package org.apache.cxf.rs.security.oauth2.services;

import java.security.Principal;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.class */
public class AbstractTokenService extends AbstractOAuthService {
    private boolean canSupportPublicClients;
    private boolean writeCustomErrors;

    /* JADX INFO: Access modifiers changed from: protected */
    public Client authenticateClientIfNeeded(MultivaluedMap<String, String> multivaluedMap) {
        Client client = null;
        SecurityContext securityContext = getMessageContext().getSecurityContext();
        if (multivaluedMap.containsKey(OAuthConstants.CLIENT_ID)) {
            client = getAndValidateClient((String) multivaluedMap.getFirst(OAuthConstants.CLIENT_ID), (String) multivaluedMap.getFirst(OAuthConstants.CLIENT_SECRET));
        } else if (securityContext.getUserPrincipal() != null) {
            Principal userPrincipal = securityContext.getUserPrincipal();
            if ("Basic".equalsIgnoreCase(securityContext.getAuthenticationScheme())) {
                client = getClient(userPrincipal.getName());
            } else {
                Object obj = getMessageContext().get(OAuthConstants.CLIENT_ID);
                if (obj != null) {
                    client = getClient(obj.toString());
                }
            }
        } else {
            String[] authorizationParts = AuthorizationUtils.getAuthorizationParts(getMessageContext());
            if ("Basic".equalsIgnoreCase(authorizationParts[0])) {
                String[] basicAuthParts = AuthorizationUtils.getBasicAuthParts(authorizationParts[1]);
                client = getAndValidateClient(basicAuthParts[0], basicAuthParts[1]);
            }
        }
        if (client == null) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

    protected Client getAndValidateClient(String str, String str2) {
        Client client = getClient(str);
        if (this.canSupportPublicClients && !client.isConfidential() && client.getClientSecret() == null && str2 == null) {
            return client;
        }
        if (str2 == null || client.getClientSecret() == null || !client.getClientId().equals(str) || !client.getClientSecret().equals(str2)) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response handleException(OAuthServiceException oAuthServiceException, String str) {
        OAuthError error = oAuthServiceException.getError();
        return (!this.writeCustomErrors || error == null) ? createErrorResponseFromBean(new OAuthError(str)) : createErrorResponseFromBean(error);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response createErrorResponse(MultivaluedMap<String, String> multivaluedMap, String str) {
        return createErrorResponseFromBean(new OAuthError(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response createErrorResponseFromBean(OAuthError oAuthError) {
        return Response.status(400).entity(oAuthError).build();
    }

    protected Client getClient(String str) {
        Client client = null;
        try {
            client = getValidClient(str);
        } catch (OAuthServiceException e) {
        }
        if (client == null) {
            reportInvalidRequestError("Client ID is invalid");
        }
        return client;
    }

    public void setCanSupportPublicClients(boolean z) {
        this.canSupportPublicClients = z;
    }

    public boolean isCanSupportPublicClients() {
        return this.canSupportPublicClients;
    }

    public void setWriteCustomErrors(boolean z) {
        this.writeCustomErrors = z;
    }
}
