package leap.oauth2.server.client;

import leap.core.annotation.Inject;
import leap.oauth2.server.OAuth2AuthzServerConfig;
import leap.oauth2.server.Oauth2MessageKey;

/* loaded from: input_file:leap/oauth2/server/client/DefaultAuthzClientManager.class */
public class DefaultAuthzClientManager implements AuthzClientManager {

    @Inject
    protected OAuth2AuthzServerConfig config;

    @Inject
    protected AuthzClientAuthenticator[] authenticators;

    @Override // leap.oauth2.server.client.AuthzClientManager
    public AuthzClient authenticate(AuthzClientAuthenticationContext authzClientAuthenticationContext, AuthzClientCredentials authzClientCredentials) throws Throwable {
        AuthzClient loadClientById = loadClientById(authzClientCredentials.getClientId());
        if (loadClientById == null) {
            authzClientAuthenticationContext.addError(Oauth2MessageKey.ERROR_INVALID_GRANT_CLIENT_NOT_FOUND, "client not found");
            return null;
        }
        if (!loadClientById.isEnabled()) {
            authzClientAuthenticationContext.addError(Oauth2MessageKey.INVALID_REQUEST_INVALID_CLIENT, "client diabled");
            return null;
        }
        for (AuthzClientAuthenticator authzClientAuthenticator : this.authenticators) {
            if (authzClientAuthenticator.authenticate(authzClientCredentials, loadClientById)) {
                return loadClientById;
            }
        }
        authzClientAuthenticationContext.addError(Oauth2MessageKey.INVALID_REQUEST_INVALID_CLIENT_SECRET, "client_secret invalid");
        return null;
    }

    @Override // leap.oauth2.server.client.AuthzClientManager
    public AuthzClient loadClientById(String str) {
        return this.config.getClientStore().loadClient(str);
    }
}
