package com.nimbusds.openid.connect.provider.spi.grants.client.webapi;

import com.nimbusds.common.contenttype.ContentType;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.GeneralException;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.client.ClientMetadata;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.provider.spi.InitContext;
import com.nimbusds.openid.connect.provider.spi.grants.ClientCredentialsGrantHandler;
import com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/grants/client/webapi/ClientCredentialsGrantWebAPI.class */
public class ClientCredentialsGrantWebAPI implements ClientCredentialsGrantHandler {
    public static final String CONFIG_FILE_PATH = "/WEB-INF/clientGrantHandlerWebAPI.properties";
    private Configuration config;
    private static final Logger mainLog = LogManager.getLogger("MAIN");
    private static final Logger tokenEndpointLog = LogManager.getLogger("TOKEN");

    private static Configuration loadConfiguration(InitContext initContext) throws Exception {
        Properties properties = new Properties();
        InputStream resourceAsStream = initContext.getResourceAsStream(CONFIG_FILE_PATH);
        if (resourceAsStream != null) {
            properties.load(resourceAsStream);
        }
        return new Configuration(properties);
    }

    public void init(InitContext initContext) throws Exception {
        mainLog.info("[CGH 0005] Initializing client credentials grant handler...");
        this.config = loadConfiguration(initContext);
        this.config.log();
    }

    public Configuration getConfiguration() {
        return this.config;
    }

    public boolean isEnabled() {
        return this.config.enable;
    }

    public GrantType getGrantType() {
        return GrantType.CLIENT_CREDENTIALS;
    }

    public GrantAuthorization processGrant(Scope scope, ClientID clientID, ClientMetadata clientMetadata) throws GeneralException {
        if (!this.config.enable) {
            throw new GeneralException("Grant handler disabled", OAuth2Error.UNSUPPORTED_GRANT_TYPE);
        }
        tokenEndpointLog.debug("[CGH 0006] Client credentials grant handler: Received request with scope={}", scope);
        HandlerRequest handlerRequest = new HandlerRequest(scope, clientID, clientMetadata);
        HTTPRequest hTTPRequest = new HTTPRequest(HTTPRequest.Method.POST, this.config.url);
        hTTPRequest.setAuthorization(this.config.apiAccessToken.toAuthorizationHeader());
        hTTPRequest.setEntityContentType(ContentType.APPLICATION_JSON);
        hTTPRequest.setQuery(handlerRequest.toJSONObject().toJSONString());
        hTTPRequest.setConnectTimeout(this.config.connectTimeout);
        hTTPRequest.setReadTimeout(this.config.readTimeout);
        tokenEndpointLog.debug("[CGH 0007] Client credentials grant handler: Making HTTP post request to {}", hTTPRequest.getURL());
        try {
            HTTPResponse send = hTTPRequest.send();
            if (!send.indicatesSuccess()) {
                ErrorObject processNon200Response = processNon200Response(send);
                throw new GeneralException(processNon200Response.getCode(), processNon200Response);
            }
            tokenEndpointLog.debug("[CGH 0009] Client credentials grant handler: Received authorization response: {}", send.getContent());
            try {
                return GrantAuthorization.parse(send.getContentAsJSONObject());
            } catch (Exception e) {
                tokenEndpointLog.error("[CGH 0010] Client credentials grant handler: Invalid authorization response: {}", e.getMessage(), e);
                throw new GeneralException("Server error", OAuth2Error.SERVER_ERROR);
            }
        } catch (IOException e2) {
            tokenEndpointLog.error("[CGH 0008] Client credentials grant handler: HTTP exception: " + e2.getMessage(), e2);
            throw new GeneralException("Server error", OAuth2Error.SERVER_ERROR);
        }
    }

    public static ErrorObject processNon200Response(HTTPResponse hTTPResponse) {
        if (hTTPResponse.getStatusCode() != 400) {
            tokenEndpointLog.error("[CGH 0011] Client credentials grant handler: Unexpected HTTP response: {}", Integer.valueOf(hTTPResponse.getStatusCode()));
            return OAuth2Error.SERVER_ERROR;
        }
        ErrorObject parse = ErrorObject.parse(hTTPResponse);
        if (parse.getCode() == null || !(parse.equals(OAuth2Error.INVALID_GRANT) || parse.equals(OAuth2Error.INVALID_SCOPE))) {
            tokenEndpointLog.error("[CGH 0012] Client credentials grant handler: Missing or unexpected error code: {}", parse.getCode());
            return OAuth2Error.SERVER_ERROR;
        }
        tokenEndpointLog.info("[CGH 0013] Client credentials grant handler: Token request denied: {}", parse.getCode());
        return parse;
    }

    public void shutdown() {
        mainLog.info("[CGH 0014] Shutting down client credentials grant handler...");
    }
}
