package org.forgerock.http.example;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.google.common.net.HttpHeaders;
import io.swagger.models.Swagger;
import io.swagger.util.DeserializationModule;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.forgerock.http.ApiProducer;
import org.forgerock.http.Handler;
import org.forgerock.http.filter.OptionsFilter;
import org.forgerock.http.handler.DescribableHandler;
import org.forgerock.http.header.LocationHeader;
import org.forgerock.http.protocol.Header;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.http.protocol.Status;
import org.forgerock.http.routing.RouteMatchers;
import org.forgerock.http.routing.Router;
import org.forgerock.http.routing.RoutingMode;
import org.forgerock.json.JsonValue;
import org.forgerock.json.resource.QueryResponse;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.services.context.Context;
import org.forgerock.services.descriptor.Describable;
import org.forgerock.util.encode.Base64;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;

/* loaded from: input_file:WEB-INF/lib/http-descriptor-example-2.0.18.jar:org/forgerock/http/example/DescribedOauth2Endpoint.class */
public class DescribedOauth2Endpoint implements DescribableHandler {
    private static final Swagger DESCRIPTOR;
    private final Map<String, JsonValue> userCodes = new HashMap();
    private final Map<String, String> userTokens = new HashMap();
    private final Router router = new Router();
    private Swagger descriptor;

    public DescribedOauth2Endpoint() {
        this.router.addRoute(RouteMatchers.requestUriMatcher(RoutingMode.EQUALS, "authorize"), new Handler() { // from class: org.forgerock.http.example.DescribedOauth2Endpoint.1
            @Override // org.forgerock.http.Handler
            public Promise<Response, NeverThrowsException> handle(Context context, Request request) {
                if (!OptionsFilter.METHOD_GET.equals(request.getMethod())) {
                    return Promises.newResultPromise(new Response(Status.METHOD_NOT_ALLOWED));
                }
                String first = request.getForm().getFirst("redirect_uri");
                if (first == null) {
                    return Promises.newResultPromise(new Response(Status.BAD_REQUEST));
                }
                String first2 = request.getForm().getFirst("state");
                if (!ResourceException.FIELD_CODE.equals(request.getForm().getFirst("response_type"))) {
                    return error(first, "unsupported_response_type", first2);
                }
                if (!"myclient".equals(request.getForm().getFirst("client_id"))) {
                    return error(first, "unauthorized_client", first2);
                }
                String first3 = request.getForm().getFirst("user");
                if (first3 != null) {
                    String uuid = UUID.randomUUID().toString();
                    DescribedOauth2Endpoint.this.userCodes.put(uuid, JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) new Map.Entry[]{JsonValue.field("user", first3), JsonValue.field("redirect_uri", first)})));
                    return code(first, uuid, first2);
                }
                Response response = new Response(Status.FOUND);
                response.getHeaders().add(new LocationHeader("login?" + request.getForm().toQueryString()));
                return Promises.newResultPromise(response);
            }

            private Promise<Response, NeverThrowsException> error(String str, String str2, String str3) {
                return redirect(str, str3, "error=" + str2);
            }

            private Promise<Response, NeverThrowsException> code(String str, String str2, String str3) {
                return redirect(str, str3, "code=" + str2);
            }

            private Promise<Response, NeverThrowsException> redirect(String str, String str2, String str3) {
                Response response = new Response(Status.FOUND);
                String str4 = str + (str.contains("?") ? "&" : "?");
                if (str2 != null) {
                    str4 = str4 + "state=" + str2 + "&";
                }
                response.getHeaders().add(new LocationHeader(str4 + str3));
                return Promises.newResultPromise(response);
            }
        });
        this.router.addRoute(RouteMatchers.requestUriMatcher(RoutingMode.EQUALS, "login"), new Handler() { // from class: org.forgerock.http.example.DescribedOauth2Endpoint.2
            @Override // org.forgerock.http.Handler
            public Promise<Response, NeverThrowsException> handle(Context context, Request request) {
                String authorizationHeader = DescribedOauth2Endpoint.this.getAuthorizationHeader(request);
                if (authorizationHeader != null && authorizationHeader.startsWith("Basic ")) {
                    String[] split = new String(Base64.decode(authorizationHeader.substring(6))).split(":");
                    if (split[0].equals(split[1])) {
                        Response response = new Response(Status.FOUND);
                        response.getHeaders().add(new LocationHeader("authorize?user=" + split[0] + "&" + request.getForm().toQueryString()));
                        return Promises.newResultPromise(response);
                    }
                }
                Response response2 = new Response(Status.UNAUTHORIZED);
                response2.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Really Secure OAuth2\"");
                return Promises.newResultPromise(response2);
            }
        });
        this.router.addRoute(RouteMatchers.requestUriMatcher(RoutingMode.EQUALS, "token"), new Handler() { // from class: org.forgerock.http.example.DescribedOauth2Endpoint.3
            @Override // org.forgerock.http.Handler
            public Promise<Response, NeverThrowsException> handle(Context context, Request request) {
                if (!OptionsFilter.METHOD_POST.equals(request.getMethod())) {
                    return Promises.newResultPromise(new Response(Status.METHOD_NOT_ALLOWED));
                }
                if (!"myclient".equals(request.getForm().getFirst("client_id")) || !"password".equals(request.getForm().getFirst("client_secret"))) {
                    return error("invalid_client");
                }
                if (!"authorization_code".equals(request.getForm().getFirst("grant_type"))) {
                    return error("unsupported_grant_type");
                }
                String first = request.getForm().getFirst(ResourceException.FIELD_CODE);
                if (first == null) {
                    return error("invalid_request");
                }
                JsonValue jsonValue = (JsonValue) DescribedOauth2Endpoint.this.userCodes.remove(first);
                if (jsonValue == null) {
                    return error("invalid_grant");
                }
                if (!jsonValue.get("redirect_uri").asString().equals(request.getForm().getFirst("redirect_uri"))) {
                    return error("invalid_request");
                }
                String uuid = UUID.randomUUID().toString();
                DescribedOauth2Endpoint.this.userTokens.put(uuid, jsonValue.get("user").asString());
                return Promises.newResultPromise(new Response(Status.OK).setEntity((Object) JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) new Map.Entry[]{JsonValue.field("access_token", uuid), JsonValue.field("token_type", "bearer")}))));
            }

            private Promise<Response, NeverThrowsException> error(String str) {
                return Promises.newResultPromise(new Response(Status.BAD_REQUEST).setEntity((Object) JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) new Map.Entry[]{JsonValue.field(QueryResponse.FIELD_ERROR, str)}))));
            }
        });
        this.router.addRoute(RouteMatchers.requestUriMatcher(RoutingMode.EQUALS, "api"), new Handler() { // from class: org.forgerock.http.example.DescribedOauth2Endpoint.4
            @Override // org.forgerock.http.Handler
            public Promise<Response, NeverThrowsException> handle(Context context, Request request) {
                String str;
                if (!OptionsFilter.METHOD_GET.equals(request.getMethod())) {
                    return Promises.newResultPromise(new Response(Status.METHOD_NOT_ALLOWED));
                }
                String authorizationHeader = DescribedOauth2Endpoint.this.getAuthorizationHeader(request);
                return (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ") || (str = (String) DescribedOauth2Endpoint.this.userTokens.get(authorizationHeader.substring(7))) == null) ? Promises.newResultPromise(new Response(Status.UNAUTHORIZED)) : Promises.newResultPromise(new Response(Status.OK).setEntity((Object) JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) new Map.Entry[]{JsonValue.field("user", str)}))));
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getAuthorizationHeader(Request request) {
        Header header = request.getHeaders().get2(HttpHeaders.AUTHORIZATION);
        String str = null;
        if (header != null) {
            str = header.getFirstValue();
        }
        return str;
    }

    @Override // org.forgerock.http.Handler
    public Promise<Response, NeverThrowsException> handle(Context context, Request request) {
        return this.router.handle(context, request);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.forgerock.services.descriptor.Describable
    public Swagger api(ApiProducer<Swagger> apiProducer) {
        this.descriptor = apiProducer.addApiInfo(DESCRIPTOR);
        return this.descriptor;
    }

    @Override // org.forgerock.services.descriptor.Describable
    public Swagger handleApiRequest(Context context, Request request) {
        return this.descriptor;
    }

    @Override // org.forgerock.services.descriptor.Describable
    public void addDescriptorListener(Describable.Listener listener) {
    }

    @Override // org.forgerock.services.descriptor.Describable
    public void removeDescriptorListener(Describable.Listener listener) {
    }

    static {
        try {
            DESCRIPTOR = (Swagger) new ObjectMapper(new YAMLFactory()).registerModule(new DeserializationModule()).readValue(DescribedOauth2Endpoint.class.getResourceAsStream("DescribedOAuth2Endpoint.openapi.yaml"), Swagger.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
