package nl.myndocs.oauth2.grant;

import java.util.Arrays;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import nl.myndocs.oauth2.client.AuthorizedGrantType;
import nl.myndocs.oauth2.client.Client;
import nl.myndocs.oauth2.client.ClientService;
import nl.myndocs.oauth2.exception.InvalidClientException;
import nl.myndocs.oauth2.exception.InvalidGrantException;
import nl.myndocs.oauth2.exception.InvalidIdentityException;
import nl.myndocs.oauth2.exception.InvalidRequestException;
import nl.myndocs.oauth2.identity.Identity;
import nl.myndocs.oauth2.request.AuthorizationCodeRequest;
import nl.myndocs.oauth2.request.PasswordGrantRequest;
import nl.myndocs.oauth2.scope.ScopeParser;
import nl.myndocs.oauth2.token.AccessToken;
import nl.myndocs.oauth2.token.CodeToken;
import org.jetbrains.annotations.NotNull;

/* compiled from: CallRouterAuthorize.kt */
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 2, d1 = {"��\u001e\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\u001a\u0012\u0010��\u001a\u00020\u0001*\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u0004\u001a\u0012\u0010��\u001a\u00020\u0001*\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0006\u001a\u0012\u0010��\u001a\u00020\u0001*\u00020\u00022\u0006\u0010\u0007\u001a\u00020\b¨\u0006\t"}, d2 = {"authorize", "Lnl/myndocs/oauth2/token/AccessToken;", "Lnl/myndocs/oauth2/grant/GrantingCall;", "authorizationCodeRequest", "Lnl/myndocs/oauth2/request/AuthorizationCodeRequest;", "clientCredentialsRequest", "Lnl/myndocs/oauth2/request/ClientCredentialsRequest;", "passwordGrantRequest", "Lnl/myndocs/oauth2/request/PasswordGrantRequest;", "oauth2-server-core"})
/* loaded from: input_file:nl/myndocs/oauth2/grant/CallRouterAuthorizeKt.class */
public final class CallRouterAuthorizeKt {
    @NotNull
    public static final AccessToken authorize(@NotNull GrantingCall grantingCall, @NotNull PasswordGrantRequest passwordGrantRequest) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$authorize");
        Intrinsics.checkParameterIsNotNull(passwordGrantRequest, "passwordGrantRequest");
        CallRouterDefaultKt.throwExceptionIfUnverifiedClient(grantingCall, passwordGrantRequest);
        if (passwordGrantRequest.getUsername() == null) {
            Object[] objArr = {"username"};
            String format = String.format(CallRouterDefaultKt.getINVALID_REQUEST_FIELD_MESSAGE(), Arrays.copyOf(objArr, objArr.length));
            Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(this, *args)");
            throw new InvalidRequestException(format);
        }
        if (passwordGrantRequest.getPassword() == null) {
            String invalid_request_field_message = CallRouterDefaultKt.getINVALID_REQUEST_FIELD_MESSAGE();
            Object[] objArr2 = {AuthorizedGrantType.PASSWORD};
            String format2 = String.format(invalid_request_field_message, Arrays.copyOf(objArr2, objArr2.length));
            Intrinsics.checkExpressionValueIsNotNull(format2, "java.lang.String.format(this, *args)");
            throw new InvalidRequestException(format2);
        }
        ClientService clientService = grantingCall.getClientService();
        String clientId = passwordGrantRequest.getClientId();
        if (clientId == null) {
            Intrinsics.throwNpe();
        }
        Client clientOf = clientService.clientOf(clientId);
        if (clientOf == null) {
            throw new InvalidClientException();
        }
        if (!clientOf.getAuthorizedGrantTypes().contains(AuthorizedGrantType.PASSWORD)) {
            throw new InvalidGrantException("Authorize not allowed: '" + AuthorizedGrantType.PASSWORD + '\'');
        }
        Identity identityOf = grantingCall.getIdentityService().identityOf(clientOf, passwordGrantRequest.getUsername());
        if (identityOf == null || !grantingCall.getIdentityService().validCredentials(clientOf, identityOf, passwordGrantRequest.getPassword())) {
            throw new InvalidIdentityException();
        }
        Set<String> set = CollectionsKt.toSet(ScopeParser.INSTANCE.parseScopes(passwordGrantRequest.getScope()));
        if (passwordGrantRequest.getScope() == null) {
            set = clientOf.getClientScopes();
        }
        CallRouterDefaultKt.validateScopes(grantingCall, clientOf, identityOf, set);
        AccessToken convertToToken = grantingCall.getConverters().getAccessTokenConverter().convertToToken(identityOf, clientOf.getClientId(), set, grantingCall.getConverters().getRefreshTokenConverter().convertToToken(identityOf, clientOf.getClientId(), set));
        grantingCall.getTokenStore().storeAccessToken(convertToToken);
        return convertToToken;
    }

    @NotNull
    public static final AccessToken authorize(@NotNull GrantingCall grantingCall, @NotNull AuthorizationCodeRequest authorizationCodeRequest) {
        Intrinsics.checkParameterIsNotNull(grantingCall, "$this$authorize");
        Intrinsics.checkParameterIsNotNull(authorizationCodeRequest, "authorizationCodeRequest");
        CallRouterDefaultKt.throwExceptionIfUnverifiedClient(grantingCall, authorizationCodeRequest);
        if (authorizationCodeRequest.getCode() == null) {
            Object[] objArr = {"code"};
            String format = String.format(CallRouterDefaultKt.getINVALID_REQUEST_FIELD_MESSAGE(), Arrays.copyOf(objArr, objArr.length));
            Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(this, *args)");
            throw new InvalidRequestException(format);
        }
        if (authorizationCodeRequest.getRedirectUri() == null) {
            Object[] objArr2 = {"redirect_uri"};
            String format2 = String.format(CallRouterDefaultKt.getINVALID_REQUEST_FIELD_MESSAGE(), Arrays.copyOf(objArr2, objArr2.length));
            Intrinsics.checkExpressionValueIsNotNull(format2, "java.lang.String.format(this, *args)");
            throw new InvalidRequestException(format2);
        }
        CodeToken consumeCodeToken = grantingCall.getTokenStore().consumeCodeToken(authorizationCodeRequest.getCode());
        if (consumeCodeToken == null) {
            throw new InvalidGrantException(null, 1, null);
        }
        if ((!Intrinsics.areEqual(consumeCodeToken.getRedirectUri(), authorizationCodeRequest.getRedirectUri())) || (!Intrinsics.areEqual(consumeCodeToken.getClientId(), authorizationCodeRequest.getClientId()))) {
            throw new InvalidGrantException(null, 1, null);
        }
        AccessToken convertToToken = grantingCall.getConverters().getAccessTokenConverter().convertToToken(consumeCodeToken.getIdentity(), consumeCodeToken.getClientId(), consumeCodeToken.getScopes(), grantingCall.getConverters().getRefreshTokenConverter().convertToToken(consumeCodeToken.getIdentity(), consumeCodeToken.getClientId(), consumeCodeToken.getScopes()));
        grantingCall.getTokenStore().storeAccessToken(convertToToken);
        return convertToToken;
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0065, code lost:
    
        if (r0 != null) goto L16;
     */
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final nl.myndocs.oauth2.token.AccessToken authorize(@org.jetbrains.annotations.NotNull nl.myndocs.oauth2.grant.GrantingCall r9, @org.jetbrains.annotations.NotNull nl.myndocs.oauth2.request.ClientCredentialsRequest r10) {
        /*
            r0 = r9
            java.lang.String r1 = "$this$authorize"
            kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(r0, r1)
            r0 = r10
            java.lang.String r1 = "clientCredentialsRequest"
            kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(r0, r1)
            r0 = r9
            r1 = r10
            nl.myndocs.oauth2.request.ClientRequest r1 = (nl.myndocs.oauth2.request.ClientRequest) r1
            nl.myndocs.oauth2.grant.CallRouterDefaultKt.throwExceptionIfUnverifiedClient(r0, r1)
            r0 = r9
            nl.myndocs.oauth2.client.ClientService r0 = r0.getClientService()
            r1 = r10
            java.lang.String r1 = r1.getClientId()
            r2 = r1
            if (r2 != 0) goto L26
            kotlin.jvm.internal.Intrinsics.throwNpe()
        L26:
            nl.myndocs.oauth2.client.Client r0 = r0.clientOf(r1)
            r1 = r0
            if (r1 == 0) goto L32
            goto L3e
        L32:
            nl.myndocs.oauth2.exception.InvalidClientException r0 = new nl.myndocs.oauth2.exception.InvalidClientException
            r1 = r0
            r1.<init>()
            java.lang.Throwable r0 = (java.lang.Throwable) r0
            throw r0
        L3e:
            r11 = r0
            r0 = r10
            java.lang.String r0 = r0.getScope()
            r1 = r0
            if (r1 == 0) goto L6b
            r13 = r0
            r0 = 0
            r14 = r0
            r0 = 0
            r15 = r0
            r0 = r13
            r16 = r0
            r0 = 0
            r17 = r0
            nl.myndocs.oauth2.scope.ScopeParser r0 = nl.myndocs.oauth2.scope.ScopeParser.INSTANCE
            r1 = r16
            java.util.Set r0 = r0.parseScopes(r1)
            java.lang.Iterable r0 = (java.lang.Iterable) r0
            java.util.Set r0 = kotlin.collections.CollectionsKt.toSet(r0)
            r1 = r0
            if (r1 == 0) goto L6b
            goto L70
        L6b:
            r0 = r11
            java.util.Set r0 = r0.getClientScopes()
        L70:
            r12 = r0
            r0 = r9
            nl.myndocs.oauth2.token.converter.Converters r0 = r0.getConverters()
            nl.myndocs.oauth2.token.converter.AccessTokenConverter r0 = r0.getAccessTokenConverter()
            r1 = 0
            r2 = r10
            java.lang.String r2 = r2.getClientId()
            r3 = r12
            r4 = r9
            nl.myndocs.oauth2.token.converter.Converters r4 = r4.getConverters()
            nl.myndocs.oauth2.token.converter.RefreshTokenConverter r4 = r4.getRefreshTokenConverter()
            r5 = 0
            r6 = r10
            java.lang.String r6 = r6.getClientId()
            r7 = r12
            nl.myndocs.oauth2.token.RefreshToken r4 = r4.convertToToken(r5, r6, r7)
            nl.myndocs.oauth2.token.AccessToken r0 = r0.convertToToken(r1, r2, r3, r4)
            r13 = r0
            r0 = r9
            nl.myndocs.oauth2.token.TokenStore r0 = r0.getTokenStore()
            r1 = r13
            r0.storeAccessToken(r1)
            r0 = r13
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: nl.myndocs.oauth2.grant.CallRouterAuthorizeKt.authorize(nl.myndocs.oauth2.grant.GrantingCall, nl.myndocs.oauth2.request.ClientCredentialsRequest):nl.myndocs.oauth2.token.AccessToken");
    }
}
