package org.apereo.cas.support.oauth.web.response.accesstoken.response;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.oauth.OAuth20Constants;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGeneratedResult;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.inspektr.audit.annotation.Audit;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.json.MappingJackson2JsonView;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/response/OAuth20DefaultAccessTokenResponseGenerator.class */
public class OAuth20DefaultAccessTokenResponseGenerator implements OAuth20AccessTokenResponseGenerator {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();
    protected final JwtBuilder accessTokenJwtBuilder;
    private final CasConfigurationProperties casProperties;

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseGenerator
    @Audit(action = "OAUTH2_ACCESS_TOKEN_RESPONSE", actionResolverName = "OAUTH2_ACCESS_TOKEN_RESPONSE_ACTION_RESOLVER", resourceResolverName = "OAUTH2_ACCESS_TOKEN_RESPONSE_RESOURCE_RESOLVER")
    public ModelAndView generate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth20AccessTokenResponseResult oAuth20AccessTokenResponseResult) {
        return shouldGenerateDeviceFlowResponse(oAuth20AccessTokenResponseResult) ? generateResponseForDeviceToken(httpServletRequest, httpServletResponse, oAuth20AccessTokenResponseResult) : generateResponseForAccessToken(httpServletRequest, httpServletResponse, oAuth20AccessTokenResponseResult);
    }

    private static boolean shouldGenerateDeviceFlowResponse(OAuth20AccessTokenResponseResult oAuth20AccessTokenResponseResult) {
        OAuth20TokenGeneratedResult generatedToken = oAuth20AccessTokenResponseResult.getGeneratedToken();
        return OAuth20ResponseTypes.DEVICE_CODE == oAuth20AccessTokenResponseResult.getResponseType() && generatedToken.getDeviceCode().isPresent() && generatedToken.getUserCode().isPresent() && generatedToken.getAccessToken().isEmpty();
    }

    protected ModelAndView generateResponseForDeviceToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth20AccessTokenResponseResult oAuth20AccessTokenResponseResult) {
        return new ModelAndView(new MappingJackson2JsonView(MAPPER), getDeviceTokenResponseModel(oAuth20AccessTokenResponseResult));
    }

    protected Map getDeviceTokenResponseModel(OAuth20AccessTokenResponseResult oAuth20AccessTokenResponseResult) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(OAuth20Constants.DEVICE_VERIFICATION_URI, oAuth20AccessTokenResponseResult.getCasProperties().getServer().getPrefix().concat(OAuth20Constants.BASE_OAUTH20_URL).concat("/").concat(OAuth20Constants.DEVICE_AUTHZ_URL));
        linkedHashMap.put(OAuth20Constants.EXPIRES_IN, Long.valueOf(oAuth20AccessTokenResponseResult.getDeviceTokenTimeout()));
        OAuth20TokenGeneratedResult generatedToken = oAuth20AccessTokenResponseResult.getGeneratedToken();
        generatedToken.getUserCode().ifPresent(str -> {
            linkedHashMap.put(OAuth20Constants.DEVICE_USER_CODE, str);
        });
        generatedToken.getDeviceCode().ifPresent(str2 -> {
            linkedHashMap.put(OAuth20Constants.DEVICE_CODE, str2);
        });
        linkedHashMap.put(OAuth20Constants.DEVICE_INTERVAL, Long.valueOf(oAuth20AccessTokenResponseResult.getDeviceRefreshInterval()));
        return linkedHashMap;
    }

    protected ModelAndView generateResponseForAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth20AccessTokenResponseResult oAuth20AccessTokenResponseResult) {
        return new ModelAndView(new MappingJackson2JsonView(MAPPER), getAccessTokenResponseModel(httpServletRequest, httpServletResponse, oAuth20AccessTokenResponseResult));
    }

    protected Map<String, Object> getAccessTokenResponseModel(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth20AccessTokenResponseResult oAuth20AccessTokenResponseResult) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        OAuth20TokenGeneratedResult generatedToken = oAuth20AccessTokenResponseResult.getGeneratedToken();
        generatedToken.getAccessToken().ifPresent(oAuth20AccessToken -> {
            linkedHashMap.put(OAuth20Constants.ACCESS_TOKEN, encodeAccessToken(oAuth20AccessToken, oAuth20AccessTokenResponseResult));
            linkedHashMap.put(OAuth20Constants.SCOPE, String.join(" ", oAuth20AccessToken.getScopes()));
            linkedHashMap.put(OAuth20Constants.EXPIRES_IN, Long.valueOf(oAuth20AccessToken.getExpiresIn()));
        });
        generatedToken.getRefreshToken().ifPresent(oAuth20RefreshToken -> {
            linkedHashMap.put(OAuth20Constants.REFRESH_TOKEN, oAuth20RefreshToken.getId());
        });
        linkedHashMap.put(OAuth20Constants.TOKEN_TYPE, OAuth20Constants.TOKEN_TYPE_BEARER);
        return linkedHashMap;
    }

    protected String encodeAccessToken(OAuth20AccessToken oAuth20AccessToken, OAuth20AccessTokenResponseResult oAuth20AccessTokenResponseResult) {
        return OAuth20JwtAccessTokenEncoder.builder().accessToken(oAuth20AccessToken).registeredService(oAuth20AccessTokenResponseResult.getRegisteredService()).service(oAuth20AccessTokenResponseResult.getService()).accessTokenJwtBuilder(this.accessTokenJwtBuilder).casProperties(this.casProperties).build().encode();
    }

    @Generated
    public OAuth20DefaultAccessTokenResponseGenerator(JwtBuilder jwtBuilder, CasConfigurationProperties casConfigurationProperties) {
        this.accessTokenJwtBuilder = jwtBuilder;
        this.casProperties = casConfigurationProperties;
    }
}
