package com.predic8.membrane.core.interceptor.oauth2.flows;

import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.oauth2.Client;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.oauth2.ParamNames;
import com.predic8.membrane.core.interceptor.oauth2.ReusableJsonGenerator;
import java.io.IOException;

/* loaded from: input_file:com/predic8/membrane/core/interceptor/oauth2/flows/TokenFlow.class */
public class TokenFlow extends OAuth2Flow {
    public TokenFlow(OAuth2AuthorizationServerInterceptor oAuth2AuthorizationServerInterceptor, Exchange exchange, SessionManager.Session session) {
        super(oAuth2AuthorizationServerInterceptor, exchange, session);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.flows.OAuth2Flow
    public Outcome getResponse() throws IOException {
        Client client;
        synchronized (this.session) {
            client = this.authServer.getClientList().getClient(this.session.getUserAttributes().get(ParamNames.CLIENT_ID));
        }
        if (client.getGrantTypes().contains("implicit")) {
            return respondWithTokenAndRedirect(this.exc, generateAccessToken(client), this.authServer.getTokenGenerator().getTokenType(), this.session);
        }
        this.exc.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(this.exc, new ReusableJsonGenerator(), "error", "invalid_grant_type"));
        return Outcome.RETURN;
    }

    private Outcome respondWithTokenAndRedirect(Exchange exchange, String str, String str2, SessionManager.Session session) {
        String str3;
        String str4;
        String str5;
        synchronized (session) {
            str3 = session.getUserAttributes().get(ParamNames.STATE);
            str4 = session.getUserAttributes().get(ParamNames.REDIRECT_URI);
            str5 = session.getUserAttributes().get(ParamNames.SCOPE);
        }
        exchange.setResponse(Response.redirect(str4 + "?access_token=" + str + stateQuery(str3) + "&token_type=" + str2 + "&scope=" + str5, false).dontCache().body("").build());
        return Outcome.RETURN;
    }

    public String generateAccessToken(Client client) {
        String token;
        synchronized (this.session) {
            token = this.authServer.getTokenGenerator().getToken(this.session.getUserName(), client.getClientId(), client.getClientSecret(), null);
            this.authServer.getSessionFinder().addSessionForToken(token, this.session);
        }
        return token;
    }
}
