package org.fcrepo.auth.oauth.api;

import javax.annotation.PostConstruct;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.fcrepo.auth.oauth.Constants;
import org.fcrepo.auth.oauth.TokenRequestValidations;
import org.fcrepo.auth.oauth.impl.DefaultTokenRequestValidations;
import org.fcrepo.http.commons.AbstractResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Path("/token")
@Component
/* loaded from: input_file:org/fcrepo/auth/oauth/api/TokenEndpoint.class */
public class TokenEndpoint extends AbstractResource {
    public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).";
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenEndpoint.class);

    @Autowired(required = false)
    private TokenRequestValidations requestValidator;

    @PostConstruct
    void defaultValidations() {
        if (this.requestValidator == null) {
            this.requestValidator = new DefaultTokenRequestValidations(this.sessions);
        }
    }

    @POST
    @Produces({"application/json"})
    @Consumes({"application/x-www-form-urlencoded"})
    public Response getToken(@Context HttpServletRequest httpServletRequest) throws OAuthSystemException, RepositoryException {
        LOGGER.debug("Received request for token carried on request: {}", httpServletRequest);
        OAuthIssuerImpl oAuthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
        try {
            OAuthTokenRequest oAuthTokenRequest = new OAuthTokenRequest(httpServletRequest);
            if (!this.requestValidator.isValidClient(oAuthTokenRequest)) {
                OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(400).setError("invalid_client").setErrorDescription(INVALID_CLIENT_DESCRIPTION).buildJSONMessage();
                return Response.status(buildJSONMessage.getResponseStatus()).entity(buildJSONMessage.getBody()).build();
            }
            if (!this.requestValidator.isValidSecret(oAuthTokenRequest)) {
                OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(401).setError("unauthorized_client").setErrorDescription(INVALID_CLIENT_DESCRIPTION).buildJSONMessage();
                return Response.status(buildJSONMessage2.getResponseStatus()).entity(buildJSONMessage2.getBody()).build();
            }
            if (oAuthTokenRequest.getParam("grant_type").equals(GrantType.AUTHORIZATION_CODE.toString())) {
                if (!this.requestValidator.isValidAuthCode(oAuthTokenRequest)) {
                    OAuthResponse buildJSONMessage3 = OAuthResponse.errorResponse(400).setError("invalid_grant").setErrorDescription("invalid authorization code").buildJSONMessage();
                    return Response.status(buildJSONMessage3.getResponseStatus()).entity(buildJSONMessage3.getBody()).build();
                }
            } else if (oAuthTokenRequest.getParam("grant_type").equals(GrantType.PASSWORD.toString())) {
                if (!this.requestValidator.isValidCredentials(oAuthTokenRequest)) {
                    OAuthResponse buildJSONMessage4 = OAuthResponse.errorResponse(400).setError("invalid_grant").setErrorDescription("invalid username or password").buildJSONMessage();
                    return Response.status(buildJSONMessage4.getResponseStatus()).entity(buildJSONMessage4.getBody()).build();
                }
            } else if (oAuthTokenRequest.getParam("grant_type").equals(GrantType.REFRESH_TOKEN.toString())) {
                OAuthResponse buildJSONMessage5 = OAuthResponse.errorResponse(400).setError("invalid_grant").setErrorDescription("invalid username or password").buildJSONMessage();
                return Response.status(buildJSONMessage5.getResponseStatus()).entity(buildJSONMessage5.getBody()).build();
            }
            String accessToken = oAuthIssuerImpl.accessToken();
            LOGGER.debug("Created token: {}", accessToken);
            saveToken(accessToken, oAuthTokenRequest.getClientId(), oAuthTokenRequest.getUsername());
            OAuthResponse buildJSONMessage6 = OAuthASResponse.tokenResponse(200).setAccessToken(accessToken).setExpiresIn("3600").buildJSONMessage();
            return Response.status(buildJSONMessage6.getResponseStatus()).entity(buildJSONMessage6.getBody()).build();
        } catch (OAuthProblemException e) {
            OAuthResponse buildJSONMessage7 = OAuthResponse.errorResponse(400).error(e).buildJSONMessage();
            throw new WebApplicationException(e, Response.status(buildJSONMessage7.getResponseStatus()).entity(buildJSONMessage7.getBody()).build());
        }
    }

    private void saveToken(String str, String str2, String str3) throws RepositoryException {
        Session internalSession = this.sessions.getInternalSession(Constants.OAUTH_WORKSPACE);
        try {
            Node findOrCreateNode = jcrTools.findOrCreateNode(internalSession, "/tokens/" + str);
            findOrCreateNode.setProperty(Constants.CLIENT_PROPERTY, str2);
            findOrCreateNode.setProperty(Constants.PRINCIPAL_PROPERTY, str3);
            internalSession.save();
            internalSession.logout();
        } catch (Throwable th) {
            internalSession.logout();
            throw th;
        }
    }

    @PostConstruct
    public void init() throws RepositoryException {
        Util.createOauthWorkspace(this.sessions);
    }
}
