package org.gluu.oxauth.model.common;

import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.apache.commons.lang.StringUtils;
import org.gluu.model.metric.MetricType;
import org.gluu.oxauth.model.authorize.JwtAuthorizationRequest;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.crypto.AbstractCryptoProvider;
import org.gluu.oxauth.model.ldap.TokenLdap;
import org.gluu.oxauth.model.ldap.TokenType;
import org.gluu.oxauth.model.registration.Client;
import org.gluu.oxauth.model.util.Util;
import org.gluu.oxauth.service.ClientService;
import org.gluu.oxauth.service.GrantService;
import org.gluu.oxauth.service.MetricService;
import org.gluu.oxauth.service.common.UserService;
import org.gluu.oxauth.service.fido.u2f.RawRegistrationService;
import org.gluu.oxauth.util.ServerUtil;
import org.gluu.oxauth.util.TokenHashUtil;
import org.gluu.service.CacheService;
import org.slf4j.Logger;

@Dependent
/* loaded from: input_file:org/gluu/oxauth/model/common/AuthorizationGrantList.class */
public class AuthorizationGrantList implements IAuthorizationGrantList {

    @Inject
    private Logger log;

    @Inject
    private Instance<AbstractAuthorizationGrant> grantInstance;

    @Inject
    private GrantService grantService;

    @Inject
    private UserService userService;

    @Inject
    private ClientService clientService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private CacheService cacheService;

    @Inject
    private AbstractCryptoProvider cryptoProvider;

    @Inject
    private MetricService metricService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.gluu.oxauth.model.common.AuthorizationGrantList$1, reason: invalid class name */
    /* loaded from: input_file:org/gluu/oxauth/model/common/AuthorizationGrantList$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType;
        static final /* synthetic */ int[] $SwitchMap$org$gluu$oxauth$model$ldap$TokenType = new int[TokenType.values().length];

        static {
            try {
                $SwitchMap$org$gluu$oxauth$model$ldap$TokenType[TokenType.AUTHORIZATION_CODE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$ldap$TokenType[TokenType.REFRESH_TOKEN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$ldap$TokenType[TokenType.ACCESS_TOKEN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$ldap$TokenType[TokenType.ID_TOKEN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$ldap$TokenType[TokenType.LONG_LIVED_ACCESS_TOKEN.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType = new int[AuthorizationGrantType.values().length];
            try {
                $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.AUTHORIZATION_CODE.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.CLIENT_CREDENTIALS.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.IMPLICIT.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.CIBA.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.DEVICE_CODE.ordinal()] = 6;
            } catch (NoSuchFieldError e11) {
            }
        }
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public void removeAuthorizationGrants(List<AuthorizationGrant> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<AuthorizationGrant> it = list.iterator();
        while (it.hasNext()) {
            this.grantService.remove(it.next());
        }
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant createAuthorizationGrant(User user, Client client, Date date) {
        AuthorizationGrant authorizationGrant = (AuthorizationGrant) this.grantInstance.select(SimpleAuthorizationGrant.class, new Annotation[0]).get();
        authorizationGrant.init(user, null, client, date);
        return authorizationGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationCodeGrant createAuthorizationCodeGrant(User user, Client client, Date date) {
        AuthorizationCodeGrant authorizationCodeGrant = (AuthorizationCodeGrant) this.grantInstance.select(AuthorizationCodeGrant.class, new Annotation[0]).get();
        authorizationCodeGrant.init(user, client, date);
        CacheGrant cacheGrant = new CacheGrant(authorizationCodeGrant, this.appConfiguration);
        this.cacheService.put(authorizationCodeGrant.getAuthorizationCode().getExpiresIn(), cacheGrant.cacheKey(), cacheGrant);
        this.log.trace("Put authorization grant in cache, code: " + authorizationCodeGrant.getAuthorizationCode().getCode() + ", clientId: " + authorizationCodeGrant.getClientId());
        this.metricService.incCounter(MetricType.OXAUTH_TOKEN_AUTHORIZATION_CODE_COUNT);
        return authorizationCodeGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public ImplicitGrant createImplicitGrant(User user, Client client, Date date) {
        ImplicitGrant implicitGrant = (ImplicitGrant) this.grantInstance.select(ImplicitGrant.class, new Annotation[0]).get();
        implicitGrant.init(user, client, date);
        return implicitGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public ClientCredentialsGrant createClientCredentialsGrant(User user, Client client) {
        ClientCredentialsGrant clientCredentialsGrant = (ClientCredentialsGrant) this.grantInstance.select(ClientCredentialsGrant.class, new Annotation[0]).get();
        clientCredentialsGrant.init(user, client);
        return clientCredentialsGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public ResourceOwnerPasswordCredentialsGrant createResourceOwnerPasswordCredentialsGrant(User user, Client client) {
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = (ResourceOwnerPasswordCredentialsGrant) this.grantInstance.select(ResourceOwnerPasswordCredentialsGrant.class, new Annotation[0]).get();
        resourceOwnerPasswordCredentialsGrant.init(user, client);
        return resourceOwnerPasswordCredentialsGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public CIBAGrant createCIBAGrant(CibaRequestCacheControl cibaRequestCacheControl) {
        CIBAGrant cIBAGrant = (CIBAGrant) this.grantInstance.select(CIBAGrant.class, new Annotation[0]).get();
        cIBAGrant.init(cibaRequestCacheControl);
        CacheGrant cacheGrant = new CacheGrant(cIBAGrant, this.appConfiguration);
        this.cacheService.put(cibaRequestCacheControl.getExpiresIn(), cacheGrant.getAuthReqId(), cacheGrant);
        this.log.trace("Ciba grant saved in cache, authReqId: {}, grantId: {}", cIBAGrant.getAuthReqId(), cIBAGrant.getGrantId());
        return cIBAGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public CIBAGrant getCIBAGrant(String str) {
        Object obj = this.cacheService.get(str);
        if (obj == null) {
            obj = this.cacheService.get(str);
            this.log.trace("Failed to fetch CIBA grant from cache, authReqId: {}", str);
        }
        if (obj instanceof CacheGrant) {
            return ((CacheGrant) obj).asCibaGrant(this.grantInstance);
        }
        return null;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public DeviceCodeGrant createDeviceGrant(DeviceAuthorizationCacheControl deviceAuthorizationCacheControl, User user) {
        DeviceCodeGrant deviceCodeGrant = (DeviceCodeGrant) this.grantInstance.select(DeviceCodeGrant.class, new Annotation[0]).get();
        deviceCodeGrant.init(deviceAuthorizationCacheControl, user);
        CacheGrant cacheGrant = new CacheGrant(deviceCodeGrant, this.appConfiguration);
        this.cacheService.put(deviceAuthorizationCacheControl.getExpiresIn(), cacheGrant.getDeviceCode(), cacheGrant);
        this.log.trace("Device code grant saved in cache, deviceCode: {}, grantId: {}", deviceCodeGrant.getDeviceCode(), deviceCodeGrant.getGrantId());
        return deviceCodeGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public DeviceCodeGrant getDeviceCodeGrant(String str) {
        Object obj = this.cacheService.get(str);
        if (obj == null) {
            obj = this.cacheService.get(str);
            this.log.trace("Failed to fetch Device code grant from cache, deviceCode: {}", str);
        }
        if (obj instanceof CacheGrant) {
            return ((CacheGrant) obj).asDeviceCodeGrant(this.grantInstance);
        }
        return null;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationCodeGrant getAuthorizationCodeGrant(String str) {
        Object obj = this.cacheService.get(CacheGrant.cacheKey(str, null));
        if (obj == null) {
            obj = this.cacheService.get(CacheGrant.cacheKey(str, null));
            this.log.trace("Failed to fetch authorization grant from cache, code: " + str);
        }
        if (obj instanceof CacheGrant) {
            return ((CacheGrant) obj).asCodeGrant(this.grantInstance);
        }
        return null;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant getAuthorizationGrantByRefreshToken(String str, String str2) {
        return !ServerUtil.isTrue(this.appConfiguration.getPersistRefreshTokenInLdap()) ? assertTokenType((TokenLdap) this.cacheService.get(TokenHashUtil.hash(str2)), TokenType.REFRESH_TOKEN, str) : assertTokenType(this.grantService.getGrantByCode(str2), TokenType.REFRESH_TOKEN, str);
    }

    public AuthorizationGrant assertTokenType(TokenLdap tokenLdap, TokenType tokenType, String str) {
        AuthorizationGrant asGrant;
        if (tokenLdap == null || tokenLdap.getTokenTypeEnum() != tokenType || (asGrant = asGrant(tokenLdap)) == null || !asGrant.getClientId().equals(str)) {
            return null;
        }
        return asGrant;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public List<AuthorizationGrant> getAuthorizationGrant(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.addAll(this.grantService.getGrantsOfClient(str));
            arrayList2.addAll(this.grantService.getCacheClientTokensEntries(str));
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                AuthorizationGrant asGrant = asGrant((TokenLdap) it.next());
                if (asGrant != null) {
                    arrayList.add(asGrant);
                }
            }
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
        }
        return arrayList;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant getAuthorizationGrantByAccessToken(String str) {
        return getAuthorizationGrantByAccessToken(str, false);
    }

    public AuthorizationGrant getAuthorizationGrantByAccessToken(String str, boolean z) {
        TokenLdap grantByCode = this.grantService.getGrantByCode(str);
        if (grantByCode == null) {
            return null;
        }
        if (grantByCode.getTokenTypeEnum() == TokenType.ACCESS_TOKEN || grantByCode.getTokenTypeEnum() == TokenType.LONG_LIVED_ACCESS_TOKEN) {
            return asGrant(grantByCode);
        }
        return null;
    }

    @Override // org.gluu.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant getAuthorizationGrantByIdToken(String str) {
        TokenLdap grantByCode;
        if (StringUtils.isBlank(str) || (grantByCode = this.grantService.getGrantByCode(str)) == null || grantByCode.getTokenTypeEnum() != TokenType.ID_TOKEN) {
            return null;
        }
        return asGrant(grantByCode);
    }

    public AuthorizationGrant asGrant(TokenLdap tokenLdap) {
        AuthorizationGrantType fromString;
        AuthorizationGrant authorizationGrant;
        if (tokenLdap == null || (fromString = AuthorizationGrantType.fromString(tokenLdap.getGrantType())) == null) {
            return null;
        }
        User user = this.userService.getUser(tokenLdap.getUserId(), new String[0]);
        Client client = this.clientService.getClient(tokenLdap.getClientId());
        Date authenticationTime = tokenLdap.getAuthenticationTime();
        String nonce = tokenLdap.getNonce();
        switch (AnonymousClass1.$SwitchMap$org$gluu$oxauth$model$common$AuthorizationGrantType[fromString.ordinal()]) {
            case 1:
                AuthorizationCodeGrant authorizationCodeGrant = (AuthorizationCodeGrant) this.grantInstance.select(AuthorizationCodeGrant.class, new Annotation[0]).get();
                authorizationCodeGrant.init(user, client, authenticationTime);
                authorizationGrant = authorizationCodeGrant;
                break;
            case 2:
                ClientCredentialsGrant clientCredentialsGrant = (ClientCredentialsGrant) this.grantInstance.select(ClientCredentialsGrant.class, new Annotation[0]).get();
                clientCredentialsGrant.init(user, client);
                authorizationGrant = clientCredentialsGrant;
                break;
            case 3:
                ImplicitGrant implicitGrant = (ImplicitGrant) this.grantInstance.select(ImplicitGrant.class, new Annotation[0]).get();
                implicitGrant.init(user, client, authenticationTime);
                authorizationGrant = implicitGrant;
                break;
            case 4:
                ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = (ResourceOwnerPasswordCredentialsGrant) this.grantInstance.select(ResourceOwnerPasswordCredentialsGrant.class, new Annotation[0]).get();
                resourceOwnerPasswordCredentialsGrant.init(user, client);
                authorizationGrant = resourceOwnerPasswordCredentialsGrant;
                break;
            case RawRegistrationService.REGISTRATION_RESERVED_BYTE_VALUE /* 5 */:
                AuthorizationGrant authorizationGrant2 = (CIBAGrant) this.grantInstance.select(CIBAGrant.class, new Annotation[0]).get();
                authorizationGrant2.init(user, AuthorizationGrantType.CIBA, client, tokenLdap.getCreationDate());
                authorizationGrant = authorizationGrant2;
                break;
            case 6:
                AuthorizationGrant authorizationGrant3 = (DeviceCodeGrant) this.grantInstance.select(DeviceCodeGrant.class, new Annotation[0]).get();
                authorizationGrant3.init(user, AuthorizationGrantType.DEVICE_CODE, client, tokenLdap.getCreationDate());
                authorizationGrant = authorizationGrant3;
                break;
            default:
                return null;
        }
        String grantId = tokenLdap.getGrantId();
        String jwtRequest = tokenLdap.getJwtRequest();
        String authMode = tokenLdap.getAuthMode();
        String sessionDn = tokenLdap.getSessionDn();
        String claims = tokenLdap.getClaims();
        authorizationGrant.setTokenBindingHash(tokenLdap.getTokenBindingHash());
        authorizationGrant.setNonce(nonce);
        authorizationGrant.setX5cs256(tokenLdap.getAttributes().getX5cs256());
        authorizationGrant.setTokenLdap(tokenLdap);
        if (StringUtils.isNotBlank(grantId)) {
            authorizationGrant.setGrantId(grantId);
        }
        authorizationGrant.setScopes(Util.splittedStringAsList(tokenLdap.getScope(), " "));
        authorizationGrant.setCodeChallenge(tokenLdap.getCodeChallenge());
        authorizationGrant.setCodeChallengeMethod(tokenLdap.getCodeChallengeMethod());
        if (StringUtils.isNotBlank(jwtRequest)) {
            try {
                authorizationGrant.setJwtAuthorizationRequest(new JwtAuthorizationRequest(this.appConfiguration, this.cryptoProvider, jwtRequest, client));
            } catch (Exception e) {
                this.log.trace(e.getMessage(), e);
            }
        }
        authorizationGrant.setAcrValues(authMode);
        authorizationGrant.setSessionDn(sessionDn);
        authorizationGrant.setClaims(claims);
        if (tokenLdap.getTokenTypeEnum() != null) {
            switch (AnonymousClass1.$SwitchMap$org$gluu$oxauth$model$ldap$TokenType[tokenLdap.getTokenTypeEnum().ordinal()]) {
                case 1:
                    if (authorizationGrant instanceof AuthorizationCodeGrant) {
                        ((AuthorizationCodeGrant) authorizationGrant).setAuthorizationCode(new AuthorizationCode(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate()));
                        break;
                    }
                    break;
                case 2:
                    authorizationGrant.setRefreshTokens(Arrays.asList(new RefreshToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate())));
                    break;
                case 3:
                    authorizationGrant.setAccessTokens(Arrays.asList(new AccessToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate())));
                    break;
                case 4:
                    authorizationGrant.setIdToken(new IdToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate()));
                    break;
                case RawRegistrationService.REGISTRATION_RESERVED_BYTE_VALUE /* 5 */:
                    authorizationGrant.setLongLivedAccessToken(new AccessToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate()));
                    break;
            }
        }
        return authorizationGrant;
    }
}
