package org.apache.shindig.social.core.oauth2.validators;

import com.google.inject.Inject;
import org.apache.shindig.gadgets.oauth2.OAuth2Message;
import org.apache.shindig.social.core.oauth2.OAuth2Client;
import org.apache.shindig.social.core.oauth2.OAuth2Code;
import org.apache.shindig.social.core.oauth2.OAuth2DataService;
import org.apache.shindig.social.core.oauth2.OAuth2Exception;
import org.apache.shindig.social.core.oauth2.OAuth2NormalizedRequest;
import org.apache.shindig.social.core.oauth2.OAuth2NormalizedResponse;
import org.apache.shindig.social.core.oauth2.OAuth2Types;

/* loaded from: input_file:WEB-INF/lib/shindig-social-api-2.5.2.jar:org/apache/shindig/social/core/oauth2/validators/AuthCodeGrantValidator.class */
public class AuthCodeGrantValidator implements OAuth2GrantValidator {
    private OAuth2DataService service;

    @Inject
    public AuthCodeGrantValidator(OAuth2DataService oAuth2DataService) {
        this.service = oAuth2DataService;
    }

    @Override // org.apache.shindig.social.core.oauth2.validators.OAuth2GrantValidator
    public String getGrantType() {
        return OAuth2Message.AUTHORIZATION_CODE;
    }

    @Override // org.apache.shindig.social.core.oauth2.validators.OAuth2RequestValidator
    public void validateRequest(OAuth2NormalizedRequest oAuth2NormalizedRequest) throws OAuth2Exception {
        OAuth2Client client = this.service.getClient(oAuth2NormalizedRequest.getClientId());
        if (client == null || client.getFlow() != OAuth2Client.Flow.AUTHORIZATION_CODE) {
            OAuth2NormalizedResponse oAuth2NormalizedResponse = new OAuth2NormalizedResponse();
            oAuth2NormalizedResponse.setError(OAuth2Types.ErrorType.INVALID_CLIENT.toString());
            oAuth2NormalizedResponse.setErrorDescription("Invalid client");
            oAuth2NormalizedResponse.setStatus(403);
            throw new OAuth2Exception(oAuth2NormalizedResponse);
        }
        OAuth2Code authorizationCode = this.service.getAuthorizationCode(oAuth2NormalizedRequest.getClientId(), oAuth2NormalizedRequest.getAuthorizationCode());
        if (authorizationCode == null) {
            OAuth2NormalizedResponse oAuth2NormalizedResponse2 = new OAuth2NormalizedResponse();
            oAuth2NormalizedResponse2.setStatus(400);
            oAuth2NormalizedResponse2.setError(OAuth2Types.ErrorType.INVALID_GRANT.toString());
            oAuth2NormalizedResponse2.setErrorDescription("Bad authorization code");
            oAuth2NormalizedResponse2.setBodyReturned(true);
            throw new OAuth2Exception(oAuth2NormalizedResponse2);
        }
        if (authorizationCode.getRedirectURI() != null && !authorizationCode.getRedirectURI().equals(oAuth2NormalizedRequest.getRedirectURI())) {
            OAuth2NormalizedResponse oAuth2NormalizedResponse3 = new OAuth2NormalizedResponse();
            oAuth2NormalizedResponse3.setStatus(400);
            oAuth2NormalizedResponse3.setError(OAuth2Types.ErrorType.INVALID_GRANT.toString());
            oAuth2NormalizedResponse3.setErrorDescription("The redirect URI does not match the one used in the authorization request");
            oAuth2NormalizedResponse3.setBodyReturned(true);
            throw new OAuth2Exception(oAuth2NormalizedResponse3);
        }
        if (authorizationCode.getRelatedAccessToken() != null) {
            this.service.unregisterAccessToken(client.getId(), authorizationCode.getRelatedAccessToken().getValue());
            OAuth2NormalizedResponse oAuth2NormalizedResponse4 = new OAuth2NormalizedResponse();
            oAuth2NormalizedResponse4.setStatus(403);
            oAuth2NormalizedResponse4.setError(OAuth2Types.ErrorType.INVALID_GRANT.toString());
            oAuth2NormalizedResponse4.setErrorDescription("The authorization code has already been used to generate an access token");
            oAuth2NormalizedResponse4.setBodyReturned(true);
            throw new OAuth2Exception(oAuth2NormalizedResponse4);
        }
    }
}
