package no.nav.security.mock.oauth2;

import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.GeneralException;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.TuplesKt;
import kotlin.TypeCastException;
import kotlin.collections.MapsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import mu.KLogger;
import net.minidev.json.JSONObject;
import no.nav.security.mock.callback.DefaultTokenCallback;
import no.nav.security.mock.callback.TokenCallback;
import no.nav.security.mock.extensions.HttpUrlExtensionsKt;
import no.nav.security.mock.extensions.MockResponseExtensionsKt;
import no.nav.security.mock.extensions.NimbusExtensionsKt;
import no.nav.security.mock.extensions.RecordedRequestExtensionsKt;
import no.nav.security.mock.oauth2.grant.AuthorizationCodeHandler;
import no.nav.security.mock.oauth2.grant.ClientCredentialsGrantHandler;
import no.nav.security.mock.oauth2.grant.GrantHandler;
import no.nav.security.mock.oauth2.grant.JwtBearerGrantHandler;
import okhttp3.HttpUrl;
import okhttp3.mockwebserver.Dispatcher;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.RecordedRequest;
import org.jetbrains.annotations.NotNull;

/* compiled from: OAuth2Dispatcher.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��`\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0010\u0003\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\u0018��2\u00020\u0001B\u001f\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\u000e\b\u0002\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005¢\u0006\u0002\u0010\u0007J\u0010\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u000e\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0006J\u0010\u0010\u0015\u001a\u00020\u000b2\u0006\u0010\u0016\u001a\u00020\nH\u0002J\u0010\u0010\u0017\u001a\u00020\u000f2\u0006\u0010\u0018\u001a\u00020\u0019H\u0002J\u0010\u0010\u001a\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002J\u0010\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002J\u0010\u0010\u001d\u001a\u00020\u00062\u0006\u0010\u001e\u001a\u00020\u001fH\u0002J\u0010\u0010 \u001a\u00020!2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002R\u001a\u0010\b\u001a\u000e\u0012\u0004\u0012\u00020\n\u0012\u0004\u0012\u00020\u000b0\tX\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u00060\rX\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\""}, d2 = {"Lno/nav/security/mock/oauth2/OAuth2Dispatcher;", "Lokhttp3/mockwebserver/Dispatcher;", "tokenProvider", "Lno/nav/security/mock/oauth2/OAuth2TokenProvider;", "tokenCallbacks", "", "Lno/nav/security/mock/callback/TokenCallback;", "(Lno/nav/security/mock/oauth2/OAuth2TokenProvider;Ljava/util/Set;)V", "grantHandlers", "", "Lcom/nimbusds/oauth2/sdk/GrantType;", "Lno/nav/security/mock/oauth2/grant/GrantHandler;", "tokenCallbackQueue", "Ljava/util/concurrent/BlockingQueue;", "dispatch", "Lokhttp3/mockwebserver/MockResponse;", "request", "Lokhttp3/mockwebserver/RecordedRequest;", "enqueueJwtCallback", "", "tokenCallback", "grantHandler", "grantType", "handleException", "error", "", "handleRequest", "issuerUrl", "Lokhttp3/HttpUrl;", "takeJwtCallbackOrCreateDefault", "issuerId", "", "wellKnown", "Lno/nav/security/mock/oauth2/WellKnown;", "mock-oauth2-server"})
/* loaded from: input_file:no/nav/security/mock/oauth2/OAuth2Dispatcher.class */
public final class OAuth2Dispatcher extends Dispatcher {
    private final BlockingQueue<TokenCallback> tokenCallbackQueue;
    private final Map<GrantType, GrantHandler> grantHandlers;
    private final OAuth2TokenProvider tokenProvider;
    private final Set<TokenCallback> tokenCallbacks;

    private final TokenCallback takeJwtCallbackOrCreateDefault(String str) {
        Object obj;
        TokenCallback peek = this.tokenCallbackQueue.peek();
        if (Intrinsics.areEqual(peek != null ? peek.issuerId() : null, str)) {
            TokenCallback take = this.tokenCallbackQueue.take();
            Intrinsics.checkExpressionValueIsNotNull(take, "tokenCallbackQueue.take()");
            return take;
        }
        Iterator<T> it = this.tokenCallbacks.iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            Object next = it.next();
            if (Intrinsics.areEqual(((TokenCallback) next).issuerId(), str)) {
                obj = next;
                break;
            }
        }
        TokenCallback tokenCallback = (TokenCallback) obj;
        return tokenCallback != null ? tokenCallback : new DefaultTokenCallback(str, null, null, null, 0L, 30, null);
    }

    public final boolean enqueueJwtCallback(@NotNull TokenCallback tokenCallback) {
        Intrinsics.checkParameterIsNotNull(tokenCallback, "tokenCallback");
        return this.tokenCallbackQueue.add(tokenCallback);
    }

    @NotNull
    public MockResponse dispatch(@NotNull RecordedRequest recordedRequest) {
        Object obj;
        Intrinsics.checkParameterIsNotNull(recordedRequest, "request");
        try {
            Result.Companion companion = Result.Companion;
            obj = Result.constructor-impl(handleRequest(recordedRequest));
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        Object obj2 = obj;
        Throwable th2 = Result.exceptionOrNull-impl(obj2);
        return th2 == null ? (MockResponse) obj2 : handleException(th2);
    }

    private final MockResponse handleRequest(RecordedRequest recordedRequest) {
        KLogger kLogger;
        KLogger kLogger2;
        KLogger kLogger3;
        KLogger kLogger4;
        KLogger kLogger5;
        KLogger kLogger6;
        KLogger kLogger7;
        kLogger = OAuth2DispatcherKt.log;
        kLogger.debug("received request on url=" + recordedRequest.getRequestUrl() + " with headers=" + recordedRequest.getHeaders());
        String issuerId = RecordedRequestExtensionsKt.issuerId(recordedRequest);
        HttpUrl requestUrl = recordedRequest.getRequestUrl();
        if (requestUrl == null) {
            throw new IllegalStateException("Required value was null.".toString());
        }
        if (HttpUrlExtensionsKt.isWellKnownUrl(requestUrl)) {
            kLogger7 = OAuth2DispatcherKt.log;
            kLogger7.debug("returning well-known json data for url=" + requestUrl);
            return MockResponseExtensionsKt.json(new MockResponse(), wellKnown(recordedRequest));
        }
        if (HttpUrlExtensionsKt.isAuthorizationEndpointUrl(requestUrl)) {
            kLogger6 = OAuth2DispatcherKt.log;
            kLogger6.debug("redirecting to callback with auth code");
            if (!RecordedRequestExtensionsKt.asAuthenticationRequest(recordedRequest).getResponseType().impliesCodeFlow()) {
                throw new OAuth2Exception(OAuth2Error.INVALID_GRANT, "hybrid og implicit flow not supported (yet).");
            }
            MockResponse mockResponse = new MockResponse();
            GrantHandler grantHandler = this.grantHandlers.get(GrantType.AUTHORIZATION_CODE);
            if (grantHandler == null) {
                throw new TypeCastException("null cannot be cast to non-null type no.nav.security.mock.oauth2.grant.AuthorizationCodeHandler");
            }
            return MockResponseExtensionsKt.authenticationSuccess(mockResponse, ((AuthorizationCodeHandler) grantHandler).authorizationCodeResponse(RecordedRequestExtensionsKt.asAuthenticationRequest(recordedRequest)));
        }
        if (HttpUrlExtensionsKt.isTokenEndpointUrl(requestUrl)) {
            kLogger4 = OAuth2DispatcherKt.log;
            kLogger4.debug("handle token request " + recordedRequest);
            TokenCallback takeJwtCallbackOrCreateDefault = takeJwtCallbackOrCreateDefault(issuerId);
            TokenRequest asTokenRequest = RecordedRequestExtensionsKt.asTokenRequest(recordedRequest);
            kLogger5 = OAuth2DispatcherKt.log;
            StringBuilder append = new StringBuilder().append("query in tokenreq: ");
            HTTPRequest hTTPRequest = asTokenRequest.toHTTPRequest();
            Intrinsics.checkExpressionValueIsNotNull(hTTPRequest, "it.toHTTPRequest()");
            kLogger5.debug(append.append(hTTPRequest.getQuery()).toString());
            return MockResponseExtensionsKt.json(new MockResponse(), grantHandler(NimbusExtensionsKt.grantType(asTokenRequest)).tokenResponse(asTokenRequest, issuerUrl(recordedRequest), takeJwtCallbackOrCreateDefault));
        }
        if (!HttpUrlExtensionsKt.isJwksUrl(requestUrl)) {
            String str = "path '" + recordedRequest.getRequestUrl() + "' not found";
            kLogger2 = OAuth2DispatcherKt.log;
            kLogger2.error(str);
            return new MockResponse().setResponseCode(404).setBody(str);
        }
        kLogger3 = OAuth2DispatcherKt.log;
        kLogger3.debug("handle jwks request");
        MockResponse mockResponse2 = new MockResponse();
        JSONObject jSONObject = this.tokenProvider.publicJwkSet().toJSONObject();
        Intrinsics.checkExpressionValueIsNotNull(jSONObject, "tokenProvider.publicJwkSet().toJSONObject()");
        return MockResponseExtensionsKt.json(mockResponse2, jSONObject);
    }

    private final MockResponse handleException(Throwable th) {
        KLogger kLogger;
        ErrorObject errorObject;
        kLogger = OAuth2DispatcherKt.log;
        kLogger.error("received exception when handling request.", th);
        if (th instanceof OAuth2Exception) {
            errorObject = ((OAuth2Exception) th).getErrorObject();
        } else if (th instanceof ParseException) {
            errorObject = ((ParseException) th).getErrorObject();
            if (errorObject == null) {
                errorObject = OAuth2Error.INVALID_REQUEST.appendDescription(". received exception message: " + th.getMessage());
            }
        } else {
            errorObject = th instanceof GeneralException ? ((GeneralException) th).getErrorObject() : null;
        }
        if (errorObject == null) {
            errorObject = OAuth2Error.SERVER_ERROR.appendDescription(". received exception message: " + th.getMessage());
            Intrinsics.checkExpressionValueIsNotNull(errorObject, "OAuth2Error.SERVER_ERROR…ssage: ${error.message}\")");
        }
        return MockResponseExtensionsKt.oauth2Error(new MockResponse(), errorObject);
    }

    private final WellKnown wellKnown(RecordedRequest recordedRequest) {
        HttpUrl requestUrl = recordedRequest.getRequestUrl();
        String valueOf = String.valueOf(requestUrl != null ? HttpUrlExtensionsKt.toIssuerUrl(requestUrl) : null);
        HttpUrl requestUrl2 = recordedRequest.getRequestUrl();
        String valueOf2 = String.valueOf(requestUrl2 != null ? HttpUrlExtensionsKt.toAuthorizationEndpointUrl(requestUrl2) : null);
        HttpUrl requestUrl3 = recordedRequest.getRequestUrl();
        String valueOf3 = String.valueOf(requestUrl3 != null ? HttpUrlExtensionsKt.toTokenEndpointUrl(requestUrl3) : null);
        HttpUrl requestUrl4 = recordedRequest.getRequestUrl();
        return new WellKnown(valueOf, valueOf2, valueOf3, String.valueOf(requestUrl4 != null ? HttpUrlExtensionsKt.toJwksUrl(requestUrl4) : null), null, null, null, 112, null);
    }

    private final HttpUrl issuerUrl(RecordedRequest recordedRequest) {
        HttpUrl requestUrl = recordedRequest.getRequestUrl();
        if (requestUrl != null) {
            HttpUrl issuerUrl = HttpUrlExtensionsKt.toIssuerUrl(requestUrl);
            if (issuerUrl != null) {
                return issuerUrl;
            }
        }
        throw new OAuth2Exception(OAuth2Error.INVALID_REQUEST, "issuerid must be first segment in url path");
    }

    private final GrantHandler grantHandler(GrantType grantType) {
        GrantHandler grantHandler = this.grantHandlers.get(grantType);
        if (grantHandler != null) {
            return grantHandler;
        }
        throw new OAuth2Exception(OAuth2Error.INVALID_GRANT, "grant_type " + grantType + " not supported.");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public OAuth2Dispatcher(@NotNull OAuth2TokenProvider oAuth2TokenProvider, @NotNull Set<? extends TokenCallback> set) {
        Intrinsics.checkParameterIsNotNull(oAuth2TokenProvider, "tokenProvider");
        Intrinsics.checkParameterIsNotNull(set, "tokenCallbacks");
        this.tokenProvider = oAuth2TokenProvider;
        this.tokenCallbacks = set;
        this.tokenCallbackQueue = new LinkedBlockingQueue();
        this.grantHandlers = MapsKt.mapOf(new Pair[]{TuplesKt.to(GrantType.AUTHORIZATION_CODE, new AuthorizationCodeHandler(this.tokenProvider)), TuplesKt.to(GrantType.CLIENT_CREDENTIALS, new ClientCredentialsGrantHandler(this.tokenProvider)), TuplesKt.to(GrantType.JWT_BEARER, new JwtBearerGrantHandler(this.tokenProvider))});
    }

    public /* synthetic */ OAuth2Dispatcher(OAuth2TokenProvider oAuth2TokenProvider, Set set, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? new OAuth2TokenProvider() : oAuth2TokenProvider, (i & 2) != 0 ? SetsKt.setOf(new DefaultTokenCallback(null, null, "default", null, 0L, 27, null)) : set);
    }

    public OAuth2Dispatcher() {
        this(null, null, 3, null);
    }
}
