package nl.myndocs.oauth2.grant;

import java.util.Arrays;
import java.util.Set;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import nl.myndocs.oauth2.client.AuthorizedGrantType;
import nl.myndocs.oauth2.client.Client;
import nl.myndocs.oauth2.exception.InvalidClientException;
import nl.myndocs.oauth2.exception.InvalidGrantException;
import nl.myndocs.oauth2.exception.InvalidRequestException;
import nl.myndocs.oauth2.exception.InvalidScopeException;
import nl.myndocs.oauth2.identity.Identity;
import nl.myndocs.oauth2.identity.TokenInfo;
import nl.myndocs.oauth2.request.AuthorizationCodeRequest;
import nl.myndocs.oauth2.request.ClientCredentialsRequest;
import nl.myndocs.oauth2.request.ClientRequest;
import nl.myndocs.oauth2.request.PasswordGrantRequest;
import nl.myndocs.oauth2.request.RefreshTokenRequest;
import nl.myndocs.oauth2.token.AccessToken;
import org.jetbrains.annotations.NotNull;

/* compiled from: CallRouterDefault.kt */
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 2, d1 = {"��D\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n��\n\u0002\u0010\"\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\u001a\n\u0010\u0004\u001a\u00020\u0005*\u00020\u0006\u001a\n\u0010\u0007\u001a\u00020\u0005*\u00020\u0006\u001a\n\u0010\b\u001a\u00020\u0005*\u00020\u0006\u001a\n\u0010\t\u001a\u00020\u0005*\u00020\u0006\u001a&\u0010\n\u001a\u00020\u000b*\u00020\u00062\f\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u00010\r2\f\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00010\r\u001a\u0012\u0010\u000f\u001a\u00020\u0010*\u00020\u00062\u0006\u0010\u0011\u001a\u00020\u0012\u001a\u0012\u0010\u0013\u001a\u00020\u0014*\u00020\u00062\u0006\u0010\u0015\u001a\u00020\u0001\u001a(\u0010\u0016\u001a\u00020\u0010*\u00020\u00062\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\f\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00010\r\"\u0014\u0010��\u001a\u00020\u0001X\u0080D¢\u0006\b\n��\u001a\u0004\b\u0002\u0010\u0003¨\u0006\u001b"}, d2 = {"INVALID_REQUEST_FIELD_MESSAGE", "", "getINVALID_REQUEST_FIELD_MESSAGE", "()Ljava/lang/String;", "grantAuthorizationCode", "Lnl/myndocs/oauth2/grant/Granter;", "Lnl/myndocs/oauth2/grant/GrantingCall;", "grantClientCredentials", "grantPassword", "grantRefreshToken", "scopesAllowed", "", "clientScopes", "", "requestedScopes", "throwExceptionIfUnverifiedClient", "", "clientRequest", "Lnl/myndocs/oauth2/request/ClientRequest;", "tokenInfo", "Lnl/myndocs/oauth2/identity/TokenInfo;", "accessToken", "validateScopes", "client", "Lnl/myndocs/oauth2/client/Client;", "identity", "Lnl/myndocs/oauth2/identity/Identity;", "oauth2-server-core"})
/* loaded from: input_file:nl/myndocs/oauth2/grant/CallRouterDefaultKt.class */
public final class CallRouterDefaultKt {

    @NotNull
    private static final String INVALID_REQUEST_FIELD_MESSAGE = INVALID_REQUEST_FIELD_MESSAGE;

    @NotNull
    private static final String INVALID_REQUEST_FIELD_MESSAGE = INVALID_REQUEST_FIELD_MESSAGE;

    @NotNull
    public static final Granter grantPassword(@NotNull final GrantingCall grantingCall) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$grantPassword");
        return GrantBuilderKt.granter(AuthorizedGrantType.PASSWORD, new Function0<Unit>() { // from class: nl.myndocs.oauth2.grant.CallRouterDefaultKt$grantPassword$1
            public /* bridge */ /* synthetic */ Object invoke() {
                m13invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m13invoke() {
                AccessToken authorize = CallRouterAuthorizeKt.authorize(GrantingCall.this, new PasswordGrantRequest(GrantingCall.this.getCallContext().getFormParameters().get("client_id"), GrantingCall.this.getCallContext().getFormParameters().get("client_secret"), GrantingCall.this.getCallContext().getFormParameters().get("username"), GrantingCall.this.getCallContext().getFormParameters().get(AuthorizedGrantType.PASSWORD), GrantingCall.this.getCallContext().getFormParameters().get("scope")));
                GrantingCall.this.getCallContext().respondHeader("Cache-Control", "no-store");
                GrantingCall.this.getCallContext().respondHeader("Pragma", "no-cache");
                GrantingCall.this.getCallContext().respondJson(GrantingCall.this.getAccessTokenResponder().createResponse(authorize));
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
    }

    @NotNull
    public static final Granter grantClientCredentials(@NotNull final GrantingCall grantingCall) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$grantClientCredentials");
        return GrantBuilderKt.granter(AuthorizedGrantType.CLIENT_CREDENTIALS, new Function0<Unit>() { // from class: nl.myndocs.oauth2.grant.CallRouterDefaultKt$grantClientCredentials$1
            public /* bridge */ /* synthetic */ Object invoke() {
                m12invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m12invoke() {
                AccessToken authorize = CallRouterAuthorizeKt.authorize(GrantingCall.this, new ClientCredentialsRequest(GrantingCall.this.getCallContext().getFormParameters().get("client_id"), GrantingCall.this.getCallContext().getFormParameters().get("client_secret"), GrantingCall.this.getCallContext().getFormParameters().get("scope")));
                GrantingCall.this.getCallContext().respondHeader("Cache-Control", "no-store");
                GrantingCall.this.getCallContext().respondHeader("Pragma", "no-cache");
                GrantingCall.this.getCallContext().respondJson(GrantingCall.this.getAccessTokenResponder().createResponse(authorize));
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
    }

    @NotNull
    public static final Granter grantRefreshToken(@NotNull final GrantingCall grantingCall) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$grantRefreshToken");
        return GrantBuilderKt.granter(AuthorizedGrantType.REFRESH_TOKEN, new Function0<Unit>() { // from class: nl.myndocs.oauth2.grant.CallRouterDefaultKt$grantRefreshToken$1
            public /* bridge */ /* synthetic */ Object invoke() {
                m14invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m14invoke() {
                AccessToken refresh = CallRouterRefreshKt.refresh(GrantingCall.this, new RefreshTokenRequest(GrantingCall.this.getCallContext().getFormParameters().get("client_id"), GrantingCall.this.getCallContext().getFormParameters().get("client_secret"), GrantingCall.this.getCallContext().getFormParameters().get(AuthorizedGrantType.REFRESH_TOKEN)));
                GrantingCall.this.getCallContext().respondHeader("Cache-Control", "no-store");
                GrantingCall.this.getCallContext().respondHeader("Pragma", "no-cache");
                GrantingCall.this.getCallContext().respondJson(GrantingCall.this.getAccessTokenResponder().createResponse(refresh));
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
    }

    @NotNull
    public static final Granter grantAuthorizationCode(@NotNull final GrantingCall grantingCall) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$grantAuthorizationCode");
        return GrantBuilderKt.granter(AuthorizedGrantType.AUTHORIZATION_CODE, new Function0<Unit>() { // from class: nl.myndocs.oauth2.grant.CallRouterDefaultKt$grantAuthorizationCode$1
            public /* bridge */ /* synthetic */ Object invoke() {
                m11invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m11invoke() {
                AccessToken authorize = CallRouterAuthorizeKt.authorize(GrantingCall.this, new AuthorizationCodeRequest(GrantingCall.this.getCallContext().getFormParameters().get("client_id"), GrantingCall.this.getCallContext().getFormParameters().get("client_secret"), GrantingCall.this.getCallContext().getFormParameters().get("code"), GrantingCall.this.getCallContext().getFormParameters().get("redirect_uri")));
                GrantingCall.this.getCallContext().respondHeader("Cache-Control", "no-store");
                GrantingCall.this.getCallContext().respondHeader("Pragma", "no-cache");
                GrantingCall.this.getCallContext().respondJson(GrantingCall.this.getAccessTokenResponder().createResponse(authorize));
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
    }

    @NotNull
    public static final String getINVALID_REQUEST_FIELD_MESSAGE() {
        return INVALID_REQUEST_FIELD_MESSAGE;
    }

    public static final void validateScopes(@NotNull GrantingCall grantingCall, @NotNull Client client, @NotNull Identity identity, @NotNull Set<String> set) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$validateScopes");
        Intrinsics.checkParameterIsNotNull(client, "client");
        Intrinsics.checkParameterIsNotNull(identity, "identity");
        Intrinsics.checkParameterIsNotNull(set, "requestedScopes");
        if (!scopesAllowed(grantingCall, client.getClientScopes(), set)) {
            throw new InvalidScopeException(SetsKt.minus(set, client.getClientScopes()));
        }
        Set minus = SetsKt.minus(set, grantingCall.getIdentityService().allowedScopes(client, identity, set));
        if (!minus.isEmpty()) {
            throw new InvalidScopeException(minus);
        }
    }

    @NotNull
    public static final TokenInfo tokenInfo(@NotNull GrantingCall grantingCall, @NotNull String str) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$tokenInfo");
        Intrinsics.checkParameterIsNotNull(str, "accessToken");
        AccessToken accessToken = grantingCall.getTokenStore().accessToken(str);
        if (accessToken == null) {
            throw new InvalidGrantException(null, 1, null);
        }
        Client clientOf = grantingCall.getClientService().clientOf(accessToken.getClientId());
        if (clientOf == null) {
            throw new InvalidClientException();
        }
        Identity identity = accessToken.getIdentity();
        return new TokenInfo(identity != null ? grantingCall.getIdentityService().identityOf(clientOf, identity.getUsername()) : null, clientOf, accessToken.getScopes());
    }

    public static final void throwExceptionIfUnverifiedClient(@NotNull GrantingCall grantingCall, @NotNull ClientRequest clientRequest) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$throwExceptionIfUnverifiedClient");
        Intrinsics.checkParameterIsNotNull(clientRequest, "clientRequest");
        String clientId = clientRequest.getClientId();
        if (clientId == null) {
            Object[] objArr = {"client_id"};
            String format = String.format(INVALID_REQUEST_FIELD_MESSAGE, Arrays.copyOf(objArr, objArr.length));
            Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(this, *args)");
            throw new InvalidRequestException(format);
        }
        String clientSecret = clientRequest.getClientSecret();
        if (clientSecret == null) {
            Object[] objArr2 = {"client_secret"};
            String format2 = String.format(INVALID_REQUEST_FIELD_MESSAGE, Arrays.copyOf(objArr2, objArr2.length));
            Intrinsics.checkExpressionValueIsNotNull(format2, "java.lang.String.format(this, *args)");
            throw new InvalidRequestException(format2);
        }
        Client clientOf = grantingCall.getClientService().clientOf(clientId);
        if (clientOf == null) {
            throw new InvalidClientException();
        }
        if (!grantingCall.getClientService().validClient(clientOf, clientSecret)) {
            throw new InvalidClientException();
        }
    }

    public static final boolean scopesAllowed(@NotNull GrantingCall grantingCall, @NotNull Set<String> set, @NotNull Set<String> set2) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$scopesAllowed");
        Intrinsics.checkParameterIsNotNull(set, "clientScopes");
        Intrinsics.checkParameterIsNotNull(set2, "requestedScopes");
        return set.containsAll(set2);
    }
}
