package org.restlet.ext.oauth;

import org.restlet.data.Form;
import org.restlet.data.Reference;
import org.restlet.ext.oauth.internal.AuthSession;
import org.restlet.ext.oauth.internal.Client;
import org.restlet.ext.oauth.internal.RedirectionURI;
import org.restlet.ext.oauth.internal.Scopes;
import org.restlet.ext.oauth.internal.ServerToken;
import org.restlet.representation.EmptyRepresentation;
import org.restlet.representation.Representation;
import org.restlet.resource.Get;
import org.restlet.resource.Post;
import org.restlet.routing.Redirector;
import org.restlet.security.User;

/* loaded from: input_file:org/restlet/ext/oauth/AuthorizationServerResource.class */
public class AuthorizationServerResource extends AuthorizationBaseServerResource {
    public static final String PARAMETER_SUPPORT_POST = "supportPost";

    @Post("html")
    public Representation requestAuthorization(Representation representation) throws OAuthException {
        if (Boolean.parseBoolean(getContext().getAttributes().get(PARAMETER_SUPPORT_POST).toString())) {
            return requestAuthorization(new Form(representation));
        }
        throw new OAuthException(OAuthError.invalid_request, "Authorization endpoint does NOT support the use of the POST method.", null);
    }

    @Get("html")
    public Representation requestAuthorization() throws OAuthException {
        return requestAuthorization(getQuery());
    }

    public Representation requestAuthorization(Form form) throws OAuthException {
        AuthSession authSession = getAuthSession();
        if (authSession != null) {
            return doPostAuthorization(authSession, this.clients.findById(authSession.getClientId()));
        }
        try {
            Client client = getClient(form);
            AuthSession authSession2 = setupAuthSession(getRedirectionURI(form, client));
            try {
                ResponseType[] responseType = getResponseType(form);
                if (responseType.length != 1) {
                    throw new OAuthException(OAuthError.unsupported_response_type, "Extension response types are not supported.", null);
                }
                if (!client.isResponseTypeAllowed(responseType[0])) {
                    throw new OAuthException(OAuthError.unauthorized_client, "Unauthorized response type.", null);
                }
                authSession2.setAuthFlow(responseType[0]);
                authSession2.setClientId(client.getClientId());
                authSession2.setRequestedScope(getScope(form));
                String state = getState(form);
                if (state != null && !state.isEmpty()) {
                    authSession2.setState(state);
                }
                User user = getRequest().getClientInfo().getUser();
                if (user != null) {
                    authSession2.setScopeOwner(user.getIdentifier());
                }
                if (authSession2.getScopeOwner() != null) {
                    return doPostAuthorization(authSession2, client);
                }
                Reference reference = new Reference("." + HttpOAuthHelper.getLoginPage(getContext()));
                reference.addQueryParameter("continue", getRequest().getOriginalRef().toString(true, false));
                redirectTemporary(reference.toString());
                return new EmptyRepresentation();
            } catch (OAuthException e) {
                ungetAuthSession();
                throw e;
            }
        } catch (OAuthException e2) {
            return getErrorPage(HttpOAuthHelper.getErrorPageTemplate(getContext()), e2);
        } catch (Exception e3) {
            return getErrorPage(HttpOAuthHelper.getErrorPageTemplate(getContext()), new OAuthException(OAuthError.server_error, e3.getMessage(), null));
        }
    }

    protected Representation doPostAuthorization(AuthSession authSession, Client client) {
        Reference reference = new Reference("riap://application" + HttpOAuthHelper.getAuthPage(getContext()));
        getLogger().fine("Name = " + getApplication().getInboundRoot());
        reference.addQueryParameter("client", authSession.getClientId());
        for (String str : authSession.getRequestedScope()) {
            reference.addQueryParameter(OAuthResourceDefs.SCOPE, str);
        }
        ServerToken serverToken = (ServerToken) this.tokens.findToken(client, authSession.getScopeOwner());
        if (serverToken != null && !serverToken.isExpired()) {
            for (String str2 : serverToken.getScope()) {
                reference.addQueryParameter("grantedScope", str2);
            }
        }
        getLogger().fine("Redir = " + reference);
        new Redirector(getContext(), reference.toString(), 6).handle(getRequest(), getResponse());
        return getResponseEntity();
    }

    protected ResponseType[] getResponseType(Form form) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthResourceDefs.RESPONSE_TYPE);
        if (firstValue == null || firstValue.isEmpty()) {
            throw new OAuthException(OAuthError.invalid_request, "No response_type parameter found.", null);
        }
        String[] parseScope = Scopes.parseScope(firstValue);
        ResponseType[] responseTypeArr = new ResponseType[parseScope.length];
        for (int i = 0; i < parseScope.length; i++) {
            try {
                ResponseType responseType = (ResponseType) Enum.valueOf(ResponseType.class, parseScope[i]);
                getLogger().fine("Found flow - " + responseType);
                responseTypeArr[i] = responseType;
            } catch (IllegalArgumentException e) {
                throw new OAuthException(OAuthError.unsupported_response_type, "Unsupported flow", null);
            }
        }
        return responseTypeArr;
    }

    protected RedirectionURI getRedirectionURI(Form form, Client client) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthResourceDefs.REDIR_URI);
        String[] redirectURIs = client.getRedirectURIs();
        if (redirectURIs == null || redirectURIs.length != 1) {
            if (firstValue == null || firstValue.isEmpty()) {
                throw new OAuthException(OAuthError.invalid_request, "Client MUST include a redirection URI.", null);
            }
        } else if (firstValue == null || firstValue.isEmpty()) {
            return new RedirectionURI(redirectURIs[0]);
        }
        for (String str : redirectURIs) {
            if (firstValue.startsWith(str)) {
                return new RedirectionURI(firstValue, true);
            }
        }
        throw new OAuthException(OAuthError.invalid_request, "Callback URI does not match.", null);
    }
}
