package leap.oauth2.as.endpoint;

import java.util.LinkedHashMap;
import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.validation.Validation;
import leap.lang.Strings;
import leap.lang.net.Urls;
import leap.oauth2.OAuth2Errors;
import leap.oauth2.OAuth2Params;
import leap.oauth2.as.OAuth2AuthzServerConfig;
import leap.oauth2.as.client.AuthzClient;
import leap.oauth2.as.client.AuthzClientManager;
import leap.oauth2.as.token.AuthzAccessToken;
import leap.oauth2.as.token.AuthzTokenManager;
import leap.web.Endpoint;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfigurator;

/* loaded from: input_file:leap/oauth2/as/endpoint/AbstractAuthzEndpoint.class */
public abstract class AbstractAuthzEndpoint implements Endpoint {

    @Inject
    protected SecurityConfigurator sc;

    @Inject
    protected OAuth2AuthzServerConfig config;

    @Inject
    protected AuthzClientManager clientManager;

    @Inject
    protected AuthzTokenManager tokenManager;

    @Inject
    protected BeanFactory factory;

    protected AuthzClient validateClient(Request request, Response response, OAuth2Params oAuth2Params) throws Throwable {
        Validation validation = request.getValidation();
        String clientId = oAuth2Params.getClientId();
        if (Strings.isEmpty(clientId)) {
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "client_id required");
            request.forwardToView(this.config.getErrorView());
            return null;
        }
        String redirectUri = oAuth2Params.getRedirectUri();
        if (Strings.isEmpty(redirectUri)) {
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "redirect_uri required");
            request.forwardToView(this.config.getErrorView());
            return null;
        }
        AuthzClient loadClientById = this.clientManager.loadClientById(clientId);
        if (null == loadClientById) {
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "invalid client_id");
            request.forwardToView(this.config.getErrorView());
            return null;
        }
        if (!loadClientById.isEnabled()) {
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "client disabled");
            request.forwardToView(this.config.getErrorView());
            return null;
        }
        if (loadClientById.acceptsRedirectUri(redirectUri)) {
            return loadClientById;
        }
        validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "invalid redirect_uri");
        request.forwardToView(this.config.getErrorView());
        return null;
    }

    protected void redirectToken(Request request, Response response, OAuth2Params oAuth2Params, AuthzAccessToken authzAccessToken) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(5);
        linkedHashMap.put(OAuth2Params.ACCESS_TOKEN, authzAccessToken.getToken());
        linkedHashMap.put(OAuth2Params.TOKEN_TYPE, "bearer");
        if (authzAccessToken.getExpiresInFormNow() > 0) {
            linkedHashMap.put("expires_in", String.valueOf(authzAccessToken.getExpiresInFormNow()));
        }
        if (!Strings.isEmpty(authzAccessToken.getScope())) {
            linkedHashMap.put(OAuth2Params.SCOPE, authzAccessToken.getScope());
        }
        if (!Strings.isEmpty(oAuth2Params.getState())) {
            linkedHashMap.put(OAuth2Params.STATE, oAuth2Params.getState());
        }
        response.sendRedirect(Urls.appendQueryString(oAuth2Params.getRedirectUri(), Urls.getQueryString(linkedHashMap)));
    }
}
