package com.stormpath.sdk.servlet.mvc;

import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.authc.AuthenticationRequest;
import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.error.Error;
import com.stormpath.sdk.http.HttpMethod;
import com.stormpath.sdk.impl.authc.DefaultBasicApiAuthenticationRequest;
import com.stormpath.sdk.impl.authc.DefaultHttpServletRequestWrapper;
import com.stormpath.sdk.impl.error.DefaultError;
import com.stormpath.sdk.impl.oauth.DefaultIdSiteAuthenticationRequest;
import com.stormpath.sdk.impl.oauth.DefaultOAuthStormpathFactorChallengeGrantRequestAuthentication;
import com.stormpath.sdk.impl.oauth.DefaultOAuthStormpathSocialGrantRequestAuthentication;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.oauth.AccessTokenResult;
import com.stormpath.sdk.oauth.Authenticators;
import com.stormpath.sdk.oauth.OAuthGrantRequestAuthenticationResult;
import com.stormpath.sdk.oauth.OAuthPasswordGrantRequestAuthentication;
import com.stormpath.sdk.oauth.OAuthRefreshTokenRequestAuthentication;
import com.stormpath.sdk.oauth.OAuthRequests;
import com.stormpath.sdk.resource.ResourceException;
import com.stormpath.sdk.servlet.authc.SuccessfulAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.authc.impl.DefaultFailedAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.authc.impl.DefaultSuccessfulAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.authz.RequestAuthorizer;
import com.stormpath.sdk.servlet.event.RequestEvent;
import com.stormpath.sdk.servlet.event.impl.Publisher;
import com.stormpath.sdk.servlet.filter.oauth.AccessTokenAuthenticationRequestFactory;
import com.stormpath.sdk.servlet.filter.oauth.AccessTokenResultFactory;
import com.stormpath.sdk.servlet.filter.oauth.OAuthErrorCode;
import com.stormpath.sdk.servlet.filter.oauth.OAuthException;
import com.stormpath.sdk.servlet.filter.oauth.RefreshTokenAuthenticationRequestFactory;
import com.stormpath.sdk.servlet.filter.oauth.RefreshTokenResultFactory;
import com.stormpath.sdk.servlet.http.Saver;
import com.stormpath.sdk.servlet.http.authc.HttpAuthenticationException;
import com.stormpath.sdk.servlet.http.authc.HttpAuthenticationScheme;
import com.stormpath.sdk.servlet.util.GrantTypeValidator;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/stormpath/sdk/servlet/mvc/AccessTokenController.class */
public class AccessTokenController extends AbstractController {
    private static final Logger log = LoggerFactory.getLogger(AccessTokenController.class);
    private static final String CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials";
    private static final String PASSWORD_GRANT_TYPE = "password";
    private static final String STORMPATH_SOCIAL_GRANT_TYPE = "stormpath_social";
    private static final String STORMPATH_TOKEN_GRANT_TYPE = "stormpath_token";
    private static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
    private static final String STORMPATH_FACTOR_CHALLENGE_GRANT_TYPE = "stormpath_factor_challenge";
    private static final String GRANT_TYPE_PARAM_NAME = "grant_type";
    private static final String OAUTH_RESPONSE_ERROR = "error";
    private static final String OAUTH_RESPONSE_ACTION = "action";
    private static final String OAUTH_RESPONSE_ERROR_DESCRIPTION = "error_description";
    private static final String OAUTH_RESPONSE_STATE = "state";
    private static final String OAUTH_RESPONSE_ALLOWED_FACTOR_TYPES = "allowedFactorTypes";
    private static final String OAUTH_RESPONSE_FACTOR = "factor";
    private static final String OAUTH_RESPONSE_CHALLENGE = "challenge";
    private static final String OAUTH_RESPONSE_FACTORS = "factors";
    private RefreshTokenResultFactory refreshTokenResultFactory;
    private RefreshTokenAuthenticationRequestFactory refreshTokenAuthenticationRequestFactory;
    private RequestAuthorizer requestAuthorizer;
    private AccessTokenAuthenticationRequestFactory authenticationRequestFactory;
    private AccessTokenResultFactory resultFactory;
    private Saver<AuthenticationResult> accountSaver;
    private Publisher<RequestEvent> eventPublisher;
    private HttpAuthenticationScheme basicAuthenticationScheme;
    private GrantTypeValidator grantTypeValidator;

    public void setBasicAuthenticationScheme(HttpAuthenticationScheme httpAuthenticationScheme) {
        this.basicAuthenticationScheme = httpAuthenticationScheme;
    }

    public RequestAuthorizer getRequestAuthorizer() {
        return this.requestAuthorizer;
    }

    public void setRequestAuthorizer(RequestAuthorizer requestAuthorizer) {
        this.requestAuthorizer = requestAuthorizer;
    }

    public AccessTokenAuthenticationRequestFactory getAccessTokenAuthenticationRequestFactory() {
        return this.authenticationRequestFactory;
    }

    public void setAccessTokenAuthenticationRequestFactory(AccessTokenAuthenticationRequestFactory accessTokenAuthenticationRequestFactory) {
        this.authenticationRequestFactory = accessTokenAuthenticationRequestFactory;
    }

    public AccessTokenResultFactory getAccessTokenResultFactory() {
        return this.resultFactory;
    }

    public void setAccessTokenResultFactory(AccessTokenResultFactory accessTokenResultFactory) {
        this.resultFactory = accessTokenResultFactory;
    }

    public Saver<AuthenticationResult> getAccountSaver() {
        return this.accountSaver;
    }

    public void setAccountSaver(Saver<AuthenticationResult> saver) {
        this.accountSaver = saver;
    }

    @Override // com.stormpath.sdk.servlet.mvc.AbstractController
    public Publisher<RequestEvent> getEventPublisher() {
        return this.eventPublisher;
    }

    @Override // com.stormpath.sdk.servlet.mvc.AbstractController
    public void setEventPublisher(Publisher<RequestEvent> publisher) {
        this.eventPublisher = publisher;
    }

    public RefreshTokenResultFactory getRefreshTokenResultFactory() {
        return this.refreshTokenResultFactory;
    }

    public void setRefreshTokenResultFactory(RefreshTokenResultFactory refreshTokenResultFactory) {
        this.refreshTokenResultFactory = refreshTokenResultFactory;
    }

    public RefreshTokenAuthenticationRequestFactory getRefreshTokenAuthenticationRequestFactory() {
        return this.refreshTokenAuthenticationRequestFactory;
    }

    public void setRefreshTokenAuthenticationRequestFactory(RefreshTokenAuthenticationRequestFactory refreshTokenAuthenticationRequestFactory) {
        this.refreshTokenAuthenticationRequestFactory = refreshTokenAuthenticationRequestFactory;
    }

    public void setGrantTypeValidator(GrantTypeValidator grantTypeValidator) {
        this.grantTypeValidator = grantTypeValidator;
    }

    @Override // com.stormpath.sdk.servlet.mvc.AbstractController
    public void init() {
        Assert.notNull(this.refreshTokenResultFactory, "refreshTokenResultFactory cannot be null.");
        Assert.notNull(this.refreshTokenAuthenticationRequestFactory, "refreshTokenAuthenticationRequestFactory cannot be null.");
        Assert.notNull(this.requestAuthorizer, "requestAuthorizer cannot be null.");
        Assert.notNull(this.authenticationRequestFactory, "accessTokenAuthenticationRequestFactory cannot be null.");
        Assert.notNull(this.resultFactory, "accessTokenResultFactory cannot be null.");
        Assert.notNull(this.accountSaver, "accountSaver cannot be null.");
        Assert.notNull(this.eventPublisher, "eventPublisher cannot be null.");
        Assert.notNull(this.grantTypeValidator, "grantTypeValidator cannot be null.");
    }

    @Override // com.stormpath.sdk.servlet.mvc.AbstractController
    public boolean isNotAllowedIfAuthenticated() {
        return true;
    }

    @Override // com.stormpath.sdk.servlet.mvc.AbstractController, com.stormpath.sdk.servlet.mvc.Controller
    public ViewModel handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        return (HttpMethod.POST.name().equalsIgnoreCase(httpServletRequest.getMethod()) && "client_credentials".equals(httpServletRequest.getParameter("grant_type"))) ? doPost(httpServletRequest, httpServletResponse) : super.handleRequest(httpServletRequest, httpServletResponse);
    }

    protected void publish(RequestEvent requestEvent) {
        getEventPublisher().publish(requestEvent);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.stormpath.sdk.servlet.mvc.AbstractController
    public Application getApplication(HttpServletRequest httpServletRequest) {
        Application application = (Application) httpServletRequest.getAttribute(Application.class.getName());
        Assert.notNull(application, "request must have an application attribute.");
        return application;
    }

    protected AccessTokenResult tokenAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        try {
            Application application = getApplication(httpServletRequest);
            return createAccessTokenResult(httpServletRequest, httpServletResponse, (OAuthGrantRequestAuthenticationResult) Authenticators.OAUTH_PASSWORD_GRANT_REQUEST_AUTHENTICATOR.forApplication(application).authenticate(createPasswordGrantAuthenticationRequest(httpServletRequest)));
        } catch (ResourceException e) {
            log.debug("Unable to authenticate access token request: {}", e.getMessage(), e);
            throw convertToOAuthException(e, OAuthErrorCode.INVALID_REQUEST);
        }
    }

    protected AccessTokenResult refreshTokenAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        try {
            Application application = getApplication(httpServletRequest);
            return createRefreshTokenResult(httpServletRequest, httpServletResponse, (OAuthGrantRequestAuthenticationResult) Authenticators.OAUTH_REFRESH_TOKEN_REQUEST_AUTHENTICATOR.forApplication(application).authenticate(createRefreshTokenAuthenticationRequest(httpServletRequest)));
        } catch (ResourceException e) {
            log.debug("Unable to authenticate refresh token request: {}", e.getMessage(), e);
            throw convertToOAuthException(e, OAuthErrorCode.INVALID_GRANT);
        }
    }

    protected AccessTokenResult clientCredentialsAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            DefaultBasicApiAuthenticationRequest defaultBasicApiAuthenticationRequest = new DefaultBasicApiAuthenticationRequest(new DefaultHttpServletRequestWrapper(httpServletRequest));
            Application application = getApplication(httpServletRequest);
            return createAccessTokenResult(httpServletRequest, httpServletResponse, (OAuthGrantRequestAuthenticationResult) Authenticators.OAUTH_CLIENT_CREDENTIALS_GRANT_REQUEST_AUTHENTICATOR.forApplication(application).authenticate(OAuthRequests.OAUTH_CLIENT_CREDENTIALS_GRANT_REQUEST.builder().setApiKeyId(defaultBasicApiAuthenticationRequest.getPrincipals()).setApiKeySecret(defaultBasicApiAuthenticationRequest.getCredentials()).build()));
        } catch (ResourceException e) {
            log.debug("Unable to authenticate client credentials grant request: {}", e.getMessage(), e);
            throw new OAuthException(OAuthErrorCode.INVALID_CLIENT, "Unable to authenticate client credentials grant request");
        }
    }

    protected AccessTokenResult stormpathSocialAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Application application = getApplication(httpServletRequest);
            return createAccessTokenResult(httpServletRequest, httpServletResponse, (OAuthGrantRequestAuthenticationResult) Authenticators.OAUTH_STORMPATH_SOCIAL_GRANT_REQUEST_AUTHENTICATOR.forApplication(application).authenticate(new DefaultOAuthStormpathSocialGrantRequestAuthentication(httpServletRequest.getParameter("providerId"), httpServletRequest.getParameter("accessToken"), httpServletRequest.getParameter("code"))));
        } catch (IllegalArgumentException e) {
            throw new OAuthException(OAuthErrorCode.INVALID_REQUEST);
        } catch (ResourceException e2) {
            log.debug("Unable to authenticate stormpath social grant request: {}", e2.getMessage(), e2);
            throw convertToOAuthException(e2, OAuthErrorCode.INVALID_CLIENT);
        }
    }

    protected AccessTokenResult stormpathFactorChallengeAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Application application = getApplication(httpServletRequest);
            return createAccessTokenResult(httpServletRequest, httpServletResponse, (OAuthGrantRequestAuthenticationResult) Authenticators.OAUTH_STORMPATH_FACTOR_CHALLENGE_GRANT_REQUEST_AUTHENTICATOR.forApplication(application).authenticate(new DefaultOAuthStormpathFactorChallengeGrantRequestAuthentication(httpServletRequest.getParameter(OAUTH_RESPONSE_STATE), httpServletRequest.getParameter(OAUTH_RESPONSE_CHALLENGE), httpServletRequest.getParameter("code"))));
        } catch (IllegalArgumentException e) {
            throw new OAuthException(OAuthErrorCode.INVALID_REQUEST);
        } catch (ResourceException e2) {
            log.debug("Unable to authenticate stormpath social grant request: {}", e2.getMessage(), e2);
            throw convertToOAuthException(e2, OAuthErrorCode.INVALID_CLIENT);
        }
    }

    private OAuthException convertToOAuthException(ResourceException resourceException, OAuthErrorCode oAuthErrorCode) {
        Error stormpathError = resourceException.getStormpathError();
        String message = stormpathError.getMessage();
        OAuthErrorCode oAuthErrorCode2 = oAuthErrorCode;
        if (stormpathError instanceof DefaultError) {
            DefaultError defaultError = (DefaultError) stormpathError;
            Object property = defaultError.getProperty(OAUTH_RESPONSE_ERROR);
            oAuthErrorCode2 = property == null ? oAuthErrorCode2 : new OAuthErrorCode(property.toString());
            Object property2 = defaultError.getProperty(OAUTH_RESPONSE_ACTION);
            if (property2 instanceof String) {
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                exposeOAuthErrorProperty(linkedHashMap, defaultError, OAUTH_RESPONSE_ERROR_DESCRIPTION);
                exposeOAuthErrorProperty(linkedHashMap, defaultError, OAUTH_RESPONSE_ACTION);
                if ("factor_enroll".equals(property2)) {
                    exposeOAuthErrorProperty(linkedHashMap, defaultError, OAUTH_RESPONSE_STATE);
                    exposeOAuthErrorProperty(linkedHashMap, defaultError, OAUTH_RESPONSE_ALLOWED_FACTOR_TYPES);
                } else if ("factor_challenge".equals(property2)) {
                    exposeOAuthErrorProperty(linkedHashMap, defaultError, OAUTH_RESPONSE_STATE);
                    exposeOAuthErrorProperty(linkedHashMap, defaultError, OAUTH_RESPONSE_FACTOR);
                } else if ("factor_select".equals(property2)) {
                    exposeOAuthErrorProperty(linkedHashMap, defaultError, OAUTH_RESPONSE_FACTORS);
                }
                return new OAuthException(oAuthErrorCode2, linkedHashMap, "");
            }
        }
        return new OAuthException(oAuthErrorCode2, message);
    }

    private void exposeOAuthErrorProperty(Map<String, Object> map, DefaultError defaultError, String str) {
        map.put(str, defaultError.getProperty(str));
    }

    protected AccessTokenResult stormpathTokenAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Application application = getApplication(httpServletRequest);
            return createAccessTokenResult(httpServletRequest, httpServletResponse, (OAuthGrantRequestAuthenticationResult) Authenticators.ID_SITE_AUTHENTICATOR.forApplication(application).authenticate(new DefaultIdSiteAuthenticationRequest(httpServletRequest.getParameter("token"))));
        } catch (IllegalArgumentException e) {
            throw new OAuthException(OAuthErrorCode.INVALID_REQUEST);
        } catch (ResourceException e2) {
            log.debug("Unable to authenticate stormpath token grant request: {}", e2.getMessage(), e2);
            throw convertToOAuthException(e2, OAuthErrorCode.INVALID_CLIENT);
        }
    }

    @Override // com.stormpath.sdk.servlet.mvc.AbstractController
    protected ViewModel doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String json;
        try {
            assertAuthorized(httpServletRequest, httpServletResponse);
            try {
                String parameter = httpServletRequest.getParameter("grant_type");
                Assert.hasText(parameter, "grant_type must not be null or empty.");
                this.grantTypeValidator.validate(parameter);
                AccessTokenResult accessTokenResult = getAccessTokenResult(parameter, httpServletRequest, httpServletResponse);
                saveResult(httpServletRequest, httpServletResponse, accessTokenResult);
                json = accessTokenResult.getTokenResponse().toJson();
                httpServletResponse.setStatus(200);
                publish(createSuccessEvent(httpServletRequest, httpServletResponse, null, accessTokenResult));
            } catch (IllegalArgumentException e) {
                throw new OAuthException(OAuthErrorCode.INVALID_GRANT);
            }
        } catch (OAuthException e2) {
            log.debug("OAuth Access Token request failed. Root cause: {}", e2.getMessage());
            json = e2.toJson();
            httpServletResponse.setStatus(400);
            if (e2.getErrorCode().equals(OAuthErrorCode.INVALID_CLIENT)) {
                httpServletResponse.setStatus(401);
            }
            try {
                publish(new DefaultFailedAuthenticationRequestEvent(httpServletRequest, httpServletResponse, null, e2));
            } catch (Throwable th) {
                log.warn("Unable to publish failed authentication request event due to exception: {}. Ignoring and handling original authentication exception {}.", new Object[]{th, e2, th});
            }
        }
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setHeader("Cache-Control", "no-store, no-cache");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Content-Length", String.valueOf(json.length()));
        httpServletResponse.getWriter().print(json);
        httpServletResponse.getWriter().flush();
        return null;
    }

    protected AccessTokenResult getAccessTokenResult(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        AccessTokenResult clientCredentialsAuthenticationRequest;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1978308348:
                if (str.equals(STORMPATH_FACTOR_CHALLENGE_GRANT_TYPE)) {
                    z = 5;
                    break;
                }
                break;
            case -1432035435:
                if (str.equals(REFRESH_TOKEN_GRANT_TYPE)) {
                    z = true;
                    break;
                }
                break;
            case -93308866:
                if (str.equals(STORMPATH_SOCIAL_GRANT_TYPE)) {
                    z = 3;
                    break;
                }
                break;
            case 290069640:
                if (str.equals("client_credentials")) {
                    z = 2;
                    break;
                }
                break;
            case 967752456:
                if (str.equals(STORMPATH_TOKEN_GRANT_TYPE)) {
                    z = 4;
                    break;
                }
                break;
            case 1216985755:
                if (str.equals("password")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                clientCredentialsAuthenticationRequest = tokenAuthenticationRequest(httpServletRequest, httpServletResponse);
                break;
            case true:
                clientCredentialsAuthenticationRequest = refreshTokenAuthenticationRequest(httpServletRequest, httpServletResponse);
                break;
            case true:
                try {
                    clientCredentialsAuthenticationRequest = clientCredentialsAuthenticationRequest(httpServletRequest, httpServletResponse);
                    break;
                } catch (HttpAuthenticationException e) {
                    log.warn("Unable to authenticate client", e);
                    throw new OAuthException(OAuthErrorCode.INVALID_CLIENT);
                }
            case true:
                try {
                    clientCredentialsAuthenticationRequest = stormpathSocialAuthenticationRequest(httpServletRequest, httpServletResponse);
                    break;
                } catch (HttpAuthenticationException e2) {
                    log.warn("Unable to authenticate client", e2);
                    throw new OAuthException(OAuthErrorCode.INVALID_CLIENT);
                }
            case true:
                try {
                    clientCredentialsAuthenticationRequest = stormpathTokenAuthenticationRequest(httpServletRequest, httpServletResponse);
                    break;
                } catch (HttpAuthenticationException e3) {
                    log.warn("Unable to authenticate client", e3);
                    throw new OAuthException(OAuthErrorCode.INVALID_CLIENT);
                }
            case true:
                try {
                    clientCredentialsAuthenticationRequest = stormpathFactorChallengeAuthenticationRequest(httpServletRequest, httpServletResponse);
                    break;
                } catch (HttpAuthenticationException e4) {
                    log.warn("Unable to authenticate client", e4);
                    throw new OAuthException(OAuthErrorCode.INVALID_CLIENT);
                }
            default:
                throw new OAuthException(OAuthErrorCode.UNSUPPORTED_GRANT_TYPE, "'" + str + "' is an unsupported grant type.");
        }
        return clientCredentialsAuthenticationRequest;
    }

    protected SuccessfulAuthenticationRequestEvent createSuccessEvent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationRequest authenticationRequest, AuthenticationResult authenticationResult) {
        return new DefaultSuccessfulAuthenticationRequestEvent(httpServletRequest, httpServletResponse, authenticationRequest, authenticationResult);
    }

    protected void saveResult(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        getAccountSaver().set(httpServletRequest, httpServletResponse, authenticationResult);
    }

    protected OAuthRefreshTokenRequestAuthentication createRefreshTokenAuthenticationRequest(HttpServletRequest httpServletRequest) throws OAuthException {
        return getRefreshTokenAuthenticationRequestFactory().createRefreshTokenAuthenticationRequest(httpServletRequest);
    }

    protected OAuthPasswordGrantRequestAuthentication createPasswordGrantAuthenticationRequest(HttpServletRequest httpServletRequest) throws OAuthException {
        return getAccessTokenAuthenticationRequestFactory().createAccessTokenAuthenticationRequest(httpServletRequest);
    }

    protected AccessTokenResult createRefreshTokenResult(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuthGrantRequestAuthenticationResult oAuthGrantRequestAuthenticationResult) {
        return getRefreshTokenResultFactory().createRefreshTokenResult(httpServletRequest, httpServletResponse, oAuthGrantRequestAuthenticationResult);
    }

    protected void assertAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAuthException {
        getRequestAuthorizer().assertAuthorized(httpServletRequest, httpServletResponse);
    }

    protected AccessTokenResult createAccessTokenResult(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuthGrantRequestAuthenticationResult oAuthGrantRequestAuthenticationResult) {
        return getAccessTokenResultFactory().createAccessTokenResult(httpServletRequest, httpServletResponse, oAuthGrantRequestAuthenticationResult);
    }
}
