package no.nav.security.mock.oauth2.debugger;

import com.fasterxml.jackson.core.type.TypeReference;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.TuplesKt;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import mu.KLogger;
import no.nav.security.mock.oauth2.OAuth2Exception;
import no.nav.security.mock.oauth2.extensions.HttpUrlExtensionsKt;
import no.nav.security.mock.oauth2.http.OAuth2HttpRequest;
import no.nav.security.mock.oauth2.http.OAuth2HttpResponse;
import no.nav.security.mock.oauth2.http.OAuth2HttpResponseKt;
import no.nav.security.mock.oauth2.templates.TemplateMapper;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.ResponseBody;
import okhttp3.internal.Util;
import org.jetbrains.annotations.NotNull;

/* compiled from: DebuggerRequestHandler.kt */
@Metadata(mv = {1, 4, 2}, bv = {1, 0, 3}, k = 1, d1 = {"��,\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018�� \u000e2\u00020\u0001:\u0001\u000eB\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0012\u0010\u0007\u001a\u0004\u0018\u00010\b2\u0006\u0010\t\u001a\u00020\nH\u0002J\u000e\u0010\u000b\u001a\u00020\f2\u0006\u0010\t\u001a\u00020\nJ\u000e\u0010\r\u001a\u00020\f2\u0006\u0010\t\u001a\u00020\nR\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u000f"}, d2 = {"Lno/nav/security/mock/oauth2/debugger/DebuggerRequestHandler;", "", "templateMapper", "Lno/nav/security/mock/oauth2/templates/TemplateMapper;", "(Lno/nav/security/mock/oauth2/templates/TemplateMapper;)V", "encryptionKey", "Ljavax/crypto/SecretKey;", "getDecryptedSessionCookie", "", "request", "Lno/nav/security/mock/oauth2/http/OAuth2HttpRequest;", "handleDebuggerCallback", "Lno/nav/security/mock/oauth2/http/OAuth2HttpResponse;", "handleDebuggerForm", "Companion", "mock-oauth2-server"})
/* loaded from: input_file:no/nav/security/mock/oauth2/debugger/DebuggerRequestHandler.class */
public final class DebuggerRequestHandler {
    private final SecretKey encryptionKey;
    private final TemplateMapper templateMapper;

    @NotNull
    public static final String DEBUGGER_SESSION_COOKIE = "debugger-session";

    @NotNull
    public static final Companion Companion = new Companion(null);

    /* compiled from: DebuggerRequestHandler.kt */
    @Metadata(mv = {1, 4, 2}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��¨\u0006\u0005"}, d2 = {"Lno/nav/security/mock/oauth2/debugger/DebuggerRequestHandler$Companion;", "", "()V", "DEBUGGER_SESSION_COOKIE", "", "mock-oauth2-server"})
    /* loaded from: input_file:no/nav/security/mock/oauth2/debugger/DebuggerRequestHandler$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @NotNull
    public final OAuth2HttpResponse handleDebuggerForm(@NotNull OAuth2HttpRequest oAuth2HttpRequest) {
        KLogger kLogger;
        OAuth2HttpRequest debuggerAuthorizationRequest;
        KLogger kLogger2;
        KLogger kLogger3;
        String encrypt;
        Intrinsics.checkNotNullParameter(oAuth2HttpRequest, "request");
        String method = oAuth2HttpRequest.getMethod();
        switch (method.hashCode()) {
            case 70454:
                if (method.equals("GET")) {
                    kLogger = DebuggerRequestHandlerKt.log;
                    kLogger.debug("handling GET request, return html form");
                    TemplateMapper templateMapper = this.templateMapper;
                    debuggerAuthorizationRequest = DebuggerRequestHandlerKt.debuggerAuthorizationRequest(HttpUrlExtensionsKt.toAuthorizationEndpointUrl(oAuth2HttpRequest.getUrl()), HttpUrlExtensionsKt.toDebuggerCallbackUrl(oAuth2HttpRequest.getUrl()));
                    return OAuth2HttpResponseKt.html(templateMapper.debuggerFormHtml(debuggerAuthorizationRequest, ClientAuthMethod.CLIENT_SECRET_BASIC.name()));
                }
                break;
            case 2461856:
                if (method.equals("POST")) {
                    kLogger2 = DebuggerRequestHandlerKt.log;
                    kLogger2.debug("handling POST request, return redirect");
                    String str = oAuth2HttpRequest.getFormParameters().get("authorize_url");
                    if (str == null) {
                        throw new IllegalStateException("authorize_url is missing".toString());
                    }
                    HttpUrl build = HttpUrlExtensionsKt.removeAllEncodedQueryParams(HttpUrl.Companion.get(str).newBuilder().encodedQuery(oAuth2HttpRequest.getFormParameters().getParameterString()), "authorize_url", "token_url", "client_secret", "client_auth_method").build();
                    kLogger3 = DebuggerRequestHandlerKt.log;
                    kLogger3.debug("attempting to redirect to " + build + ", setting received params in encrypted cookie");
                    String writeValueAsString = OAuth2HttpResponseKt.getObjectMapper().writeValueAsString(oAuth2HttpRequest.getFormParameters().getMap());
                    Intrinsics.checkNotNullExpressionValue(writeValueAsString, "objectMapper.writeValueA…quest.formParameters.map)");
                    encrypt = DebuggerRequestHandlerKt.encrypt(writeValueAsString, this.encryptionKey);
                    return OAuth2HttpResponseKt.redirect(build.toString(), Headers.Companion.of(new String[]{"Set-Cookie", "debugger-session=" + encrypt + "; HttpOnly;"}));
                }
                break;
        }
        throw new OAuth2Exception(OAuth2Error.INVALID_REQUEST, "Unsupported request method " + oAuth2HttpRequest.getMethod());
    }

    @NotNull
    public final OAuth2HttpResponse handleDebuggerCallback(@NotNull OAuth2HttpRequest oAuth2HttpRequest) {
        KLogger kLogger;
        HttpUrl httpUrl;
        String urlEncode;
        String urlEncode2;
        String keyValueString;
        String str;
        Headers of;
        OkHttpClient okHttpClient;
        Intrinsics.checkNotNullParameter(oAuth2HttpRequest, "request");
        kLogger = DebuggerRequestHandlerKt.log;
        kLogger.debug("handling " + oAuth2HttpRequest.getMethod() + " request to debugger callback");
        String decryptedSessionCookie = getDecryptedSessionCookie(oAuth2HttpRequest);
        if (decryptedSessionCookie == null) {
            return new OAuth2HttpResponse(Headers.Companion.of(new String[]{OAuth2HttpResponse.ContentType.HEADER, "text/html"}), 500, "<p>Expired session, please try again using the debugger form - <a href='" + HttpUrlExtensionsKt.toDebuggerUrl(oAuth2HttpRequest.getUrl()) + "'>" + HttpUrlExtensionsKt.toDebuggerUrl(oAuth2HttpRequest.getUrl()) + "</></p>");
        }
        Map<String, String> map = (Map) OAuth2HttpResponseKt.getObjectMapper().readValue(decryptedSessionCookie, new TypeReference<Map<String, String>>() { // from class: no.nav.security.mock.oauth2.debugger.DebuggerRequestHandler$handleDebuggerCallback$$inlined$readValue$1
        });
        String str2 = map.get("token_url");
        if (str2 == null || (httpUrl = HttpUrl.Companion.get(str2)) == null) {
            throw new OAuth2Exception(OAuth2Error.INVALID_REQUEST, "missing token_url initial call");
        }
        String queryParameter = oAuth2HttpRequest.getUrl().queryParameter("code");
        if (queryParameter == null) {
            queryParameter = oAuth2HttpRequest.getFormParameters().get("code");
        }
        if (queryParameter == null) {
            throw new OAuth2Exception(OAuth2Error.INVALID_REQUEST, "no code parameter present");
        }
        String str3 = queryParameter;
        ClientAuthentication fromMap = ClientAuthentication.Companion.fromMap(map);
        urlEncode = DebuggerRequestHandlerKt.urlEncode(map, "scope");
        urlEncode2 = DebuggerRequestHandlerKt.urlEncode(map, "redirect_uri");
        keyValueString = DebuggerRequestHandlerKt.toKeyValueString(MapsKt.mapOf(new Pair[]{TuplesKt.to("grant_type", "authorization_code"), TuplesKt.to("code", str3), TuplesKt.to("scope", urlEncode), TuplesKt.to("redirect_uri", urlEncode2)}), "&");
        switch (fromMap.getClientAuthMethod()) {
            case CLIENT_SECRET_POST:
                str = keyValueString + '&' + fromMap.form();
                break;
            default:
                str = keyValueString;
                break;
        }
        String str4 = str;
        switch (fromMap.getClientAuthMethod()) {
            case CLIENT_SECRET_BASIC:
                of = Headers.Companion.of(new String[]{"Authorization", fromMap.basic()});
                break;
            default:
                of = Headers.Companion.of(new String[0]);
                break;
        }
        Headers headers = of;
        okHttpClient = DebuggerRequestHandlerKt.client;
        ResponseBody body = okHttpClient.newCall(new Request.Builder().headers(headers).url(httpUrl).post(RequestBody.Companion.create(str4, MediaType.Companion.get("application/x-www-form-urlencoded"))).build()).execute().body();
        Intrinsics.checkNotNull(body);
        return OAuth2HttpResponseKt.html(this.templateMapper.debuggerCallbackHtml("POST " + httpUrl.encodedPath() + " HTTP/1.1\nHost: " + Util.toHostHeader(httpUrl, true) + "\nContent-Type: application/x-www-form-urlencoded\n" + CollectionsKt.joinToString$default((Iterable) headers, "\n", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, new Function1<Pair<? extends String, ? extends String>, CharSequence>() { // from class: no.nav.security.mock.oauth2.debugger.DebuggerRequestHandler$handleDebuggerCallback$formattedTokenRequest$1
            @NotNull
            public final CharSequence invoke(@NotNull Pair<String, String> pair) {
                Intrinsics.checkNotNullParameter(pair, "it");
                return ((String) pair.getFirst()) + ": " + ((String) pair.getSecond());
            }
        }, 30, (Object) null) + "\n\n" + str4, body.string()));
    }

    private final String getDecryptedSessionCookie(OAuth2HttpRequest oAuth2HttpRequest) {
        Object obj;
        KLogger kLogger;
        try {
            Result.Companion companion = Result.Companion;
            DebuggerRequestHandler debuggerRequestHandler = this;
            String str = oAuth2HttpRequest.getCookies().get(DEBUGGER_SESSION_COOKIE);
            obj = Result.constructor-impl(str != null ? DebuggerRequestHandlerKt.decrypt(str, debuggerRequestHandler.encryptionKey) : null);
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            obj = Result.constructor-impl(ResultKt.createFailure(th));
        }
        Object obj2 = obj;
        Throwable th2 = Result.exceptionOrNull-impl(obj2);
        if (th2 == null) {
            return (String) obj2;
        }
        kLogger = DebuggerRequestHandlerKt.log;
        kLogger.error("received exception when decrypting cookie", th2);
        return null;
    }

    public DebuggerRequestHandler(@NotNull TemplateMapper templateMapper) {
        Intrinsics.checkNotNullParameter(templateMapper, "templateMapper");
        this.templateMapper = templateMapper;
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        Unit unit = Unit.INSTANCE;
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "KeyGenerator.getInstance…init(128) }.generateKey()");
        this.encryptionKey = generateKey;
    }
}
