package org.iplass.mtp.impl.auth.oauth.command;

import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.iplass.mtp.auth.login.Credential;
import org.iplass.mtp.auth.login.IdPasswordCredential;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.impl.auth.authenticate.builtin.web.BasicAuthUtil;
import org.iplass.mtp.impl.auth.authenticate.builtin.web.WWWAuthenticateException;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.OAuthClientService;
import org.iplass.mtp.impl.auth.oauth.OAuthConstants;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/command/CommandUtil.class */
class CommandUtil {
    static final String PARAM_CLIENT_ID = "client_id";
    static final String PARAM_CLIENT_SECRET = "client_secret";
    private static Logger logger = LoggerFactory.getLogger(CommandUtil.class);
    private static OAuthClientService clientService = (OAuthClientService) ServiceRegistry.getRegistry().getService(OAuthClientService.class);

    CommandUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static IdPasswordCredential clientCredential(RequestContext requestContext) {
        String stripToNull = StringUtil.stripToNull(requestContext.getParam(PARAM_CLIENT_ID));
        if (stripToNull != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("get client credential from parameter. clientId:" + stripToNull);
            }
            return new IdPasswordCredential(stripToNull, StringUtil.stripToNull(requestContext.getParam(PARAM_CLIENT_SECRET)));
        }
        IdPasswordCredential decodeFromHeader = BasicAuthUtil.decodeFromHeader(requestContext);
        if (decodeFromHeader != null && logger.isDebugEnabled()) {
            logger.debug("get client credential from header. clientId:" + decodeFromHeader.getId());
        }
        decodeFromHeader.setAuthenticationFactor(BasicAuthUtil.AUTH_SCHEME_BASIC, true);
        return decodeFromHeader;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static MetaOAuthClient.OAuthClientRuntime validateClient(RequestContext requestContext, boolean z) {
        Credential clientCredential = clientCredential(requestContext);
        if (clientCredential == null) {
            throw new WebApplicationException(buildErrorResponse(OAuthConstants.ERROR_INVALID_CLIENT, null, null));
        }
        MetaOAuthClient.OAuthClientRuntime runtimeByName = clientService.getRuntimeByName(clientCredential.getId());
        if (runtimeByName != null && runtimeByName.getAuthorizationServer() != null && runtimeByName.validateCredential(clientCredential, z)) {
            return runtimeByName;
        }
        if (clientCredential.getAuthenticationFactor(BasicAuthUtil.AUTH_SCHEME_BASIC) != null) {
            throw new WWWAuthenticateException(BasicAuthUtil.AUTH_SCHEME_BASIC, null, errorMsg(OAuthConstants.ERROR_INVALID_CLIENT, null, null));
        }
        throw new WebApplicationException(buildErrorResponse(OAuthConstants.ERROR_INVALID_CLIENT, null, null));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Response buildErrorResponse(String str, String str2, String str3) {
        String errorMsg = errorMsg(str, str2, str3);
        int i = 400;
        if (OAuthConstants.ERROR_INVALID_CLIENT.equals(str)) {
            i = 401;
        }
        return Response.status(i).header("Content-Type", "application/json").entity(errorMsg).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String errorMsg(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append("{\"error\":");
        sb.append("\"").append(StringUtil.escapeJavaScript(str)).append("\"");
        if (str2 != null) {
            sb.append(",\"error_description\":");
            sb.append("\"").append(StringUtil.escapeJavaScript(str2)).append("\"");
        }
        if (str3 != null) {
            sb.append(",\"errorUri\":");
            sb.append("\"").append(StringUtil.escapeJavaScript(str3)).append("\"");
        }
        sb.append("}");
        return sb.toString();
    }
}
