package io.gravitee.am.service.utils;

import io.gravitee.am.model.Application;
import io.gravitee.am.model.application.ApplicationOAuthSettings;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.service.exception.InvalidClientMetadataException;
import io.reactivex.Single;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:io/gravitee/am/service/utils/GrantTypeUtils.class */
public class GrantTypeUtils {
    private static final String AM_V2_VERSION = "AM_V2_VERSION";
    private static final String EXTENSION_GRANT_SEPARATOR = "~";
    private static final Set<String> SUPPORTED_GRANT_TYPES = Collections.unmodifiableSet(new HashSet(Arrays.asList("authorization_code", "implicit", "refresh_token", "client_credentials", "password", "urn:ietf:params:oauth:grant-type:jwt-bearer")));

    public static Single<Application> validateGrantTypes(Application application) {
        if (application == null) {
            return Single.error(new InvalidClientMetadataException("No application to validate grant"));
        }
        if (application.getSettings() != null && application.getSettings().getOauth() != null) {
            ApplicationOAuthSettings oauth = application.getSettings().getOauth();
            List list = oauth.getGrantTypes() == null ? null : (List) oauth.getGrantTypes().stream().map(str -> {
                return str.split(EXTENSION_GRANT_SEPARATOR)[0];
            }).collect(Collectors.toList());
            if (!isSupportedGrantType((List<String>) list)) {
                return Single.error(new InvalidClientMetadataException("Missing or invalid grant type."));
            }
            completeGrantTypeCorrespondance(application);
            if (Collections.unmodifiableSet(new HashSet(oauth.getGrantTypes())).contains("refresh_token")) {
                List asList = Arrays.asList("authorization_code", "password", "urn:ietf:params:oauth:grant-type:jwt-bearer");
                if (Collections.disjoint(list, asList)) {
                    return Single.error(new InvalidClientMetadataException("refresh_token grant type must be associated with one of " + String.join(", ", asList)));
                }
            }
            return Single.just(application);
        }
        return Single.just(application);
    }

    public static List<String> getSupportedGrantTypes() {
        return Collections.unmodifiableList((List) SUPPORTED_GRANT_TYPES.stream().sorted().collect(Collectors.toList()));
    }

    public static boolean isSupportedGrantType(List<String> list) {
        if (list == null || list.isEmpty()) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (!isSupportedGrantType(it.next())) {
                return false;
            }
        }
        return true;
    }

    public static boolean isSupportedGrantType(String str) {
        return SUPPORTED_GRANT_TYPES.contains(str);
    }

    public static boolean isRedirectUriRequired(List<String> list) {
        return (list == null || Collections.disjoint(list, Arrays.asList("implicit"))) ? false : true;
    }

    public static Application completeGrantTypeCorrespondance(Application application) {
        boolean z = false;
        ApplicationOAuthSettings oauth = application.getSettings().getOauth();
        HashSet hashSet = oauth.getResponseTypes() != null ? new HashSet(oauth.getResponseTypes()) : new HashSet();
        HashSet hashSet2 = oauth.getGrantTypes() != null ? new HashSet(oauth.getGrantTypes()) : new HashSet();
        if (mustHaveAuthorizationCode(hashSet) && !hashSet2.contains("authorization_code")) {
            hashSet2.add("authorization_code");
            z = true;
        }
        if (mustHaveImplicit(hashSet) && !hashSet2.contains("implicit")) {
            hashSet2.add("implicit");
            z = true;
        }
        if (hashSet2.contains("authorization_code") && !mustHaveAuthorizationCode(hashSet)) {
            hashSet2.remove("authorization_code");
            z = true;
        }
        if (hashSet2.contains("implicit") && !mustHaveImplicit(hashSet)) {
            hashSet2.remove("implicit");
            z = true;
        }
        if (hashSet.isEmpty() && hashSet2.isEmpty()) {
            oauth.setResponseTypes(Client.DEFAULT_RESPONSE_TYPES);
            oauth.setGrantTypes(Client.DEFAULT_GRANT_TYPES);
        } else if (z) {
            oauth.setGrantTypes((List) hashSet2.stream().collect(Collectors.toList()));
        }
        return application;
    }

    public static Client completeGrantTypeCorrespondance(Client client) {
        boolean z = false;
        HashSet hashSet = client.getResponseTypes() != null ? new HashSet(client.getResponseTypes()) : new HashSet();
        HashSet hashSet2 = client.getAuthorizedGrantTypes() != null ? new HashSet(client.getAuthorizedGrantTypes()) : new HashSet();
        if (mustHaveAuthorizationCode(hashSet) && !hashSet2.contains("authorization_code")) {
            hashSet2.add("authorization_code");
            z = true;
        }
        if (mustHaveImplicit(hashSet) && !hashSet2.contains("implicit")) {
            hashSet2.add("implicit");
            z = true;
        }
        if (hashSet2.contains("authorization_code") && !mustHaveAuthorizationCode(hashSet)) {
            hashSet2.remove("authorization_code");
            z = true;
        }
        if (hashSet2.contains("implicit") && !mustHaveImplicit(hashSet)) {
            hashSet2.remove("implicit");
            z = true;
        }
        if (AM_V2_VERSION.equals(client.getSoftwareVersion()) && hashSet2.contains("client_credentials") && hashSet2.contains("refresh_token") && hashSet2.size() == 2) {
            hashSet2.remove("refresh_token");
            z = true;
        }
        if (hashSet.isEmpty() && hashSet2.isEmpty()) {
            client.setResponseTypes(Client.DEFAULT_RESPONSE_TYPES);
            client.setAuthorizedGrantTypes(Client.DEFAULT_GRANT_TYPES);
        } else if (z) {
            client.setAuthorizedGrantTypes((List) hashSet2.stream().collect(Collectors.toList()));
        }
        return client;
    }

    private static boolean mustHaveAuthorizationCode(Set<String> set) {
        return set.contains("code") || set.contains("code token") || set.contains("code id_token") || set.contains("code id_token token");
    }

    private static boolean mustHaveImplicit(Set<String> set) {
        return set.contains("token") || set.contains("id_token") || set.contains("id_token token");
    }
}
