package org.xdi.oxauth.model.common;

import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.RDN;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.xdi.oxauth.model.authorize.JwtAuthorizationRequest;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.ldap.TokenLdap;
import org.xdi.oxauth.model.ldap.TokenType;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.util.Util;
import org.xdi.oxauth.service.ClientService;
import org.xdi.oxauth.service.GrantService;
import org.xdi.oxauth.service.UserService;
import org.xdi.oxauth.service.fido.u2f.RawRegistrationService;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.oxauth.util.TokenHashUtil;
import org.xdi.service.CacheService;

@Dependent
/* loaded from: input_file:org/xdi/oxauth/model/common/AuthorizationGrantList.class */
public class AuthorizationGrantList implements IAuthorizationGrantList {

    @Inject
    private Logger log;

    @Inject
    private Instance<AbstractAuthorizationGrant> grantInstance;

    @Inject
    private GrantService grantService;

    @Inject
    private UserService userService;

    @Inject
    private ClientService clientService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private CacheService cacheService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xdi.oxauth.model.common.AuthorizationGrantList$1, reason: invalid class name */
    /* loaded from: input_file:org/xdi/oxauth/model/common/AuthorizationGrantList$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xdi$oxauth$model$ldap$TokenType = new int[TokenType.values().length];

        static {
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.AUTHORIZATION_CODE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.REFRESH_TOKEN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.ACCESS_TOKEN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.ID_TOKEN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.LONG_LIVED_ACCESS_TOKEN.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$org$xdi$oxauth$model$common$AuthorizationGrantType = new int[AuthorizationGrantType.values().length];
            try {
                $SwitchMap$org$xdi$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.AUTHORIZATION_CODE.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.CLIENT_CREDENTIALS.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.IMPLICIT.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$common$AuthorizationGrantType[AuthorizationGrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public void removeAuthorizationGrants(List<AuthorizationGrant> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<AuthorizationGrant> it = list.iterator();
        while (it.hasNext()) {
            this.grantService.remove(it.next());
        }
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant createAuthorizationGrant(User user, Client client, Date date) {
        AuthorizationGrant authorizationGrant = (AuthorizationGrant) this.grantInstance.select(SimpleAuthorizationGrant.class, new Annotation[0]).get();
        authorizationGrant.init(user, null, client, date);
        return authorizationGrant;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationCodeGrant createAuthorizationCodeGrant(User user, Client client, Date date) {
        AuthorizationCodeGrant authorizationCodeGrant = (AuthorizationCodeGrant) this.grantInstance.select(AuthorizationCodeGrant.class, new Annotation[0]).get();
        authorizationCodeGrant.init(user, client, date);
        CacheGrant cacheGrant = new CacheGrant(authorizationCodeGrant, this.appConfiguration);
        this.cacheService.put(Integer.toString(authorizationCodeGrant.getAuthorizationCode().getExpiresIn()), cacheGrant.cacheKey(), cacheGrant);
        this.log.trace("Put authorization grant in cache, code: " + authorizationCodeGrant.getAuthorizationCode().getCode() + ", clientId: " + authorizationCodeGrant.getClientId());
        return authorizationCodeGrant;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public ImplicitGrant createImplicitGrant(User user, Client client, Date date) {
        ImplicitGrant implicitGrant = (ImplicitGrant) this.grantInstance.select(ImplicitGrant.class, new Annotation[0]).get();
        implicitGrant.init(user, client, date);
        return implicitGrant;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public ClientCredentialsGrant createClientCredentialsGrant(User user, Client client) {
        ClientCredentialsGrant clientCredentialsGrant = (ClientCredentialsGrant) this.grantInstance.select(ClientCredentialsGrant.class, new Annotation[0]).get();
        clientCredentialsGrant.init(user, client);
        return clientCredentialsGrant;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public ResourceOwnerPasswordCredentialsGrant createResourceOwnerPasswordCredentialsGrant(User user, Client client) {
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = (ResourceOwnerPasswordCredentialsGrant) this.grantInstance.select(ResourceOwnerPasswordCredentialsGrant.class, new Annotation[0]).get();
        resourceOwnerPasswordCredentialsGrant.init(user, client);
        return resourceOwnerPasswordCredentialsGrant;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationCodeGrant getAuthorizationCodeGrant(String str, String str2) {
        Object obj = this.cacheService.get((String) null, CacheGrant.cacheKey(str, str2, null));
        if (obj == null) {
            obj = this.cacheService.get((String) null, CacheGrant.cacheKey(str, str2, null));
            this.log.trace("Failed to fetch authorization grant from cache, code: " + str2 + ", clientId: " + str);
        }
        if (obj instanceof CacheGrant) {
            return ((CacheGrant) obj).asCodeGrant(this.grantInstance);
        }
        return null;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant getAuthorizationGrantByRefreshToken(String str, String str2) {
        return !ServerUtil.isTrue(this.appConfiguration.getPersistRefreshTokenInLdap()) ? asGrant((TokenLdap) this.cacheService.get((String) null, TokenHashUtil.getHashedToken(str2))) : load(str, str2);
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public List<AuthorizationGrant> getAuthorizationGrant(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.addAll(this.grantService.getGrantsOfClient(str));
            arrayList2.addAll(this.grantService.getCacheClientTokensEntries(str));
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                AuthorizationGrant asGrant = asGrant((TokenLdap) it.next());
                if (asGrant != null) {
                    arrayList.add(asGrant);
                }
            }
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
        }
        return arrayList;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant getAuthorizationGrantByAccessToken(String str) {
        return getAuthorizationGrantByAccessToken(str, false);
    }

    public AuthorizationGrant getAuthorizationGrantByAccessToken(String str, boolean z) {
        TokenLdap grantsByCode = this.grantService.getGrantsByCode(str, z);
        if (grantsByCode == null) {
            return null;
        }
        if (grantsByCode.getTokenTypeEnum() == TokenType.ACCESS_TOKEN || grantsByCode.getTokenTypeEnum() == TokenType.LONG_LIVED_ACCESS_TOKEN) {
            return asGrant(grantsByCode);
        }
        return null;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrantList
    public AuthorizationGrant getAuthorizationGrantByIdToken(String str) {
        TokenLdap grantsByCode = this.grantService.getGrantsByCode(str);
        if (grantsByCode == null || grantsByCode.getTokenTypeEnum() != TokenType.ID_TOKEN) {
            return null;
        }
        return asGrant(grantsByCode);
    }

    public AuthorizationGrant load(String str, String str2) {
        return asGrant(this.grantService.getGrantsByCodeAndClient(str2, str));
    }

    public String extractClientIdFromTokenDn(String str) {
        try {
            if (StringUtils.isNotBlank(str)) {
                RDN[] rDNs = DN.getRDNs(str);
                if (ArrayUtils.isNotEmpty(rDNs)) {
                    for (RDN rdn : rDNs) {
                        String[] attributeNames = rdn.getAttributeNames();
                        if (ArrayUtils.isNotEmpty(attributeNames) && Arrays.asList(attributeNames).contains("inum")) {
                            String[] attributeValues = rdn.getAttributeValues();
                            if (ArrayUtils.isNotEmpty(attributeValues)) {
                                return attributeValues[0];
                            }
                        }
                    }
                }
            }
            return "";
        } catch (LDAPException e) {
            this.log.trace(e.getMessage(), e);
            return "";
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public AuthorizationGrant asGrant(TokenLdap tokenLdap) {
        AuthorizationGrantType fromString;
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant;
        if (tokenLdap == null || (fromString = AuthorizationGrantType.fromString(tokenLdap.getGrantType())) == null) {
            return null;
        }
        User user = this.userService.getUser(tokenLdap.getUserId(), new String[0]);
        Client client = this.clientService.getClient(extractClientIdFromTokenDn(tokenLdap.getDn()));
        Date authenticationTime = tokenLdap.getAuthenticationTime();
        String nonce = tokenLdap.getNonce();
        switch (fromString) {
            case AUTHORIZATION_CODE:
                AuthorizationCodeGrant authorizationCodeGrant = (AuthorizationCodeGrant) this.grantInstance.select(AuthorizationCodeGrant.class, new Annotation[0]).get();
                authorizationCodeGrant.init(user, client, authenticationTime);
                resourceOwnerPasswordCredentialsGrant = authorizationCodeGrant;
                break;
            case CLIENT_CREDENTIALS:
                ClientCredentialsGrant clientCredentialsGrant = (ClientCredentialsGrant) this.grantInstance.select(ClientCredentialsGrant.class, new Annotation[0]).get();
                clientCredentialsGrant.init(user, client);
                resourceOwnerPasswordCredentialsGrant = clientCredentialsGrant;
                break;
            case IMPLICIT:
                ImplicitGrant implicitGrant = (ImplicitGrant) this.grantInstance.select(ImplicitGrant.class, new Annotation[0]).get();
                implicitGrant.init(user, client, authenticationTime);
                resourceOwnerPasswordCredentialsGrant = implicitGrant;
                break;
            case RESOURCE_OWNER_PASSWORD_CREDENTIALS:
                ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant2 = (ResourceOwnerPasswordCredentialsGrant) this.grantInstance.select(ResourceOwnerPasswordCredentialsGrant.class, new Annotation[0]).get();
                resourceOwnerPasswordCredentialsGrant2.init(user, client);
                resourceOwnerPasswordCredentialsGrant = resourceOwnerPasswordCredentialsGrant2;
                break;
            default:
                return null;
        }
        String grantId = tokenLdap.getGrantId();
        String jwtRequest = tokenLdap.getJwtRequest();
        String authMode = tokenLdap.getAuthMode();
        String sessionDn = tokenLdap.getSessionDn();
        String claims = tokenLdap.getClaims();
        resourceOwnerPasswordCredentialsGrant.setNonce(nonce);
        resourceOwnerPasswordCredentialsGrant.setTokenLdap(tokenLdap);
        if (StringUtils.isNotBlank(grantId)) {
            resourceOwnerPasswordCredentialsGrant.setGrantId(grantId);
        }
        resourceOwnerPasswordCredentialsGrant.setScopes(Util.splittedStringAsList(tokenLdap.getScope(), " "));
        resourceOwnerPasswordCredentialsGrant.setCodeChallenge(tokenLdap.getCodeChallenge());
        resourceOwnerPasswordCredentialsGrant.setCodeChallengeMethod(tokenLdap.getCodeChallengeMethod());
        if (StringUtils.isNotBlank(jwtRequest)) {
            try {
                resourceOwnerPasswordCredentialsGrant.setJwtAuthorizationRequest(new JwtAuthorizationRequest(this.appConfiguration, jwtRequest, client));
            } catch (Exception e) {
                this.log.trace(e.getMessage(), e);
            }
        }
        resourceOwnerPasswordCredentialsGrant.setAcrValues(authMode);
        resourceOwnerPasswordCredentialsGrant.setSessionDn(sessionDn);
        resourceOwnerPasswordCredentialsGrant.setClaims(claims);
        if (tokenLdap.getTokenTypeEnum() != null) {
            switch (AnonymousClass1.$SwitchMap$org$xdi$oxauth$model$ldap$TokenType[tokenLdap.getTokenTypeEnum().ordinal()]) {
                case 1:
                    if (resourceOwnerPasswordCredentialsGrant instanceof AuthorizationCodeGrant) {
                        ((AuthorizationCodeGrant) resourceOwnerPasswordCredentialsGrant).setAuthorizationCode(new AuthorizationCode(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate()));
                        break;
                    }
                    break;
                case 2:
                    resourceOwnerPasswordCredentialsGrant.setRefreshTokens(Arrays.asList(new RefreshToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate())));
                    break;
                case 3:
                    resourceOwnerPasswordCredentialsGrant.setAccessTokens(Arrays.asList(new AccessToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate())));
                    break;
                case 4:
                    resourceOwnerPasswordCredentialsGrant.setIdToken(new IdToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate()));
                    break;
                case RawRegistrationService.REGISTRATION_RESERVED_BYTE_VALUE /* 5 */:
                    resourceOwnerPasswordCredentialsGrant.setLongLivedAccessToken(new AccessToken(tokenLdap.getTokenCode(), tokenLdap.getCreationDate(), tokenLdap.getExpirationDate()));
                    break;
            }
        }
        return resourceOwnerPasswordCredentialsGrant;
    }
}
