package org.keycloak.utils;

import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.InternalServerErrorException;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.resources.Cors;
import org.keycloak.userprofile.DeclarativeUserProfileProvider;

/* loaded from: input_file:org/keycloak/utils/OAuth2Error.class */
public class OAuth2Error {
    private static final Map<Response.Status, Class<? extends WebApplicationException>> STATUS_MAP = new HashMap();
    private RealmModel realm;
    private String error;
    private String errorDescription;
    private Class<? extends WebApplicationException> clazz;
    private Response.Status status;
    private Optional<Cors> cors = Optional.empty();
    private boolean json = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/utils/OAuth2Error$WWWAuthenticate.class */
    public static class WWWAuthenticate {
        private final List<Challenge> challenges;
        private Challenge master;
        private boolean singleHeader = true;

        /* loaded from: input_file:org/keycloak/utils/OAuth2Error$WWWAuthenticate$BasicChallenge.class */
        public static class BasicChallenge extends Challenge {
            private static final String BASIC_SCHEME = "Basic";
            private static final String REALM_ATTRIBUTE = "realm";

            public void setRealm(String str) {
                setAttribute(REALM_ATTRIBUTE, str);
            }

            @Override // org.keycloak.utils.OAuth2Error.WWWAuthenticate.Challenge
            public String getScheme() {
                return "Basic";
            }
        }

        /* loaded from: input_file:org/keycloak/utils/OAuth2Error$WWWAuthenticate$BearerChallenge.class */
        public static class BearerChallenge extends BasicChallenge {
            private static final String BEARER_SCHEME = "Bearer";
            private static final String ERROR_ATTRIBUTE = "error";
            private static final String ERROR_DESCRIPTION_ATTRIBUTE = "error_description";
            private static final String ERROR_URI_ATTRIBUTE = "error_uri";
            private static final String SCOPE_ATTRIBUTE = "scope";

            public void setError(String str) {
                setAttribute("error", str);
            }

            public void setErrorDescription(String str) {
                setAttribute(ERROR_DESCRIPTION_ATTRIBUTE, str);
            }

            public void setErrorUri(String str) {
                setAttribute(ERROR_URI_ATTRIBUTE, str);
            }

            public void setScope(String str) {
                setAttribute("scope", str);
            }

            @Override // org.keycloak.utils.OAuth2Error.WWWAuthenticate.BasicChallenge, org.keycloak.utils.OAuth2Error.WWWAuthenticate.Challenge
            public String getScheme() {
                return BEARER_SCHEME;
            }
        }

        /* loaded from: input_file:org/keycloak/utils/OAuth2Error$WWWAuthenticate$Challenge.class */
        public static abstract class Challenge {
            private final Map<String, String> attributes = new LinkedHashMap();

            public void setAttribute(String str, String str2) {
                if (str2 != null) {
                    this.attributes.put(str, str2);
                }
            }

            public abstract String getScheme();

            public String toString() {
                StringBuilder sb = new StringBuilder(getScheme());
                if (!this.attributes.isEmpty()) {
                    sb.append(" ").append((String) this.attributes.entrySet().stream().map(entry -> {
                        return String.format("%s=\"%s\"", entry.getKey(), entry.getValue());
                    }).collect(Collectors.joining(", ")));
                }
                return sb.toString();
            }
        }

        public WWWAuthenticate(Challenge challenge, Challenge... challengeArr) {
            this.challenges = new ArrayList(1 + (challengeArr == null ? 0 : challengeArr.length));
            this.challenges.add(challenge);
            if (challengeArr != null) {
                this.challenges.addAll(Arrays.asList(challengeArr));
            }
            this.master = challenge;
        }

        public void addChallenge(Challenge challenge) {
            this.challenges.add(challenge);
        }

        public void setMasterChallenge(Challenge challenge) {
            if (!this.challenges.contains(challenge)) {
                throw new IllegalArgumentException("Unknown challenge: " + challenge);
            }
            this.master = challenge;
        }

        public void setMasterChallenge(String str) {
            this.master = this.challenges.stream().filter(challenge -> {
                return challenge.getScheme().equals(str);
            }).findFirst().orElseThrow(() -> {
                return new IllegalArgumentException("Unknown challenge: " + str);
            });
        }

        public Challenge getMasterChallenge() {
            return this.master;
        }

        public boolean isSingleHeader() {
            return this.singleHeader;
        }

        public void setSingleHeader(boolean z) {
            this.singleHeader = z;
        }

        public void setAttribute(String str, String str2) {
            this.challenges.forEach(challenge -> {
                challenge.setAttribute(str, str2);
            });
        }

        public void build(BiConsumer<String, Object> biConsumer) {
            if (this.singleHeader) {
                biConsumer.accept("WWW-Authenticate", (String) this.challenges.stream().map((v0) -> {
                    return v0.toString();
                }).collect(Collectors.joining(", ")));
            } else {
                this.challenges.forEach(challenge -> {
                    biConsumer.accept("WWW-Authenticate", challenge);
                });
            }
        }
    }

    public OAuth2Error realm(RealmModel realmModel) {
        this.realm = realmModel;
        return this;
    }

    public OAuth2Error error(String str) {
        this.error = str;
        boolean z = -1;
        switch (str.hashCode()) {
            case -2054838772:
                if (str.equals("server_error")) {
                    z = 8;
                    break;
                }
                break;
            case -847806252:
                if (str.equals("invalid_grant")) {
                    z = false;
                    break;
                }
                break;
            case -837157364:
                if (str.equals("invalid_scope")) {
                    z = 4;
                    break;
                }
                break;
            case -835880527:
                if (str.equals("invalid_token")) {
                    z = 6;
                    break;
                }
                break;
            case -632018157:
                if (str.equals("invalid_client")) {
                    z = 5;
                    break;
                }
                break;
            case -190904121:
                if (str.equals("unsupported_grant_type")) {
                    z = 3;
                    break;
                }
                break;
            case 1330404726:
                if (str.equals("unauthorized_client")) {
                    z = 2;
                    break;
                }
                break;
            case 1716859672:
                if (str.equals("insufficient_scope")) {
                    z = 7;
                    break;
                }
                break;
            case 2117379143:
                if (str.equals("invalid_request")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
            case true:
            case AuthenticationSessionManager.AUTH_SESSION_COOKIE_LIMIT /* 3 */:
            case true:
                this.status = Response.Status.BAD_REQUEST;
                break;
            case true:
            case true:
                this.status = Response.Status.UNAUTHORIZED;
                break;
            case true:
                this.status = Response.Status.FORBIDDEN;
                break;
            case true:
                this.status = Response.Status.INTERNAL_SERVER_ERROR;
                break;
            default:
                throw new IllegalArgumentException("Unrecognized OAuth 2.0 error: " + str);
        }
        return this;
    }

    public OAuth2Error errorDescription(String str) {
        this.errorDescription = str;
        return this;
    }

    public OAuth2Error cors(Cors cors) {
        this.cors = Optional.ofNullable(cors);
        return this;
    }

    public OAuth2Error status(Response.Status status) {
        this.status = status;
        return this;
    }

    public OAuth2Error json(boolean z) {
        this.json = z;
        return this;
    }

    public WebApplicationException build() {
        this.clazz = STATUS_MAP.getOrDefault(this.status, WebApplicationException.class);
        Response.ResponseBuilder status = Response.status(this.status);
        try {
            Constructor<? extends WebApplicationException> constructor = this.clazz.getConstructor(Response.class);
            this.cors.ifPresent(cors -> {
                Objects.requireNonNull(status);
                cors.build((v1, v2) -> {
                    r1.header(v1, v2);
                });
            });
            if (this.json) {
                status.entity(new OAuth2ErrorRepresentation(this.error, this.errorDescription)).type(MediaType.APPLICATION_JSON_TYPE);
            } else {
                WWWAuthenticate.BearerChallenge bearerChallenge = new WWWAuthenticate.BearerChallenge();
                bearerChallenge.setRealm(this.realm.getName());
                bearerChallenge.setError(this.error);
                bearerChallenge.setErrorDescription(this.errorDescription);
                WWWAuthenticate wWWAuthenticate = new WWWAuthenticate(bearerChallenge, new WWWAuthenticate.Challenge[0]);
                Objects.requireNonNull(status);
                wWWAuthenticate.build(status::header);
                status.entity("");
            }
            return constructor.newInstance(status.build());
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
            throw new InternalServerErrorException(e);
        }
    }

    public WebApplicationException insufficientScope(String str) {
        return error("insufficient_scope").errorDescription(str).build();
    }

    public WebApplicationException invalidToken(String str) {
        return error("invalid_token").errorDescription(str).build();
    }

    public WebApplicationException invalidRequest(String str) {
        return error("invalid_request").errorDescription(str).build();
    }

    public WebApplicationException unauthorized() {
        return status(Response.Status.UNAUTHORIZED).build();
    }

    static {
        STATUS_MAP.put(Response.Status.BAD_REQUEST, BadRequestException.class);
        STATUS_MAP.put(Response.Status.UNAUTHORIZED, NotAuthorizedException.class);
        STATUS_MAP.put(Response.Status.FORBIDDEN, ForbiddenException.class);
        STATUS_MAP.put(Response.Status.INTERNAL_SERVER_ERROR, InternalServerErrorException.class);
    }
}
