package org.iplass.mtp.impl.auth.oauth.command;

import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.action.ActionMapping;
import org.iplass.mtp.command.annotation.action.Result;
import org.iplass.mtp.impl.auth.oauth.OAuthAuthorizationService;
import org.iplass.mtp.impl.auth.oauth.OAuthConstants;
import org.iplass.mtp.impl.auth.oauth.code.AuthorizationRequest;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.web.WebRequestConstants;

@ActionMapping(name = "oauth/consent", clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, synchronizeOnSession = true, result = {@Result(status = "SUCCESS_REDIRECT", type = Result.Type.REDIRECT, allowExternalLocation = true, value = WebRequestConstants.REDIRECT_PATH), @Result(status = "SUCCESS_POST", type = Result.Type.TEMPLATE, value = AuthorizeCommand.TMPL_POST), @Result(status = "ERROR_REDIRECT", type = Result.Type.REDIRECT, allowExternalLocation = true, value = WebRequestConstants.REDIRECT_PATH)})
@CommandClass(name = "mtp/oauth/ConsentCommand", displayName = "OAuth2.0 Consent Processing")
/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/command/ConsentCommand.class */
public class ConsentCommand implements Command {
    public static final String PARAM_REQUEST_ID = "requestId";
    public static final String PARAM_SUBMIT = "submit";
    public static final String SUBMIT_CANCEL = "cancel";
    public static final String SUBMIT_ACCEPT = "accept";
    private AuthorizeCommand authorizeCommand = new AuthorizeCommand();
    private OAuthAuthorizationService authorizationService = (OAuthAuthorizationService) ServiceRegistry.getRegistry().getService(OAuthAuthorizationService.class);

    public String execute(RequestContext requestContext) {
        String param = requestContext.getParam(PARAM_REQUEST_ID);
        String param2 = requestContext.getParam(PARAM_SUBMIT);
        try {
            AuthorizationRequest authorizationRequest = (AuthorizationRequest) requestContext.getSession().getAttribute(AuthorizeCommand.SESSION_AUTHORIZATION_REQUEST);
            if (authorizationRequest == null) {
                throw new ApplicationException("Invalid OAuth authorization flow.");
            }
            if (!authorizationRequest.getRequestId().equals(param)) {
                throw new ApplicationException("Invalid OAuth authorization flow.");
            }
            if (!SUBMIT_ACCEPT.equals(param2)) {
                return this.authorizeCommand.error(requestContext, OAuthConstants.ERROR_ACCESS_DENIED, "User canceled OAuth request.", authorizationRequest);
            }
            return this.authorizeCommand.success(requestContext, this.authorizationService.getRuntimeByName(authorizationRequest.getAuthorizationServerId()).generateCode(authorizationRequest));
        } finally {
            requestContext.getSession().removeAttribute(AuthorizeCommand.SESSION_AUTHORIZATION_REQUEST);
        }
    }
}
