package nl.myndocs.oauth2;

import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.RangesKt;
import kotlin.text.StringsKt;
import nl.myndocs.oauth2.authenticator.Credentials;
import nl.myndocs.oauth2.exception.InvalidGrantException;
import nl.myndocs.oauth2.exception.InvalidIdentityException;
import nl.myndocs.oauth2.exception.InvalidRequestException;
import nl.myndocs.oauth2.exception.NoRoutesFoundException;
import nl.myndocs.oauth2.exception.OauthException;
import nl.myndocs.oauth2.exception.OauthExceptionUtilKt;
import nl.myndocs.oauth2.grant.CallRouterDefaultKt;
import nl.myndocs.oauth2.grant.CallRouterRedirectKt;
import nl.myndocs.oauth2.grant.Granter;
import nl.myndocs.oauth2.grant.GrantingCall;
import nl.myndocs.oauth2.identity.TokenInfo;
import nl.myndocs.oauth2.request.CallContext;
import nl.myndocs.oauth2.request.CallContextHeaderKt;
import nl.myndocs.oauth2.request.RedirectAuthorizationCodeRequest;
import nl.myndocs.oauth2.request.RedirectTokenRequest;
import nl.myndocs.oauth2.router.RedirectRouter;
import nl.myndocs.oauth2.router.RedirectRouterResponse;
import nl.myndocs.oauth2.token.AccessToken;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: CallRouter.kt */
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 1, d1 = {"��R\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010$\n\u0002\u0010��\n��\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\b\u0018�� #2\u00020\u0001:\u0001#Br\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003\u0012\u0006\u0010\u0005\u001a\u00020\u0003\u0012 \u0010\u0006\u001a\u001c\u0012\u0004\u0012\u00020\b\u0012\u0012\u0012\u0010\u0012\u0004\u0012\u00020\u0003\u0012\u0006\u0012\u0004\u0018\u00010\n0\t0\u0007\u0012\u001d\u0010\u000b\u001a\u0019\u0012\u0015\u0012\u0013\u0012\u0004\u0012\u00020\r\u0012\u0004\u0012\u00020\u000e0\u0007¢\u0006\u0002\b\u000f0\f\u0012\u0012\u0010\u0010\u001a\u000e\u0012\u0004\u0012\u00020\u0011\u0012\u0004\u0012\u00020\r0\u0007¢\u0006\u0002\u0010\u0012J\u000e\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0011J\u001a\u0010\u0017\u001a\u00020\u001a2\u0006\u0010\u0019\u001a\u00020\u00112\b\u0010\u001b\u001a\u0004\u0018\u00010\u001cH\u0016J\u0018\u0010\u001d\u001a\u00020\u001a2\u0006\u0010\u0019\u001a\u00020\u00112\b\u0010\u001b\u001a\u0004\u0018\u00010\u001cJ\u0018\u0010\u001e\u001a\u00020\u001a2\u0006\u0010\u0019\u001a\u00020\u00112\b\u0010\u001b\u001a\u0004\u0018\u00010\u001cJ\u001a\u0010\u001f\u001a\u00020\u001a2\u0006\u0010\u0019\u001a\u00020\u00112\b\u0010\u001b\u001a\u0004\u0018\u00010\u001cH\u0002J\u0010\u0010 \u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0011H\u0002J\u0010\u0010!\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0011H\u0002J\f\u0010\"\u001a\u00020\u0018*\u00020\u0011H\u0002R\u0011\u0010\u0004\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0013\u0010\u0014R%\u0010\u000b\u001a\u0019\u0012\u0015\u0012\u0013\u0012\u0004\u0012\u00020\r\u0012\u0004\u0012\u00020\u000e0\u0007¢\u0006\u0002\b\u000f0\fX\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u0010\u001a\u000e\u0012\u0004\u0012\u00020\u0011\u0012\u0004\u0012\u00020\r0\u0007X\u0082\u0004¢\u0006\u0002\n��R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0015\u0010\u0014R(\u0010\u0006\u001a\u001c\u0012\u0004\u0012\u00020\b\u0012\u0012\u0012\u0010\u0012\u0004\u0012\u00020\u0003\u0012\u0006\u0012\u0004\u0018\u00010\n0\t0\u0007X\u0082\u0004¢\u0006\u0002\n��R\u0011\u0010\u0005\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0016\u0010\u0014¨\u0006$"}, d2 = {"Lnl/myndocs/oauth2/CallRouter;", "Lnl/myndocs/oauth2/router/RedirectRouter;", "tokenEndpoint", "", "authorizeEndpoint", "tokenInfoEndpoint", "tokenInfoCallback", "Lkotlin/Function1;", "Lnl/myndocs/oauth2/identity/TokenInfo;", "", "", "granters", "", "Lnl/myndocs/oauth2/grant/GrantingCall;", "Lnl/myndocs/oauth2/grant/Granter;", "Lkotlin/ExtensionFunctionType;", "grantingCallFactory", "Lnl/myndocs/oauth2/request/CallContext;", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Lkotlin/jvm/functions/Function1;Ljava/util/List;Lkotlin/jvm/functions/Function1;)V", "getAuthorizeEndpoint", "()Ljava/lang/String;", "getTokenEndpoint", "getTokenInfoEndpoint", "route", "", "callContext", "Lnl/myndocs/oauth2/router/RedirectRouterResponse;", "credentials", "Lnl/myndocs/oauth2/authenticator/Credentials;", "routeAccessTokenRedirect", "routeAuthorizationCodeRedirect", "routeAuthorizeEndpoint", "routeTokenEndpoint", "routeTokenInfoEndpoint", "respondUnauthorized", "Companion", "oauth2-server-core"})
/* loaded from: input_file:nl/myndocs/oauth2/CallRouter.class */
public final class CallRouter implements RedirectRouter {

    @NotNull
    private final String tokenEndpoint;

    @NotNull
    private final String authorizeEndpoint;

    @NotNull
    private final String tokenInfoEndpoint;
    private final Function1<TokenInfo, Map<String, Object>> tokenInfoCallback;
    private final List<Function1<GrantingCall, Granter>> granters;
    private final Function1<CallContext, GrantingCall> grantingCallFactory;

    @NotNull
    public static final String METHOD_POST = "post";

    @NotNull
    public static final String METHOD_GET = "get";
    public static final int STATUS_BAD_REQUEST = 400;
    public static final int STATUS_UNAUTHORIZED = 401;
    public static final Companion Companion = new Companion(null);
    private static final Map<String, String> unauthorizedResponse = MapsKt.mapOf(TuplesKt.to("message", "anauthorized"));

    /* compiled from: CallRouter.kt */
    @Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 1, d1 = {"��\"\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010$\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0086T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0007X\u0086T¢\u0006\u0002\n��R\u001a\u0010\t\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00040\nX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u000b"}, d2 = {"Lnl/myndocs/oauth2/CallRouter$Companion;", "", "()V", "METHOD_GET", "", "METHOD_POST", "STATUS_BAD_REQUEST", "", "STATUS_UNAUTHORIZED", "unauthorizedResponse", "", "oauth2-server-core"})
    /* loaded from: input_file:nl/myndocs/oauth2/CallRouter$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public final void route(@NotNull CallContext callContext) {
        Intrinsics.checkParameterIsNotNull(callContext, "callContext");
        String path = callContext.getPath();
        if (Intrinsics.areEqual(path, this.tokenEndpoint)) {
            routeTokenEndpoint(callContext);
        } else if (Intrinsics.areEqual(path, this.tokenInfoEndpoint)) {
            routeTokenInfoEndpoint(callContext);
        }
    }

    @Override // nl.myndocs.oauth2.router.RedirectRouter
    @NotNull
    public RedirectRouterResponse route(@NotNull CallContext callContext, @Nullable Credentials credentials) {
        Intrinsics.checkParameterIsNotNull(callContext, "callContext");
        if (Intrinsics.areEqual(callContext.getPath(), this.authorizeEndpoint)) {
            return routeAuthorizeEndpoint(callContext, credentials);
        }
        throw new NoRoutesFoundException("Route '" + callContext.getPath() + "' not found");
    }

    private final void routeTokenEndpoint(CallContext callContext) {
        String method = callContext.getMethod();
        if (method == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        Intrinsics.checkExpressionValueIsNotNull(method.toLowerCase(), "(this as java.lang.String).toLowerCase()");
        if (!Intrinsics.areEqual(r0, METHOD_POST)) {
            return;
        }
        try {
            String str = callContext.getFormParameters().get("grant_type");
            if (str == null) {
                throw new InvalidRequestException("'grant_type' not given");
            }
            GrantingCall grantingCall = (GrantingCall) this.grantingCallFactory.invoke(callContext);
            List<Function1<GrantingCall, Granter>> list = this.granters;
            LinkedHashMap linkedHashMap = new LinkedHashMap(RangesKt.coerceAtLeast(MapsKt.mapCapacity(CollectionsKt.collectionSizeOrDefault(list, 10)), 16));
            Iterator<T> it = list.iterator();
            while (it.hasNext()) {
                Granter granter = (Granter) ((Function1) it.next()).invoke(grantingCall);
                Pair pair = TuplesKt.to(granter.getGrantType(), granter);
                linkedHashMap.put(pair.getFirst(), pair.getSecond());
            }
            if (!linkedHashMap.keySet().contains(str)) {
                throw new InvalidGrantException("'grant_type' with value '" + str + "' not allowed");
            }
            Object obj = linkedHashMap.get(str);
            if (obj == null) {
                Intrinsics.throwNpe();
            }
            ((Granter) obj).getCallback().invoke();
        } catch (OauthException e) {
            callContext.respondStatus(STATUS_BAD_REQUEST);
            callContext.respondJson(OauthExceptionUtilKt.toMap(e));
        }
    }

    @NotNull
    public final RedirectRouterResponse routeAuthorizationCodeRedirect(@NotNull CallContext callContext, @Nullable Credentials credentials) {
        Intrinsics.checkParameterIsNotNull(callContext, "callContext");
        Map<String, String> queryParameters = callContext.getQueryParameters();
        try {
            callContext.redirect(Intrinsics.stringPlus(queryParameters.get("redirect_uri"), "?code=" + CallRouterRedirectKt.redirect((GrantingCall) this.grantingCallFactory.invoke(callContext), new RedirectAuthorizationCodeRequest(queryParameters.get("client_id"), queryParameters.get("redirect_uri"), credentials != null ? credentials.getUsername() : null, credentials != null ? credentials.getPassword() : null, queryParameters.get("scope"))).getCodeToken() + (queryParameters.get("state") != null ? "&state=" + queryParameters.get("state") : "")));
            return new RedirectRouterResponse(true);
        } catch (InvalidIdentityException e) {
            respondUnauthorized(callContext);
            return new RedirectRouterResponse(false);
        }
    }

    @NotNull
    public final RedirectRouterResponse routeAccessTokenRedirect(@NotNull CallContext callContext, @Nullable Credentials credentials) {
        Intrinsics.checkParameterIsNotNull(callContext, "callContext");
        Map<String, String> queryParameters = callContext.getQueryParameters();
        try {
            AccessToken redirect = CallRouterRedirectKt.redirect((GrantingCall) this.grantingCallFactory.invoke(callContext), new RedirectTokenRequest(queryParameters.get("client_id"), queryParameters.get("redirect_uri"), credentials != null ? credentials.getUsername() : null, credentials != null ? credentials.getPassword() : null, queryParameters.get("scope")));
            callContext.redirect(queryParameters.get("redirect_uri") + "#access_token=" + redirect.getAccessToken() + "&token_type=bearer&expires_in=" + redirect.expiresIn() + (queryParameters.get("state") != null ? "&state=" + queryParameters.get("state") : ""));
            return new RedirectRouterResponse(true);
        } catch (InvalidIdentityException e) {
            respondUnauthorized(callContext);
            return new RedirectRouterResponse(false);
        }
    }

    private final RedirectRouterResponse routeAuthorizeEndpoint(CallContext callContext, Credentials credentials) {
        try {
            String[] strArr = {METHOD_GET, METHOD_POST};
            String method = callContext.getMethod();
            if (method == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            String lowerCase = method.toLowerCase();
            Intrinsics.checkExpressionValueIsNotNull(lowerCase, "(this as java.lang.String).toLowerCase()");
            if (!ArraysKt.contains(strArr, lowerCase)) {
                return new RedirectRouterResponse(false);
            }
            String str = callContext.getQueryParameters().get("response_type");
            if (str == null) {
                throw new InvalidRequestException("'response_type' not given");
            }
            switch (str.hashCode()) {
                case 3059181:
                    if (str.equals("code")) {
                        return routeAuthorizationCodeRedirect(callContext, credentials);
                    }
                    break;
                case 110541305:
                    if (str.equals("token")) {
                        return routeAccessTokenRedirect(callContext, credentials);
                    }
                    break;
            }
            throw new InvalidGrantException("'grant_type' with value '" + str + "' not allowed");
        } catch (InvalidIdentityException e) {
            callContext.respondStatus(STATUS_UNAUTHORIZED);
            callContext.respondJson(OauthExceptionUtilKt.toMap(e));
            return new RedirectRouterResponse(false);
        } catch (OauthException e2) {
            callContext.respondStatus(STATUS_BAD_REQUEST);
            callContext.respondJson(OauthExceptionUtilKt.toMap(e2));
            return new RedirectRouterResponse(false);
        }
    }

    private final void routeTokenInfoEndpoint(CallContext callContext) {
        String method = callContext.getMethod();
        if (method == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        Intrinsics.checkExpressionValueIsNotNull(method.toLowerCase(), "(this as java.lang.String).toLowerCase()");
        if (!Intrinsics.areEqual(r0, METHOD_GET)) {
            return;
        }
        String headerCaseInsensitive = CallContextHeaderKt.headerCaseInsensitive(callContext, "Authorization");
        if (headerCaseInsensitive == null || !StringsKt.startsWith(headerCaseInsensitive, "bearer ", true)) {
            respondUnauthorized(callContext);
            return;
        }
        String substring = headerCaseInsensitive.substring(7);
        Intrinsics.checkExpressionValueIsNotNull(substring, "(this as java.lang.String).substring(startIndex)");
        callContext.respondJson((Map) this.tokenInfoCallback.invoke(CallRouterDefaultKt.tokenInfo((GrantingCall) this.grantingCallFactory.invoke(callContext), substring)));
    }

    private final void respondUnauthorized(@NotNull CallContext callContext) {
        callContext.respondStatus(STATUS_UNAUTHORIZED);
        callContext.respondJson(unauthorizedResponse);
    }

    @NotNull
    public final String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    @NotNull
    public final String getAuthorizeEndpoint() {
        return this.authorizeEndpoint;
    }

    @NotNull
    public final String getTokenInfoEndpoint() {
        return this.tokenInfoEndpoint;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public CallRouter(@NotNull String str, @NotNull String str2, @NotNull String str3, @NotNull Function1<? super TokenInfo, ? extends Map<String, ? extends Object>> function1, @NotNull List<? extends Function1<? super GrantingCall, Granter>> list, @NotNull Function1<? super CallContext, ? extends GrantingCall> function12) {
        Intrinsics.checkParameterIsNotNull(str, "tokenEndpoint");
        Intrinsics.checkParameterIsNotNull(str2, "authorizeEndpoint");
        Intrinsics.checkParameterIsNotNull(str3, "tokenInfoEndpoint");
        Intrinsics.checkParameterIsNotNull(function1, "tokenInfoCallback");
        Intrinsics.checkParameterIsNotNull(list, "granters");
        Intrinsics.checkParameterIsNotNull(function12, "grantingCallFactory");
        this.tokenEndpoint = str;
        this.authorizeEndpoint = str2;
        this.tokenInfoEndpoint = str3;
        this.tokenInfoCallback = function1;
        this.granters = list;
        this.grantingCallFactory = function12;
    }
}
