package org.keycloak.protocol.oidc.utils;

import java.util.HashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.UnauthorizedException;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.util.BasicAuthHelper;

/* loaded from: input_file:org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.class */
public class AuthorizeClientUtil {
    public static ClientModel authorizeClient(String str, MultivaluedMap<String, String> multivaluedMap, EventBuilder eventBuilder, RealmModel realmModel) {
        String str2;
        String str3;
        if (str != null) {
            String[] parseHeader = BasicAuthHelper.parseHeader(str);
            if (parseHeader == null) {
                throw new UnauthorizedException("Bad Authorization header", Response.status(401).header("WWW-Authenticate", "Basic realm=\"" + realmModel.getName() + "\"").build());
            }
            str2 = parseHeader[0];
            str3 = parseHeader[1];
        } else {
            str2 = (String) multivaluedMap.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
            str3 = (String) multivaluedMap.getFirst("client_secret");
        }
        if (str2 == null) {
            HashMap hashMap = new HashMap();
            hashMap.put("error", "invalid_client");
            hashMap.put("error_description", "Could not find client");
            throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(hashMap).type("application/json").build());
        }
        eventBuilder.client(str2);
        ClientModel findClient = realmModel.findClient(str2);
        if (findClient == null) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("error", "invalid_client");
            hashMap2.put("error_description", "Could not find client");
            eventBuilder.error("client_not_found");
            throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(hashMap2).type("application/json").build());
        }
        if (!findClient.isEnabled()) {
            HashMap hashMap3 = new HashMap();
            hashMap3.put("error", "invalid_client");
            hashMap3.put("error_description", "Client is not enabled");
            eventBuilder.error("client_disabled");
            throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(hashMap3).type("application/json").build());
        }
        if (findClient.isPublicClient() || (str3 != null && findClient.validateSecret(str3))) {
            return findClient;
        }
        HashMap hashMap4 = new HashMap();
        hashMap4.put("error", "unauthorized_client");
        eventBuilder.error("invalid_client_credentials");
        throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(hashMap4).type("application/json").build());
    }
}
