package org.restlet.ext.oauth;

import java.util.Arrays;
import org.json.JSONException;
import org.json.JSONObject;
import org.restlet.data.CacheDirective;
import org.restlet.data.Form;
import org.restlet.data.Status;
import org.restlet.ext.json.JsonRepresentation;
import org.restlet.ext.oauth.internal.Scopes;
import org.restlet.ext.oauth.internal.Token;
import org.restlet.ext.oauth.internal.memory.ExpireToken;
import org.restlet.representation.Representation;
import org.restlet.resource.Post;
import org.restlet.resource.ResourceException;
import org.restlet.security.SecretVerifier;
import org.restlet.security.User;

/* loaded from: input_file:org/restlet/ext/oauth/AccessTokenServerResource.class */
public class AccessTokenServerResource extends OAuthServerResource {
    @Post("form:json")
    public Representation requestToken(Representation representation) throws OAuthException {
        getLogger().fine("Grant request");
        Form form = new Form(representation);
        User user = getRequest().getClientInfo().getUser();
        if (user == null) {
            getLogger().warning("Client ID is missing! No Authenticator?");
            throw new OAuthException(OAuthError.server_error, "No Client Credential.", null);
        }
        Client findById = this.clients.findById(user.getIdentifier());
        getLogger().fine("Requested by authenticated client " + findById.getClientId());
        GrantType grantType = getGrantType(form);
        switch (grantType) {
            case authorization_code:
                getLogger().info("Authorization Code Grant");
                return doAuthCodeFlow(findById, form);
            case password:
                getLogger().info("Resource Owner Password Credentials Grant");
                return doPasswordFlow(findById, form);
            case refresh_token:
                getLogger().info("Refreshing an Access Token");
                return doRefreshFlow(findById, form);
            default:
                getLogger().warning("Unsupported flow: " + grantType);
                throw new OAuthException(OAuthError.unsupported_grant_type, "Flow not supported", null);
        }
    }

    protected void doCatch(Throwable th) {
        OAuthException oAuthException = OAuthException.toOAuthException(th);
        getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
        getResponse().setEntity(responseErrorRepresentation(oAuthException));
        addCacheDirective(getResponse(), CacheDirective.noStore());
    }

    protected GrantType getGrantType(Form form) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthServerResource.GRANT_TYPE);
        getLogger().info("Type: " + firstValue);
        try {
            GrantType grantType = (GrantType) Enum.valueOf(GrantType.class, firstValue);
            getLogger().fine("Found flow - " + grantType);
            return grantType;
        } catch (IllegalArgumentException e) {
            throw new OAuthException(OAuthError.unsupported_grant_type, "Unsupported flow", null);
        } catch (NullPointerException e2) {
            throw new OAuthException(OAuthError.invalid_request, "No grant_type parameter found.", null);
        }
    }

    protected String getCode(Form form) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthServerResource.CODE);
        if (firstValue == null || firstValue.isEmpty()) {
            throw new OAuthException(OAuthError.invalid_request, "Mandatory parameter code is missing", null);
        }
        return firstValue;
    }

    protected String getUsername(Form form) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthServerResource.USERNAME);
        if (firstValue == null || firstValue.isEmpty()) {
            throw new OAuthException(OAuthError.invalid_request, "Mandatory parameter username is missing", null);
        }
        return firstValue;
    }

    protected String getPassword(Form form) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthServerResource.PASSWORD);
        if (firstValue == null || firstValue.isEmpty()) {
            throw new OAuthException(OAuthError.invalid_request, "Mandatory parameter password is missing", null);
        }
        return firstValue;
    }

    protected String getRefreshToken(Form form) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthServerResource.REFRESH_TOKEN);
        if (firstValue == null || firstValue.isEmpty()) {
            throw new OAuthException(OAuthError.invalid_request, "Mandatory parameter refresh_token is missing", null);
        }
        return firstValue;
    }

    protected Representation responseTokenRepresentation(Token token, String str) throws ResourceException {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put(OAuthServerResource.TOKEN_TYPE, OAuthServerResource.TOKEN_TYPE_BEARER);
            jSONObject.put(OAuthServerResource.ACCESS_TOKEN, token.getToken());
            long expirePeriod = token.getExpirePeriod();
            if (expirePeriod != 0) {
                jSONObject.put(OAuthServerResource.EXPIRES_IN, expirePeriod);
                jSONObject.put(OAuthServerResource.REFRESH_TOKEN, token.getRefreshToken());
            }
            if (str != null && !str.isEmpty()) {
                jSONObject.put(OAuthServerResource.SCOPE, str);
            }
            addCacheDirective(getResponse(), CacheDirective.noStore());
            return new JsonRepresentation(jSONObject);
        } catch (JSONException e) {
            throw new ResourceException(Status.SERVER_ERROR_INTERNAL, "Failed to generate JSON", e);
        }
    }

    private Representation doAuthCodeFlow(Client client, Form form) throws IllegalArgumentException, OAuthException {
        Token exchangeForToken = this.generator.exchangeForToken(getCode(form), this.tokenTimeSec);
        return responseTokenRepresentation(exchangeForToken, Scopes.toScope(exchangeForToken.getUser().getGrantedRoles()));
    }

    private Representation doPasswordFlow(Client client, Form form) throws OAuthException {
        AuthenticatedUser findUser = client.findUser(getUsername(form));
        if (findUser == null) {
            throw new OAuthException(OAuthError.invalid_request, "Authenticated user not found.", null);
        }
        if (!SecretVerifier.compare(findUser.getPassword(), getPassword(form).toCharArray())) {
            throw new OAuthException(OAuthError.invalid_grant, "Password not correct.", null);
        }
        String[] scope = getScope(form);
        refreshUserScopesAndPersist(findUser, scope);
        return responseTokenRepresentation(this.generator.generateToken(findUser, this.tokenTimeSec), Scopes.toString(scope));
    }

    private Representation doRefreshFlow(Client client, Form form) throws OAuthException {
        Token findToken = this.generator.findToken(getRefreshToken(form));
        if (findToken == null || !(findToken instanceof ExpireToken)) {
            throw new OAuthException(OAuthError.invalid_grant, "Refresh token.", null);
        }
        AuthenticatedUser user = findToken.getUser();
        if (!client.containsUser(user.getId())) {
            throw new OAuthException(OAuthError.unauthorized_client, "User does not match.", null);
        }
        String firstValue = form.getFirstValue(OAuthServerResource.SCOPE);
        if (firstValue != null && !firstValue.isEmpty()) {
            String[] parseScope = Scopes.parseScope(firstValue);
            if (!Arrays.asList(Scopes.parseScope(user.getGrantedRoles())).containsAll(Arrays.asList(parseScope))) {
                throw new OAuthException(OAuthError.invalid_scope, "Requested scopes contains which is not originally granted by the resource owner.", null);
            }
            refreshUserScopesAndPersist(user, parseScope);
        }
        this.generator.refreshToken((ExpireToken) findToken);
        return responseTokenRepresentation(findToken, firstValue);
    }

    private void refreshUserScopesAndPersist(AuthenticatedUser authenticatedUser, String[] strArr) {
        authenticatedUser.revokeRoles();
        for (String str : strArr) {
            authenticatedUser.addRole(getRole(str), "");
        }
        authenticatedUser.persist();
    }
}
