package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Optional;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.DefaultAuthenticationResult;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20Constants;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenPasswordGrantRequestExtractor.class */
public class AccessTokenPasswordGrantRequestExtractor extends BaseAccessTokenGrantRequestExtractor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccessTokenPasswordGrantRequestExtractor.class);

    public AccessTokenPasswordGrantRequestExtractor(OAuth20ConfigurationContext oAuth20ConfigurationContext) {
        super(oAuth20ConfigurationContext);
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public AccessTokenRequestDataHolder extract(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JEEContext jEEContext = new JEEContext(httpServletRequest, httpServletResponse, getOAuthConfigurationContext().getSessionStore());
        String str = (String) OAuth20Utils.getClientIdAndClientSecret(jEEContext).getKey();
        Set<String> parseRequestScopes = OAuth20Utils.parseRequestScopes(httpServletRequest);
        LOGGER.debug("Locating OAuth registered service by client id [{}]", str);
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(getOAuthConfigurationContext().getServicesManager(), str);
        LOGGER.debug("Located OAuth registered service [{}]", registeredOAuthServiceByClientId);
        Optional optional = new ProfileManager(jEEContext, jEEContext.getSessionStore()).get(true);
        if (optional.isEmpty()) {
            throw new UnauthorizedServiceException("OAuth user profile cannot be determined");
        }
        CommonProfile commonProfile = (CommonProfile) optional.get();
        LOGGER.debug("Creating matching service request based on [{}]", registeredOAuthServiceByClientId);
        boolean isRequireServiceHeader = getOAuthConfigurationContext().getCasProperties().getAuthn().getOauth().getGrants().getResourceOwner().isRequireServiceHeader();
        if (isRequireServiceHeader) {
            LOGGER.debug("Using request headers to identify and build the target service url");
        }
        Service buildService = getOAuthConfigurationContext().getAuthenticationBuilder().buildService(registeredOAuthServiceByClientId, jEEContext, isRequireServiceHeader);
        LOGGER.debug("Authenticating the OAuth request indicated by [{}]", buildService);
        Authentication build = getOAuthConfigurationContext().getAuthenticationBuilder().build(commonProfile, registeredOAuthServiceByClientId, jEEContext, buildService);
        getOAuthConfigurationContext().getRegisteredServiceAccessStrategyEnforcer().execute(AuditableContext.builder().service(buildService).authentication(build).registeredService(registeredOAuthServiceByClientId).retrievePrincipalAttributesFromReleasePolicy(Boolean.TRUE).build()).throwExceptionIfNeeded();
        return AccessTokenRequestDataHolder.builder().scopes(parseRequestScopes).service(buildService).authentication(build).registeredService(registeredOAuthServiceByClientId).grantType(getGrantType()).ticketGrantingTicket(getOAuthConfigurationContext().getCentralAuthenticationService().createTicketGrantingTicket(new DefaultAuthenticationResult(build, isRequireServiceHeader ? buildService : null))).generateRefreshToken(registeredOAuthServiceByClientId != null && registeredOAuthServiceByClientId.isGenerateRefreshToken()).build();
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean supports(HttpServletRequest httpServletRequest) {
        return OAuth20Utils.isGrantType(httpServletRequest.getParameter(OAuth20Constants.GRANT_TYPE), getGrantType());
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20ResponseTypes getResponseType() {
        return null;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20GrantTypes getGrantType() {
        return OAuth20GrantTypes.PASSWORD;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean requestMustBeAuthenticated() {
        return true;
    }
}
