package no.nav.security.mock.oauth2.grant;

import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
import com.nimbusds.openid.connect.sdk.Nonce;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.collections.MapsKt;
import kotlin.jvm.internal.Intrinsics;
import mu.KLogger;
import no.nav.security.mock.oauth2.OAuth2Exception;
import no.nav.security.mock.oauth2.extensions.NimbusExtensionsKt;
import no.nav.security.mock.oauth2.http.OAuth2HttpRequest;
import no.nav.security.mock.oauth2.http.OAuth2TokenResponse;
import no.nav.security.mock.oauth2.login.Login;
import no.nav.security.mock.oauth2.token.OAuth2TokenCallback;
import no.nav.security.mock.oauth2.token.OAuth2TokenProvider;
import okhttp3.HttpUrl;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: AuthorizationCodeGrantHandler.kt */
@Metadata(mv = {1, 4, 2}, bv = {1, 0, 3}, k = 1, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010%\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\b��\u0018��2\u00020\u0001:\u0001\u001eB\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u001a\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\n2\n\b\u0002\u0010\u0010\u001a\u0004\u0018\u00010\fJ\u0018\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\t2\u0006\u0010\u0014\u001a\u00020\u0012H\u0002J\u0012\u0010\u0015\u001a\u0004\u0018\u00010\n2\u0006\u0010\u0013\u001a\u00020\tH\u0002J\u0012\u0010\u0016\u001a\u0004\u0018\u00010\f2\u0006\u0010\u0013\u001a\u00020\tH\u0002J \u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u0012H\u0016R\u001a\u0010\u0007\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\n0\bX\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u000b\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\f0\bX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001f"}, d2 = {"Lno/nav/security/mock/oauth2/grant/AuthorizationCodeHandler;", "Lno/nav/security/mock/oauth2/grant/GrantHandler;", "tokenProvider", "Lno/nav/security/mock/oauth2/token/OAuth2TokenProvider;", "refreshTokenManager", "Lno/nav/security/mock/oauth2/grant/RefreshTokenManager;", "(Lno/nav/security/mock/oauth2/token/OAuth2TokenProvider;Lno/nav/security/mock/oauth2/grant/RefreshTokenManager;)V", "codeToAuthRequestCache", "", "Lcom/nimbusds/oauth2/sdk/AuthorizationCode;", "Lcom/nimbusds/openid/connect/sdk/AuthenticationRequest;", "codeToLoginCache", "Lno/nav/security/mock/oauth2/login/Login;", "authorizationCodeResponse", "Lcom/nimbusds/openid/connect/sdk/AuthenticationSuccessResponse;", "authenticationRequest", "login", "getLoginTokenCallbackOrDefault", "Lno/nav/security/mock/oauth2/token/OAuth2TokenCallback;", "code", "OAuth2TokenCallback", "takeAuthenticationRequestFromCache", "takeLoginFromCache", "tokenResponse", "Lno/nav/security/mock/oauth2/http/OAuth2TokenResponse;", "request", "Lno/nav/security/mock/oauth2/http/OAuth2HttpRequest;", "issuerUrl", "Lokhttp3/HttpUrl;", "oAuth2TokenCallback", "LoginOAuth2TokenCallback", "mock-oauth2-server"})
/* loaded from: input_file:no/nav/security/mock/oauth2/grant/AuthorizationCodeHandler.class */
public final class AuthorizationCodeHandler implements GrantHandler {
    private final Map<AuthorizationCode, AuthenticationRequest> codeToAuthRequestCache;
    private final Map<AuthorizationCode, Login> codeToLoginCache;
    private final OAuth2TokenProvider tokenProvider;
    private final RefreshTokenManager refreshTokenManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: AuthorizationCodeGrantHandler.kt */
    @Metadata(mv = {1, 4, 2}, bv = {1, 0, 3}, k = 1, d1 = {"��4\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\b\u0003\n\u0002\u0010\t\n��\b\u0002\u0018��2\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0001¢\u0006\u0002\u0010\u0005J\u001c\u0010\n\u001a\u000e\u0012\u0004\u0012\u00020\f\u0012\u0004\u0012\u00020\r0\u000b2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\u0016\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\f0\u00112\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\b\u0010\u0012\u001a\u00020\fH\u0016J\u0010\u0010\u0013\u001a\u00020\f2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\b\u0010\u0014\u001a\u00020\u0015H\u0016R\u0011\u0010\u0004\u001a\u00020\u0001¢\u0006\b\n��\u001a\u0004\b\u0006\u0010\u0007R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\b\u0010\t¨\u0006\u0016"}, d2 = {"Lno/nav/security/mock/oauth2/grant/AuthorizationCodeHandler$LoginOAuth2TokenCallback;", "Lno/nav/security/mock/oauth2/token/OAuth2TokenCallback;", "login", "Lno/nav/security/mock/oauth2/login/Login;", "OAuth2TokenCallback", "(Lno/nav/security/mock/oauth2/login/Login;Lno/nav/security/mock/oauth2/token/OAuth2TokenCallback;)V", "getOAuth2TokenCallback", "()Lno/nav/security/mock/oauth2/token/OAuth2TokenCallback;", "getLogin", "()Lno/nav/security/mock/oauth2/login/Login;", "addClaims", "", "", "", "tokenRequest", "Lcom/nimbusds/oauth2/sdk/TokenRequest;", "audience", "", "issuerId", "subject", "tokenExpiry", "", "mock-oauth2-server"})
    /* loaded from: input_file:no/nav/security/mock/oauth2/grant/AuthorizationCodeHandler$LoginOAuth2TokenCallback.class */
    public static final class LoginOAuth2TokenCallback implements OAuth2TokenCallback {

        @NotNull
        private final Login login;

        @NotNull
        private final OAuth2TokenCallback OAuth2TokenCallback;

        @Override // no.nav.security.mock.oauth2.token.OAuth2TokenCallback
        @NotNull
        public String issuerId() {
            return this.OAuth2TokenCallback.issuerId();
        }

        @Override // no.nav.security.mock.oauth2.token.OAuth2TokenCallback
        @NotNull
        public String subject(@NotNull TokenRequest tokenRequest) {
            Intrinsics.checkNotNullParameter(tokenRequest, "tokenRequest");
            return this.login.getUsername();
        }

        @Override // no.nav.security.mock.oauth2.token.OAuth2TokenCallback
        @NotNull
        public List<String> audience(@NotNull TokenRequest tokenRequest) {
            Intrinsics.checkNotNullParameter(tokenRequest, "tokenRequest");
            return this.OAuth2TokenCallback.audience(tokenRequest);
        }

        @Override // no.nav.security.mock.oauth2.token.OAuth2TokenCallback
        @NotNull
        public Map<String, Object> addClaims(@NotNull TokenRequest tokenRequest) {
            Intrinsics.checkNotNullParameter(tokenRequest, "tokenRequest");
            Map<String, Object> mutableMap = MapsKt.toMutableMap(this.OAuth2TokenCallback.addClaims(tokenRequest));
            String acr = this.login.getAcr();
            if (acr != null) {
                mutableMap.put("acr", acr);
            }
            return mutableMap;
        }

        @Override // no.nav.security.mock.oauth2.token.OAuth2TokenCallback
        public long tokenExpiry() {
            return this.OAuth2TokenCallback.tokenExpiry();
        }

        @NotNull
        public final Login getLogin() {
            return this.login;
        }

        @NotNull
        public final OAuth2TokenCallback getOAuth2TokenCallback() {
            return this.OAuth2TokenCallback;
        }

        public LoginOAuth2TokenCallback(@NotNull Login login, @NotNull OAuth2TokenCallback oAuth2TokenCallback) {
            Intrinsics.checkNotNullParameter(login, "login");
            Intrinsics.checkNotNullParameter(oAuth2TokenCallback, "OAuth2TokenCallback");
            this.login = login;
            this.OAuth2TokenCallback = oAuth2TokenCallback;
        }
    }

    @NotNull
    public final AuthenticationSuccessResponse authorizationCodeResponse(@NotNull AuthenticationRequest authenticationRequest, @Nullable Login login) {
        KLogger kLogger;
        KLogger kLogger2;
        Intrinsics.checkNotNullParameter(authenticationRequest, "authenticationRequest");
        if (!authenticationRequest.getResponseType().impliesCodeFlow()) {
            throw new OAuth2Exception(OAuth2Error.INVALID_GRANT, "hybrid og implicit flow not supported (yet).");
        }
        AuthorizationCode authorizationCode = new AuthorizationCode();
        kLogger = AuthorizationCodeGrantHandlerKt.log;
        kLogger.debug("issuing authorization code " + authorizationCode);
        this.codeToAuthRequestCache.put(authorizationCode, authenticationRequest);
        if (login != null) {
            kLogger2 = AuthorizationCodeGrantHandlerKt.log;
            kLogger2.debug("adding user with username " + login.getUsername() + " to cache");
            this.codeToLoginCache.put(authorizationCode, login);
        }
        return new AuthenticationSuccessResponse(authenticationRequest.getRedirectionURI(), authorizationCode, (JWT) null, (AccessToken) null, authenticationRequest.getState(), (State) null, authenticationRequest.getResponseMode());
    }

    public static /* synthetic */ AuthenticationSuccessResponse authorizationCodeResponse$default(AuthorizationCodeHandler authorizationCodeHandler, AuthenticationRequest authenticationRequest, Login login, int i, Object obj) {
        if ((i & 2) != 0) {
            login = (Login) null;
        }
        return authorizationCodeHandler.authorizationCodeResponse(authenticationRequest, login);
    }

    @Override // no.nav.security.mock.oauth2.grant.GrantHandler
    @NotNull
    public OAuth2TokenResponse tokenResponse(@NotNull OAuth2HttpRequest oAuth2HttpRequest, @NotNull HttpUrl httpUrl, @NotNull OAuth2TokenCallback oAuth2TokenCallback) {
        KLogger kLogger;
        String str;
        Intrinsics.checkNotNullParameter(oAuth2HttpRequest, "request");
        Intrinsics.checkNotNullParameter(httpUrl, "issuerUrl");
        Intrinsics.checkNotNullParameter(oAuth2TokenCallback, "oAuth2TokenCallback");
        TokenRequest asNimbusTokenRequest = oAuth2HttpRequest.asNimbusTokenRequest();
        AuthorizationCode authorizationCode = NimbusExtensionsKt.authorizationCode(asNimbusTokenRequest);
        kLogger = AuthorizationCodeGrantHandlerKt.log;
        kLogger.debug("issuing token for code=" + authorizationCode);
        AuthenticationRequest takeAuthenticationRequestFromCache = takeAuthenticationRequestFromCache(authorizationCode);
        Scope scope = asNimbusTokenRequest.getScope();
        String scope2 = scope != null ? scope.toString() : null;
        if (takeAuthenticationRequestFromCache != null) {
            Nonce nonce = takeAuthenticationRequestFromCache.getNonce();
            if (nonce != null) {
                str = nonce.getValue();
                String str2 = str;
                OAuth2TokenCallback loginTokenCallbackOrDefault = getLoginTokenCallbackOrDefault(authorizationCode, oAuth2TokenCallback);
                SignedJWT idToken = this.tokenProvider.idToken(asNimbusTokenRequest, httpUrl, loginTokenCallbackOrDefault, str2);
                return new OAuth2TokenResponse("Bearer", null, idToken.serialize(), this.tokenProvider.accessToken(asNimbusTokenRequest, httpUrl, loginTokenCallbackOrDefault, str2).serialize(), this.refreshTokenManager.refreshToken(loginTokenCallbackOrDefault), NimbusExtensionsKt.expiresIn(idToken), scope2, 2, null);
            }
        }
        str = null;
        String str22 = str;
        OAuth2TokenCallback loginTokenCallbackOrDefault2 = getLoginTokenCallbackOrDefault(authorizationCode, oAuth2TokenCallback);
        SignedJWT idToken2 = this.tokenProvider.idToken(asNimbusTokenRequest, httpUrl, loginTokenCallbackOrDefault2, str22);
        return new OAuth2TokenResponse("Bearer", null, idToken2.serialize(), this.tokenProvider.accessToken(asNimbusTokenRequest, httpUrl, loginTokenCallbackOrDefault2, str22).serialize(), this.refreshTokenManager.refreshToken(loginTokenCallbackOrDefault2), NimbusExtensionsKt.expiresIn(idToken2), scope2, 2, null);
    }

    private final OAuth2TokenCallback getLoginTokenCallbackOrDefault(AuthorizationCode authorizationCode, OAuth2TokenCallback oAuth2TokenCallback) {
        Login takeLoginFromCache = takeLoginFromCache(authorizationCode);
        return takeLoginFromCache != null ? new LoginOAuth2TokenCallback(takeLoginFromCache, oAuth2TokenCallback) : oAuth2TokenCallback;
    }

    private final Login takeLoginFromCache(AuthorizationCode authorizationCode) {
        return this.codeToLoginCache.remove(authorizationCode);
    }

    private final AuthenticationRequest takeAuthenticationRequestFromCache(AuthorizationCode authorizationCode) {
        return this.codeToAuthRequestCache.remove(authorizationCode);
    }

    public AuthorizationCodeHandler(@NotNull OAuth2TokenProvider oAuth2TokenProvider, @NotNull RefreshTokenManager refreshTokenManager) {
        Intrinsics.checkNotNullParameter(oAuth2TokenProvider, "tokenProvider");
        Intrinsics.checkNotNullParameter(refreshTokenManager, "refreshTokenManager");
        this.tokenProvider = oAuth2TokenProvider;
        this.refreshTokenManager = refreshTokenManager;
        this.codeToAuthRequestCache = new HashMap();
        this.codeToLoginCache = new HashMap();
    }
}
