package net.trajano.ms.common.oauth;

import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.BasicAuthDefinition;
import io.swagger.annotations.SecurityDefinition;
import io.swagger.annotations.SwaggerDefinition;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.security.PermitAll;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.client.Client;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;

@SwaggerDefinition(securityDefinition = @SecurityDefinition(basicAuthDefinitions = {@BasicAuthDefinition(key = "client", description = "Client ID/Secret")}))
@PermitAll
/* loaded from: input_file:net/trajano/ms/common/oauth/BaseTokenResource.class */
public abstract class BaseTokenResource {
    private final ClientValidator clientValidator;
    private final Map<String, GrantHandler> grantHandlerMap;

    @Context
    private Client jaxRsClient;

    public BaseTokenResource(ClientValidator clientValidator, List<GrantHandler> list) {
        this.clientValidator = clientValidator;
        this.grantHandlerMap = (Map) list.stream().collect(Collectors.toConcurrentMap(grantHandler -> {
            return grantHandler.getGrantTypeHandled();
        }, Function.identity()));
    }

    private String checkClientAuthorized(String str, String str2) {
        if (str2 == null || !str2.startsWith("Basic ")) {
            throw OAuthTokenResponse.unauthorized("invalid_request", "Missing authorization", "Basic");
        }
        String[] split = new String(Base64.getDecoder().decode(str2.substring(6)), StandardCharsets.US_ASCII).split(":");
        try {
            String decode = URLDecoder.decode(split[0], "UTF-8");
            if (this.clientValidator.isValid(str, decode, URLDecoder.decode(split[1], "UTF-8"))) {
                return decode;
            }
            throw OAuthTokenResponse.unauthorized("unauthorized_client", "Client not authorized", "Basic");
        } catch (UnsupportedEncodingException e) {
            throw OAuthTokenResponse.internalServerError(e);
        }
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "grant_type", value = "Grant type", required = true, dataType = "java.lang.String", paramType = "form")})
    @Consumes({"application/x-www-form-urlencoded"})
    @ApiOperation(value = "Token Endpoint", authorizations = {@Authorization("client")})
    @POST
    public Response token(@Context HttpHeaders httpHeaders, MultivaluedMap<String, String> multivaluedMap) {
        String first = multivaluedMap.getFirst("grant_type");
        if (first == null || !this.grantHandlerMap.containsKey(first)) {
            throw OAuthTokenResponse.badRequest("unsupported_grant_type", "Unsupported grant type");
        }
        List<String> requestHeader = httpHeaders.getRequestHeader("Authorization");
        if (requestHeader.isEmpty()) {
            throw OAuthTokenResponse.unauthorized("unauthorized_client", "Client not authorized", "Basic");
        }
        return Response.ok(this.grantHandlerMap.get(first).handler(this.jaxRsClient, checkClientAuthorized(first, (String) ((List) requestHeader.stream().filter(str -> {
            return str.startsWith("Basic ");
        }).collect(Collectors.toList())).get(0)), httpHeaders, multivaluedMap)).build();
    }
}
