package org.apache.cxf.rs.security.oauth2.services;

import java.net.URI;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;

/* loaded from: input_file:BOOT-INF/lib/cxf-rt-rs-security-oauth2-3.1.8.jar:org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.class */
public abstract class AbstractImplicitGrantService extends RedirectionBasedGrantService {
    private boolean reportClientId;
    private List<AccessTokenResponseFilter> responseHandlers;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractImplicitGrantService(String str, String str2) {
        super(str, str2);
        this.responseHandlers = new LinkedList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractImplicitGrantService(Set<String> set, String str) {
        super(set, str);
        this.responseHandlers = new LinkedList();
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected Response createGrant(OAuthRedirectionState oAuthRedirectionState, Client client, List<String> list, List<String> list2, UserSubject userSubject, ServerAccessToken serverAccessToken) {
        return Response.seeOther(URI.create(prepareGrant(oAuthRedirectionState, client, list, list2, userSubject, serverAccessToken).toString())).build();
    }

    protected StringBuilder prepareGrant(OAuthRedirectionState oAuthRedirectionState, Client client, List<String> list, List<String> list2, UserSubject userSubject, ServerAccessToken serverAccessToken) {
        ServerAccessToken serverAccessToken2;
        if (serverAccessToken == null) {
            serverAccessToken2 = getDataProvider().createAccessToken(createTokenRegistration(oAuthRedirectionState, client, list, list2, userSubject));
        } else {
            serverAccessToken2 = serverAccessToken;
            if (oAuthRedirectionState.getNonce() != null) {
                JAXRSUtils.getCurrentMessage().getExchange().put("nonce", oAuthRedirectionState.getNonce());
            }
        }
        ClientAccessToken clientAccessToken = OAuthUtils.toClientAccessToken(serverAccessToken2, isWriteOptionalParameters());
        processClientAccessToken(clientAccessToken, serverAccessToken2);
        StringBuilder uriWithFragment = getUriWithFragment(oAuthRedirectionState.getRedirectUri());
        uriWithFragment.append(OAuthConstants.ACCESS_TOKEN).append("=").append(clientAccessToken.getTokenKey());
        uriWithFragment.append("&");
        uriWithFragment.append(OAuthConstants.ACCESS_TOKEN_TYPE).append("=").append(clientAccessToken.getTokenType());
        if (isWriteOptionalParameters()) {
            uriWithFragment.append("&").append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN).append("=").append(clientAccessToken.getExpiresIn());
            if (!StringUtils.isEmpty(clientAccessToken.getApprovedScope())) {
                uriWithFragment.append("&").append("scope").append("=").append(HttpUtils.queryEncode(clientAccessToken.getApprovedScope()));
            }
            for (Map.Entry<String, String> entry : clientAccessToken.getParameters().entrySet()) {
                uriWithFragment.append("&").append(entry.getKey()).append("=").append(HttpUtils.queryEncode(entry.getValue()));
            }
        }
        if (serverAccessToken2.getRefreshToken() != null) {
            processRefreshToken(uriWithFragment, serverAccessToken2.getRefreshToken());
        }
        finalizeResponse(uriWithFragment, oAuthRedirectionState);
        return uriWithFragment;
    }

    protected AccessTokenRegistration createTokenRegistration(OAuthRedirectionState oAuthRedirectionState, Client client, List<String> list, List<String> list2, UserSubject userSubject) {
        AccessTokenRegistration accessTokenRegistration = new AccessTokenRegistration();
        accessTokenRegistration.setClient(client);
        accessTokenRegistration.setGrantType(super.getSupportedGrantType());
        accessTokenRegistration.setResponseType(oAuthRedirectionState.getResponseType());
        accessTokenRegistration.setSubject(userSubject);
        accessTokenRegistration.setRequestedScope(list);
        accessTokenRegistration.setApprovedScope(getApprovedScope(list, list2));
        accessTokenRegistration.setAudiences(Collections.singletonList(oAuthRedirectionState.getAudience()));
        accessTokenRegistration.setNonce(oAuthRedirectionState.getNonce());
        accessTokenRegistration.getExtraProperties().putAll(oAuthRedirectionState.getExtraProperties());
        return accessTokenRegistration;
    }

    protected void finalizeResponse(StringBuilder sb, OAuthRedirectionState oAuthRedirectionState) {
        if (oAuthRedirectionState.getState() != null) {
            sb.append("&");
            sb.append(OAuthConstants.STATE).append("=").append(HttpUtils.urlEncode(oAuthRedirectionState.getState()));
        }
        if (this.reportClientId) {
            sb.append("&").append("client_id").append("=").append(oAuthRedirectionState.getClientId());
        }
    }

    protected void processRefreshToken(StringBuilder sb, String str) {
        LOG.warning("Implicit grant tokens MUST not have refresh tokens, refresh token will not be reported");
    }

    protected void processClientAccessToken(ClientAccessToken clientAccessToken, ServerAccessToken serverAccessToken) {
        Iterator<AccessTokenResponseFilter> it = this.responseHandlers.iterator();
        while (it.hasNext()) {
            it.next().process(clientAccessToken, serverAccessToken);
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected Response createErrorResponse(String str, String str2, String str3) {
        StringBuilder uriWithFragment = getUriWithFragment(str2);
        uriWithFragment.append(OAuthConstants.ERROR_KEY).append("=").append(str3);
        if (str != null) {
            uriWithFragment.append("&");
            uriWithFragment.append(OAuthConstants.STATE).append("=").append(str);
        }
        return Response.seeOther(URI.create(uriWithFragment.toString())).build();
    }

    protected StringBuilder getUriWithFragment(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append("#");
        return sb;
    }

    public void setReportClientId(boolean z) {
        this.reportClientId = z;
    }

    public void setResponseFilters(List<AccessTokenResponseFilter> list) {
        this.responseHandlers = list;
    }

    public void setResponseFilter(AccessTokenResponseFilter accessTokenResponseFilter) {
        this.responseHandlers.add(accessTokenResponseFilter);
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected boolean canRedirectUriBeEmpty(Client client) {
        return false;
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected boolean canSupportPublicClient(Client client) {
        return true;
    }
}
