package de.adorsys.oauth.server;

import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oauth-wildfly-support-0.35.jar:de/adorsys/oauth/server/TokenEndpointMatcher.class */
public class TokenEndpointMatcher implements AuthenticatorMatcher {
    private static final Logger LOG = LoggerFactory.getLogger(TokenEndpointMatcher.class);

    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        servletRequestContext.getOriginalRequest();
        servletRequestContext.getOriginalResponse();
        TokenRequest resolveTokenRequest = resolveTokenRequest();
        if (resolveTokenRequest == null) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        }
        AuthorizationGrant authorizationGrant = resolveTokenRequest.getAuthorizationGrant();
        if (authorizationGrant.getType() == GrantType.AUTHORIZATION_CODE || authorizationGrant.getType() == GrantType.REFRESH_TOKEN) {
            securityContext.authenticationComplete(OAuhtAccount.INSTANCE, "OAUTH", false);
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        if (authorizationGrant.getType() != GrantType.PASSWORD) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        }
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = (ResourceOwnerPasswordCredentialsGrant) authorizationGrant;
        String username = resourceOwnerPasswordCredentialsGrant.getUsername();
        String value = resourceOwnerPasswordCredentialsGrant.getPassword().getValue() == null ? "" : resourceOwnerPasswordCredentialsGrant.getPassword().getValue();
        LOG.debug("PasswordFlow - login {} {}", username, value.replaceAll(".", "x"));
        Account verify = securityContext.getIdentityManager().verify(username, new PasswordCredential(value.toCharArray()));
        if (verify == null) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
        securityContext.authenticationComplete(verify, "OAUTH", false);
        return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
    }

    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        return new AuthenticationMechanism.ChallengeResult(true, Integer.valueOf(HTTPResponse.SC_FORBIDDEN));
    }

    private TokenRequest resolveTokenRequest() {
        try {
            return (TokenRequest) PolicyContext.getContext(TokenRequest.class.getName());
        } catch (Exception e) {
            return null;
        }
    }

    @Override // de.adorsys.oauth.server.AuthenticatorMatcher
    public void initialize(ServletContext servletContext) {
    }

    @Override // de.adorsys.oauth.server.AuthenticatorMatcher
    public boolean match(HttpServerExchange httpServerExchange, HttpServletRequest httpServletRequest) {
        return resolveTokenRequest() != null;
    }
}
