package leap.oauth2.as.endpoint.token;

import java.util.function.Consumer;
import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.oauth2.OAuth2Errors;
import leap.oauth2.OAuth2Params;
import leap.oauth2.Oauth2MessageKey;
import leap.oauth2.as.authc.AuthzAuthentication;
import leap.oauth2.as.authc.AuthzAuthenticationManager;
import leap.oauth2.as.client.AuthzClient;
import leap.oauth2.as.client.AuthzClientCredentials;
import leap.oauth2.as.code.AuthzCode;
import leap.oauth2.as.code.AuthzCodeManager;
import leap.oauth2.as.token.AuthzAccessToken;
import leap.oauth2.as.token.AuthzTokenManager;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfig;

/* loaded from: input_file:leap/oauth2/as/endpoint/token/CodeGrantTypeHandler.class */
public class CodeGrantTypeHandler extends AbstractGrantTypeHandler implements GrantTypeHandler {

    @Inject
    protected SecurityConfig sc;

    @Inject
    protected AuthzCodeManager codeManager;

    @Inject
    protected AuthzTokenManager tokenManager;

    @Inject
    private AuthzAuthenticationManager authzAuthenticationManager;

    @Override // leap.oauth2.as.endpoint.token.GrantTypeHandler
    public void handleRequest(Request request, Response response, OAuth2Params oAuth2Params, Consumer<AuthzAccessToken> consumer) throws Throwable {
        AuthzClient validateClientSecret;
        if (!this.config.isAuthorizationCodeEnabled()) {
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey -> {
                return OAuth2Errors.unsupportedGrantTypeError(request, messageKey, null);
            }, Oauth2MessageKey.ERROR_UNSUPPORTED_GRANT_TYPE_TYPE, "authorization_code"));
            return;
        }
        String code = oAuth2Params.getCode();
        if (Strings.isEmpty(code)) {
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey2 -> {
                return OAuth2Errors.invalidRequestError(request, messageKey2, "authorization code required");
            }, Oauth2MessageKey.INVALID_REQUEST_AUTHORIZATION_CODE_REQUIRED, new Object[0]));
            return;
        }
        AuthzClientCredentials extractClientCredentials = extractClientCredentials(request, response, oAuth2Params);
        if (extractClientCredentials == null || null == (validateClientSecret = validateClientSecret(request, response, extractClientCredentials))) {
            return;
        }
        if (!validateClientSecret.isAllowAuthorizationCode()) {
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey3 -> {
                return OAuth2Errors.invalidGrantError(request, messageKey3, "authorization code not allow");
            }, Oauth2MessageKey.ERROR_INVALID_GRANT_AUTHORIZATION_CODE_NOT_ALLOW, validateClientSecret.getId()));
            return;
        }
        AuthzCode consumeAuthorizationCode = this.codeManager.consumeAuthorizationCode(code);
        if (null == consumeAuthorizationCode) {
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey4 -> {
                return OAuth2Errors.invalidGrantError(request, messageKey4, "invalid authorization code");
            }, Oauth2MessageKey.ERROR_INVALID_GRANT_INVALID_AUTHORIZATION_CODE, consumeAuthorizationCode));
            return;
        }
        if (consumeAuthorizationCode.isExpired()) {
            this.codeManager.removeAuthorizationCode(consumeAuthorizationCode);
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey5 -> {
                return OAuth2Errors.invalidGrantError(request, messageKey5, "authorization code expired");
            }, Oauth2MessageKey.ERROR_INVALID_GRANT_AUTHORIZATION_CODE_EXPIRED, consumeAuthorizationCode));
            return;
        }
        AuthzAuthentication createAuthzAuthentication = this.authzAuthenticationManager.createAuthzAuthentication(oAuth2Params, validateClientSecret, consumeAuthorizationCode);
        if (null == createAuthzAuthentication) {
            handleError(request, response, oAuth2Params, getOauth2Error(messageKey6 -> {
                return OAuth2Errors.invalidGrantError(request, messageKey6, "user id '" + consumeAuthorizationCode.getUserId() + "' not found");
            }, Oauth2MessageKey.ERROR_INVALID_GRANT_USER_NOT_FOUND, consumeAuthorizationCode.getUserId()));
        } else {
            consumer.accept(this.tokenManager.createAccessToken(createAuthzAuthentication));
        }
    }
}
