package org.forgerock.oauth2.restlet;

import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.oauth2.core.AuthorizationService;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.OAuth2RequestFactory;
import org.forgerock.oauth2.core.RedirectUriResolver;
import org.forgerock.oauth2.core.ResourceOwnerSessionValidator;
import org.forgerock.oauth2.core.exceptions.CsrfException;
import org.forgerock.oauth2.core.exceptions.DuplicateRequestParameterException;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.OAuth2Exception;
import org.forgerock.oauth2.core.exceptions.OAuth2ProviderNotFoundException;
import org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException;
import org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired;
import org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired;
import org.forgerock.openam.services.baseurl.BaseURLProviderFactory;
import org.forgerock.openam.xui.XUIState;
import org.restlet.representation.Representation;
import org.restlet.resource.Get;
import org.restlet.resource.Post;
import org.restlet.routing.Router;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/oauth2/restlet/AuthorizeResource.class */
public class AuthorizeResource extends ConsentRequiredResource {
    private final Logger logger;
    private final OAuth2RequestFactory requestFactory;
    private final AuthorizationService authorizationService;
    private final ExceptionHandler exceptionHandler;
    private final OAuth2Representation representation;
    private final Set<AuthorizeRequestHook> hooks;
    private final RedirectUriResolver redirectUriResolver;

    @Inject
    public AuthorizeResource(OAuth2RequestFactory oAuth2RequestFactory, AuthorizationService authorizationService, ExceptionHandler exceptionHandler, OAuth2Representation oAuth2Representation, Set<AuthorizeRequestHook> set, XUIState xUIState, @Named("OAuth2Router") Router router, BaseURLProviderFactory baseURLProviderFactory, RedirectUriResolver redirectUriResolver, ResourceOwnerSessionValidator resourceOwnerSessionValidator) {
        super(router, baseURLProviderFactory, xUIState, resourceOwnerSessionValidator);
        this.logger = LoggerFactory.getLogger("OAuth2Provider");
        this.requestFactory = oAuth2RequestFactory;
        this.authorizationService = authorizationService;
        this.exceptionHandler = exceptionHandler;
        this.representation = oAuth2Representation;
        this.hooks = set;
        this.redirectUriResolver = redirectUriResolver;
    }

    @Get
    public Representation authorize() throws OAuth2RestletException {
        OAuth2Request create = this.requestFactory.create(getRequest());
        Iterator<AuthorizeRequestHook> it = this.hooks.iterator();
        while (it.hasNext()) {
            it.next().beforeAuthorizeHandling(create, getRequest(), getResponse());
        }
        try {
            Representation representation = this.representation.toRepresentation(getContext(), getRequest(), getResponse(), this.authorizationService.authorize(create), this.redirectUriResolver.resolve(create));
            Iterator<AuthorizeRequestHook> it2 = this.hooks.iterator();
            while (it2.hasNext()) {
                it2.next().afterAuthorizeSuccess(create, getRequest(), getResponse());
            }
            return representation;
        } catch (IllegalArgumentException e) {
            if (e.getMessage().contains("client_id")) {
                throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), (String) create.getParameter("state"));
            }
            throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), (String) create.getParameter("redirect_uri"), (String) create.getParameter("state"));
        } catch (DuplicateRequestParameterException e2) {
            throw new OAuth2RestletException(400, "invalid_request", e2.getMessage(), (String) create.getParameter("state"));
        } catch (InvalidClientException e3) {
            throw new OAuth2RestletException(e3.getStatusCode(), e3.getError(), e3.getMessage(), (String) create.getParameter("state"));
        } catch (OAuth2ProviderNotFoundException e4) {
            throw new OAuth2RestletException(e4.getStatusCode(), e4.getError(), e4.getMessage(), (String) create.getParameter("state"));
        } catch (RedirectUriMismatchException e5) {
            throw new OAuth2RestletException(e5.getStatusCode(), e5.getError(), e5.getMessage(), (String) create.getParameter("state"));
        } catch (ResourceOwnerAuthenticationRequired e6) {
            throw new OAuth2RestletException(e6.getStatusCode(), e6.getError(), e6.getMessage(), e6.getRedirectUri().toString(), null);
        } catch (OAuth2Exception e7) {
            throw new OAuth2RestletException(e7.getStatusCode(), e7.getError(), e7.getMessage(), (String) create.getParameter("redirect_uri"), (String) create.getParameter("state"), e7.getParameterLocation());
        } catch (ResourceOwnerConsentRequired e8) {
            return this.representation.getRepresentation(getContext(), create, "authorize.ftl", getDataModel(e8, create));
        }
    }

    @Post
    public Representation authorize(Representation representation) throws OAuth2RestletException {
        OAuth2Request create = this.requestFactory.create(getRequest());
        Iterator<AuthorizeRequestHook> it = this.hooks.iterator();
        while (it.hasNext()) {
            it.next().beforeAuthorizeHandling(create, getRequest(), getResponse());
        }
        try {
            Representation representation2 = this.representation.toRepresentation(getContext(), getRequest(), getResponse(), this.authorizationService.authorize(create, "allow".equalsIgnoreCase((String) create.getParameter("decision")), "on".equalsIgnoreCase((String) create.getParameter("save_consent"))), this.redirectUriResolver.resolve(create));
            Iterator<AuthorizeRequestHook> it2 = this.hooks.iterator();
            while (it2.hasNext()) {
                it2.next().afterAuthorizeSuccess(create, getRequest(), getResponse());
            }
            return representation2;
        } catch (CsrfException e) {
            throw new OAuth2RestletException(400, "bad_request", e.getMessage(), (String) create.getParameter("state"));
        } catch (DuplicateRequestParameterException e2) {
            throw new OAuth2RestletException(400, "invalid_request", e2.getMessage(), (String) create.getParameter("state"));
        } catch (InvalidClientException e3) {
            throw new OAuth2RestletException(e3.getStatusCode(), e3.getError(), e3.getMessage(), (String) create.getParameter("state"));
        } catch (RedirectUriMismatchException e4) {
            throw new OAuth2RestletException(e4.getStatusCode(), e4.getError(), e4.getMessage(), (String) create.getParameter("state"));
        } catch (ResourceOwnerAuthenticationRequired e5) {
            throw new OAuth2RestletException(e5.getStatusCode(), e5.getError(), e5.getMessage(), e5.getRedirectUri().toString(), null);
        } catch (OAuth2Exception e6) {
            throw new OAuth2RestletException(e6.getStatusCode(), e6.getError(), e6.getMessage(), (String) create.getParameter("redirect_uri"), (String) create.getParameter("state"), e6.getParameterLocation());
        }
    }

    protected void doCatch(Throwable th) {
        this.exceptionHandler.handle(th, getContext(), getRequest(), getResponse());
    }
}
