package io.corbel.oauth.api;

import io.corbel.lib.token.TokenInfo;
import io.corbel.lib.token.exception.TokenVerificationException;
import io.corbel.lib.token.factory.TokenFactory;
import io.corbel.lib.token.model.TokenType;
import io.corbel.lib.token.parser.TokenParser;
import io.corbel.lib.token.reader.TokenReader;
import io.corbel.lib.ws.api.error.ErrorResponseFactory;
import io.corbel.lib.ws.model.Error;
import io.corbel.oauth.model.Client;
import io.corbel.oauth.model.User;
import io.corbel.oauth.repository.UserRepository;
import io.corbel.oauth.service.ClientService;
import io.corbel.oauth.token.TokenExpireTime;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("v1.0/oauth/token")
/* loaded from: input_file:io/corbel/oauth/api/TokenResource.class */
public class TokenResource {
    private static final String AUTHORIZATION_CODE_GRANT_TYPE = "authorization_code";
    private static final Logger LOG = LoggerFactory.getLogger(TokenResource.class);
    private final TokenParser tokenParser;
    private final TokenFactory tokenFactory;
    private final ClientService clientService;
    private final UserRepository userRepository;
    private final TokenExpireTime tokenExpireTime;

    public TokenResource(TokenParser tokenParser, TokenFactory tokenFactory, ClientService clientService, UserRepository userRepository, TokenExpireTime tokenExpireTime) {
        this.tokenParser = tokenParser;
        this.tokenFactory = tokenFactory;
        this.clientService = clientService;
        this.userRepository = userRepository;
        this.tokenExpireTime = tokenExpireTime;
    }

    @POST
    @Consumes({"application/x-www-form-urlencoded"})
    public Response accessToken(@FormParam("grant_type") String str, @FormParam("code") String str2, @FormParam("client_id") String str3, @FormParam("client_secret") String str4, @FormParam("validated_mail_required") Boolean bool) {
        if (StringUtils.isBlank(str)) {
            return ErrorResponseFactory.getInstance().missingParameter("grant_type");
        }
        if (StringUtils.isBlank(str3)) {
            return ErrorResponseFactory.getInstance().missingParameter("client_id");
        }
        if (StringUtils.isBlank(str4)) {
            return ErrorResponseFactory.getInstance().missingParameter("client_secret");
        }
        if (isNotSupportedGrantType(str)) {
            return ErrorResponseFactory.getInstance().badRequest(new Error("invalid_grant", str));
        }
        if (StringUtils.isBlank(str2)) {
            return ErrorResponseFactory.getInstance().missingParameter("code");
        }
        Client orElseThrow = this.clientService.findByName(str3).orElseThrow(() -> {
            return new WebApplicationException(ErrorResponseFactory.getInstance().unauthorized());
        });
        try {
            TokenReader parseAndVerify = this.tokenParser.parseAndVerify(str2);
            if (TokenType.CODE != parseAndVerify.getInfo().getTokenType()) {
                LOG.debug("Invalid token type: " + parseAndVerify.getInfo().getTokenType());
                return ErrorResponseFactory.getInstance().unauthorized();
            }
            if (!tokenHasClientIdAndValidSecret(parseAndVerify, orElseThrow, str4)) {
                LOG.debug("Invalid clientId and/or secret");
                return ErrorResponseFactory.getInstance().unauthorized();
            }
            if (BooleanUtils.isTrue(bool) && !userHasValidatedEmail(parseAndVerify)) {
                return ErrorResponseFactory.getInstance().unauthorized("User need validate e-mail");
            }
            return Response.ok().entity(this.tokenFactory.createToken(TokenInfo.newBuilder().setType(TokenType.TOKEN).setUserId(parseAndVerify.getInfo().getUserId()).setClientId(parseAndVerify.getInfo().getClientId()).setDomainId(orElseThrow.getDomain()).build(), this.tokenExpireTime.getTokenExpireTimeFromResponseType(TokenType.TOKEN), new String[0])).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (TokenVerificationException e) {
            LOG.debug("Token verification failed", e);
            return ErrorResponseFactory.getInstance().unauthorized();
        }
    }

    private boolean userHasValidatedEmail(TokenReader tokenReader) {
        User user = (User) this.userRepository.findOne(tokenReader.getInfo().getUserId());
        if (user != null) {
            return user.isEmailValidated().booleanValue();
        }
        return false;
    }

    private boolean tokenHasClientIdAndValidSecret(TokenReader tokenReader, Client client, String str) {
        return StringUtils.equals(tokenReader.getInfo().getClientId(), client.getName()) && this.clientService.verifyClientSecret(str, client);
    }

    private boolean isNotSupportedGrantType(String str) {
        return !AUTHORIZATION_CODE_GRANT_TYPE.equals(str);
    }
}
