package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Set;
import java.util.TreeSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.OAuth20Token;
import org.pac4j.core.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.2.2.jar:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenAuthorizationCodeGrantRequestExtractor.class */
public class AccessTokenAuthorizationCodeGrantRequestExtractor extends BaseAccessTokenGrantRequestExtractor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AccessTokenAuthorizationCodeGrantRequestExtractor.class);

    public AccessTokenAuthorizationCodeGrantRequestExtractor(OAuth20ConfigurationContext oAuth20ConfigurationContext) {
        super(oAuth20ConfigurationContext);
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public AccessTokenRequestDataHolder extract(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JEEContext jEEContext = new JEEContext(httpServletRequest, httpServletResponse, getOAuthConfigurationContext().getSessionStore());
        LOGGER.debug("OAuth grant type is [{}]", httpServletRequest.getParameter("grant_type"));
        String registeredServiceIdentifierFromRequest = getRegisteredServiceIdentifierFromRequest(jEEContext);
        OAuthRegisteredService oAuthRegisteredServiceBy = getOAuthRegisteredServiceBy(jEEContext);
        if (oAuthRegisteredServiceBy == null) {
            throw new UnauthorizedServiceException("Unable to locate service in registry for redirect URI " + registeredServiceIdentifierFromRequest);
        }
        Set<String> parseRequestScopes = OAuth20Utils.parseRequestScopes(httpServletRequest);
        OAuth20Token oAuthTokenFromRequest = getOAuthTokenFromRequest(httpServletRequest);
        if (oAuthTokenFromRequest == null || oAuthTokenFromRequest.isExpired()) {
            throw new InvalidTicketException(getOAuthParameter(httpServletRequest));
        }
        Set<String> extractRequestedScopesByToken = extractRequestedScopesByToken(parseRequestScopes, oAuthTokenFromRequest, httpServletRequest);
        return extractInternal(httpServletRequest, httpServletResponse, AccessTokenRequestDataHolder.builder().scopes(extractRequestedScopesByToken).service(getOAuthConfigurationContext().getWebApplicationServiceServiceFactory().createService(registeredServiceIdentifierFromRequest)).authentication(oAuthTokenFromRequest.getAuthentication()).registeredService(oAuthRegisteredServiceBy).grantType(getGrantType()).generateRefreshToken(isAllowedToGenerateRefreshToken() && oAuthRegisteredServiceBy.isGenerateRefreshToken()).token(oAuthTokenFromRequest).claims(oAuthTokenFromRequest.getClaims()).ticketGrantingTicket(oAuthTokenFromRequest.getTicketGrantingTicket()));
    }

    protected Set<String> extractRequestedScopesByToken(Set<String> set, OAuth20Token oAuth20Token, HttpServletRequest httpServletRequest) {
        TreeSet treeSet = new TreeSet(set);
        treeSet.addAll(oAuth20Token.getScopes());
        return treeSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessTokenRequestDataHolder extractInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessTokenRequestDataHolder.AccessTokenRequestDataHolderBuilder accessTokenRequestDataHolderBuilder) {
        return accessTokenRequestDataHolderBuilder.build();
    }

    protected String getRegisteredServiceIdentifierFromRequest(JEEContext jEEContext) {
        return (String) jEEContext.getRequestParameter("redirect_uri").map((v0) -> {
            return String.valueOf(v0);
        }).orElse("");
    }

    protected boolean isAllowedToGenerateRefreshToken() {
        return true;
    }

    protected String getOAuthParameterName() {
        return "code";
    }

    protected String getOAuthParameter(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(getOAuthParameterName());
    }

    protected OAuth20Token getOAuthTokenFromRequest(HttpServletRequest httpServletRequest) {
        OAuth20Token oAuth20Token = (OAuth20Token) getOAuthConfigurationContext().getTicketRegistry().getTicket(getOAuthParameter(httpServletRequest), OAuth20Token.class);
        if (oAuth20Token != null && !oAuth20Token.isExpired()) {
            return oAuth20Token;
        }
        LOGGER.error("OAuth token indicated by parameter [{}] has expired or not found: [{}]", getOAuthParameter(httpServletRequest), oAuth20Token);
        if (oAuth20Token == null) {
            return null;
        }
        getOAuthConfigurationContext().getTicketRegistry().deleteTicket(oAuth20Token.getId());
        return null;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean supports(HttpServletRequest httpServletRequest) {
        return OAuth20Utils.isGrantType(httpServletRequest.getParameter("grant_type"), getGrantType());
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20GrantTypes getGrantType() {
        return OAuth20GrantTypes.AUTHORIZATION_CODE;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20ResponseTypes getResponseType() {
        return OAuth20ResponseTypes.NONE;
    }

    protected OAuthRegisteredService getOAuthRegisteredServiceBy(JEEContext jEEContext) {
        OAuthRegisteredService registeredOAuthServiceByRedirectUri = OAuth20Utils.getRegisteredOAuthServiceByRedirectUri(getOAuthConfigurationContext().getServicesManager(), getRegisteredServiceIdentifierFromRequest(jEEContext));
        if (registeredOAuthServiceByRedirectUri == null) {
            registeredOAuthServiceByRedirectUri = OAuth20Utils.getRegisteredOAuthServiceByClientId(getOAuthConfigurationContext().getServicesManager(), OAuth20Utils.getClientIdAndClientSecret(jEEContext).getLeft());
        }
        LOGGER.debug("Located registered service [{}]", registeredOAuthServiceByRedirectUri);
        return registeredOAuthServiceByRedirectUri;
    }
}
