package pl.edu.icm.unity.oauth.as.token.access;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import javax.ws.rs.FormParam;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.oauth.as.token.BaseOAuthResource;
import pl.edu.icm.unity.oauth.as.token.OAuthTokenEndpoint;

@Produces({"application/json"})
@Path(OAuthTokenEndpoint.TOKEN_PATH)
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/access/AccessTokenResource.class */
public class AccessTokenResource extends BaseOAuthResource {
    private static final Logger log = Log.getLogger("unity.server.oauth", AccessTokenResource.class);
    public static final String ACCESS_TOKEN_TYPE_ID = "urn:ietf:params:oauth:token-type:access_token";
    public static final String ID_TOKEN_TYPE_ID = "urn:ietf:params:oauth:token-type:id_token";
    public static final String EXCHANGE_SCOPE = "token-exchange";
    private final AuthzCodeHandler authzCodeHandler;
    private final RefreshTokenHandler refreshTokenHandler;
    private final ExchangeTokenHandler exchangeTokenHandler;
    private final CredentialFlowHandler credentialFlowHandler;
    private final OAuthTokenStatisticPublisher statisticPublisher;

    public AccessTokenResource(AuthzCodeHandler authzCodeHandler, RefreshTokenHandler refreshTokenHandler, ExchangeTokenHandler exchangeTokenHandler, CredentialFlowHandler credentialFlowHandler, OAuthTokenStatisticPublisher oAuthTokenStatisticPublisher) {
        this.authzCodeHandler = authzCodeHandler;
        this.refreshTokenHandler = refreshTokenHandler;
        this.exchangeTokenHandler = exchangeTokenHandler;
        this.credentialFlowHandler = credentialFlowHandler;
        this.statisticPublisher = oAuthTokenStatisticPublisher;
    }

    @POST
    @Path("/")
    public Response getToken(@FormParam("grant_type") String str, @FormParam("code") String str2, @FormParam("scope") String str3, @FormParam("redirect_uri") String str4, @FormParam("refresh_token") String str5, @FormParam("audience") String str6, @FormParam("requested_token_type") String str7, @FormParam("subject_token") String str8, @FormParam("subject_token_type") String str9, @FormParam("code_verifier") String str10, @HeaderParam("Accept") String str11) throws EngineException, JsonProcessingException {
        if (str == null) {
            this.statisticPublisher.reportFailAsLoggedClient();
            return makeError(OAuth2Error.INVALID_REQUEST, "grant_type is required");
        }
        if (isRequiredClientAuthenticationMissing(str)) {
            return makeError(OAuth2Error.INVALID_CLIENT, "not authenticated");
        }
        log.trace("Handle new token request with " + str + " grant");
        if (!str.equals(GrantType.AUTHORIZATION_CODE.getValue())) {
            return str.equals(GrantType.CLIENT_CREDENTIALS.getValue()) ? this.credentialFlowHandler.handleClientCredentialFlow(str3, str11) : str.equals(GrantType.TOKEN_EXCHANGE.getValue()) ? str6 == null ? makeError(OAuth2Error.INVALID_REQUEST, "audience is required") : str8 == null ? makeError(OAuth2Error.INVALID_REQUEST, "subject_token is required") : str9 == null ? makeError(OAuth2Error.INVALID_REQUEST, "subject_token_type is required") : this.exchangeTokenHandler.handleExchangeToken(str8, str9, str7, str6, str3, str11) : str.equals(GrantType.REFRESH_TOKEN.getValue()) ? str5 == null ? makeError(OAuth2Error.INVALID_REQUEST, "refresh_token is required") : this.refreshTokenHandler.handleRefreshTokenGrant(str5, str3, str11) : makeError(OAuth2Error.INVALID_GRANT, "wrong or not supported grant_type value");
        }
        if (str2 != null) {
            return this.authzCodeHandler.handleAuthzCodeFlow(str2, str4, str10, str11);
        }
        this.statisticPublisher.reportFailAsLoggedClient();
        return makeError(OAuth2Error.INVALID_REQUEST, "code is required");
    }

    private boolean isRequiredClientAuthenticationMissing(String str) {
        return (str.equals(GrantType.AUTHORIZATION_CODE.getValue()) || str.equals(GrantType.REFRESH_TOKEN.getValue()) || InvocationContext.getCurrent().getLoginSession() != null) ? false : true;
    }
}
