package org.wso2.carbon.identity.oauth2.authz.handlers;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.authz.handlers.util.ResponseTypeHandlerUtil;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.model.SubjectTokenDO;
import org.wso2.carbon.identity.openidconnect.OIDCConstants;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/authz/handlers/SubjectTokenResponseTypeHandler.class */
public class SubjectTokenResponseTypeHandler extends AbstractResponseTypeHandler {
    private static final Log LOG = LogFactory.getLog(SubjectTokenResponseTypeHandler.class);
    private static final String SUBJECT_TOKEN = "subject_token";
    private static final String OAUTH_APP_DO = "OAuthAppDO";
    private static final String TOKEN_EXCHANGE = "urn:ietf:params:oauth:grant-type:token-exchange";

    @Override // org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler
    public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AuthorizeRespDTO initResponse = initResponse(oAuthAuthzReqMessageContext);
        SubjectTokenDO issueSubjectToken = OAuthComponentServiceHolder.getInstance().getOauth2Service().issueSubjectToken(oAuthAuthzReqMessageContext);
        if (isIDTokenIssued(oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getResponseType())) {
            ResponseTypeHandlerUtil.buildIDTokenResponseDTO(initResponse, null, oAuthAuthzReqMessageContext);
        }
        initResponse.setSubjectToken(issueSubjectToken.getSubjectToken());
        return initResponse;
    }

    @Override // org.wso2.carbon.identity.oauth2.authz.handlers.AbstractResponseTypeHandler, org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler
    public boolean isAuthorizedClient(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AuthorizeReqDTO authorizationReqDTO = oAuthAuthzReqMessageContext.getAuthorizationReqDTO();
        String consumerKey = authorizationReqDTO.getConsumerKey();
        OAuthAppDO oAuthAppDO = (OAuthAppDO) oAuthAuthzReqMessageContext.getProperty("OAuthAppDO");
        String responseType = authorizationReqDTO.getResponseType();
        if (StringUtils.isBlank(oAuthAppDO.getGrantTypes())) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("Could not find authorized grant types for subject token response type for client id: " + consumerKey);
            return false;
        }
        if (!oAuthAppDO.getGrantTypes().contains(TOKEN_EXCHANGE)) {
            LOG.error("Unable to handle subject token response type. Token exchange Grant Type is not enabled for client id: " + consumerKey);
            return false;
        }
        if (!oAuthAppDO.isSubjectTokenEnabled() || !StringUtils.contains(responseType, SUBJECT_TOKEN)) {
            return false;
        }
        oAuthAuthzReqMessageContext.setSubjectTokenFlow(true);
        return true;
    }

    private boolean isIDTokenIssued(String str) {
        return StringUtils.contains(str, OIDCConstants.ID_TOKEN);
    }
}
