package de.adorsys.oauth.server;

import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.http.ServletUtils;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.oauth2.sdk.token.Tokens;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import java.io.IOException;
import java.util.HashMap;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("token")
@ApplicationScoped
/* loaded from: input_file:de/adorsys/oauth/server/TokenResource.class */
public class TokenResource {
    private static final Logger LOG = LoggerFactory.getLogger(TokenResource.class);

    @Context
    private HttpServletRequest servletRequest;

    @Context
    private HttpServletResponse servletResponse;

    @Context
    private ServletContext servletContext;

    @Inject
    private UserInfoFactory userInfoFactory;

    @Inject
    private TokenStore tokenStore;
    private long tokenLifetime;

    @PostConstruct
    public void postConstruct() {
        try {
            this.tokenLifetime = Long.valueOf(this.servletContext.getInitParameter("lifetime")).longValue();
        } catch (Exception e) {
            this.tokenLifetime = 28800L;
        }
        LOG.info("token lifetime {}", Long.valueOf(this.tokenLifetime));
    }

    @POST
    @Consumes({"application/x-www-form-urlencoded"})
    public void token() throws Exception {
        try {
            TokenRequest parse = TokenRequest.parse(FixedServletUtils.createHTTPRequest(this.servletRequest));
            LOG.info("tokenRequest {}", parse);
            AuthorizationGrant authorizationGrant = parse.getAuthorizationGrant();
            if (authorizationGrant.getType() == GrantType.AUTHORIZATION_CODE) {
                doAuthorizationCodeGrantFlow(parse);
                return;
            }
            if (authorizationGrant.getType() == GrantType.PASSWORD) {
                doResourceOwnerPasswordCredentialFlow(parse);
            } else if (authorizationGrant.getType() == GrantType.REFRESH_TOKEN) {
                doRefreshTokenGrantFlow(parse);
            } else {
                ServletUtils.applyHTTPResponse(new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE).toHTTPResponse(), this.servletResponse);
            }
        } catch (ParseException e) {
            ServletUtils.applyHTTPResponse(new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE).toHTTPResponse(), this.servletResponse);
        }
    }

    private void doRefreshTokenGrantFlow(TokenRequest tokenRequest) throws IOException {
        RefreshTokenAndMetadata findRefreshToken = this.tokenStore.findRefreshToken(tokenRequest.getAuthorizationGrant().getRefreshToken());
        if (findRefreshToken == null || !findRefreshToken.getClientId().equals(tokenRequest.getClientAuthentication().getClientID())) {
            ServletUtils.applyHTTPResponse(new TokenErrorResponse(OAuth2Error.INVALID_GRANT).toHTTPResponse(), this.servletResponse);
        }
        BearerAccessToken bearerAccessToken = new BearerAccessToken(this.tokenLifetime, tokenRequest.getScope());
        this.tokenStore.remove(findRefreshToken.getRefreshToken().getValue(), findRefreshToken.getClientId());
        this.tokenStore.addAccessToken(bearerAccessToken, findRefreshToken.getUserInfo(), findRefreshToken.getClientId(), findRefreshToken.getRefreshToken());
        RefreshToken refreshToken = new RefreshToken();
        this.tokenStore.addRefreshToken(refreshToken, findRefreshToken.getUserInfo(), findRefreshToken.getClientId(), findRefreshToken.getLoginSession());
        ServletUtils.applyHTTPResponse(new AccessTokenResponse(new Tokens(bearerAccessToken, refreshToken)).toHTTPResponse(), this.servletResponse);
    }

    private void doAuthorizationCodeGrantFlow(TokenRequest tokenRequest) throws Exception {
        AuthorizationCodeGrant authorizationGrant = tokenRequest.getAuthorizationGrant();
        AuthCodeAndMetadata consumeAuthCode = this.tokenStore.consumeAuthCode(authorizationGrant.getAuthorizationCode());
        if (consumeAuthCode == null || !consumeAuthCode.getClientId().equals(tokenRequest.getClientAuthentication().getClientID()) || !consumeAuthCode.getRedirectURI().equals(this.servletRequest.getParameter("redirect_uri"))) {
            LOG.info("tokenRequest: invalid grant {}", authorizationGrant.getAuthorizationCode());
            ServletUtils.applyHTTPResponse(new TokenErrorResponse(OAuth2Error.INVALID_GRANT).toHTTPResponse(), this.servletResponse);
            return;
        }
        RefreshToken refreshToken = new RefreshToken();
        this.tokenStore.addRefreshToken(refreshToken, consumeAuthCode.getUserInfo(), consumeAuthCode.getClientId(), consumeAuthCode.getLoginSession());
        BearerAccessToken bearerAccessToken = new BearerAccessToken(this.tokenLifetime, tokenRequest.getScope());
        this.tokenStore.addAccessToken(bearerAccessToken, consumeAuthCode.getUserInfo(), consumeAuthCode.getClientId(), refreshToken);
        LOG.info("accessToken {}", bearerAccessToken.toJSONString());
        HashMap hashMap = new HashMap();
        hashMap.put("login_session", consumeAuthCode.getLoginSession().getValue());
        ServletUtils.applyHTTPResponse(new AccessTokenResponse(new Tokens(bearerAccessToken, refreshToken), hashMap).toHTTPResponse(), this.servletResponse);
    }

    private void doResourceOwnerPasswordCredentialFlow(TokenRequest tokenRequest) throws Exception {
        UserInfo createUserInfo = this.userInfoFactory.createUserInfo(this.servletRequest);
        LOG.debug(createUserInfo.toJSONObject().toJSONString());
        RefreshToken refreshToken = new RefreshToken();
        LOG.info("request.getClientAuthentication() {}", tokenRequest.getClientAuthentication());
        this.tokenStore.addRefreshToken(refreshToken, createUserInfo, tokenRequest.getClientAuthentication().getClientID(), null);
        BearerAccessToken bearerAccessToken = new BearerAccessToken(this.tokenLifetime, tokenRequest.getScope());
        LOG.info("resourceOwnerPasswordCredentialFlow {}", bearerAccessToken.toJSONString());
        this.tokenStore.addAccessToken(bearerAccessToken, createUserInfo, tokenRequest.getClientAuthentication().getClientID(), refreshToken);
        LOG.info("accessToken {}", bearerAccessToken.toJSONString());
        ServletUtils.applyHTTPResponse(new AccessTokenResponse(new Tokens(bearerAccessToken, refreshToken)).toHTTPResponse(), this.servletResponse);
    }
}
