOf = TokenType.valueOf(responseType.name());
        return this.tokenFactory.createToken(TokenInfo.newBuilder().setType(valueOf).setUserId(str).setClientId(str2).build(), this.tokenExpireTime.getTokenExpireTimeFromResponseType(valueOf), new String[0]);
    }

    private void checkPostArguments(String str, String str2, ResponseType responseType, Client client, String str3) {
        assertRequiredParameter(str, "username");
        assertRequiredParameter(str2, "password");
        checkArguments(responseType, client, str3);
    }

    private void checkArguments(ResponseType responseType, Client client, String str) {
        assertRequiredParameter(responseType, "response_type");
        assertValidResponseType(responseType);
        assertRequiredParameter(client, "client_id");
        if (responseType == ResponseType.CODE) {
            assertRequiredParameter(str, "redirect_uri");
            checkRedirectUri(client, str);
        }
    }

    private void checkRedirectUri(Client client, String str) {
        if (!this.clientService.verifyRedirectUri(str, client)) {
            throw new WebApplicationException(ErrorResponseFactory.getInstance().unauthorized("Invalid redirect URI"));
        }
    }

    private URI buildRedirectUri(String str, Optional<String> optional, String str2) {
        JerseyUriBuilder jerseyUriBuilder = new JerseyUriBuilder();
        jerseyUriBuilder.uri(URI.create(str));
        if (optional.isPresent()) {
            jerseyUriBuilder.queryParam("state", new Object[]{optional.get()});
        }
        jerseyUriBuilder.queryParam("code", new Object[]{str2});
        return jerseyUriBuilder.build(new Object[0]);
    }

    private void assertRequiredParameter(Object obj, String str) {
        if (obj == null || ((obj instanceof String) && StringUtils.isEmpty((String) obj))) {
            throw new WebApplicationException(ErrorResponseFactory.getInstance().missingParameter(str));
        }
    }

    private void assertValidResponseType(ResponseType responseType) {
        if (responseType == ResponseType.INVALID) {
            throw new WebApplicationException(ErrorResponseFactory.getInstance().badRequest(new Error("invalid_response_type", ErrorMessage.BAD_REQUEST.getMessage(new Object[0]))));
        }
    }
}
