package com.nimbusds.oauth2.sdk.token;

import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.jcip.annotations.Immutable;
import org.keycloak.util.TokenUtil;

@Immutable
/* loaded from: input_file:BOOT-INF/lib/oauth2-oidc-sdk-6.14.jar:com/nimbusds/oauth2/sdk/token/BearerTokenError.class */
public class BearerTokenError extends ErrorObject {
    public static final BearerTokenError MISSING_TOKEN = new BearerTokenError(null, null, 401);
    public static final BearerTokenError INVALID_REQUEST = new BearerTokenError("invalid_request", "Invalid request", 400);
    public static final BearerTokenError INVALID_TOKEN = new BearerTokenError("invalid_token", "Invalid access token", 401);
    public static final BearerTokenError INSUFFICIENT_SCOPE = new BearerTokenError("insufficient_scope", "Insufficient scope", 403);
    private static final Pattern realmPattern = Pattern.compile("realm=\"(([^\\\\\"]|\\\\.)*)\"");
    private static final Pattern errorPattern = Pattern.compile("error=(\"([\\w\\_-]+)\"|([\\w\\_-]+))");
    private static final Pattern errorDescriptionPattern = Pattern.compile("error_description=\"([^\"]+)\"");
    private static final Pattern errorURIPattern = Pattern.compile("error_uri=\"([^\"]+)\"");
    private static final Pattern scopePattern = Pattern.compile("scope=\"([^\"]+)");
    private final String realm;
    private final Scope scope;

    public static boolean isCodeWithValidChars(String str) {
        for (char c : str.toCharArray()) {
            if ((c < ' ' || c > '!') && ((c < '#' || c > '[') && (c < ']' || c > '~'))) {
                return false;
            }
        }
        return true;
    }

    public static boolean isDescriptionWithValidChars(String str) {
        return isCodeWithValidChars(str);
    }

    public static boolean isScopeWithValidChars(Scope scope) {
        Iterator it = scope.iterator();
        while (it.hasNext()) {
            for (char c : ((Scope.Value) it.next()).getValue().toCharArray()) {
                if (c != '!' && ((c < '#' || c > '[') && (c < ']' || c > '~'))) {
                    return false;
                }
            }
        }
        return true;
    }

    public BearerTokenError(String str, String str2) {
        this(str, str2, 0, null, null, null);
    }

    public BearerTokenError(String str, String str2, int i) {
        this(str, str2, i, null, null, null);
    }

    public BearerTokenError(String str, String str2, int i, URI uri, String str3, Scope scope) {
        super(str, str2, i, uri);
        this.realm = str3;
        this.scope = scope;
        if (str != null && !isCodeWithValidChars(str)) {
            throw new IllegalArgumentException("The error code contains invalid ASCII characters, see RFC 6750, section 3");
        }
        if (str2 != null && !isDescriptionWithValidChars(str2)) {
            throw new IllegalArgumentException("The error description contains invalid ASCII characters, see RFC 6750, section 3");
        }
        if (scope != null && !isScopeWithValidChars(scope)) {
            throw new IllegalArgumentException("The scope contains invalid ASCII characters, see RFC 6750, section 3");
        }
    }

    @Override // com.nimbusds.oauth2.sdk.ErrorObject
    public BearerTokenError setDescription(String str) {
        return new BearerTokenError(super.getCode(), str, super.getHTTPStatusCode(), super.getURI(), this.realm, this.scope);
    }

    @Override // com.nimbusds.oauth2.sdk.ErrorObject
    public BearerTokenError appendDescription(String str) {
        return new BearerTokenError(super.getCode(), getDescription() != null ? getDescription() + str : str, super.getHTTPStatusCode(), super.getURI(), this.realm, this.scope);
    }

    @Override // com.nimbusds.oauth2.sdk.ErrorObject
    public BearerTokenError setHTTPStatusCode(int i) {
        return new BearerTokenError(super.getCode(), super.getDescription(), i, super.getURI(), this.realm, this.scope);
    }

    @Override // com.nimbusds.oauth2.sdk.ErrorObject
    public BearerTokenError setURI(URI uri) {
        return new BearerTokenError(super.getCode(), super.getDescription(), super.getHTTPStatusCode(), uri, this.realm, this.scope);
    }

    public String getRealm() {
        return this.realm;
    }

    public BearerTokenError setRealm(String str) {
        return new BearerTokenError(getCode(), getDescription(), getHTTPStatusCode(), getURI(), str, getScope());
    }

    public Scope getScope() {
        return this.scope;
    }

    public BearerTokenError setScope(Scope scope) {
        return new BearerTokenError(getCode(), getDescription(), getHTTPStatusCode(), getURI(), getRealm(), scope);
    }

    public String toWWWAuthenticateHeader() {
        StringBuilder sb = new StringBuilder(TokenUtil.TOKEN_TYPE_BEARER);
        int i = 0;
        if (this.realm != null) {
            sb.append(" realm=\"");
            sb.append(getRealm().replaceAll("\"", "\\\\\""));
            sb.append('\"');
            i = 0 + 1;
        }
        if (getCode() != null) {
            if (i > 0) {
                sb.append(',');
            }
            sb.append(" error=\"");
            sb.append(getCode());
            sb.append('\"');
            i++;
            if (getDescription() != null) {
                if (i > 0) {
                    sb.append(',');
                }
                sb.append(" error_description=\"");
                sb.append(getDescription());
                sb.append('\"');
                i++;
            }
            if (getURI() != null) {
                if (i > 0) {
                    sb.append(',');
                }
                sb.append(" error_uri=\"");
                sb.append(getURI().toString());
                sb.append('\"');
                i++;
            }
        }
        if (this.scope != null) {
            if (i > 0) {
                sb.append(',');
            }
            sb.append(" scope=\"");
            sb.append(this.scope.toString());
            sb.append('\"');
        }
        return sb.toString();
    }

    public static BearerTokenError parse(String str) throws ParseException {
        if (!str.regionMatches(true, 0, TokenUtil.TOKEN_TYPE_BEARER, 0, TokenUtil.TOKEN_TYPE_BEARER.length())) {
            throw new ParseException("WWW-Authenticate scheme must be OAuth 2.0 Bearer");
        }
        Matcher matcher = realmPattern.matcher(str);
        String str2 = null;
        if (matcher.find()) {
            str2 = matcher.group(1);
        }
        if (str2 != null) {
            str2 = str2.replace("\\\"", "\"");
        }
        String str3 = null;
        String str4 = null;
        URI uri = null;
        Matcher matcher2 = errorPattern.matcher(str);
        if (matcher2.find()) {
            str3 = matcher2.group(2) != null ? matcher2.group(2) : matcher2.group(3);
            if (str3 != null && !isCodeWithValidChars(str3)) {
                str3 = null;
            }
            Matcher matcher3 = errorDescriptionPattern.matcher(str);
            if (matcher3.find()) {
                str4 = matcher3.group(1);
            }
            Matcher matcher4 = errorURIPattern.matcher(str);
            if (matcher4.find()) {
                try {
                    uri = new URI(matcher4.group(1));
                } catch (URISyntaxException e) {
                }
            }
        }
        Scope scope = null;
        Matcher matcher5 = scopePattern.matcher(str);
        if (matcher5.find()) {
            scope = Scope.parse(matcher5.group(1));
        }
        return new BearerTokenError(str3, str4, 0, uri, str2, scope);
    }
}
