package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.model.support.oauth.OAuthProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.OAuthToken;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenAuthorizationCodeGrantRequestExtractor.class */
public class AccessTokenAuthorizationCodeGrantRequestExtractor extends BaseAccessTokenGrantRequestExtractor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccessTokenAuthorizationCodeGrantRequestExtractor.class);
    protected final ServiceFactory<WebApplicationService> webApplicationServiceServiceFactory;

    public AccessTokenAuthorizationCodeGrantRequestExtractor(ServicesManager servicesManager, TicketRegistry ticketRegistry, CentralAuthenticationService centralAuthenticationService, OAuthProperties oAuthProperties, ServiceFactory<WebApplicationService> serviceFactory) {
        super(servicesManager, ticketRegistry, centralAuthenticationService, oAuthProperties);
        this.webApplicationServiceServiceFactory = serviceFactory;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public AccessTokenRequestDataHolder extract(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("grant_type");
        Set<String> parseRequestScopes = OAuth20Utils.parseRequestScopes(httpServletRequest);
        LOGGER.debug("OAuth grant type is [{}]", parameter);
        String registeredServiceIdentifierFromRequest = getRegisteredServiceIdentifierFromRequest(httpServletRequest);
        OAuthRegisteredService oAuthRegisteredServiceBy = getOAuthRegisteredServiceBy(httpServletRequest);
        if (oAuthRegisteredServiceBy == null) {
            throw new UnauthorizedServiceException("Unable to locate service in registry for redirect URI " + registeredServiceIdentifierFromRequest);
        }
        OAuthToken oAuthTokenFromRequest = getOAuthTokenFromRequest(httpServletRequest);
        if (oAuthTokenFromRequest == null) {
            throw new InvalidTicketException(getOAuthParameter(httpServletRequest));
        }
        Service service = (WebApplicationService) this.webApplicationServiceServiceFactory.createService(registeredServiceIdentifierFromRequest);
        parseRequestScopes.addAll(oAuthTokenFromRequest.getScopes());
        return extractInternal(httpServletRequest, httpServletResponse, AccessTokenRequestDataHolder.builder().scopes(parseRequestScopes).service(service).authentication(oAuthTokenFromRequest.getAuthentication()).registeredService(oAuthRegisteredServiceBy).grantType(getGrantType()).generateRefreshToken(isAllowedToGenerateRefreshToken() && oAuthRegisteredServiceBy != null && oAuthRegisteredServiceBy.isGenerateRefreshToken()).token(oAuthTokenFromRequest).ticketGrantingTicket(oAuthTokenFromRequest.getTicketGrantingTicket()));
    }

    protected AccessTokenRequestDataHolder extractInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessTokenRequestDataHolder.AccessTokenRequestDataHolderBuilder accessTokenRequestDataHolderBuilder) {
        return accessTokenRequestDataHolderBuilder.build();
    }

    protected String getRegisteredServiceIdentifierFromRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("redirect_uri");
    }

    protected boolean isAllowedToGenerateRefreshToken() {
        return true;
    }

    protected String getOAuthParameterName() {
        return "code";
    }

    protected String getOAuthParameter(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(getOAuthParameterName());
    }

    protected OAuthToken getOAuthTokenFromRequest(HttpServletRequest httpServletRequest) {
        OAuthToken ticket = this.ticketRegistry.getTicket(getOAuthParameter(httpServletRequest), OAuthToken.class);
        if (ticket != null && !ticket.isExpired()) {
            return ticket;
        }
        LOGGER.error("OAuth token indicated by parameter [{}] has expired or not found: [{}]", getOAuthParameter(httpServletRequest), ticket);
        if (ticket == null) {
            return null;
        }
        this.ticketRegistry.deleteTicket(ticket.getId());
        return null;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean supports(HttpServletRequest httpServletRequest) {
        return OAuth20Utils.isGrantType(httpServletRequest.getParameter("grant_type"), getGrantType());
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20GrantTypes getGrantType() {
        return OAuth20GrantTypes.AUTHORIZATION_CODE;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20ResponseTypes getResponseType() {
        return OAuth20ResponseTypes.NONE;
    }

    protected OAuthRegisteredService getOAuthRegisteredServiceBy(HttpServletRequest httpServletRequest) {
        OAuthRegisteredService registeredOAuthServiceByRedirectUri = OAuth20Utils.getRegisteredOAuthServiceByRedirectUri(this.servicesManager, getRegisteredServiceIdentifierFromRequest(httpServletRequest));
        LOGGER.debug("Located registered service [{}]", registeredOAuthServiceByRedirectUri);
        return registeredOAuthServiceByRedirectUri;
    }
}
