package com.apifest.oauth20;

import com.apifest.oauth20.api.AuthenticationException;
import com.apifest.oauth20.api.UserDetails;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Date;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.codec.binary.Base64;
import org.codehaus.jackson.JsonParseException;
import org.codehaus.jackson.map.JsonMappingException;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.jboss.netty.handler.codec.http.HttpRequest;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
import org.jboss.netty.handler.codec.http.QueryStringEncoder;
import org.jboss.netty.util.CharsetUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/apifest/oauth20/AuthorizationServer.class */
public class AuthorizationServer {
    static final String BASIC = "Basic ";
    private static final String TOKEN_TYPE_BEARER = "Bearer";
    private static final Pattern CLIENT_CREDENTIALS_PATTERN = Pattern.compile("[a-f[0-9]]+");
    protected static Logger log = LoggerFactory.getLogger(AuthorizationServer.class);
    protected DBManager db = DBManagerFactory.getInstance();
    protected ScopeService scopeService = new ScopeService();

    public ClientCredentials issueClientCredentials(HttpRequest httpRequest) throws OAuthException {
        ClientCredentials clientCredentials;
        String channelBuffer = httpRequest.getContent().toString(CharsetUtil.UTF_8);
        String str = httpRequest.headers().get("Content-Type");
        if (str == null || !str.contains(Response.APPLICATION_JSON)) {
            throw new OAuthException(Response.UNSUPPORTED_MEDIA_TYPE, HttpResponseStatus.BAD_REQUEST);
        }
        try {
            ApplicationInfo applicationInfo = (ApplicationInfo) InputValidator.validate(channelBuffer, ApplicationInfo.class);
            if (!applicationInfo.valid()) {
                throw new OAuthException(Response.NAME_OR_SCOPE_OR_URI_IS_NULL, HttpResponseStatus.BAD_REQUEST);
            }
            for (String str2 : applicationInfo.getScope().split(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR)) {
                if (this.db.findScope(str2) == null) {
                    throw new OAuthException(Response.SCOPE_NOT_EXIST, HttpResponseStatus.BAD_REQUEST);
                }
            }
            if (applicationInfo.getId() == null || applicationInfo.getId().length() <= 0 || applicationInfo.getSecret() == null || applicationInfo.getSecret().length() <= 0) {
                clientCredentials = new ClientCredentials(applicationInfo.getName(), applicationInfo.getScope(), applicationInfo.getDescription(), applicationInfo.getRedirectUri(), applicationInfo.getApplicationDetails());
            } else {
                if (!areClientCredentialsValid(applicationInfo.getId(), applicationInfo.getSecret())) {
                    throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
                }
                if (this.db.findClientCredentials(applicationInfo.getId()) != null) {
                    throw new OAuthException(Response.ALREADY_REGISTERED_APP, HttpResponseStatus.BAD_REQUEST);
                }
                clientCredentials = new ClientCredentials(applicationInfo.getName(), applicationInfo.getScope(), applicationInfo.getDescription(), applicationInfo.getRedirectUri(), applicationInfo.getId(), applicationInfo.getSecret(), applicationInfo.getApplicationDetails());
            }
            this.db.storeClientCredentials(clientCredentials);
            return clientCredentials;
        } catch (JsonValidationException e) {
            log.error("cannot parse client application request", (Throwable) e);
            throw new OAuthException(e.getMessage(), HttpResponseStatus.BAD_REQUEST);
        } catch (JsonParseException e2) {
            throw new OAuthException(e2, Response.INVALID_JSON_ERROR, HttpResponseStatus.BAD_REQUEST);
        } catch (JsonMappingException e3) {
            throw new OAuthException(e3, Response.INVALID_JSON_ERROR, HttpResponseStatus.BAD_REQUEST);
        } catch (IOException e4) {
            throw new OAuthException(e4, Response.CANNOT_REGISTER_APP, HttpResponseStatus.BAD_REQUEST);
        }
    }

    private boolean areClientCredentialsValid(String str, String str2) {
        return CLIENT_CREDENTIALS_PATTERN.matcher(str).matches() && CLIENT_CREDENTIALS_PATTERN.matcher(str2).matches();
    }

    public String issueAuthorizationCode(HttpRequest httpRequest) throws OAuthException {
        AuthRequest authRequest = new AuthRequest(httpRequest);
        log.debug("received client_id:" + authRequest.getClientId());
        if (!isActiveClientId(authRequest.getClientId())) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        authRequest.validate();
        String validScope = this.scopeService.getValidScope(authRequest.getScope(), authRequest.getClientId());
        if (validScope == null) {
            throw new OAuthException(Response.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
        }
        AuthCode authCode = new AuthCode(generateCode(), authRequest.getClientId(), authRequest.getRedirectUri(), authRequest.getState(), validScope, authRequest.getResponseType(), authRequest.getUserId());
        log.debug("authCode: {}", authCode.getCode());
        this.db.storeAuthCode(authCode);
        QueryStringEncoder queryStringEncoder = new QueryStringEncoder(authRequest.getRedirectUri());
        queryStringEncoder.addParam("code", authCode.getCode());
        return queryStringEncoder.toString();
    }

    public AccessToken issueAccessToken(HttpRequest httpRequest) throws OAuthException {
        String scope;
        TokenRequest tokenRequest = new TokenRequest(httpRequest);
        tokenRequest.validate();
        if (!isActiveClient(tokenRequest.getClientId(), tokenRequest.getClientSecret())) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        AccessToken accessToken = null;
        if (TokenRequest.AUTHORIZATION_CODE.equals(tokenRequest.getGrantType())) {
            AuthCode findAuthCode = findAuthCode(tokenRequest);
            if (findAuthCode == null) {
                throw new OAuthException(Response.INVALID_AUTH_CODE, HttpResponseStatus.BAD_REQUEST);
            }
            if (!tokenRequest.getClientId().equals(findAuthCode.getClientId())) {
                throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
            }
            if (findAuthCode.getRedirectUri() != null && !tokenRequest.getRedirectUri().equals(findAuthCode.getRedirectUri())) {
                throw new OAuthException(Response.INVALID_REDIRECT_URI, HttpResponseStatus.BAD_REQUEST);
            }
            this.db.updateAuthCodeValidStatus(findAuthCode.getCode(), false);
            accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, findAuthCode.getScope()), findAuthCode.getScope(), getExpiresIn(TokenRequest.REFRESH_TOKEN, findAuthCode.getScope()));
            accessToken.setUserId(findAuthCode.getUserId());
            accessToken.setClientId(findAuthCode.getClientId());
            accessToken.setCodeId(findAuthCode.getId());
            this.db.storeAccessToken(accessToken);
        } else {
            if (TokenRequest.REFRESH_TOKEN.equals(tokenRequest.getGrantType())) {
                AccessToken findAccessTokenByRefreshToken = this.db.findAccessTokenByRefreshToken(tokenRequest.getRefreshToken(), tokenRequest.getClientId());
                if (findAccessTokenByRefreshToken == null) {
                    throw new OAuthException(Response.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
                }
                if (findAccessTokenByRefreshToken.refreshTokenExpired()) {
                    this.db.removeAccessToken(findAccessTokenByRefreshToken.getToken());
                    throw new OAuthException(Response.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
                }
                if (tokenRequest.getScope() == null) {
                    scope = findAccessTokenByRefreshToken.getScope();
                } else {
                    if (!this.scopeService.scopeAllowed(tokenRequest.getScope(), findAccessTokenByRefreshToken.getScope())) {
                        throw new OAuthException(Response.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                    }
                    scope = tokenRequest.getScope();
                }
                this.db.updateAccessTokenValidStatus(findAccessTokenByRefreshToken.getToken(), false);
                AccessToken accessToken2 = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, findAccessTokenByRefreshToken.getRefreshToken(), findAccessTokenByRefreshToken.getRefreshExpiresIn());
                accessToken2.setUserId(findAccessTokenByRefreshToken.getUserId());
                accessToken2.setDetails(findAccessTokenByRefreshToken.getDetails());
                accessToken2.setClientId(findAccessTokenByRefreshToken.getClientId());
                this.db.storeAccessToken(accessToken2);
                this.db.removeAccessToken(findAccessTokenByRefreshToken.getToken());
                return accessToken2;
            }
            if (TokenRequest.CLIENT_CREDENTIALS.equals(tokenRequest.getGrantType())) {
                ClientCredentials findClientCredentials = this.db.findClientCredentials(tokenRequest.getClientId());
                String validScopeByScope = this.scopeService.getValidScopeByScope(tokenRequest.getScope(), findClientCredentials.getScope());
                if (validScopeByScope == null) {
                    throw new OAuthException(Response.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                }
                accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.CLIENT_CREDENTIALS, validScopeByScope), validScopeByScope, false, (String) null);
                accessToken.setClientId(tokenRequest.getClientId());
                Map<String, String> applicationDetails = findClientCredentials.getApplicationDetails();
                if (applicationDetails != null && applicationDetails.size() > 0) {
                    accessToken.setDetails(applicationDetails);
                }
                this.db.storeAccessToken(accessToken);
            } else if (TokenRequest.PASSWORD.equals(tokenRequest.getGrantType())) {
                String validScope = this.scopeService.getValidScope(tokenRequest.getScope(), tokenRequest.getClientId());
                if (validScope == null) {
                    throw new OAuthException(Response.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                }
                try {
                    UserDetails authenticateUser = authenticateUser(tokenRequest.getUsername(), tokenRequest.getPassword(), httpRequest);
                    if (authenticateUser == null || authenticateUser.getUserId() == null) {
                        throw new OAuthException(Response.INVALID_USERNAME_PASSWORD, HttpResponseStatus.UNAUTHORIZED);
                    }
                    accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, validScope), validScope, getExpiresIn(TokenRequest.REFRESH_TOKEN, validScope));
                    accessToken.setUserId(authenticateUser.getUserId());
                    accessToken.setDetails(authenticateUser.getDetails());
                    accessToken.setClientId(tokenRequest.getClientId());
                    this.db.storeAccessToken(accessToken);
                } catch (AuthenticationException e) {
                    if (e.getResponse() != null) {
                        throw new OAuthException(e, e.getResponse().getContent().toString(CharsetUtil.UTF_8), e.getResponse().getStatus());
                    }
                    log.error("Cannot authenticate user", (Throwable) e);
                    throw new OAuthException(e, Response.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
                }
            } else if (tokenRequest.getGrantType().equals(OAuthServer.getCustomGrantType())) {
                String validScope2 = this.scopeService.getValidScope(tokenRequest.getScope(), tokenRequest.getClientId());
                if (validScope2 == null) {
                    throw new OAuthException(Response.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                }
                try {
                    accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, validScope2), validScope2, getExpiresIn(TokenRequest.REFRESH_TOKEN, validScope2));
                    accessToken.setClientId(tokenRequest.getClientId());
                    UserDetails callCustomGrantTypeHandler = callCustomGrantTypeHandler(httpRequest);
                    if (callCustomGrantTypeHandler != null && callCustomGrantTypeHandler.getUserId() != null) {
                        accessToken.setUserId(callCustomGrantTypeHandler.getUserId());
                        accessToken.setDetails(callCustomGrantTypeHandler.getDetails());
                    }
                    this.db.storeAccessToken(accessToken);
                } catch (AuthenticationException e2) {
                    log.error("Cannot authenticate user", (Throwable) e2);
                    throw new OAuthException(e2, Response.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
                }
            }
        }
        return accessToken;
    }

    protected UserDetails authenticateUser(String str, String str2, HttpRequest httpRequest) throws AuthenticationException {
        UserDetails authenticate;
        if (OAuthServer.getUserAuthenticationClass() != null) {
            try {
                authenticate = OAuthServer.getUserAuthenticationClass().newInstance().authenticate(str, str2, httpRequest);
            } catch (IllegalAccessException e) {
                log.error("cannot instantiate user authentication class", (Throwable) e);
                throw new AuthenticationException(e.getMessage());
            } catch (InstantiationException e2) {
                log.error("cannot instantiate user authentication class", (Throwable) e2);
                throw new AuthenticationException(e2.getMessage());
            }
        } else {
            authenticate = new UserDetails("12345", null);
        }
        return authenticate;
    }

    protected UserDetails callCustomGrantTypeHandler(HttpRequest httpRequest) throws AuthenticationException {
        UserDetails userDetails = null;
        if (OAuthServer.getCustomGrantTypeHandler() != null) {
            try {
                userDetails = OAuthServer.getCustomGrantTypeHandler().newInstance().execute(httpRequest);
            } catch (IllegalAccessException e) {
                log.error("cannot instantiate custom grant_type class", (Throwable) e);
                throw new AuthenticationException(e.getMessage());
            } catch (InstantiationException e2) {
                log.error("cannot instantiate custom grant_type class", (Throwable) e2);
                throw new AuthenticationException(e2.getMessage());
            }
        }
        return userDetails;
    }

    public static String[] getBasicAuthorizationClientCredentials(HttpRequest httpRequest) {
        String str = httpRequest.headers().get("Authorization");
        String[] strArr = new String[2];
        if (str != null && str.contains(BASIC)) {
            String[] split = new String(new Base64().decode(str.replace(BASIC, "")), Charset.forName("UTF-8")).split(":");
            if (split.length == 2) {
                strArr[0] = split[0];
                strArr[1] = split[1];
            }
        }
        return strArr;
    }

    protected AuthCode findAuthCode(TokenRequest tokenRequest) {
        return this.db.findAuthCode(tokenRequest.getCode(), tokenRequest.getRedirectUri());
    }

    public AccessToken isValidToken(String str) {
        AccessToken findAccessToken = this.db.findAccessToken(str);
        if (findAccessToken == null || !findAccessToken.isValid()) {
            return null;
        }
        if (!findAccessToken.tokenExpired()) {
            return findAccessToken;
        }
        this.db.updateAccessTokenValidStatus(findAccessToken.getToken(), false);
        return null;
    }

    public ApplicationInfo getApplicationInfo(String str) {
        ApplicationInfo applicationInfo = null;
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        if (findClientCredentials != null) {
            applicationInfo = new ApplicationInfo();
            applicationInfo.setName(findClientCredentials.getName());
            applicationInfo.setDescription(findClientCredentials.getDescr());
            applicationInfo.setId(str);
            applicationInfo.setSecret(findClientCredentials.getSecret());
            applicationInfo.setScope(findClientCredentials.getScope());
            applicationInfo.setRedirectUri(findClientCredentials.getUri());
            applicationInfo.setRegistered(new Date(findClientCredentials.getCreated().longValue()));
            applicationInfo.setStatus(Integer.valueOf(findClientCredentials.getStatus()));
            applicationInfo.setApplicationDetails(findClientCredentials.getApplicationDetails());
        }
        return applicationInfo;
    }

    protected String generateCode() {
        return AuthCode.generate();
    }

    protected boolean isActiveClientId(String str) {
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        return findClientCredentials != null && findClientCredentials.getStatus() == 1;
    }

    protected boolean isValidClientCredentials(String str, String str2) {
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        return findClientCredentials != null && findClientCredentials.getSecret().equals(str2);
    }

    protected boolean isActiveClient(String str, String str2) {
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        return findClientCredentials != null && findClientCredentials.getSecret().equals(str2) && findClientCredentials.getStatus() == 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isExistingClient(String str) {
        return this.db.findClientCredentials(str) != null;
    }

    protected String getExpiresIn(String str, String str2) {
        return String.valueOf(this.scopeService.getExpiresIn(str, str2));
    }

    public boolean revokeToken(HttpRequest httpRequest) throws OAuthException {
        RevokeTokenRequest revokeTokenRequest = new RevokeTokenRequest(httpRequest);
        revokeTokenRequest.checkMandatoryParams();
        String clientId = revokeTokenRequest.getClientId();
        if (!isExistingClient(clientId)) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        String accessToken = revokeTokenRequest.getAccessToken();
        AccessToken findAccessToken = this.db.findAccessToken(accessToken);
        if (findAccessToken == null) {
            log.debug("access token {} not found", accessToken);
            return false;
        }
        if (findAccessToken.tokenExpired()) {
            log.debug("access token {} is expired", accessToken);
            return true;
        }
        if (!clientId.equals(findAccessToken.getClientId())) {
            log.debug("access token {} is not obtained for that clientId {}", accessToken, clientId);
            return false;
        }
        this.db.removeAccessToken(findAccessToken.getToken());
        log.debug("access token {} set status invalid", accessToken);
        return true;
    }

    public boolean updateClientApp(HttpRequest httpRequest, String str) throws OAuthException {
        String channelBuffer = httpRequest.getContent().toString(CharsetUtil.UTF_8);
        String str2 = httpRequest.headers().get("Content-Type");
        if (str2 == null || !str2.contains(Response.APPLICATION_JSON)) {
            throw new OAuthException(Response.UNSUPPORTED_MEDIA_TYPE, HttpResponseStatus.BAD_REQUEST);
        }
        if (!isExistingClient(str)) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        try {
            ApplicationInfo applicationInfo = (ApplicationInfo) InputValidator.validate(channelBuffer, ApplicationInfo.class);
            if (!applicationInfo.validForUpdate()) {
                throw new OAuthException(Response.UPDATE_APP_MANDATORY_PARAM_MISSING, HttpResponseStatus.BAD_REQUEST);
            }
            if (applicationInfo.getScope() != null) {
                for (String str3 : applicationInfo.getScope().split(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR)) {
                    if (this.db.findScope(str3) == null) {
                        throw new OAuthException(Response.SCOPE_NOT_EXIST, HttpResponseStatus.BAD_REQUEST);
                    }
                }
            }
            this.db.updateClientApp(str, applicationInfo.getScope(), applicationInfo.getDescription(), applicationInfo.getStatus(), applicationInfo.getApplicationDetails());
            return true;
        } catch (JsonValidationException e) {
            log.error("cannot parse client application request", (Throwable) e);
            throw new OAuthException(e.getMessage(), HttpResponseStatus.BAD_REQUEST);
        } catch (JsonParseException e2) {
            log.error("cannot update client application", (Throwable) e2);
            throw new OAuthException(e2, Response.INVALID_JSON_ERROR, HttpResponseStatus.BAD_REQUEST);
        } catch (JsonMappingException e3) {
            log.error("cannot update client application", (Throwable) e3);
            throw new OAuthException(e3, Response.INVALID_JSON_ERROR, HttpResponseStatus.BAD_REQUEST);
        } catch (IOException e4) {
            log.error("cannot update client application", (Throwable) e4);
            throw new OAuthException(e4, Response.CANNOT_UPDATE_APP, HttpResponseStatus.BAD_REQUEST);
        }
    }
}
