package org.jasig.cas.support.oauth.web;

import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.support.oauth.OAuthConstants;
import org.jasig.cas.support.oauth.OAuthUtils;
import org.jasig.cas.support.oauth.services.OAuthRegisteredService;
import org.jasig.cas.ticket.ServiceTicket;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.ticket.registry.TicketRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-4.1.3.jar:org/jasig/cas/support/oauth/web/OAuth20AccessTokenController.class */
public final class OAuth20AccessTokenController extends AbstractController {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OAuth20AccessTokenController.class);
    private final ServicesManager servicesManager;
    private final TicketRegistry ticketRegistry;
    private final long timeout;

    public OAuth20AccessTokenController(ServicesManager servicesManager, TicketRegistry ticketRegistry, long j) {
        this.servicesManager = servicesManager;
        this.ticketRegistry = ticketRegistry;
        this.timeout = j;
    }

    @Override // org.springframework.web.servlet.mvc.AbstractController
    protected ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String parameter = httpServletRequest.getParameter(OAuthConstants.REDIRECT_URI);
        LOGGER.debug("{} : {}", OAuthConstants.REDIRECT_URI, parameter);
        String parameter2 = httpServletRequest.getParameter(OAuthConstants.CLIENT_ID);
        LOGGER.debug("{} : {}", OAuthConstants.CLIENT_ID, parameter2);
        String parameter3 = httpServletRequest.getParameter(OAuthConstants.CLIENT_SECRET);
        String parameter4 = httpServletRequest.getParameter(OAuthConstants.CODE);
        LOGGER.debug("{} : {}", OAuthConstants.CODE, parameter4);
        if (!verifyAccessTokenRequest(httpServletResponse, parameter, parameter2, parameter3, parameter4)) {
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        ServiceTicket serviceTicket = (ServiceTicket) this.ticketRegistry.getTicket(parameter4);
        if (serviceTicket == null || serviceTicket.isExpired()) {
            LOGGER.error("Code expired : {}", parameter4);
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_GRANT, 400);
        }
        TicketGrantingTicket grantingTicket = serviceTicket.getGrantingTicket();
        this.ticketRegistry.deleteTicket(serviceTicket.getId());
        httpServletResponse.setContentType("text/plain");
        String format = String.format("%s=%s&%s=%s", OAuthConstants.ACCESS_TOKEN, grantingTicket.getId(), "expires", Integer.valueOf((int) (this.timeout - TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - grantingTicket.getCreationTime()))));
        LOGGER.debug("text : {}", format);
        return OAuthUtils.writeText(httpServletResponse, format, 200);
    }

    private boolean verifyAccessTokenRequest(HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) {
        if (StringUtils.isBlank(str2)) {
            LOGGER.error("Missing {}", OAuthConstants.CLIENT_ID);
            return false;
        }
        if (StringUtils.isBlank(str)) {
            LOGGER.error("Missing {}", OAuthConstants.REDIRECT_URI);
            return false;
        }
        if (StringUtils.isBlank(str3)) {
            LOGGER.error("Missing {}", OAuthConstants.CLIENT_SECRET);
            return false;
        }
        if (StringUtils.isBlank(str4)) {
            LOGGER.error("Missing {}", OAuthConstants.CODE);
            return false;
        }
        OAuthRegisteredService registeredOAuthService = OAuthUtils.getRegisteredOAuthService(this.servicesManager, str2);
        if (registeredOAuthService == null) {
            LOGGER.error("Unknown {} : {}", OAuthConstants.CLIENT_ID, str2);
            return false;
        }
        String serviceId = registeredOAuthService.getServiceId();
        if (!str.matches(serviceId)) {
            LOGGER.error("Unsupported {} : {} for serviceId : {}", OAuthConstants.REDIRECT_URI, str, serviceId);
            return false;
        }
        if (StringUtils.equals(registeredOAuthService.getClientSecret(), str3)) {
            return true;
        }
        LOGGER.error("Wrong client secret for service {}", registeredOAuthService);
        return false;
    }
}
