package org.smallmind.web.oauth.v1;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.smallmind.nutsnbolts.time.Duration;
import org.smallmind.scribe.pen.LoggerManager;
import org.smallmind.web.jwt.JWTCodec;
import org.smallmind.web.jwt.JWTToken;
import org.smallmind.web.jwt.SymmetricJWTKeyMaster;
import org.smallmind.web.oauth.GrantType;
import org.smallmind.web.oauth.OAuthProtocolException;
import org.smallmind.web.oauth.ServerAccessTokenRequest;
import org.smallmind.web.oauth.ServerAccessTokenResponse;
import org.smallmind.web.oauth.ServerErrorJsonResponse;
import org.smallmind.web.oauth.TokenType;

@Path("/v1/oauth")
/* loaded from: input_file:org/smallmind/web/oauth/v1/OAuthResource.class */
public class OAuthResource {
    private OAuthConfiguration oauthConfiguration;

    @Context
    private HttpServletRequest request;

    public void setOauthConfiguration(OAuthConfiguration oAuthConfiguration) {
        this.oauthConfiguration = oAuthConfiguration;
    }

    private Response.ResponseBuilder crossSiteAnoint(Response.ResponseBuilder responseBuilder) {
        return responseBuilder.header("Access-Control-Allow-Origin", "*").header("Access-Control-Allow-Headers", "Origin, Content-Type, X-Requested-With");
    }

    /* JADX WARN: Code restructure failed: missing block: B:66:0x017e, code lost:
    
        r1 = org.smallmind.nutsnbolts.http.HexCodec.hexDecode(r0.getValue());
        r14 = r1;
        r13 = (org.smallmind.web.oauth.v1.SSOAuthData) org.smallmind.web.oauth.v1.MungedCodec.decrypt(org.smallmind.web.oauth.v1.SSOAuthData.class, r1);
     */
    /* JADX WARN: Removed duplicated region for block: B:36:0x024d A[Catch: OAuthProtocolException -> 0x0346, TryCatch #2 {OAuthProtocolException -> 0x0346, blocks: (B:3:0x0002, B:5:0x001e, B:8:0x0049, B:10:0x0061, B:12:0x008c, B:14:0x0093, B:16:0x00a1, B:18:0x00cc, B:20:0x00de, B:23:0x00e8, B:26:0x01db, B:29:0x01f2, B:32:0x0211, B:36:0x024d, B:39:0x0266, B:41:0x0262, B:42:0x029e, B:44:0x02b5, B:45:0x0303, B:49:0x02cb, B:53:0x00fe, B:55:0x0136, B:57:0x0145, B:59:0x014b, B:62:0x0165, B:66:0x017e, B:64:0x01d0, B:69:0x0198), top: B:2:0x0002, inners: #0, #1, #3, #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:42:0x029e A[Catch: OAuthProtocolException -> 0x0346, TRY_ENTER, TryCatch #2 {OAuthProtocolException -> 0x0346, blocks: (B:3:0x0002, B:5:0x001e, B:8:0x0049, B:10:0x0061, B:12:0x008c, B:14:0x0093, B:16:0x00a1, B:18:0x00cc, B:20:0x00de, B:23:0x00e8, B:26:0x01db, B:29:0x01f2, B:32:0x0211, B:36:0x024d, B:39:0x0266, B:41:0x0262, B:42:0x029e, B:44:0x02b5, B:45:0x0303, B:49:0x02cb, B:53:0x00fe, B:55:0x0136, B:57:0x0145, B:59:0x014b, B:62:0x0165, B:66:0x017e, B:64:0x01d0, B:69:0x0198), top: B:2:0x0002, inners: #0, #1, #3, #4 }] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable, org.smallmind.web.oauth.OAuthProtocolException] */
    @javax.ws.rs.GET
    @javax.ws.rs.Produces({"application/x-www-form-urlencoded"})
    @javax.ws.rs.Path("/authorization")
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.ws.rs.core.Response authorization() {
        /*
            Method dump skipped, instructions count: 899
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.smallmind.web.oauth.v1.OAuthResource.authorization():javax.ws.rs.core.Response");
    }

    @Path("/token")
    @OPTIONS
    public Response options() {
        return crossSiteAnoint(Response.status(Response.Status.OK)).build();
    }

    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable, org.smallmind.web.oauth.OAuthProtocolException] */
    @POST
    @Produces({"application/json"})
    @Path("/token")
    public Response token() {
        ServerAccessTokenRequest serverAccessTokenRequest;
        OAuthRegistration oAuthRegistration;
        try {
            serverAccessTokenRequest = new ServerAccessTokenRequest(this.request);
            oAuthRegistration = this.oauthConfiguration.getRegistrationMap().get(serverAccessTokenRequest.getClientId());
        } catch (OAuthProtocolException e) {
            LoggerManager.getLogger(OAuthResource.class).error((Throwable) e);
            return crossSiteAnoint(Response.status(Response.Status.BAD_REQUEST)).entity(ServerErrorJsonResponse.instance().setError("server_error").setErrorDescription(e.getMessage()).build()).type("application/json").build();
        }
        if (oAuthRegistration == null) {
            return crossSiteAnoint(Response.status(Response.Status.BAD_REQUEST)).entity(ServerErrorJsonResponse.instance().setError("invalid_client").setErrorDescription("unregistered client id").build()).type("application/json").build();
        }
        if (!oAuthRegistration.isUnsafeRedirection() && !oAuthRegistration.getRedirectUri().equals(serverAccessTokenRequest.getRedirectUri())) {
            return crossSiteAnoint(Response.status(Response.Status.UNAUTHORIZED)).entity(ServerErrorJsonResponse.instance().setError("invalid_client").setErrorDescription("mismatching redirect uri").build()).type("application/json").build();
        }
        if (oAuthRegistration.getSecret() != null) {
            try {
                if (!oAuthRegistration.getSecret().equals(MungedCodec.decrypt(String.class, serverAccessTokenRequest.getClientSecret()))) {
                    return crossSiteAnoint(Response.status(Response.Status.UNAUTHORIZED)).entity(ServerErrorJsonResponse.instance().setError("invalid_client").setErrorDescription("failed client application authentication").build()).type("application/json").build();
                }
            } catch (Exception e2) {
                LoggerManager.getLogger(OAuthResource.class).error(e2);
                return crossSiteAnoint(Response.status(Response.Status.BAD_REQUEST)).entity(ServerErrorJsonResponse.instance().setError("server_error").setErrorDescription(e2.getMessage()).build()).type("application/json").build();
            }
        }
        if (GrantType.AUTHORIZATION_CODE.getParameter().equals(serverAccessTokenRequest.getGrantType())) {
            try {
                JWTToken jWTToken = (JWTToken) JWTCodec.decode(serverAccessTokenRequest.getCode(), new SymmetricJWTKeyMaster(serverAccessTokenRequest.getClientSecret()), this.oauthConfiguration.getSecretService().getSecretClass());
                return !jWTToken.getSub().equals(serverAccessTokenRequest.getClientId()) ? crossSiteAnoint(Response.status(Response.Status.UNAUTHORIZED)).entity(ServerErrorJsonResponse.instance().setError("invalid_client").setErrorDescription("code does not belong to this client").build()).type("application/json").build() : System.currentTimeMillis() - (jWTToken.getExp() * 1000) > this.oauthConfiguration.getOauthTokenGrantDuration().toMilliseconds() ? crossSiteAnoint(Response.status(Response.Status.UNAUTHORIZED)).entity(ServerErrorJsonResponse.instance().setError("invalid_client").setErrorDescription("stale code").build()).type("application/json").build() : emitAccessToken(jWTToken, this.oauthConfiguration.getOauthTokenGrantDuration(), serverAccessTokenRequest.getClientSecret());
            } catch (Exception e3) {
                LoggerManager.getLogger(OAuthResource.class).error(e3);
                return crossSiteAnoint(Response.status(Response.Status.UNAUTHORIZED)).entity(ServerErrorJsonResponse.instance().setError("invalid_client").setErrorDescription("could not parse code").build()).type("application/json").build();
            }
        }
        if (!GrantType.REFRESH_TOKEN.getParameter().equals(serverAccessTokenRequest.getGrantType())) {
            return crossSiteAnoint(Response.status(Response.Status.BAD_REQUEST)).entity(ServerErrorJsonResponse.instance().setError("unsupported_grant_type").setErrorDescription("only 'authorization_code' and 'refresh_token' grant types are supported").build()).type("application/json").build();
        }
        try {
            return emitAccessToken((JWTToken) JWTCodec.decode(serverAccessTokenRequest.getCode(), new SymmetricJWTKeyMaster(serverAccessTokenRequest.getClientSecret()), this.oauthConfiguration.getSecretService().getSecretClass()), this.oauthConfiguration.getOauthTokenGrantDuration(), serverAccessTokenRequest.getClientSecret());
        } catch (Exception e4) {
            LoggerManager.getLogger(OAuthResource.class).error(e4);
            return crossSiteAnoint(Response.status(Response.Status.UNAUTHORIZED)).entity(ServerErrorJsonResponse.instance().setError("invalid_client").setErrorDescription("could not parse refresh token").build()).type("application/json").build();
        }
        LoggerManager.getLogger(OAuthResource.class).error((Throwable) e);
        return crossSiteAnoint(Response.status(Response.Status.BAD_REQUEST)).entity(ServerErrorJsonResponse.instance().setError("server_error").setErrorDescription(e.getMessage()).build()).type("application/json").build();
    }

    private Response emitAccessToken(JWTToken jWTToken, Duration duration, String str) throws OAuthProtocolException {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            jWTToken.setExp((currentTimeMillis + duration.toMilliseconds()) / 1000);
            String encode = JWTCodec.encode(jWTToken, new SymmetricJWTKeyMaster(str));
            jWTToken.setExp(currentTimeMillis / 1000);
            return crossSiteAnoint(Response.ok(ServerAccessTokenResponse.instance().setTokenType(TokenType.BEARER.getParameter()).setAccessToken(encode).setRefreshToken(JWTCodec.encode(jWTToken, new SymmetricJWTKeyMaster(str))).setExpiresIn(String.valueOf(this.oauthConfiguration.getOauthTokenGrantDuration().getTimeUnit().toSeconds(this.oauthConfiguration.getOauthTokenGrantDuration().getTime()))).build(), "application/json")).build();
        } catch (Exception e) {
            LoggerManager.getLogger(OAuthResource.class).error(e);
            return crossSiteAnoint(Response.status(Response.Status.BAD_REQUEST)).entity(ServerErrorJsonResponse.instance().setError("server_error").setErrorDescription(e.getMessage()).build()).type("application/json").build();
        }
    }
}
