package leap.oauth2.server.endpoint.token;

import java.util.function.Function;
import leap.core.annotation.Inject;
import leap.core.i18n.MessageKey;
import leap.lang.NamedError;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.oauth2.server.OAuth2AuthzServerConfig;
import leap.oauth2.server.OAuth2Constants;
import leap.oauth2.server.OAuth2Error;
import leap.oauth2.server.OAuth2Errors;
import leap.oauth2.server.OAuth2Params;
import leap.oauth2.server.Oauth2MessageKey;
import leap.oauth2.server.RequestOAuth2Params;
import leap.oauth2.server.client.AuthzClient;
import leap.oauth2.server.client.AuthzClientCredentials;
import leap.oauth2.server.client.AuthzClientManager;
import leap.oauth2.server.client.DefaultAuthzClientAuthenticationContext;
import leap.oauth2.server.client.SamplingAuthzClientCredentials;
import leap.web.Request;
import leap.web.Response;

/* loaded from: input_file:leap/oauth2/server/endpoint/token/AbstractGrantTypeHandler.class */
public abstract class AbstractGrantTypeHandler implements GrantTypeHandler {

    @Inject
    protected OAuth2AuthzServerConfig config;

    @Inject
    protected AuthzClientManager clientManager;

    @Inject
    protected GrantTypeHandleFailHandler[] failHandlers;

    protected AuthzClient validateClient(Request request, Response response, OAuth2Params oAuth2Params, AuthzClientCredentials authzClientCredentials) throws Throwable {
        if (Strings.isEmpty(authzClientCredentials.getClientId())) {
            handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey -> {
                return OAuth2Errors.invalidRequestError(request, messageKey, "client_id required");
            }, Oauth2MessageKey.INVALID_REQUEST_CLIENT_ID_REQUIRED, new Object[0]));
            return null;
        }
        String redirectUri = oAuth2Params.getRedirectUri();
        if (Strings.isEmpty(redirectUri)) {
            handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey2 -> {
                return OAuth2Errors.invalidRequestError(request, messageKey2, "redirect_uri required");
            }, Oauth2MessageKey.INVALID_REQUEST_REDIRECT_URI_REQUIRED, new Object[0]));
            return null;
        }
        if (Strings.isEmpty(authzClientCredentials.getClientSecret())) {
            handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey3 -> {
                return OAuth2Errors.invalidRequestError(request, messageKey3, "client_secret required");
            }, Oauth2MessageKey.INVALID_REQUEST_CLIENT_SECRET_REQUIRED, new Object[0]));
            return null;
        }
        AuthzClient loadClientById = this.clientManager.loadClientById(authzClientCredentials.getClientId());
        if (loadClientById == null) {
            handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey4 -> {
                return OAuth2Errors.invalidGrantError(request, messageKey4, "client not found");
            }, Oauth2MessageKey.ERROR_INVALID_GRANT_CLIENT_NOT_FOUND, new Object[0]));
            return null;
        }
        if (loadClientById.acceptsRedirectUri(redirectUri)) {
            return loadClientById;
        }
        handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey5 -> {
            return OAuth2Errors.invalidGrantError(request, messageKey5, "redirect_uri invalid");
        }, Oauth2MessageKey.ERROR_INVALID_GRANT_REDIRECT_URI_INVALID, new Object[0]));
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthzClient validateClientSecret(Request request, Response response, AuthzClientCredentials authzClientCredentials) throws Throwable {
        if (Strings.isEmpty(authzClientCredentials.getClientId())) {
            handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey -> {
                return OAuth2Errors.invalidRequestError(request, messageKey, "client_id required");
            }, Oauth2MessageKey.INVALID_REQUEST_CLIENT_ID_REQUIRED, new Object[0]));
            return null;
        }
        if (Strings.isEmpty(authzClientCredentials.getClientSecret())) {
            handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey2 -> {
                return OAuth2Errors.invalidRequestError(request, messageKey2, "client_secret required");
            }, Oauth2MessageKey.INVALID_REQUEST_CLIENT_SECRET_REQUIRED, new Object[0]));
            return null;
        }
        DefaultAuthzClientAuthenticationContext defaultAuthzClientAuthenticationContext = new DefaultAuthzClientAuthenticationContext(request, response);
        AuthzClient authenticate = this.clientManager.authenticate(defaultAuthzClientAuthenticationContext, authzClientCredentials);
        if (defaultAuthzClientAuthenticationContext.errors().isEmpty()) {
            return authenticate;
        }
        NamedError first = defaultAuthzClientAuthenticationContext.errors().first();
        handleError(request, response, new RequestOAuth2Params(request), getOauth2Error(messageKey3 -> {
            return OAuth2Errors.invalidGrantError(request, messageKey3, first.getMessage());
        }, first.getName(), new Object[0]));
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthzClientCredentials extractClientCredentials(Request request, Response response, OAuth2Params oAuth2Params) {
        String header = request.getHeader(OAuth2Constants.TOKEN_HEADER);
        if (header != null && !Strings.isEmpty(header)) {
            if (!header.startsWith(OAuth2Constants.BASIC_TYPE)) {
                handleError(request, response, oAuth2Params, getOauth2Error(messageKey -> {
                    return OAuth2Errors.invalidRequestError(request, messageKey, "invalid Authorization header.");
                }, Oauth2MessageKey.INVALID_REQUEST_INVALID_AUTHZ_HEADER, new Object[0]));
                return null;
            }
            String[] split = Strings.split(Base64.decode(Strings.trim(header.substring(OAuth2Constants.BASIC_TYPE.length()))), ":");
            if (split.length == 2) {
                return new SamplingAuthzClientCredentials(split[0], split[1]);
            }
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey2 -> {
                return OAuth2Errors.invalidRequestError(request, messageKey2, "invalid Authorization header.");
            }, Oauth2MessageKey.INVALID_REQUEST_INVALID_AUTHZ_HEADER, new Object[0]));
            return null;
        }
        String clientId = oAuth2Params.getClientId();
        String clientSecret = oAuth2Params.getClientSecret();
        if (Strings.isEmpty(clientId)) {
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey3 -> {
                return OAuth2Errors.invalidRequestError(request, messageKey3, "client_id is required.");
            }, Oauth2MessageKey.INVALID_REQUEST_CLIENT_ID_REQUIRED, new Object[0]));
            return null;
        }
        if (!Strings.isEmpty(clientSecret)) {
            return new SamplingAuthzClientCredentials(clientId, clientSecret);
        }
        handleError(request, response, oAuth2Params, getOauth2Error(messageKey4 -> {
            return OAuth2Errors.invalidRequestError(request, messageKey4, "client_secret is required.");
        }, Oauth2MessageKey.INVALID_REQUEST_CLIENT_SECRET_REQUIRED, new Object[0]));
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleError(Request request, Response response, OAuth2Params oAuth2Params, OAuth2Error oAuth2Error) {
        if (handleFail(request, response, oAuth2Params, oAuth2Error)) {
            return;
        }
        OAuth2Errors.response(response, oAuth2Error);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth2Error getOauth2Error(Function<MessageKey, OAuth2Error> function, String str, Object... objArr) {
        return function.apply(Oauth2MessageKey.getMessageKey(str, objArr));
    }

    @Override // leap.oauth2.server.endpoint.token.GrantTypeHandler
    public boolean handleFail(Request request, Response response, OAuth2Params oAuth2Params, OAuth2Error oAuth2Error) {
        for (GrantTypeHandleFailHandler grantTypeHandleFailHandler : this.failHandlers) {
            if (grantTypeHandleFailHandler.handle(request, response, oAuth2Params, oAuth2Error, this)) {
                return true;
            }
        }
        return false;
    }
}
