package nl.myndocs.oauth2.grant;

import java.util.Arrays;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import nl.myndocs.oauth2.client.AuthorizedGrantType;
import nl.myndocs.oauth2.client.Client;
import nl.myndocs.oauth2.client.ClientService;
import nl.myndocs.oauth2.exception.InvalidClientException;
import nl.myndocs.oauth2.exception.InvalidGrantException;
import nl.myndocs.oauth2.exception.InvalidIdentityException;
import nl.myndocs.oauth2.exception.InvalidRequestException;
import nl.myndocs.oauth2.identity.Identity;
import nl.myndocs.oauth2.identity.IdentityService;
import nl.myndocs.oauth2.request.RedirectAuthorizationCodeRequest;
import nl.myndocs.oauth2.request.RedirectTokenRequest;
import nl.myndocs.oauth2.scope.ScopeParser;
import nl.myndocs.oauth2.token.AccessToken;
import nl.myndocs.oauth2.token.CodeToken;
import nl.myndocs.oauth2.token.converter.CodeTokenConverter;
import org.jetbrains.annotations.NotNull;

/* compiled from: CallRouterRedirect.kt */
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 2, d1 = {"��&\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0001\n��\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\u001a\u0010\u0010��\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0001H\u0002\u001a\u0010\u0010��\u001a\u00020\u00032\u0006\u0010\u0002\u001a\u00020\u0003H\u0002\u001a\u0010\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u0007H\u0002\u001a\u0012\u0010\u0002\u001a\u00020\b*\u00020\t2\u0006\u0010\u0002\u001a\u00020\u0001\u001a\u0012\u0010\u0002\u001a\u00020\n*\u00020\t2\u0006\u0010\u0002\u001a\u00020\u0003¨\u0006\u000b"}, d2 = {"checkMissingFields", "Lnl/myndocs/oauth2/request/RedirectAuthorizationCodeRequest;", "redirect", "Lnl/myndocs/oauth2/request/RedirectTokenRequest;", "throwMissingField", "", "field", "", "Lnl/myndocs/oauth2/token/CodeToken;", "Lnl/myndocs/oauth2/grant/GrantingCall;", "Lnl/myndocs/oauth2/token/AccessToken;", "oauth2-server-core"})
/* loaded from: input_file:nl/myndocs/oauth2/grant/CallRouterRedirectKt.class */
public final class CallRouterRedirectKt {
    @NotNull
    public static final CodeToken redirect(@NotNull GrantingCall grantingCall, @NotNull RedirectAuthorizationCodeRequest redirectAuthorizationCodeRequest) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$redirect");
        Intrinsics.checkParameterIsNotNull(redirectAuthorizationCodeRequest, "redirect");
        checkMissingFields(redirectAuthorizationCodeRequest);
        ClientService clientService = grantingCall.getClientService();
        String clientId = redirectAuthorizationCodeRequest.getClientId();
        if (clientId == null) {
            Intrinsics.throwNpe();
        }
        Client clientOf = clientService.clientOf(clientId);
        if (clientOf == null) {
            throw new InvalidClientException();
        }
        if (!CollectionsKt.contains(clientOf.getRedirectUris(), redirectAuthorizationCodeRequest.getRedirectUri())) {
            throw new InvalidGrantException("invalid 'redirect_uri'");
        }
        if (!clientOf.getAuthorizedGrantTypes().contains(AuthorizedGrantType.AUTHORIZATION_CODE)) {
            throw new InvalidGrantException("Authorize not allowed: '" + AuthorizedGrantType.AUTHORIZATION_CODE + '\'');
        }
        IdentityService identityService = grantingCall.getIdentityService();
        String username = redirectAuthorizationCodeRequest.getUsername();
        if (username == null) {
            Intrinsics.throwNpe();
        }
        Identity identityOf = identityService.identityOf(clientOf, username);
        if (identityOf == null) {
            throw new InvalidIdentityException();
        }
        IdentityService identityService2 = grantingCall.getIdentityService();
        String password = redirectAuthorizationCodeRequest.getPassword();
        if (password == null) {
            Intrinsics.throwNpe();
        }
        if (!identityService2.validCredentials(clientOf, identityOf, password)) {
            throw new InvalidIdentityException();
        }
        Set<String> parseScopes = ScopeParser.INSTANCE.parseScopes(redirectAuthorizationCodeRequest.getScope());
        if (redirectAuthorizationCodeRequest.getScope() == null) {
            parseScopes = clientOf.getClientScopes();
        }
        CallRouterDefaultKt.validateScopes(grantingCall, clientOf, identityOf, parseScopes);
        CodeTokenConverter codeTokenConverter = grantingCall.getConverters().getCodeTokenConverter();
        String clientId2 = clientOf.getClientId();
        String redirectUri = redirectAuthorizationCodeRequest.getRedirectUri();
        if (redirectUri == null) {
            Intrinsics.throwNpe();
        }
        CodeToken convertToToken = codeTokenConverter.convertToToken(identityOf, clientId2, redirectUri, parseScopes);
        grantingCall.getTokenStore().storeCodeToken(convertToToken);
        return convertToToken;
    }

    @NotNull
    public static final AccessToken redirect(@NotNull GrantingCall grantingCall, @NotNull RedirectTokenRequest redirectTokenRequest) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$redirect");
        Intrinsics.checkParameterIsNotNull(redirectTokenRequest, "redirect");
        checkMissingFields(redirectTokenRequest);
        ClientService clientService = grantingCall.getClientService();
        String clientId = redirectTokenRequest.getClientId();
        if (clientId == null) {
            Intrinsics.throwNpe();
        }
        Client clientOf = clientService.clientOf(clientId);
        if (clientOf == null) {
            throw new InvalidClientException();
        }
        if (!CollectionsKt.contains(clientOf.getRedirectUris(), redirectTokenRequest.getRedirectUri())) {
            throw new InvalidGrantException("invalid 'redirect_uri'");
        }
        if (!clientOf.getAuthorizedGrantTypes().contains(AuthorizedGrantType.IMPLICIT)) {
            throw new InvalidGrantException("Authorize not allowed: '" + AuthorizedGrantType.IMPLICIT + '\'');
        }
        IdentityService identityService = grantingCall.getIdentityService();
        String username = redirectTokenRequest.getUsername();
        if (username == null) {
            Intrinsics.throwNpe();
        }
        Identity identityOf = identityService.identityOf(clientOf, username);
        if (identityOf == null) {
            throw new InvalidIdentityException();
        }
        IdentityService identityService2 = grantingCall.getIdentityService();
        String password = redirectTokenRequest.getPassword();
        if (password == null) {
            Intrinsics.throwNpe();
        }
        if (!identityService2.validCredentials(clientOf, identityOf, password)) {
            throw new InvalidIdentityException();
        }
        Set<String> parseScopes = ScopeParser.INSTANCE.parseScopes(redirectTokenRequest.getScope());
        if (redirectTokenRequest.getScope() == null) {
            parseScopes = clientOf.getClientScopes();
        }
        CallRouterDefaultKt.validateScopes(grantingCall, clientOf, identityOf, parseScopes);
        AccessToken convertToToken = grantingCall.getConverters().getAccessTokenConverter().convertToToken(identityOf, clientOf.getClientId(), parseScopes, null);
        grantingCall.getTokenStore().storeAccessToken(convertToToken);
        return convertToToken;
    }

    private static final Void throwMissingField(String str) {
        Object[] objArr = {str};
        String format = String.format(CallRouterDefaultKt.getINVALID_REQUEST_FIELD_MESSAGE(), Arrays.copyOf(objArr, objArr.length));
        Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(this, *args)");
        throw new InvalidRequestException(format);
    }

    private static final RedirectTokenRequest checkMissingFields(RedirectTokenRequest redirectTokenRequest) {
        if (redirectTokenRequest.getClientId() == null) {
            throwMissingField("client_id");
            throw null;
        }
        if (redirectTokenRequest.getUsername() == null) {
            throwMissingField("username");
            throw null;
        }
        if (redirectTokenRequest.getPassword() == null) {
            throwMissingField(AuthorizedGrantType.PASSWORD);
            throw null;
        }
        if (redirectTokenRequest.getRedirectUri() != null) {
            return redirectTokenRequest;
        }
        throwMissingField("redirect_uri");
        throw null;
    }

    private static final RedirectAuthorizationCodeRequest checkMissingFields(RedirectAuthorizationCodeRequest redirectAuthorizationCodeRequest) {
        if (redirectAuthorizationCodeRequest.getClientId() == null) {
            throwMissingField("client_id");
            throw null;
        }
        if (redirectAuthorizationCodeRequest.getUsername() == null) {
            throwMissingField("username");
            throw null;
        }
        if (redirectAuthorizationCodeRequest.getPassword() == null) {
            throwMissingField(AuthorizedGrantType.PASSWORD);
            throw null;
        }
        if (redirectAuthorizationCodeRequest.getRedirectUri() != null) {
            return redirectAuthorizationCodeRequest;
        }
        throwMissingField("redirect_uri");
        throw null;
    }
}
