package org.picketlink.oauth.server.util;

import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import org.codehaus.jackson.map.DeserializationConfig;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.PropertyNamingStrategy;
import org.jboss.logging.Logger;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.internal.DefaultPartitionManager;
import org.picketlink.idm.jpa.internal.JPAIdentityStore;
import org.picketlink.idm.jpa.model.sample.simple.AccountTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.DigestCredentialTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.GroupTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.IdentityTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.PartitionTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.PasswordCredentialTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.RelationshipIdentityTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.RelationshipTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.RoleTypeEntity;
import org.picketlink.idm.jpa.model.sample.simple.X509CredentialTypeEntity;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.basic.Agent;
import org.picketlink.idm.model.basic.Realm;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.spi.ContextInitializer;
import org.picketlink.idm.spi.IdentityContext;
import org.picketlink.idm.spi.IdentityStore;
import org.picketlink.oauth.common.OAuthConstants;
import org.picketlink.oauth.grants.AuthorizationCodeGrant;
import org.picketlink.oauth.grants.ResourceOwnerPasswordCredentialsGrant;
import org.picketlink.oauth.messages.AccessTokenRequest;
import org.picketlink.oauth.messages.AccessTokenResponse;
import org.picketlink.oauth.messages.AuthorizationRequest;
import org.picketlink.oauth.messages.AuthorizationResponse;
import org.picketlink.oauth.messages.ErrorResponse;
import org.picketlink.oauth.messages.OAuthResponse;
import org.picketlink.oauth.messages.RegistrationRequest;
import org.picketlink.oauth.messages.ResourceAccessRequest;

/* loaded from: input_file:WEB-INF/classes/org/picketlink/oauth/server/util/OAuthServerUtil.class */
public class OAuthServerUtil {
    private static EntityManagerFactory entityManagerFactory;
    private static Logger log = Logger.getLogger(OAuthServerUtil.class);
    private static ThreadLocal<EntityManager> entityManagerThreadLocal = new ThreadLocal<>();

    public static IdentityManager handleIdentityManager(ServletContext servletContext) throws IOException {
        if (servletContext == null) {
            throw new IllegalArgumentException("context is null");
        }
        IdentityManager identityManager = (IdentityManager) servletContext.getAttribute("identityManager");
        if (identityManager == null) {
            entityManagerFactory = Persistence.createEntityManagerFactory("picketlink-oauth-pu");
            final EntityManager createEntityManager = entityManagerFactory.createEntityManager();
            createEntityManager.getTransaction().begin();
            entityManagerThreadLocal.set(createEntityManager);
            IdentityConfigurationBuilder identityConfigurationBuilder = new IdentityConfigurationBuilder();
            identityConfigurationBuilder.named("oauth").stores().jpa().mappedEntity(AccountTypeEntity.class, RoleTypeEntity.class, GroupTypeEntity.class, IdentityTypeEntity.class, RelationshipTypeEntity.class, RelationshipIdentityTypeEntity.class, PartitionTypeEntity.class, PasswordCredentialTypeEntity.class, DigestCredentialTypeEntity.class, X509CredentialTypeEntity.class, OTPCredentialTypeEntity.class, AttributeTypeEntity.class).addContextInitializer(new ContextInitializer() { // from class: org.picketlink.oauth.server.util.OAuthServerUtil.1
                @Override // org.picketlink.idm.spi.ContextInitializer
                public void initContextForStore(IdentityContext identityContext, IdentityStore<?> identityStore) {
                    if (!(identityStore instanceof JPAIdentityStore) || identityContext.isParameterSet(JPAIdentityStore.INVOCATION_CTX_ENTITY_MANAGER)) {
                        return;
                    }
                    identityContext.setParameter(JPAIdentityStore.INVOCATION_CTX_ENTITY_MANAGER, createEntityManager);
                }
            }).supportAllFeatures();
            DefaultPartitionManager defaultPartitionManager = new DefaultPartitionManager(identityConfigurationBuilder.buildAll());
            if (defaultPartitionManager.getPartition(Realm.class, Realm.DEFAULT_REALM) == null) {
                defaultPartitionManager.add(new Realm(Realm.DEFAULT_REALM));
            }
            identityManager = defaultPartitionManager.createIdentityManager();
            servletContext.setAttribute("identityManager", identityManager);
        }
        return identityManager;
    }

    public static OAuthResponse authorizationCodeRequest(HttpServletRequest httpServletRequest, IdentityManager identityManager) {
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant();
        try {
            AuthorizationRequest parseAuthorizationRequest = parseAuthorizationRequest(httpServletRequest);
            if (!parseAuthorizationRequest.getResponseType().equals(OAuthConstants.CODE)) {
                ErrorResponse errorResponse = new ErrorResponse();
                errorResponse.setErrorDescription("response_type should be :code").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
                return errorResponse;
            }
            authorizationCodeGrant.setAuthorizationRequest(parseAuthorizationRequest);
            String clientId = parseAuthorizationRequest.getClientId();
            if (clientId == null) {
                ErrorResponse errorResponse2 = new ErrorResponse();
                errorResponse2.setErrorDescription("client_id is null").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
                return errorResponse2;
            }
            IdentityQuery createIdentityQuery = identityManager.createIdentityQuery(Agent.class);
            createIdentityQuery.setParameter(AttributedType.QUERY_ATTRIBUTE.byName("clientID"), clientId);
            List resultList = createIdentityQuery.getResultList();
            if (resultList.size() == 0) {
                log.error(clientId + " not found");
                ErrorResponse errorResponse3 = new ErrorResponse();
                errorResponse3.setErrorDescription("client_id not found").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
                return errorResponse3;
            }
            if (resultList.size() > 1) {
                log.error(clientId + " multiple found");
                ErrorResponse errorResponse4 = new ErrorResponse();
                errorResponse4.setErrorDescription("Multiple client_id found").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
                return errorResponse4;
            }
            Agent agent = (Agent) resultList.get(0);
            if (!((String) agent.getAttribute("clientID").getValue()).equals(clientId)) {
                log.error(clientId + " not found");
                ErrorResponse errorResponse5 = new ErrorResponse();
                errorResponse5.setErrorDescription("client_id not found").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
                return errorResponse5;
            }
            String value = authorizationCodeGrant.getValueGenerator().value();
            authorizationCodeGrant.setAuthorizationCode(value);
            agent.setAttribute(new Attribute<>("authorizationCode", value));
            identityManager.update(agent);
            AuthorizationResponse authorizationResponse = authorizationCodeGrant.authorizationResponse();
            authorizationResponse.setStatusCode(302);
            authorizationResponse.setLocation(parseAuthorizationRequest.getRedirectUri() + "?" + authorizationResponse.asQueryParams());
            return authorizationResponse;
        } catch (Exception e) {
            log.error("Exception:", e);
            ErrorResponse errorResponse6 = new ErrorResponse();
            errorResponse6.setErrorDescription("client_id not found").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
            return errorResponse6;
        }
    }

    public static OAuthResponse tokenRequest(HttpServletRequest httpServletRequest, IdentityManager identityManager) {
        String parameter = httpServletRequest.getParameter(OAuthConstants.GRANT_TYPE);
        if (parameter.equals("authorization_code")) {
            return authorizationCodeGrantTypeTokenRequest(httpServletRequest, identityManager);
        }
        if (parameter.equals("password")) {
            return passwordGrantTypeTokenRequest(httpServletRequest, identityManager);
        }
        if (parameter.equals(OAuthConstants.REFRESH_TOKEN)) {
            return refreshTokenRequest(httpServletRequest);
        }
        return null;
    }

    public static boolean validateAccessToken(String str, IdentityManager identityManager) {
        IdentityQuery createIdentityQuery = identityManager.createIdentityQuery(Agent.class);
        createIdentityQuery.setParameter(AttributedType.QUERY_ATTRIBUTE.byName("accessToken"), str);
        int size = createIdentityQuery.getResultList().size();
        return size != 0 && size == 1;
    }

    public static ResourceAccessRequest parseResourceRequest(HttpServletRequest httpServletRequest) {
        ResourceAccessRequest resourceAccessRequest = new ResourceAccessRequest();
        resourceAccessRequest.setAccessToken(httpServletRequest.getParameter("access_token"));
        return resourceAccessRequest;
    }

    public static RegistrationRequest parseRegistrationRequestWithFORM(HttpServletRequest httpServletRequest) {
        RegistrationRequest registrationRequest = new RegistrationRequest();
        registrationRequest.setClientName(httpServletRequest.getParameter(OAuthConstants.CLIENT_NAME));
        registrationRequest.setClientDescription(httpServletRequest.getParameter(OAuthConstants.CLIENT_DESCRIPTION));
        registrationRequest.setClient_Icon(httpServletRequest.getParameter(OAuthConstants.CLIENT_ICON));
        registrationRequest.setClientUrl(httpServletRequest.getParameter(OAuthConstants.CLIENT_URL));
        registrationRequest.setClientRedirecturl(httpServletRequest.getParameter(OAuthConstants.CLIENT_REDIRECT_URL));
        return registrationRequest;
    }

    public static RegistrationRequest parseRegistrationRequestWithJSON(HttpServletRequest httpServletRequest) {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        objectMapper.setPropertyNamingStrategy(PropertyNamingStrategy.CAMEL_CASE_TO_LOWER_CASE_WITH_UNDERSCORES);
        try {
            return (RegistrationRequest) objectMapper.readValue((InputStream) httpServletRequest.getInputStream(), RegistrationRequest.class);
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    private static OAuthResponse refreshTokenRequest(HttpServletRequest httpServletRequest) {
        ErrorResponse errorResponse = new ErrorResponse();
        errorResponse.setErrorDescription("refresh_token not supported").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
        return errorResponse;
    }

    private static OAuthResponse passwordGrantTypeTokenRequest(HttpServletRequest httpServletRequest, IdentityManager identityManager) {
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = new ResourceOwnerPasswordCredentialsGrant();
        ResourceOwnerPasswordCredentialsGrant.PasswordAccessTokenRequest parsePasswordAccessTokenRequest = parsePasswordAccessTokenRequest(httpServletRequest);
        resourceOwnerPasswordCredentialsGrant.setAccessTokenRequest(parsePasswordAccessTokenRequest);
        if (parsePasswordAccessTokenRequest.getClientId() == null) {
            ErrorResponse errorResponse = new ErrorResponse();
            errorResponse.setErrorDescription("client_id is null").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
            return errorResponse;
        }
        String username = parsePasswordAccessTokenRequest.getUsername();
        String password = parsePasswordAccessTokenRequest.getPassword();
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials();
        usernamePasswordCredentials.setUsername(username);
        usernamePasswordCredentials.setPassword(new Password(password.toCharArray()));
        try {
            identityManager.validateCredentials(usernamePasswordCredentials);
            return null;
        } catch (Exception e) {
            ErrorResponse errorResponse2 = new ErrorResponse();
            errorResponse2.setErrorDescription("invalid username or password").setError(ErrorResponse.ErrorResponseCode.invalid_grant).setStatusCode(400);
            return errorResponse2;
        }
    }

    private static OAuthResponse authorizationCodeGrantTypeTokenRequest(HttpServletRequest httpServletRequest, IdentityManager identityManager) {
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant();
        AccessTokenRequest parseAccessTokenRequest = parseAccessTokenRequest(httpServletRequest);
        authorizationCodeGrant.setAccessTokenRequest(parseAccessTokenRequest);
        String clientId = parseAccessTokenRequest.getClientId();
        if (clientId == null) {
            ErrorResponse errorResponse = new ErrorResponse();
            errorResponse.setErrorDescription("client_id is null").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
            return errorResponse;
        }
        IdentityQuery createIdentityQuery = identityManager.createIdentityQuery(Agent.class);
        createIdentityQuery.setParameter(AttributedType.QUERY_ATTRIBUTE.byName("clientID"), clientId);
        List resultList = createIdentityQuery.getResultList();
        if (resultList.size() == 0) {
            log.error(clientId + " not found");
            ErrorResponse errorResponse2 = new ErrorResponse();
            errorResponse2.setErrorDescription("passed client_id not found").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
            return errorResponse2;
        }
        if (resultList.size() > 1) {
            log.error(clientId + " multiple found");
            ErrorResponse errorResponse3 = new ErrorResponse();
            errorResponse3.setErrorDescription("passed client_id multiple found").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
            return errorResponse3;
        }
        Agent agent = (Agent) resultList.get(0);
        String str = (String) agent.getAttribute("clientID").getValue();
        Attribute attribute = agent.getAttribute("authorizationCode");
        if (attribute == null) {
            log.error("authorization code is null");
            ErrorResponse errorResponse4 = new ErrorResponse();
            errorResponse4.setErrorDescription("authorization code null").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
            return errorResponse4;
        }
        String str2 = (String) attribute.getValue();
        if (!str.equals(clientId)) {
            log.error("client_id does not match");
            ErrorResponse errorResponse5 = new ErrorResponse();
            errorResponse5.setErrorDescription("client_id does not match").setError(ErrorResponse.ErrorResponseCode.invalid_client).setStatusCode(400);
            return errorResponse5;
        }
        if (parseAccessTokenRequest.getGrantType().equals("authorization_code") && !str2.equals(parseAccessTokenRequest.getCode())) {
            log.error("authorization_code does not match");
            ErrorResponse errorResponse6 = new ErrorResponse();
            errorResponse6.setErrorDescription("authorization_code does not match").setError(ErrorResponse.ErrorResponseCode.invalid_grant).setStatusCode(400);
            return errorResponse6;
        }
        String value = authorizationCodeGrant.getValueGenerator().value();
        agent.setAttribute(new Attribute<>("accessToken", value));
        identityManager.update(agent);
        authorizationCodeGrant.setAccessToken(value);
        AccessTokenResponse accessTokenResponse = authorizationCodeGrant.accessTokenResponse();
        accessTokenResponse.setStatusCode(302);
        return accessTokenResponse;
    }

    private static AuthorizationRequest parseAuthorizationRequest(HttpServletRequest httpServletRequest) {
        AuthorizationRequest authorizationRequest = new AuthorizationRequest();
        authorizationRequest.setClientId(httpServletRequest.getParameter(OAuthConstants.CLIENT_ID)).setRedirectUri(httpServletRequest.getParameter(OAuthConstants.REDIRECT_URI)).setResponseType(httpServletRequest.getParameter(OAuthConstants.RESPONSE_TYPE));
        return authorizationRequest;
    }

    private static AccessTokenRequest parseAccessTokenRequest(HttpServletRequest httpServletRequest) {
        AccessTokenRequest accessTokenRequest = new AccessTokenRequest();
        accessTokenRequest.setCode(httpServletRequest.getParameter(OAuthConstants.CODE)).setRedirectUri(httpServletRequest.getParameter(OAuthConstants.REDIRECT_URI)).setGrantType(httpServletRequest.getParameter(OAuthConstants.GRANT_TYPE)).setClientId(httpServletRequest.getParameter(OAuthConstants.CLIENT_ID));
        return accessTokenRequest;
    }

    private static ResourceOwnerPasswordCredentialsGrant.PasswordAccessTokenRequest parsePasswordAccessTokenRequest(HttpServletRequest httpServletRequest) {
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = new ResourceOwnerPasswordCredentialsGrant();
        resourceOwnerPasswordCredentialsGrant.getClass();
        ResourceOwnerPasswordCredentialsGrant.PasswordAccessTokenRequest passwordAccessTokenRequest = new ResourceOwnerPasswordCredentialsGrant.PasswordAccessTokenRequest();
        passwordAccessTokenRequest.setPassword(httpServletRequest.getParameter("password"));
        passwordAccessTokenRequest.setUsername(httpServletRequest.getParameter(OAuthConstants.USERNAME));
        passwordAccessTokenRequest.setCode(httpServletRequest.getParameter(OAuthConstants.CODE)).setRedirectUri(httpServletRequest.getParameter(OAuthConstants.REDIRECT_URI)).setGrantType(httpServletRequest.getParameter(OAuthConstants.GRANT_TYPE)).setClientId(httpServletRequest.getParameter(OAuthConstants.CLIENT_ID));
        return passwordAccessTokenRequest;
    }
}
