package com.networknt.oauth.handler;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.networknt.basicauth.BasicAuthConfig;
import com.networknt.client.OAuthTokenConfig;
import com.networknt.config.Config;
import com.networknt.config.JsonMapper;
import com.networknt.db.provider.DbProvider;
import com.networknt.db.provider.DbProviderConfig;
import com.networknt.exception.ApiException;
import com.networknt.handler.LightHttpHandler;
import com.networknt.monad.Result;
import com.networknt.oauth.auth.Authenticator;
import com.networknt.oauth.auth.LightPortalAuth;
import com.networknt.oauth.common.ClientUtil;
import com.networknt.oauth.common.HttpAuth;
import com.networknt.oauth.common.OAuthConfig;
import com.networknt.oauth.security.LightPasswordCredential;
import com.networknt.security.JwtConfig;
import com.networknt.security.JwtIssuer;
import com.networknt.security.KeyUtil;
import com.networknt.service.SingletonServiceFactory;
import com.networknt.status.Status;
import com.networknt.utility.Constants;
import com.networknt.utility.HashUtil;
import com.networknt.utility.UuidUtil;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormData;
import io.undertow.server.handlers.form.FormParserFactory;
import io.undertow.util.Headers;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import net.lightapi.portal.PortalConstants;
import net.lightapi.portal.db.PortalDbProvider;
import org.jose4j.jwt.JwtClaims;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/handler/ProviderIdTokenPostHandler.class */
public class ProviderIdTokenPostHandler implements LightHttpHandler {
    public static final String CLIENT_TYPE_TRUSTED = "trusted";
    public static final String CLIENT_TYPE_EXTERNAL = "external";
    public static final int TEN_YEAR_IN_SECOND = 315360000;
    private static final String UNABLE_TO_PARSE_FORM_DATA = "ERR12000";
    private static final String UNSUPPORTED_GRANT_TYPE = "ERR12001";
    private static final String MISSING_AUTHORIZATION_HEADER = "ERR12002";
    private static final String INVALID_AUTHORIZATION_HEADER = "ERR12003";
    private static final String INVALID_BASIC_CREDENTIALS = "ERR12004";
    private static final String JSON_PROCESSING_EXCEPTION = "ERR12005";
    private static final String CLIENT_NOT_FOUND = "ERR12014";
    private static final String USER_NOT_FOUND = "ERR12013";
    private static final String UNAUTHORIZED_CLIENT = "ERR12007";
    private static final String INVALID_AUTHORIZATION_CODE = "ERR12008";
    private static final String GENERIC_EXCEPTION = "ERR10014";
    private static final String RUNTIME_EXCEPTION = "ERR10010";
    private static final String USERNAME_REQUIRED = "ERR12022";
    private static final String PASSWORD_REQUIRED = "ERR12023";
    private static final String INCORRECT_PASSWORD = "ERR12016";
    private static final String NOT_TRUSTED_CLIENT = "ERR12024";
    private static final String MISSING_REDIRECT_URI = "ERR12025";
    private static final String MISMATCH_REDIRECT_URI = "ERR12026";
    private static final String MISMATCH_SCOPE = "ERR12027";
    private static final String MISMATCH_CLIENT_ID = "ERR12028";
    private static final String MISMATCH_PROVIDER_ID = "ERR12053";
    private static final String REFRESH_TOKEN_NOT_FOUND = "ERR12029";
    private static final String USER_ID_REQUIRED_FOR_CLIENT_AUTHENTICATED_USER_GRANT_TYPE = "ERR12031";
    private static final String USER_TYPE_REQUIRED_FOR_CLIENT_AUTHENTICATED_USER_GRANT_TYPE = "ERR12032";
    private static final String HOST_IS_REQUIRED = "ERR12051";
    private static final String INVALID_CODE_VERIFIER = "ERR12037";
    private static final String CODE_VERIFIER_TOO_SHORT = "ERR12038";
    private static final String CODE_VERIFIER_TOO_LONG = "ERR12039";
    private static final String CODE_VERIFIER_MISSING = "ERR12040";
    private static final String CODE_VERIFIER_FAILED = "ERR12041";
    private static final String INVALID_CODE_CHALLENGE_METHOD = "ERR12033";
    private static final String CLIENT_AUTHENTICATE_CLASS_NOT_FOUND = "ERR10043";
    private static final String AUTHORIZATION_CODE_NOT_FOUND = "ERR12052";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ProviderIdTokenPostHandler.class);
    static PortalDbProvider dbProvider = (PortalDbProvider) SingletonServiceFactory.getBean(DbProvider.class);
    static JwtConfig config = JwtConfig.load();
    private static final OAuthConfig authConfig = (OAuthConfig) Config.getInstance().getJsonObjectConfig("oauth", OAuthConfig.class);

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        ObjectMapper mapper = Config.getInstance().getMapper();
        httpServerExchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
        HashMap hashMap = new HashMap();
        try {
            FormData parseBlocking = FormParserFactory.builder().build().createParser(httpServerExchange).parseBlocking();
            Iterator<String> it = parseBlocking.iterator();
            while (it.hasNext()) {
                String next = it.next();
                Iterator<FormData.FormValue> it2 = parseBlocking.get(next).iterator();
                while (it2.hasNext()) {
                    hashMap.put(next, it2.next().getValue());
                }
            }
            try {
                String str = (String) hashMap.remove("grant_type");
                if ("client_credentials".equals(str)) {
                    httpServerExchange.getResponseSender().send(mapper.writeValueAsString(handleClientCredentials(httpServerExchange, hashMap)));
                } else if ("long_lived".equals(str)) {
                    httpServerExchange.getResponseSender().send(mapper.writeValueAsString(handleLongLivedToken(httpServerExchange, hashMap)));
                } else if ("authorization_code".equals(str)) {
                    httpServerExchange.getResponseSender().send(mapper.writeValueAsString(handleAuthorizationCode(httpServerExchange, hashMap)));
                } else if (DbProviderConfig.PASSWORD.equals(str)) {
                    httpServerExchange.getResponseSender().send(mapper.writeValueAsString(handlePassword(httpServerExchange, hashMap)));
                } else if (OAuthTokenConfig.REFRESH_TOKEN.equals(str)) {
                    httpServerExchange.getResponseSender().send(mapper.writeValueAsString(handleRefreshToken(httpServerExchange, hashMap)));
                } else if ("client_authenticated_user".equals(str)) {
                    httpServerExchange.getResponseSender().send(mapper.writeValueAsString(handleClientAuthenticatedUser(httpServerExchange, hashMap)));
                } else if ("bootstrap_token".equals(str)) {
                    httpServerExchange.getResponseSender().send(mapper.writeValueAsString(handleBootstrapToken(httpServerExchange, hashMap)));
                } else {
                    setExchangeStatus(httpServerExchange, UNSUPPORTED_GRANT_TYPE, str);
                }
            } catch (JsonProcessingException e) {
                logger.error("JsonProcessingException:", (Throwable) e);
                setExchangeStatus(httpServerExchange, JSON_PROCESSING_EXCEPTION, e.getMessage());
            } catch (ApiException e2) {
                logger.error("ApiException", (Throwable) e2);
                httpServerExchange.setStatusCode(e2.getStatus().getStatusCode());
                httpServerExchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
                httpServerExchange.getResponseSender().send(e2.getStatus().toString());
            }
        } catch (Exception e3) {
            logger.error("Exception:", (Throwable) e3);
            setExchangeStatus(httpServerExchange, UNABLE_TO_PARSE_FORM_DATA, e3.getMessage());
            httpServerExchange.endExchange();
        }
    }

    private Map<String, Object> handleBootstrapToken(HttpServerExchange httpServerExchange, Map<String, Object> map) throws ApiException {
        String str = (String) map.remove("scope");
        String first = httpServerExchange.getQueryParameters().get(JwtConfig.PROVIDER_ID).getFirst();
        if (logger.isDebugEnabled()) {
            logger.debug("scope = " + str, "providerId = " + first);
        }
        Map<String, Object> authenticateClient = authenticateClient(httpServerExchange, map);
        if (authenticateClient == null) {
            return new HashMap();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Passed client_id and client_secret validation.");
        }
        if (str == null) {
            str = authConfig.getBootstrapScope();
        } else if (!matchScope(str, authConfig.getBootstrapScope())) {
            throw new ApiException(new Status(MISMATCH_SCOPE, str, authConfig.getBootstrapScope()));
        }
        if (logger.isDebugEnabled()) {
            logger.debug("scope is matched.");
        }
        Result<Map<String, Object>> queryCurrentProviderKey = dbProvider.queryCurrentProviderKey(first);
        if (queryCurrentProviderKey.isFailure()) {
            logger.error("failed to get the current host key: " + String.valueOf(queryCurrentProviderKey.getError()));
            throw new ApiException(queryCurrentProviderKey.getError());
        }
        try {
            Map<String, Object> result = queryCurrentProviderKey.getResult();
            String jwt = JwtIssuer.getJwt(mockBsClaims((String) authenticateClient.get("clientId"), str, map), (String) result.get("kid"), KeyUtil.deserializePrivateKey((String) result.get("privateKey"), "RSA"));
            HashMap hashMap = new HashMap();
            hashMap.put("access_token", jwt);
            hashMap.put("token_type", BasicAuthConfig.BEARER);
            hashMap.put("expires_in", Integer.valueOf(TEN_YEAR_IN_SECOND));
            return hashMap;
        } catch (Exception e) {
            logger.error("Exception:", (Throwable) e);
            throw new ApiException(new Status("ERR10014", e.getMessage()));
        }
    }

    private Map<String, Object> handleClientCredentials(HttpServerExchange httpServerExchange, Map<String, Object> map) throws ApiException {
        String str = (String) map.get("scope");
        String first = httpServerExchange.getQueryParameters().get(JwtConfig.PROVIDER_ID).getFirst();
        if (logger.isDebugEnabled()) {
            logger.debug("scope = {} providerId = {}", str, first);
        }
        Map<String, Object> authenticateClient = authenticateClient(httpServerExchange, map);
        if (authenticateClient == null) {
            return new HashMap();
        }
        if (str == null) {
            str = (String) authenticateClient.get("clientScope");
        } else if (!matchScope(str, (String) authenticateClient.get("clientScope"))) {
            throw new ApiException(new Status(MISMATCH_SCOPE, str, authenticateClient.get("clientScope")));
        }
        Map<String, Object> map2 = null;
        Result<Map<String, Object>> queryCurrentProviderKey = dbProvider.queryCurrentProviderKey(first);
        if (queryCurrentProviderKey.isFailure()) {
            logger.error("failed to get the current host key: " + String.valueOf(queryCurrentProviderKey.getError()));
            throw new ApiException(queryCurrentProviderKey.getError());
        }
        try {
            String str2 = (String) authenticateClient.get("customClaim");
            if (str2 != null && !str2.isEmpty()) {
                map2 = JsonMapper.string2Map(str2);
            }
            Map<String, Object> result = queryCurrentProviderKey.getResult();
            String jwt = JwtIssuer.getJwt(mockCcClaims((String) authenticateClient.get("clientId"), str, map2), (String) result.get("kid"), KeyUtil.deserializePrivateKey((String) result.get("privateKey"), "RSA"));
            if (CLIENT_TYPE_EXTERNAL.equals(authenticateClient.get("clientType"))) {
                jwt = jwtReference((String) authenticateClient.get("host"), jwt, (String) authenticateClient.get("derefClientId"));
            }
            HashMap hashMap = new HashMap();
            hashMap.put("access_token", jwt);
            hashMap.put("token_type", BasicAuthConfig.BEARER);
            hashMap.put("expires_in", Integer.valueOf(config.getExpiredInMinutes() * 60));
            return hashMap;
        } catch (Exception e) {
            logger.error("Exception:", (Throwable) e);
            throw new ApiException(new Status("ERR10014", e.getMessage()));
        }
    }

    private Map<String, Object> handleLongLivedToken(HttpServerExchange httpServerExchange, Map<String, Object> map) throws ApiException {
        String str = (String) map.get("scope");
        String first = httpServerExchange.getQueryParameters().get(JwtConfig.PROVIDER_ID).getFirst();
        if (logger.isDebugEnabled()) {
            logger.debug("scope = {} providerId = {}", str, first);
        }
        Map<String, Object> authenticateClient = authenticateClient(httpServerExchange, map);
        if (authenticateClient == null) {
            return new HashMap();
        }
        if (!CLIENT_TYPE_TRUSTED.equals(authenticateClient.get("clientType"))) {
            throw new ApiException(new Status(NOT_TRUSTED_CLIENT, authenticateClient.get("clientId")));
        }
        if (str == null) {
            str = (String) authenticateClient.get("clientScope");
        } else if (!matchScope(str, (String) authenticateClient.get("clientScope"))) {
            throw new ApiException(new Status(MISMATCH_SCOPE, str, authenticateClient.get("clientScope")));
        }
        Map<String, Object> map2 = null;
        Result<Map<String, Object>> queryLongLiveProviderKey = dbProvider.queryLongLiveProviderKey(first);
        if (queryLongLiveProviderKey.isFailure()) {
            logger.error("failed to get the current host key: " + String.valueOf(queryLongLiveProviderKey.getError()));
            throw new ApiException(queryLongLiveProviderKey.getError());
        }
        try {
            String str2 = (String) authenticateClient.get("customClaim");
            if (str2 != null && str2.length() > 0) {
                map2 = JsonMapper.string2Map(str2);
            }
            Map<String, Object> result = queryLongLiveProviderKey.getResult();
            String jwt = JwtIssuer.getJwt(mockBsClaims((String) authenticateClient.get("clientId"), str, map2), (String) result.get("kid"), KeyUtil.deserializePrivateKey((String) result.get("privateKey"), "RSA"));
            if (CLIENT_TYPE_EXTERNAL.equals(authenticateClient.get("clientType"))) {
                jwt = jwtReference((String) authenticateClient.get("host"), jwt, (String) authenticateClient.get("derefClientId"));
            }
            HashMap hashMap = new HashMap();
            hashMap.put("access_token", jwt);
            hashMap.put("token_type", BasicAuthConfig.BEARER);
            hashMap.put("expires_in", Integer.valueOf(TEN_YEAR_IN_SECOND));
            return hashMap;
        } catch (Exception e) {
            logger.error("Exception:", (Throwable) e);
            throw new ApiException(new Status("ERR10014", e.getMessage()));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:101:0x04e0 A[Catch: Exception -> 0x0597, TryCatch #1 {Exception -> 0x0597, blocks: (B:134:0x0496, B:136:0x049e, B:96:0x04b1, B:98:0x04be, B:99:0x04d3, B:101:0x04e0, B:102:0x04f5, B:104:0x0502, B:105:0x0517, B:95:0x04a8), top: B:133:0x0496 }] */
    /* JADX WARN: Removed duplicated region for block: B:104:0x0502 A[Catch: Exception -> 0x0597, TryCatch #1 {Exception -> 0x0597, blocks: (B:134:0x0496, B:136:0x049e, B:96:0x04b1, B:98:0x04be, B:99:0x04d3, B:101:0x04e0, B:102:0x04f5, B:104:0x0502, B:105:0x0517, B:95:0x04a8), top: B:133:0x0496 }] */
    /* JADX WARN: Removed duplicated region for block: B:108:0x05c2  */
    /* JADX WARN: Removed duplicated region for block: B:111:0x0636  */
    /* JADX WARN: Removed duplicated region for block: B:114:0x0658  */
    /* JADX WARN: Removed duplicated region for block: B:117:0x067a  */
    /* JADX WARN: Removed duplicated region for block: B:120:0x070c  */
    /* JADX WARN: Removed duplicated region for block: B:123:0x0731  */
    /* JADX WARN: Removed duplicated region for block: B:126:0x0794  */
    /* JADX WARN: Removed duplicated region for block: B:98:0x04be A[Catch: Exception -> 0x0597, TryCatch #1 {Exception -> 0x0597, blocks: (B:134:0x0496, B:136:0x049e, B:96:0x04b1, B:98:0x04be, B:99:0x04d3, B:101:0x04e0, B:102:0x04f5, B:104:0x0502, B:105:0x0517, B:95:0x04a8), top: B:133:0x0496 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Map<java.lang.String, java.lang.Object> handleAuthorizationCode(io.undertow.server.HttpServerExchange r12, java.util.Map<java.lang.String, java.lang.Object> r13) throws com.networknt.exception.ApiException {
        /*
            Method dump skipped, instructions count: 1991
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.networknt.oauth.handler.ProviderIdTokenPostHandler.handleAuthorizationCode(io.undertow.server.HttpServerExchange, java.util.Map):java.util.Map");
    }

    private Map<String, Object> handlePassword(HttpServerExchange httpServerExchange, Map<String, Object> map) throws ApiException {
        String first = httpServerExchange.getQueryParameters().get(JwtConfig.PROVIDER_ID).getFirst();
        String str = (String) map.get(DbProviderConfig.USERNAME);
        String str2 = (String) map.get("scope");
        String str3 = (String) map.get(Constants.USER_TYPE);
        String str4 = (String) map.get(Constants.ROLES);
        if (logger.isDebugEnabled()) {
            logger.debug("userId = " + str + " scope = " + str2);
        }
        char[] cArr = null;
        if (map.get(DbProviderConfig.PASSWORD) != null) {
            cArr = ((String) map.get(DbProviderConfig.PASSWORD)).toCharArray();
        }
        Map<String, Object> authenticateClient = authenticateClient(httpServerExchange, map);
        if (authenticateClient == null) {
            return new HashMap();
        }
        if (str == null) {
            throw new ApiException(new Status(USERNAME_REQUIRED, new Object[0]));
        }
        if (cArr == null) {
            throw new ApiException(new Status(PASSWORD_REQUIRED, new Object[0]));
        }
        if (!CLIENT_TYPE_TRUSTED.equals(authenticateClient.get("clientType"))) {
            throw new ApiException(new Status(NOT_TRUSTED_CLIENT, new Object[0]));
        }
        if (str2 == null) {
            str2 = (String) authenticateClient.get("clientScope");
        } else if (!matchScope(str2, (String) authenticateClient.get("clientScope"))) {
            throw new ApiException(new Status(MISMATCH_SCOPE, str2, authenticateClient.get("clientScope")));
        }
        String str5 = (String) authenticateClient.get("authenticateClass");
        Class<?> cls = LightPortalAuth.class;
        if (str5 != null && str5.trim().length() > 0) {
            try {
                cls = Class.forName(str5);
            } catch (ClassNotFoundException e) {
                logger.error("Authenticate Class " + str5 + " not found.", (Throwable) e);
                throw new ApiException(new Status(CLIENT_AUTHENTICATE_CLASS_NOT_FOUND, str5));
            }
        }
        Account authenticate = ((Authenticator) SingletonServiceFactory.getBean(Authenticator.class, cls)).authenticate(str, new LightPasswordCredential(cArr, str5, str3, httpServerExchange));
        if (authenticate == null) {
            throw new ApiException(new Status(USER_NOT_FOUND, str));
        }
        if ("error".equals(authenticate.getPrincipal().getName())) {
            throw new ApiException((Status) JsonMapper.fromJson(authenticate.getRoles().iterator().next(), Status.class));
        }
        Result<Map<String, Object>> queryCurrentProviderKey = dbProvider.queryCurrentProviderKey(first);
        if (queryCurrentProviderKey.isFailure()) {
            logger.error("failed to get the current host key: " + String.valueOf(queryCurrentProviderKey.getError()));
            throw new ApiException(queryCurrentProviderKey.getError());
        }
        try {
            Map<String, Object> map2 = null;
            String str6 = (String) authenticateClient.get("customClaim");
            if (str6 != null && str6.length() > 0) {
                map2 = (Map) Config.getInstance().getMapper().readValue(str6, new TypeReference<Map<String, Object>>() { // from class: com.networknt.oauth.handler.ProviderIdTokenPostHandler.1
                });
            }
            Map<String, Object> result = queryCurrentProviderKey.getResult();
            String jwt = JwtIssuer.getJwt(mockAcClaims((String) authenticateClient.get("clientId"), str2, str, str3, str4, null, map2), (String) result.get("kid"), KeyUtil.deserializePrivateKey((String) result.get("privateKey"), "RSA"));
            String uuid = UUID.randomUUID().toString();
            HashMap hashMap = new HashMap();
            hashMap.put(JwtConfig.PROVIDER_ID, first);
            hashMap.put("refreshToken", uuid);
            hashMap.put("userId", str);
            hashMap.put("userType", str3);
            hashMap.put(Constants.ROLES, str4);
            hashMap.put("clientId", authenticateClient.get("clientId"));
            hashMap.put("scope", str2);
            hashMap.put("remember", "N");
            hashMap.put("host", authenticateClient.get("host"));
            ClientUtil.createRefreshToken(hashMap, jwt);
            HashMap hashMap2 = new HashMap();
            hashMap2.put("access_token", jwt);
            hashMap2.put("token_type", BasicAuthConfig.BEARER);
            hashMap2.put("expires_in", Integer.valueOf(config.getExpiredInMinutes() * 60));
            hashMap2.put(OAuthTokenConfig.REFRESH_TOKEN, uuid);
            return hashMap2;
        } catch (Exception e2) {
            logger.error("Exception:", (Throwable) e2);
            throw new ApiException(new Status("ERR10014", e2.getMessage()));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:29:0x0268 A[Catch: Exception -> 0x0306, TryCatch #0 {Exception -> 0x0306, blocks: (B:47:0x0248, B:49:0x0250, B:29:0x0268, B:32:0x027a, B:35:0x028c, B:36:0x0299, B:26:0x025a), top: B:46:0x0248 }] */
    /* JADX WARN: Removed duplicated region for block: B:32:0x027a A[Catch: Exception -> 0x0306, TryCatch #0 {Exception -> 0x0306, blocks: (B:47:0x0248, B:49:0x0250, B:29:0x0268, B:32:0x027a, B:35:0x028c, B:36:0x0299, B:26:0x025a), top: B:46:0x0248 }] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x028c A[Catch: Exception -> 0x0306, TryCatch #0 {Exception -> 0x0306, blocks: (B:47:0x0248, B:49:0x0250, B:29:0x0268, B:32:0x027a, B:35:0x028c, B:36:0x0299, B:26:0x025a), top: B:46:0x0248 }] */
    /* JADX WARN: Removed duplicated region for block: B:39:0x036e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Map<java.lang.String, java.lang.Object> handleRefreshToken(io.undertow.server.HttpServerExchange r12, java.util.Map<java.lang.String, java.lang.Object> r13) throws com.networknt.exception.ApiException {
        /*
            Method dump skipped, instructions count: 1063
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.networknt.oauth.handler.ProviderIdTokenPostHandler.handleRefreshToken(io.undertow.server.HttpServerExchange, java.util.Map):java.util.Map");
    }

    private Map<String, Object> handleClientAuthenticatedUser(HttpServerExchange httpServerExchange, Map<String, Object> map) throws ApiException {
        if (logger.isDebugEnabled()) {
            logger.debug("client authenticated user grant formMap = " + String.valueOf(map));
        }
        String first = httpServerExchange.getQueryParameters().get(JwtConfig.PROVIDER_ID).getFirst();
        Map<String, Object> authenticateClient = authenticateClient(httpServerExchange, map);
        if (authenticateClient == null) {
            return new HashMap();
        }
        if (!CLIENT_TYPE_TRUSTED.equals(authenticateClient.get("clientType"))) {
            throw new ApiException(new Status(NOT_TRUSTED_CLIENT, new Object[0]));
        }
        String str = (String) map.remove("scope");
        if (str == null) {
            str = (String) authenticateClient.get("clientScope");
        } else if (!matchScope(str, (String) authenticateClient.get("clientScope"))) {
            throw new ApiException(new Status(MISMATCH_SCOPE, str, authenticateClient.get("clientScope")));
        }
        String str2 = (String) map.remove("userId");
        if (str2 == null) {
            throw new ApiException(new Status(USER_ID_REQUIRED_FOR_CLIENT_AUTHENTICATED_USER_GRANT_TYPE, new Object[0]));
        }
        String str3 = (String) map.remove("userType");
        if (str3 == null) {
            throw new ApiException(new Status(USER_TYPE_REQUIRED_FOR_CLIENT_AUTHENTICATED_USER_GRANT_TYPE, new Object[0]));
        }
        String str4 = (String) map.remove("host");
        if (str4 == null) {
            str4 = (String) authenticateClient.get(PortalConstants.HOST_ID);
        }
        String str5 = (String) map.remove(Constants.ROLES);
        Result<Map<String, Object>> queryCurrentProviderKey = dbProvider.queryCurrentProviderKey(first);
        if (queryCurrentProviderKey.isFailure()) {
            logger.error("failed to get the current host key: " + String.valueOf(queryCurrentProviderKey.getError()));
            throw new ApiException(queryCurrentProviderKey.getError());
        }
        try {
            Map<String, Object> result = queryCurrentProviderKey.getResult();
            String jwt = JwtIssuer.getJwt(mockAcClaims((String) authenticateClient.get("clientId"), str, str2, str3, str5, null, map), (String) result.get("kid"), KeyUtil.deserializePrivateKey((String) result.get("privateKey"), "RSA"));
            String uuid = UUID.randomUUID().toString();
            HashMap hashMap = new HashMap();
            hashMap.put(JwtConfig.PROVIDER_ID, first);
            hashMap.put(PortalConstants.HOST_ID, str4);
            hashMap.put("refreshToken", uuid);
            hashMap.put("userId", str2);
            hashMap.put("userType", str3);
            hashMap.put(Constants.ROLES, str5);
            hashMap.put("clientId", authenticateClient.get("clientId"));
            hashMap.put("scope", str);
            hashMap.put("remember", "N");
            Result<String> createRefreshToken = ClientUtil.createRefreshToken(hashMap, jwt);
            if (createRefreshToken.isFailure()) {
                throw new ApiException(createRefreshToken.getError());
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put("access_token", jwt);
            hashMap2.put("token_type", BasicAuthConfig.BEARER);
            hashMap2.put("expires_in", Integer.valueOf(config.getExpiredInMinutes() * 60));
            hashMap2.put(OAuthTokenConfig.REFRESH_TOKEN, uuid);
            return hashMap2;
        } catch (Exception e) {
            throw new ApiException(new Status("ERR10014", e.getMessage()));
        }
    }

    private Map<String, Object> authenticateClient(HttpServerExchange httpServerExchange, Map<String, Object> map) throws ApiException {
        String clientId;
        String clientSecret;
        HttpAuth httpAuth = new HttpAuth(httpServerExchange);
        if (httpAuth.isHeaderAvailable()) {
            clientId = httpAuth.getClientId();
            clientSecret = httpAuth.getClientSecret();
        } else {
            clientId = (String) map.remove("client_id");
            clientSecret = (String) map.remove("client_secret");
        }
        if (clientId != null && !clientId.trim().isEmpty() && clientSecret != null && !clientSecret.trim().isEmpty()) {
            return validateClientSecret(clientId, clientSecret);
        }
        if (!httpAuth.isHeaderAvailable()) {
            throw new ApiException(new Status(MISSING_AUTHORIZATION_HEADER, new Object[0]));
        }
        if (httpAuth.isInvalidCredentials()) {
            throw new ApiException(new Status(INVALID_BASIC_CREDENTIALS, httpAuth.getCredentials()));
        }
        throw new ApiException(new Status(INVALID_AUTHORIZATION_HEADER, httpAuth.getAuth()));
    }

    private Map<String, Object> validateClientSecret(String str, String str2) throws ApiException {
        if (str.equals(authConfig.getBootstrapClientId())) {
            try {
                if (!authConfig.getBootstrapClientId().equals(str) || !HashUtil.validatePassword(str2.toCharArray(), authConfig.getBootstrapClientSecret())) {
                    return null;
                }
                HashMap hashMap = new HashMap();
                hashMap.put("clientId", str);
                return hashMap;
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                logger.error("Exception:", e);
                throw new ApiException(new Status(RUNTIME_EXCEPTION, new Object[0]));
            }
        }
        Result<String> queryClientByClientId = dbProvider.queryClientByClientId(str);
        if (queryClientByClientId.isFailure()) {
            logger.error("failed to get the client: {}", queryClientByClientId.getError());
            throw new ApiException(queryClientByClientId.getError());
        }
        Map<String, Object> string2Map = JsonMapper.string2Map(queryClientByClientId.getResult());
        if (string2Map == null) {
            throw new ApiException(new Status(CLIENT_NOT_FOUND, str));
        }
        try {
            if (HashUtil.validatePassword(str2.toCharArray(), (String) string2Map.get("clientSecret"))) {
                return string2Map;
            }
            throw new ApiException(new Status(UNAUTHORIZED_CLIENT, new Object[0]));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            logger.error("Exception:", e2);
            throw new ApiException(new Status(RUNTIME_EXCEPTION, new Object[0]));
        }
    }

    private JwtClaims mockCcClaims(String str, String str2, Map<String, Object> map) {
        JwtClaims defaultJwtClaims = JwtIssuer.getDefaultJwtClaims();
        defaultJwtClaims.setClaim(Constants.CID, str);
        defaultJwtClaims.setStringListClaim(Constants.SCP_STRING, Arrays.asList(str2.split("\\s+")));
        if (map != null) {
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                defaultJwtClaims.setClaim(entry.getKey(), entry.getValue());
            }
        }
        return defaultJwtClaims;
    }

    private JwtClaims mockBsClaims(String str, String str2, Map<String, Object> map) {
        JwtClaims jwtClaimsWithExpiresIn = JwtIssuer.getJwtClaimsWithExpiresIn(TEN_YEAR_IN_SECOND);
        jwtClaimsWithExpiresIn.setClaim(Constants.CID, str);
        jwtClaimsWithExpiresIn.setStringListClaim(Constants.SCP_STRING, Arrays.asList(str2.split("\\s+")));
        if (map != null) {
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                jwtClaimsWithExpiresIn.setClaim(entry.getKey(), entry.getValue());
            }
        }
        return jwtClaimsWithExpiresIn;
    }

    private JwtClaims mockAcClaims(String str, String str2, String str3, String str4, String str5, String str6, Map<String, Object> map) {
        JwtClaims defaultJwtClaims = JwtIssuer.getDefaultJwtClaims();
        defaultJwtClaims.setClaim(Constants.UID, str3);
        defaultJwtClaims.setClaim("uty", str4);
        defaultJwtClaims.setClaim(Constants.CID, str);
        if (str6 != null) {
            defaultJwtClaims.setClaim(Constants.CSRF, str6);
        }
        if (str2 != null && str2.trim().length() > 0) {
            defaultJwtClaims.setStringListClaim(Constants.SCP_STRING, Arrays.asList(str2.split("\\s+")));
        }
        if (str5 != null && str5.trim().length() > 0) {
            defaultJwtClaims.setClaim(Constants.ROLE, str5);
        }
        if (map != null) {
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                defaultJwtClaims.setClaim(entry.getKey(), entry.getValue());
            }
        }
        return defaultJwtClaims;
    }

    private static boolean matchScope(String str, String str2) {
        boolean z = true;
        if (str == null || str2 == null) {
            z = false;
        } else if (!str.equals(str2)) {
            String[] split = str.split("\\s+");
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (!str2.contains(split[i])) {
                    z = false;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    private String jwtReference(String str, String str2, String str3) throws ApiException {
        String uuid = UuidUtil.getUUID().toString();
        ClientUtil.createRefToken(str, uuid, str2, str3);
        return uuid;
    }
}
