package com.nimbusds.oauth2.sdk.token;

import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.rar.AuthorizationDetail;
import com.nimbusds.oauth2.sdk.util.JSONArrayUtils;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils;
import com.nimbusds.oauth2.sdk.util.StringUtils;
import java.net.URI;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/oauth2-oidc-sdk-11.25.jar:com/nimbusds/oauth2/sdk/token/AccessTokenParseUtils.class */
public class AccessTokenParseUtils {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/oauth2-oidc-sdk-11.25.jar:com/nimbusds/oauth2/sdk/token/AccessTokenParseUtils$GenericTokenSchemeError.class */
    public static class GenericTokenSchemeError extends TokenSchemeError {
        private static final long serialVersionUID = -8049139536364886132L;

        public GenericTokenSchemeError(AccessTokenType accessTokenType, String str, String str2, int i) {
            super(accessTokenType, str, str2, i, null, null, null);
        }

        @Override // com.nimbusds.oauth2.sdk.token.TokenSchemeError, com.nimbusds.oauth2.sdk.ErrorObject
        public TokenSchemeError setDescription(String str) {
            return this;
        }

        @Override // com.nimbusds.oauth2.sdk.token.TokenSchemeError, com.nimbusds.oauth2.sdk.ErrorObject
        public TokenSchemeError appendDescription(String str) {
            return this;
        }

        @Override // com.nimbusds.oauth2.sdk.token.TokenSchemeError, com.nimbusds.oauth2.sdk.ErrorObject
        public TokenSchemeError setHTTPStatusCode(int i) {
            return this;
        }

        @Override // com.nimbusds.oauth2.sdk.token.TokenSchemeError, com.nimbusds.oauth2.sdk.ErrorObject
        public TokenSchemeError setURI(URI uri) {
            return this;
        }

        @Override // com.nimbusds.oauth2.sdk.token.TokenSchemeError
        public TokenSchemeError setRealm(String str) {
            return this;
        }

        @Override // com.nimbusds.oauth2.sdk.token.TokenSchemeError
        public TokenSchemeError setScope(Scope scope) {
            return this;
        }
    }

    public static void parseAndEnsureTypeFromJSONObject(JSONObject jSONObject, AccessTokenType accessTokenType) throws ParseException {
        if (!new AccessTokenType(JSONObjectUtils.getNonBlankString(jSONObject, "token_type")).equals(accessTokenType)) {
            throw new ParseException("The token type must be " + accessTokenType);
        }
    }

    public static String parseValueFromJSONObject(JSONObject jSONObject) throws ParseException {
        return JSONObjectUtils.getNonBlankString(jSONObject, "access_token");
    }

    public static long parseLifetimeFromJSONObject(JSONObject jSONObject) throws ParseException {
        if (!jSONObject.containsKey("expires_in")) {
            return 0L;
        }
        if (jSONObject.get("expires_in") instanceof Number) {
            return JSONObjectUtils.getLong(jSONObject, "expires_in");
        }
        try {
            return Long.parseLong(JSONObjectUtils.getNonBlankString(jSONObject, "expires_in"));
        } catch (NumberFormatException e) {
            throw new ParseException("expires_in must be an integer");
        }
    }

    public static Scope parseScopeFromJSONObject(JSONObject jSONObject) throws ParseException {
        return Scope.parse(JSONObjectUtils.getString(jSONObject, "scope", null));
    }

    public static List<AuthorizationDetail> parseAuthorizationDetailsFromJSONObject(JSONObject jSONObject) throws ParseException {
        JSONArray jSONArray = JSONObjectUtils.getJSONArray(jSONObject, "authorization_details", null);
        if (jSONArray == null) {
            return null;
        }
        return AuthorizationDetail.parseList(JSONArrayUtils.toJSONObjectList(jSONArray));
    }

    public static TokenTypeURI parseIssuedTokenTypeFromJSONObject(JSONObject jSONObject) throws ParseException {
        String string = JSONObjectUtils.getString(jSONObject, "issued_token_type", null);
        if (string == null) {
            return null;
        }
        try {
            return TokenTypeURI.parse(string);
        } catch (ParseException e) {
            throw new ParseException("Invalid issued_token_type", e);
        }
    }

    private static TokenSchemeError getTypedMissingTokenError(AccessTokenType accessTokenType) {
        return AccessTokenType.BEARER.equals(accessTokenType) ? BearerTokenError.MISSING_TOKEN : AccessTokenType.DPOP.equals(accessTokenType) ? DPoPTokenError.MISSING_TOKEN : new GenericTokenSchemeError(accessTokenType, null, null, 401);
    }

    private static TokenSchemeError getTypedInvalidRequestError(AccessTokenType accessTokenType) {
        return AccessTokenType.BEARER.equals(accessTokenType) ? BearerTokenError.INVALID_REQUEST : AccessTokenType.DPOP.equals(accessTokenType) ? DPoPTokenError.INVALID_REQUEST : new GenericTokenSchemeError(accessTokenType, OAuth2Error.INVALID_REQUEST_CODE, "Invalid request", 400);
    }

    public static String parseValueFromAuthorizationHeader(String str, AccessTokenType accessTokenType) throws ParseException {
        if (StringUtils.isBlank(str)) {
            throw new ParseException("Missing HTTP Authorization header", getTypedMissingTokenError(accessTokenType));
        }
        String[] split = str.split("\\s", 2);
        if (split.length != 2) {
            throw new ParseException("Invalid HTTP Authorization header value", getTypedInvalidRequestError(accessTokenType));
        }
        if (!split[0].equalsIgnoreCase(accessTokenType.getValue())) {
            throw new ParseException("Token type must be " + accessTokenType, getTypedInvalidRequestError(accessTokenType));
        }
        if (StringUtils.isBlank(split[1])) {
            throw new ParseException("Invalid HTTP Authorization header value: Missing token", getTypedInvalidRequestError(accessTokenType));
        }
        return split[1];
    }

    public static String parseValueFromQueryParameters(Map<String, List<String>> map, AccessTokenType accessTokenType) throws ParseException {
        if (!map.containsKey("access_token")) {
            throw new ParseException("Missing access token parameter", getTypedMissingTokenError(accessTokenType));
        }
        String str = (String) MultivaluedMapUtils.getFirstValue(map, "access_token");
        if (StringUtils.isBlank(str)) {
            throw new ParseException("Blank / empty access token", getTypedInvalidRequestError(accessTokenType));
        }
        return str;
    }

    public static String parseValueFromQueryParameters(Map<String, List<String>> map) throws ParseException {
        String str = (String) MultivaluedMapUtils.getFirstValue(map, "access_token");
        if (StringUtils.isBlank(str)) {
            throw new ParseException("Missing access token");
        }
        return str;
    }

    public static AccessTokenType determineAccessTokenTypeFromAuthorizationHeader(String str) throws ParseException {
        String[] split = str.split("\\s", 2);
        if (split.length < 2 || StringUtils.isBlank(split[0]) || StringUtils.isBlank(split[1])) {
            throw new ParseException("Invalid Authorization header");
        }
        return split[0].equalsIgnoreCase(AccessTokenType.BEARER.getValue()) ? AccessTokenType.BEARER : split[0].equalsIgnoreCase(AccessTokenType.DPOP.getValue()) ? AccessTokenType.DPOP : new AccessTokenType(split[0]);
    }

    private AccessTokenParseUtils() {
    }
}
