package leap.oauth2.as.endpoint.authorize;

import java.util.HashMap;
import leap.core.annotation.Inject;
import leap.oauth2.OAuth2Params;
import leap.oauth2.as.OAuth2AuthzServerConfig;
import leap.oauth2.as.OAuth2AuthzServerErrorHandler;
import leap.oauth2.as.authc.AuthzAuthentication;
import leap.oauth2.as.code.AuthzCode;
import leap.oauth2.as.code.AuthzCodeManager;
import leap.oauth2.as.openid.IdTokenGenerator;
import leap.oauth2.as.sso.AuthzSSOManager;
import leap.web.Request;
import leap.web.Response;

/* loaded from: input_file:leap/oauth2/as/endpoint/authorize/CodeIdTokenResponseTypeHandler.class */
public class CodeIdTokenResponseTypeHandler extends AbstractResponseTypeHandler implements ResponseTypeHandler {

    @Inject
    protected OAuth2AuthzServerConfig config;

    @Inject
    protected OAuth2AuthzServerErrorHandler errorHandler;

    @Inject
    protected AuthzCodeManager codeManager;

    @Inject
    protected IdTokenGenerator idTokenGenerator;

    @Inject
    protected AuthzSSOManager ssoManager;

    @Override // leap.oauth2.as.endpoint.authorize.ResponseTypeHandler
    public void handleResponseType(Request request, Response response, AuthzAuthentication authzAuthentication) throws Throwable {
        if (!this.config.isSingleLoginEnabled()) {
            this.errorHandler.invalidRequest(response, "Single login disabled");
            return;
        }
        this.ssoManager.onOAuth2LoginSuccess(request, response, authzAuthentication);
        sendCodeIdTokenRedirect(request, response, authzAuthentication, this.codeManager.createAuthorizationCode(authzAuthentication, this.ssoManager.getSSOSession(request, response, authzAuthentication)), this.idTokenGenerator.generateIdToken(authzAuthentication));
    }

    protected void sendCodeIdTokenRedirect(Request request, Response response, AuthzAuthentication authzAuthentication, AuthzCode authzCode, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(OAuth2Params.CODE, authzCode.getCode());
        hashMap.put(OAuth2Params.ID_TOKEN, str);
        sendSuccessRedirect(request, response, authzAuthentication, hashMap);
    }
}
