package leap.oauth2.as.endpoint;

import java.util.Map;
import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.json.JsonWriter;
import leap.oauth2.OAuth2Params;
import leap.oauth2.OAuth2ResponseException;
import leap.oauth2.RequestOAuth2Params;
import leap.oauth2.as.OAuth2AuthzServerErrorHandler;
import leap.oauth2.as.endpoint.token.DefaultGrantTokenManager;
import leap.oauth2.as.endpoint.token.GrantTypeHandler;
import leap.oauth2.as.token.AuthzAccessToken;
import leap.oauth2.as.token.TokenAuthzProcessor;
import leap.web.App;
import leap.web.Handler;
import leap.web.Request;
import leap.web.Response;
import leap.web.exception.ResponseException;
import leap.web.route.Routes;

/* loaded from: input_file:leap/oauth2/as/endpoint/TokenEndpoint.class */
public class TokenEndpoint extends AbstractAuthzEndpoint implements Handler {

    @Inject
    protected OAuth2AuthzServerErrorHandler errorHandler;

    @Inject
    protected TokenAuthzProcessor[] processors;

    @Inject
    protected DefaultGrantTokenManager grantTokenManager;

    public void startEndpoint(App app, Routes routes) {
        if (this.config.isEnabled()) {
            this.sc.ignore(this.config.getTokenEndpointPath());
            routes.create().post(this.config.getTokenEndpointPath(), this).disableCsrf().enableCors().apply();
        }
    }

    public void handle(Request request, Response response) throws Throwable {
        String parameter = request.getParameter(OAuth2Params.GRANT_TYPE);
        if (Strings.isEmpty(parameter)) {
            this.errorHandler.invalidRequest(response, "'grant_type' required");
            return;
        }
        GrantTypeHandler handler = this.grantTokenManager.getHandler(parameter);
        if (null == handler) {
            this.errorHandler.invalidRequest(response, "Unsupported grant type");
            return;
        }
        try {
            RequestOAuth2Params requestOAuth2Params = new RequestOAuth2Params(request, parameter);
            AuthzAccessToken grantAccessToken = this.grantTokenManager.grantAccessToken(request, response, requestOAuth2Params, handler);
            if (grantAccessToken != null) {
                handleGrantedToken(request, response, requestOAuth2Params, handler, grantAccessToken);
            }
        } catch (OAuth2ResponseException e) {
            this.errorHandler.response(response, e.getStatus(), e.getError(), e.getMessage());
        } catch (ResponseException e2) {
            throw e2;
        } catch (Throwable th) {
            this.errorHandler.serverError(response, th.getMessage(), th);
        }
    }

    protected void handleGrantedToken(Request request, Response response, OAuth2Params oAuth2Params, GrantTypeHandler grantTypeHandler, AuthzAccessToken authzAccessToken) {
        if (null == authzAccessToken) {
            this.errorHandler.serverError(response, "Access token did not returned by granter '" + grantTypeHandler.getClass().getSimpleName() + "'");
            return;
        }
        if (this.processors != null) {
            for (TokenAuthzProcessor tokenAuthzProcessor : this.processors) {
                if (!tokenAuthzProcessor.process(request, response, oAuth2Params, grantTypeHandler, authzAccessToken)) {
                    return;
                }
            }
        }
        if (grantTypeHandler.handleSuccess(request, response, oAuth2Params, authzAccessToken)) {
            return;
        }
        handleDefaultSuccess(request, response, authzAccessToken);
    }

    protected void handleDefaultSuccess(Request request, Response response, AuthzAccessToken authzAccessToken) {
        response.setContentType("application/json;charset=UTF-8");
        JsonWriter jsonWriter = response.getJsonWriter();
        jsonWriter.startObject().property(OAuth2Params.ACCESS_TOKEN, authzAccessToken.getToken()).property(OAuth2Params.TOKEN_TYPE, "bearer");
        jsonWriter.property("expires_in", authzAccessToken.getExpiresInFormNow() > 0 ? authzAccessToken.getExpiresInFormNow() : this.config.getDefaultAccessTokenExpires());
        if (null != authzAccessToken.getRefreshToken()) {
            jsonWriter.property(OAuth2Params.REFRESH_TOKEN, authzAccessToken.getRefreshToken());
        }
        if (null != authzAccessToken.getExtendedParameters()) {
            for (Map.Entry<String, Object> entry : authzAccessToken.getExtendedParameters().entrySet()) {
                jsonWriter.property(entry.getKey(), entry.getValue());
            }
        }
        jsonWriter.endObject();
    }
}
