package com.authlete.jaxrs;

import com.authlete.common.api.AuthleteApi;
import com.authlete.common.assurance.VerifiedClaims;
import com.authlete.common.assurance.constraint.VerifiedClaimsConstraint;
import com.authlete.common.assurance.constraint.VerifiedClaimsContainerConstraint;
import com.authlete.common.dto.AuthorizationFailRequest;
import com.authlete.common.dto.AuthorizationResponse;
import com.authlete.common.dto.Property;
import com.authlete.common.dto.StringArray;
import com.authlete.jaxrs.spi.AuthorizationDecisionHandlerSpi;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeSet;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/authlete/jaxrs/AuthorizationDecisionHandler.class */
public class AuthorizationDecisionHandler extends BaseHandler {
    private final AuthorizationDecisionHandlerSpi mSpi;

    /* loaded from: input_file:com/authlete/jaxrs/AuthorizationDecisionHandler$Params.class */
    public static class Params implements Serializable {
        private static final long serialVersionUID = 3;
        private String ticket;
        private String[] claimNames;
        private String[] claimLocales;
        private String idTokenClaims;
        private String[] requestedClaimsForTx;
        private StringArray[] requestedVerifiedClaimsForTx;
        private boolean oldIdaFormatUsed;

        public String getTicket() {
            return this.ticket;
        }

        public Params setTicket(String str) {
            this.ticket = str;
            return this;
        }

        public String[] getClaimNames() {
            return this.claimNames;
        }

        public Params setClaimNames(String[] strArr) {
            this.claimNames = strArr;
            return this;
        }

        public String[] getClaimLocales() {
            return this.claimLocales;
        }

        public Params setClaimLocales(String[] strArr) {
            this.claimLocales = strArr;
            return this;
        }

        public String getIdTokenClaims() {
            return this.idTokenClaims;
        }

        public Params setIdTokenClaims(String str) {
            this.idTokenClaims = str;
            return this;
        }

        public String[] getRequestedClaimsForTx() {
            return this.requestedClaimsForTx;
        }

        public Params setRequestedClaimsForTx(String[] strArr) {
            this.requestedClaimsForTx = strArr;
            return this;
        }

        public StringArray[] getRequestedVerifiedClaimsForTx() {
            return this.requestedVerifiedClaimsForTx;
        }

        public Params setRequestedVerifiedClaimsForTx(StringArray[] stringArrayArr) {
            this.requestedVerifiedClaimsForTx = stringArrayArr;
            return this;
        }

        public boolean isOldIdaFormatUsed() {
            return this.oldIdaFormatUsed;
        }

        public Params setOldIdaFormatUsed(boolean z) {
            this.oldIdaFormatUsed = z;
            return this;
        }

        public static Params from(AuthorizationResponse authorizationResponse) {
            return new Params().setTicket(authorizationResponse.getTicket()).setClaimNames(authorizationResponse.getClaims()).setClaimLocales(authorizationResponse.getClaimsLocales()).setIdTokenClaims(authorizationResponse.getIdTokenClaims()).setRequestedClaimsForTx(authorizationResponse.getRequestedClaimsForTx()).setRequestedVerifiedClaimsForTx(authorizationResponse.getRequestedVerifiedClaimsForTx());
        }
    }

    public AuthorizationDecisionHandler(AuthleteApi authleteApi, AuthorizationDecisionHandlerSpi authorizationDecisionHandlerSpi) {
        super(authleteApi);
        this.mSpi = authorizationDecisionHandlerSpi;
    }

    public Response handle(String str, String[] strArr, String[] strArr2) throws WebApplicationException {
        return handle(new Params().setTicket(str).setClaimNames(strArr).setClaimLocales(strArr2));
    }

    public Response handle(Params params) throws WebApplicationException {
        try {
            return process(params);
        } catch (WebApplicationException e) {
            throw e;
        } catch (Throwable th) {
            throw unexpected("Unexpected error in AuthorizationDecisionHandler", th);
        }
    }

    private Response process(Params params) {
        Map<String, Object> collectVerifiedClaims;
        if (!this.mSpi.isClientAuthorized()) {
            return fail(params.getTicket(), AuthorizationFailRequest.Reason.DENIED);
        }
        String userSubject = this.mSpi.getUserSubject();
        if (userSubject == null || userSubject.length() == 0) {
            return fail(params.getTicket(), AuthorizationFailRequest.Reason.NOT_AUTHENTICATED);
        }
        String sub = this.mSpi.getSub();
        long userAuthenticatedAt = this.mSpi.getUserAuthenticatedAt();
        String acr = this.mSpi.getAcr();
        Map<String, Object> collectClaims = collectClaims(userSubject, params.getClaimNames(), params.getClaimLocales());
        Map<String, Object> collectClaims2 = collectClaims(userSubject, params.getRequestedClaimsForTx(), params.getClaimLocales());
        List<Map<String, Object>> list = null;
        if (params.isOldIdaFormatUsed()) {
            collectVerifiedClaims = collectVerifiedClaims_Old(collectClaims, userSubject, params.getIdTokenClaims());
        } else {
            collectVerifiedClaims = collectVerifiedClaims(collectClaims, userSubject, params.getIdTokenClaims());
            list = collectVerifiedClaimsForTx(userSubject, params.getIdTokenClaims(), params.getRequestedVerifiedClaimsForTx());
        }
        return authorize(params.getTicket(), userSubject, userAuthenticatedAt, acr, collectVerifiedClaims, this.mSpi.getProperties(), this.mSpi.getScopes(), sub, collectClaims2, list);
    }

    private Map<String, Object> collectClaims(String str, String[] strArr, String[] strArr2) {
        Object claim;
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        String[] normalizeClaimLocales = normalizeClaimLocales(strArr2);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str2 : strArr) {
            if (str2 != null && str2.length() != 0) {
                String[] split = str2.split("#", 2);
                String str3 = split[0];
                String str4 = split.length == 2 ? split[1] : null;
                if (str3 != null && str3.length() != 0 && (claim = getClaim(str3, str4, normalizeClaimLocales)) != null) {
                    if (str4 == null) {
                        str2 = str3;
                    }
                    linkedHashMap.put(str2, claim);
                }
            }
        }
        if (linkedHashMap.size() == 0) {
            return null;
        }
        return linkedHashMap;
    }

    private String[] normalizeClaimLocales(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (str != null && str.length() != 0 && !treeSet.contains(str)) {
                treeSet.add(str);
                arrayList.add(str);
            }
        }
        int size = arrayList.size();
        if (size == 0) {
            return null;
        }
        if (size == strArr.length) {
            return strArr;
        }
        String[] strArr2 = new String[size];
        arrayList.toArray(strArr2);
        return strArr2;
    }

    private Object getClaim(String str, String str2, String[] strArr) {
        if (str2 != null && str2.length() != 0) {
            return this.mSpi.getUserClaim(str, str2);
        }
        if (strArr == null || strArr.length == 0) {
            return this.mSpi.getUserClaim(str, null);
        }
        for (String str3 : strArr) {
            Object userClaim = this.mSpi.getUserClaim(str, str3);
            if (userClaim != null) {
                return userClaim;
            }
        }
        return this.mSpi.getUserClaim(str, null);
    }

    private Map<String, Object> collectVerifiedClaims_Old(Map<String, Object> map, String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            return map;
        }
        VerifiedClaimsConstraint verifiedClaims = VerifiedClaimsContainerConstraint.fromJson(str2).getVerifiedClaims();
        return (!verifiedClaims.exists() || verifiedClaims.isNull()) ? map : embedVerifiedClaims(map, this.mSpi.getVerifiedClaims(str, verifiedClaims));
    }

    private static Map<String, Object> embedVerifiedClaims(Map<String, Object> map, List<VerifiedClaims> list) {
        if (list == null || list.size() == 0) {
            return map;
        }
        if (map == null) {
            map = new LinkedHashMap();
        }
        if (list.size() == 1) {
            map.put("verified_claims", list.get(0));
        } else {
            map.put("verified_claims", list);
        }
        return map;
    }

    private Map<String, Object> collectVerifiedClaims(Map<String, Object> map, String str, String str2) {
        return createVerifiedClaimsCollector().collect(map, str, str2);
    }

    private List<Map<String, Object>> collectVerifiedClaimsForTx(String str, String str2, StringArray[] stringArrayArr) {
        return createVerifiedClaimsCollector().collectForTx(str, str2, stringArrayArr);
    }

    private VerifiedClaimsCollector createVerifiedClaimsCollector() {
        return new VerifiedClaimsCollector((str, obj) -> {
            return this.mSpi.getVerifiedClaims(str, obj);
        });
    }

    private Response authorize(String str, String str2, long j, String str3, Map<String, Object> map, Property[] propertyArr, String[] strArr, String str4, Map<String, Object> map2, List<Map<String, Object>> list) {
        try {
            return getApiCaller().authorizationIssue(str, str2, j, str3, map, propertyArr, strArr, str4, map2, list);
        } catch (WebApplicationException e) {
            return e.getResponse();
        }
    }

    private Response fail(String str, AuthorizationFailRequest.Reason reason) {
        try {
            return getApiCaller().authorizationFail(str, reason).getResponse();
        } catch (WebApplicationException e) {
            return e.getResponse();
        }
    }
}
