package org.smallmind.sso.oauth.v2dot0.jersey;

import java.io.IOException;
import java.net.URI;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.smallmind.nutsnbolts.lang.UnknownSwitchCaseException;
import org.smallmind.nutsnbolts.util.SnowflakeId;
import org.smallmind.sso.oauth.v2dot0.spi.InvalidClientIdException;
import org.smallmind.sso.oauth.v2dot0.spi.InvalidRedirectUriException;
import org.smallmind.sso.oauth.v2dot0.spi.MismatchingRedirectUriException;
import org.smallmind.sso.oauth.v2dot0.spi.MissingClientIdException;
import org.smallmind.sso.oauth.v2dot0.spi.MissingRedirectUriException;
import org.smallmind.sso.oauth.v2dot0.spi.ResponseType;
import org.smallmind.sso.oauth.v2dot0.spi.server.AuthorizationCycleType;
import org.smallmind.sso.oauth.v2dot0.spi.server.AuthorizationErrorType;
import org.smallmind.sso.oauth.v2dot0.spi.server.AuthorizationHandler;
import org.smallmind.sso.oauth.v2dot0.spi.server.AuthorizationRequest;
import org.smallmind.sso.oauth.v2dot0.spi.server.CredentialsDecoder;
import org.smallmind.sso.oauth.v2dot0.spi.server.ErrorAuthorizationCycle;
import org.smallmind.sso.oauth.v2dot0.spi.server.ErrorTokenResponse;
import org.smallmind.sso.oauth.v2dot0.spi.server.LoginAuthorizationCycle;
import org.smallmind.sso.oauth.v2dot0.spi.server.UserAndPassword;
import org.smallmind.sso.oauth.v2dot0.spi.server.grant.ConfirmationLoginResponse;
import org.smallmind.sso.oauth.v2dot0.spi.server.grant.LoginResponse;
import org.smallmind.sso.oauth.v2dot0.spi.server.grant.LoginResponseType;
import org.smallmind.sso.oauth.v2dot0.spi.server.grant.RefusalLoginResponse;
import org.smallmind.sso.oauth.v2dot0.spi.server.repository.CodeContent;
import org.smallmind.sso.oauth.v2dot0.spi.server.repository.CodeContentRepository;

/* loaded from: input_file:org/smallmind/sso/oauth/v2dot0/jersey/IDPService.class */
public class IDPService {
    private AuthorizationHandler authorizationHandler;
    private CodeContentRepository codeContentRepository;

    /* renamed from: org.smallmind.sso.oauth.v2dot0.jersey.IDPService$1, reason: invalid class name */
    /* loaded from: input_file:org/smallmind/sso/oauth/v2dot0/jersey/IDPService$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$AuthorizationCycleType;
        static final /* synthetic */ int[] $SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$grant$LoginResponseType = new int[LoginResponseType.values().length];

        static {
            try {
                $SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$grant$LoginResponseType[LoginResponseType.REFUSAL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$grant$LoginResponseType[LoginResponseType.CONFIRMATION.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$AuthorizationCycleType = new int[AuthorizationCycleType.values().length];
            try {
                $SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$AuthorizationCycleType[AuthorizationCycleType.ERROR.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$AuthorizationCycleType[AuthorizationCycleType.LOGIN.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public void setAuthorizationHandler(AuthorizationHandler authorizationHandler) {
        this.authorizationHandler = authorizationHandler;
    }

    public void setCodeContentRepository(CodeContentRepository codeContentRepository) {
        this.codeContentRepository = codeContentRepository;
    }

    public Response authorization(String str, String str2, String str3, String str4, String str5, Integer num, String str6) throws MissingClientIdException, InvalidClientIdException, MissingRedirectUriException, InvalidRedirectUriException, MismatchingRedirectUriException {
        if (str2 == null) {
            throw new MissingClientIdException();
        }
        ResponseType fromCode = str == null ? null : ResponseType.fromCode(str);
        ResponseType responseType = fromCode;
        if (fromCode == null) {
            AuthorizationErrorType authorizationErrorType = AuthorizationErrorType.UNSUPPORTED_RESPONSE_TYPE;
            Object[] objArr = new Object[1];
            objArr[0] = str == null ? "null" : str;
            StringBuilder formulateResponseUri = new ErrorAuthorizationCycle(str3, authorizationErrorType, str5, num, "Missing or invalid response type(%s)", objArr).formulateResponseUri();
            if (str6 != null) {
                formulateResponseUri.append("&state=").append(str6);
            }
            return Response.seeOther(URI.create(formulateResponseUri.toString())).build();
        }
        LoginAuthorizationCycle validateAuthorizationRequest = this.authorizationHandler.validateAuthorizationRequest(new AuthorizationRequest(responseType, str2, str3, str4, str5));
        StringBuilder formulateResponseUri2 = validateAuthorizationRequest.formulateResponseUri();
        switch (AnonymousClass1.$SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$AuthorizationCycleType[validateAuthorizationRequest.getCycleType().ordinal()]) {
            case 1:
                if (str6 != null) {
                    formulateResponseUri2.append("&state=").append(str6);
                }
                return Response.seeOther(URI.create(formulateResponseUri2.toString())).build();
            case 2:
                CodeContentRepository codeContentRepository = this.codeContentRepository;
                String generateCompactString = SnowflakeId.newInstance().generateCompactString();
                codeContentRepository.put(generateCompactString, num, validateAuthorizationRequest.generateCodeContent(str2, str6, str3));
                if (num != null) {
                    formulateResponseUri2.append("&max_ge=").append(num);
                }
                formulateResponseUri2.append("&code=").append(generateCompactString);
                return Response.seeOther(URI.create(formulateResponseUri2.toString())).build();
            default:
                throw new UnknownSwitchCaseException(validateAuthorizationRequest.getCycleType().name(), new Object[0]);
        }
    }

    public Response code(String str, String str2, Integer num, String str3, LoginResponse loginResponse) throws MissingRedirectUriException {
        CodeContent codeContent = this.codeContentRepository.get(str);
        if (codeContent != null) {
            switch (AnonymousClass1.$SwitchMap$org$smallmind$sso$oauth$v2dot0$spi$server$grant$LoginResponseType[loginResponse.getResponseType().ordinal()]) {
                case 1:
                    this.codeContentRepository.remove(str);
                    return Response.seeOther(URI.create(((RefusalLoginResponse) loginResponse).formulateResponseUri(codeContent.getRedirectUri()))).build();
                case 2:
                    codeContent.setSession(((ConfirmationLoginResponse) loginResponse).generateSession());
                    return Response.seeOther(URI.create(codeContent.formulateResponseUri(str, ((ConfirmationLoginResponse) loginResponse).getScope()))).build();
                default:
                    throw new UnknownSwitchCaseException(loginResponse.getResponseType().name(), new Object[0]);
            }
        }
        if (str2 == null || str2.isBlank()) {
            throw new MissingRedirectUriException();
        }
        AuthorizationErrorType authorizationErrorType = AuthorizationErrorType.INSUFFICIENT_USER_AUTHENTICATION;
        Object[] objArr = new Object[1];
        objArr[0] = num == null ? "unknown" : String.valueOf(num);
        StringBuilder formulateResponseUri = new ErrorAuthorizationCycle(str2, authorizationErrorType, (String) null, num, "The authentication request exceeded the allowable maximum time(%s seconds)", objArr).formulateResponseUri();
        if (str3 != null) {
            formulateResponseUri.append("&state=").append(str3);
        }
        return Response.seeOther(URI.create(formulateResponseUri.toString())).build();
    }

    public Response token(String str, String str2, String str3, String str4, String str5, String str6) throws IOException {
        CodeContent remove = this.codeContentRepository.remove(str3);
        if (remove == null) {
            return Response.ok(new ErrorTokenResponse(AuthorizationErrorType.INSUFFICIENT_USER_AUTHENTICATION, "The token request exceeded the allowable maximum time(unknown seconds)", new Object[0]).formulateResponseBody(), MediaType.APPLICATION_JSON_TYPE).build();
        }
        UserAndPassword userAndPassword = null;
        if (str != null) {
            userAndPassword = CredentialsDecoder.basic(str);
        } else if (str5 != null && str6 != null) {
            userAndPassword = new UserAndPassword(str5, str6);
        }
        return !this.authorizationHandler.validateTokenRequest(userAndPassword) ? Response.ok(new ErrorTokenResponse(AuthorizationErrorType.UNAUTHORIZED_CLIENT, "Missing client authorization", new Object[0]).formulateResponseBody(), MediaType.APPLICATION_JSON_TYPE).build() : ((remove.getOriginalRedirectUri() != null || str4 == null) && (remove.getOriginalRedirectUri() == null || remove.getRedirectUri().equals(str4))) ? !"authorization_code".equals(str2) ? Response.ok(new ErrorTokenResponse(AuthorizationErrorType.INVALID_REQUEST, "Invalid grant type (must be 'authorization_code')", new Object[0]).formulateResponseBody(), MediaType.APPLICATION_JSON_TYPE).build() : Response.ok(remove.formulateResponseBody(), MediaType.APPLICATION_JSON_TYPE).build() : Response.ok(new ErrorTokenResponse(AuthorizationErrorType.INVALID_REQUEST, "Mismatched request uri", new Object[0]).formulateResponseBody(), MediaType.APPLICATION_JSON_TYPE).build();
    }
}
