package org.iplass.mtp.impl.auth.oauth.command;

import java.util.HashMap;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.webapi.WebApi;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthAuthorization;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.OAuthApplicationException;
import org.iplass.mtp.impl.auth.oauth.OAuthTokens;
import org.iplass.mtp.impl.auth.oauth.idtoken.IdToken;
import org.iplass.mtp.impl.auth.oauth.token.AccessToken;
import org.iplass.mtp.impl.auth.oauth.util.OAuthConstants;
import org.iplass.mtp.impl.auth.oauth.util.OAuthEndpointConstants;
import org.iplass.mtp.util.StringUtil;
import org.iplass.mtp.webapi.WebApiRequestConstants;
import org.iplass.mtp.webapi.definition.CacheControlType;
import org.iplass.mtp.webapi.definition.MethodType;
import org.iplass.mtp.webapi.definition.RequestType;
import org.iplass.mtp.webapi.definition.StateType;

@WebApi(name = "oauth/token", accepts = {RequestType.REST_FORM}, methods = {MethodType.POST}, checkXRequestedWithHeader = false, privilaged = true, state = StateType.STATELESS, cacheControlType = CacheControlType.NO_CACHE, responseType = "application/json")
@CommandClass(name = "mtp/oauth/TokenCommand", displayName = "OAuth2.0 Token Endpoint")
/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/command/TokenCommand.class */
public class TokenCommand implements Command, OAuthEndpointConstants {
    static final String STAT_SUCCESS = "SUCCESS";

    public String execute(RequestContext requestContext) {
        MetaOAuthClient.OAuthClientRuntime validateClient = CommandUtil.validateClient(requestContext, true);
        String stripToNull = StringUtil.stripToNull(requestContext.getParam(OAuthEndpointConstants.PARAM_GRANT_TYPE));
        if (OAuthConstants.GRANT_TYPE_AUTHORIZATION_CODE.equals(stripToNull)) {
            return authorizationCode(requestContext, validateClient);
        }
        if ("refresh_token".equals(stripToNull)) {
            return refreshToken(requestContext, validateClient);
        }
        throw new WebApplicationException(CommandUtil.buildErrorResponse(OAuthConstants.ERROR_UNSUPPORTED_GRANT_TYPE, null, null));
    }

    private String authorizationCode(RequestContext requestContext, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
        String stripToNull = StringUtil.stripToNull(requestContext.getParam("code"));
        if (stripToNull == null) {
            throw new WebApplicationException(CommandUtil.buildErrorResponse("invalid_request", "code must specify", null));
        }
        String stripToNull2 = StringUtil.stripToNull(requestContext.getParam(OAuthEndpointConstants.PARAM_REDIRECT_URI));
        String stripToNull3 = StringUtil.stripToNull(requestContext.getParam(OAuthEndpointConstants.PARAM_CODE_VERIFIER));
        try {
            MetaOAuthAuthorization.OAuthAuthorizationRuntime authorizationServer = oAuthClientRuntime.getAuthorizationServer();
            OAuthTokens exchangeCodeToToken = authorizationServer.exchangeCodeToToken(stripToNull, stripToNull2, stripToNull3, oAuthClientRuntime);
            requestContext.setAttribute(WebApiRequestConstants.DEFAULT_RESULT, Response.ok().type(MediaType.APPLICATION_JSON_TYPE.withCharset("UTF-8")).entity(toResponseEntity(exchangeCodeToToken.getAccessToken(), exchangeCodeToToken.getIdToken(), requestContext, authorizationServer)));
            return "SUCCESS";
        } catch (OAuthApplicationException e) {
            throw new WebApplicationException(CommandUtil.buildErrorResponse(e.getCode(), e.getDescription(), null));
        }
    }

    private Object toResponseEntity(AccessToken accessToken, IdToken idToken, RequestContext requestContext, MetaOAuthAuthorization.OAuthAuthorizationRuntime oAuthAuthorizationRuntime) {
        HashMap hashMap = new HashMap();
        hashMap.put("access_token", accessToken.getTokenEncoded());
        hashMap.put(OAuthEndpointConstants.PARAM_TOKEN_TYPE, "Bearer");
        hashMap.put(OAuthEndpointConstants.PARAM_EXPIRES_IN, Long.valueOf(accessToken.getExpiresIn()));
        if (accessToken.getGrantedScopes() != null) {
            hashMap.put(OAuthEndpointConstants.PARAM_SCOPE, String.join(" ", accessToken.getGrantedScopes()));
        }
        if (accessToken.getRefreshToken() != null) {
            hashMap.put("refresh_token", accessToken.getRefreshToken().getTokenEncoded());
            hashMap.put(OAuthEndpointConstants.PARAM_REFRESH_TOKEN_EXPIRES_IN, Long.valueOf(accessToken.getRefreshToken().getExpiresIn()));
        }
        if (idToken != null) {
            hashMap.put(OAuthEndpointConstants.PARAM_ID_TOKEN, idToken.getTokenEncoded(oAuthAuthorizationRuntime.issuerId(requestContext)));
        }
        return hashMap;
    }

    private String refreshToken(RequestContext requestContext, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
        String stripToNull = StringUtil.stripToNull(requestContext.getParam("refresh_token"));
        if (stripToNull == null) {
            throw new WebApplicationException(CommandUtil.buildErrorResponse("invalid_request", "refresh_token must specify", null));
        }
        try {
            MetaOAuthAuthorization.OAuthAuthorizationRuntime authorizationServer = oAuthClientRuntime.getAuthorizationServer();
            requestContext.setAttribute(WebApiRequestConstants.DEFAULT_RESULT, Response.ok().type(MediaType.APPLICATION_JSON_TYPE.withCharset("UTF-8")).entity(toResponseEntity(authorizationServer.refreshToken(stripToNull, oAuthClientRuntime), null, null, authorizationServer)));
            return "SUCCESS";
        } catch (OAuthApplicationException e) {
            throw new WebApplicationException(CommandUtil.buildErrorResponse(e.getCode(), e.getDescription(), null));
        }
    }
}
