package com.nimbusds.openid.connect.provider.spi.grants.password.webapi;

import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.GeneralException;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.http.CommonContentTypes;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.provider.spi.InitContext;
import com.nimbusds.openid.connect.provider.spi.grants.PasswordGrantAuthorization;
import com.nimbusds.openid.connect.provider.spi.grants.PasswordGrantHandler;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/grants/password/webapi/PasswordGrantWebAPI.class */
public class PasswordGrantWebAPI implements PasswordGrantHandler {
    public static final String CONFIG_FILE_PATH = "/WEB-INF/passwordGrantHandlerWebAPI.properties";
    private Configuration config;
    private static final Logger mainLog = LogManager.getLogger("MAIN");
    private static final Logger tokenEndpointLog = LogManager.getLogger("TOKEN");

    private static Configuration loadConfiguration(InitContext initContext) throws Exception {
        InputStream resourceAsStream = initContext.getResourceAsStream(CONFIG_FILE_PATH);
        if (resourceAsStream == null) {
            throw new Exception("Couldn't find password grant handler configuration file: /WEB-INF/passwordGrantHandlerWebAPI.properties");
        }
        Properties properties = new Properties();
        properties.load(resourceAsStream);
        return new Configuration(properties);
    }

    public void init(InitContext initContext) throws Exception {
        mainLog.info("Initializing password grant handler...");
        this.config = loadConfiguration(initContext);
        this.config.log();
    }

    public boolean isEnabled() {
        return this.config.enable;
    }

    public GrantType getGrantType() {
        return GrantType.PASSWORD;
    }

    public PasswordGrantAuthorization processGrant(ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant, Scope scope, ClientID clientID, boolean z, OIDCClientMetadata oIDCClientMetadata) throws GeneralException {
        if (!this.config.enable) {
            throw new GeneralException("Grant handler disabled", OAuth2Error.UNSUPPORTED_GRANT_TYPE);
        }
        tokenEndpointLog.debug("Password grant handler: Received request with username={} password=[hidden] scope={}", new Object[]{resourceOwnerPasswordCredentialsGrant.getUsername(), scope});
        HandlerRequest handlerRequest = new HandlerRequest(resourceOwnerPasswordCredentialsGrant, scope, clientID, z, oIDCClientMetadata);
        HTTPRequest hTTPRequest = new HTTPRequest(HTTPRequest.Method.POST, this.config.url);
        hTTPRequest.setAuthorization(this.config.apiAccessToken.toAuthorizationHeader());
        hTTPRequest.setContentType(CommonContentTypes.APPLICATION_JSON);
        hTTPRequest.setQuery(handlerRequest.toJSONObject().toJSONString());
        hTTPRequest.setConnectTimeout(this.config.connectTimeout);
        hTTPRequest.setReadTimeout(this.config.readTimeout);
        tokenEndpointLog.debug("Password grant handler: Making HTTP post request to {}", new Object[]{hTTPRequest.getURL()});
        try {
            HTTPResponse send = hTTPRequest.send();
            if (send.getStatusCode() != 200) {
                ErrorObject processNon200Response = processNon200Response(send);
                throw new GeneralException(processNon200Response.getCode(), processNon200Response);
            }
            tokenEndpointLog.debug("Password grant handler: Received authorization response: {}", new Object[]{send.getContent()});
            try {
                return PasswordGrantAuthorization.parse(send.getContentAsJSONObject());
            } catch (Exception e) {
                tokenEndpointLog.error("Password grant handler: Invalid authorization response: {}", new Object[]{e.getMessage(), e});
                throw new GeneralException("Server error", OAuth2Error.SERVER_ERROR);
            }
        } catch (IOException e2) {
            tokenEndpointLog.error("Password grant handler: HTTP exception: " + e2.getMessage(), e2);
            throw new GeneralException("Server error", OAuth2Error.SERVER_ERROR);
        }
    }

    public static ErrorObject processNon200Response(HTTPResponse hTTPResponse) {
        if (hTTPResponse.getStatusCode() != 400) {
            tokenEndpointLog.error("Password grant handler: Unexpected HTTP response: {}", new Object[]{Integer.valueOf(hTTPResponse.getStatusCode())});
            return OAuth2Error.SERVER_ERROR;
        }
        ErrorObject parse = ErrorObject.parse(hTTPResponse);
        if (parse.getCode() == null || !(parse.equals(OAuth2Error.INVALID_GRANT) || parse.equals(OAuth2Error.INVALID_SCOPE))) {
            tokenEndpointLog.error("Password grant handler: Missing or unexpected error code: {}", new Object[]{parse.getCode()});
            return OAuth2Error.SERVER_ERROR;
        }
        tokenEndpointLog.info("Password grant handler: Token request denied: {}", new Object[]{parse.getCode()});
        return parse;
    }

    public void shutdown() throws Exception {
    }
}
