package org.apereo.cas.support.oauth.web.endpoints;

import java.util.Collection;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.support.oauth.OAuth20Constants;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.validator.token.OAuth20TokenRequestValidator;
import org.apereo.cas.support.oauth.validator.token.device.InvalidOAuth20DeviceTokenException;
import org.apereo.cas.support.oauth.validator.token.device.ThrottledOAuth20DeviceUserCodeApprovalException;
import org.apereo.cas.support.oauth.validator.token.device.UnapprovedOAuth20DeviceUserCodeException;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGeneratedResult;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseResult;
import org.apereo.cas.ticket.OAuth20UnauthorizedScopeRequestException;
import org.pac4j.core.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/endpoints/OAuth20AccessTokenEndpointController.class */
public class OAuth20AccessTokenEndpointController extends BaseOAuth20Controller {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth20AccessTokenEndpointController.class);

    public OAuth20AccessTokenEndpointController(OAuth20ConfigurationContext oAuth20ConfigurationContext) {
        super(oAuth20ConfigurationContext);
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable, org.apereo.cas.ticket.OAuth20UnauthorizedScopeRequestException] */
    /* JADX WARN: Type inference failed for: r10v6, types: [java.lang.Throwable, org.apereo.cas.ticket.OAuth20UnauthorizedScopeRequestException] */
    @PostMapping(path = {"/oauth2.0/accessToken", "/oauth2.0/token"}, produces = {"application/json"})
    public ModelAndView handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        try {
            if (!verifyAccessTokenRequest(httpServletRequest, httpServletResponse)) {
                throw new IllegalArgumentException("Access token validation failed");
            }
            try {
                try {
                    try {
                        try {
                            AccessTokenRequestDataHolder examineAndExtractAccessTokenGrantRequest = examineAndExtractAccessTokenGrantRequest(httpServletRequest, httpServletResponse);
                            LOGGER.debug("Creating access token for [{}]", examineAndExtractAccessTokenGrantRequest);
                            JEEContext jEEContext = new JEEContext(httpServletRequest, httpServletResponse, getOAuthConfigurationContext().getSessionStore());
                            OAuth20TokenGeneratedResult generate = getOAuthConfigurationContext().getAccessTokenGenerator().generate(examineAndExtractAccessTokenGrantRequest);
                            LOGGER.debug("Access token generated result is: [{}]", generate);
                            return generateAccessTokenResponse(httpServletRequest, httpServletResponse, examineAndExtractAccessTokenGrantRequest, jEEContext, generate);
                        } catch (ThrottledOAuth20DeviceUserCodeApprovalException e) {
                            LOGGER.error("Check for device user code approval is too quick and is throttled. Requests must slow down");
                            return OAuth20Utils.writeError(httpServletResponse, OAuth20Constants.SLOW_DOWN);
                        }
                    } catch (OAuth20UnauthorizedScopeRequestException e2) {
                        LOGGER.error(e2.getMessage(), (Throwable) e2);
                        return OAuth20Utils.writeError(httpServletResponse, OAuth20Constants.INVALID_SCOPE);
                    }
                } catch (InvalidOAuth20DeviceTokenException e3) {
                    LOGGER.error("Could not identify and extract device token request for device token [{}]", e3.getTicketId());
                    return OAuth20Utils.writeError(httpServletResponse, OAuth20Constants.ACCESS_DENIED);
                }
            } catch (Exception e4) {
                LOGGER.error("Could not identify and extract access token request", e4);
                return OAuth20Utils.writeError(httpServletResponse, OAuth20Constants.INVALID_GRANT);
            } catch (UnapprovedOAuth20DeviceUserCodeException e5) {
                LOGGER.error("User code [{}] is not yet approved for the device token request", e5.getTicketId());
                return OAuth20Utils.writeError(httpServletResponse, OAuth20Constants.AUTHORIZATION_PENDING);
            }
        } catch (Exception e6) {
            LOGGER.error(e6.getMessage(), e6);
            return OAuth20Utils.writeError(httpServletResponse, OAuth20Constants.INVALID_REQUEST);
        } catch (OAuth20UnauthorizedScopeRequestException e7) {
            LOGGER.error(e7.getMessage(), (Throwable) e7);
            return OAuth20Utils.writeError(httpServletResponse, OAuth20Constants.INVALID_SCOPE);
        }
    }

    @GetMapping(path = {"/oauth2.0/accessToken", "/oauth2.0/token"})
    public ModelAndView handleGetRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        return handleRequest(httpServletRequest, httpServletResponse);
    }

    protected ModelAndView generateAccessTokenResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessTokenRequestDataHolder accessTokenRequestDataHolder, JEEContext jEEContext, OAuth20TokenGeneratedResult oAuth20TokenGeneratedResult) {
        LOGGER.debug("Generating access token response for [{}]", oAuth20TokenGeneratedResult);
        return getOAuthConfigurationContext().getAccessTokenResponseGenerator().generate(httpServletRequest, httpServletResponse, OAuth20AccessTokenResponseResult.builder().registeredService(accessTokenRequestDataHolder.getRegisteredService()).service(accessTokenRequestDataHolder.getService()).accessTokenTimeout(getOAuthConfigurationContext().getAccessTokenExpirationPolicy().buildTicketExpirationPolicy().getTimeToLive().longValue()).deviceRefreshInterval(Beans.newDuration(getOAuthConfigurationContext().getCasProperties().getAuthn().getOauth().getDeviceToken().getRefreshInterval()).getSeconds()).deviceTokenTimeout(getOAuthConfigurationContext().getDeviceTokenExpirationPolicy().buildTicketExpirationPolicy().getTimeToLive().longValue()).responseType(oAuth20TokenGeneratedResult.getResponseType().isPresent() ? oAuth20TokenGeneratedResult.getResponseType().get() : OAuth20ResponseTypes.NONE).casProperties(getOAuthConfigurationContext().getCasProperties()).generatedToken(oAuth20TokenGeneratedResult).build());
    }

    private AccessTokenRequestDataHolder examineAndExtractAccessTokenGrantRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Optional executionResult = getOAuthConfigurationContext().getAccessTokenGrantAuditableRequestExtractor().execute(AuditableContext.builder().httpRequest(httpServletRequest).httpResponse(httpServletResponse).build()).getExecutionResult();
        if (executionResult.isPresent()) {
            return (AccessTokenRequestDataHolder) executionResult.get();
        }
        throw new UnsupportedOperationException("Access token request is not supported");
    }

    private boolean verifyAccessTokenRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Collection<OAuth20TokenRequestValidator> accessTokenGrantRequestValidators = getOAuthConfigurationContext().getAccessTokenGrantRequestValidators();
        if (accessTokenGrantRequestValidators.isEmpty()) {
            LOGGER.warn("No validators are defined to examine the access token request for eligibility");
            return false;
        }
        JEEContext jEEContext = new JEEContext(httpServletRequest, httpServletResponse);
        return accessTokenGrantRequestValidators.stream().filter(oAuth20TokenRequestValidator -> {
            return oAuth20TokenRequestValidator.supports(jEEContext);
        }).findFirst().orElseThrow(() -> {
            return new UnsupportedOperationException("Access token request is not supported");
        }).validate(jEEContext);
    }
}
