package de.adorsys.sts.token.tokenexchange.server;

import de.adorsys.sts.ResponseUtils;
import de.adorsys.sts.token.InvalidParameterException;
import de.adorsys.sts.token.MissingParameterException;
import de.adorsys.sts.token.api.TokenResponse;
import de.adorsys.sts.token.tokenexchange.TokenExchangeRequest;
import de.adorsys.sts.token.tokenexchange.TokenExchangeService;
import de.adorsys.sts.token.tokenexchange.TokenValidationException;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.ResponseHeader;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;

/* loaded from: input_file:BOOT-INF/lib/sts-spring-1.1.2.jar:de/adorsys/sts/token/tokenexchange/server/TokenExchangeController.class */
public class TokenExchangeController {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TokenExchangeController.class);

    @Autowired
    private TokenExchangeService tokenExchangeService;

    @PostMapping(consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE}, produces = {"application/json"})
    @ApiResponses({@ApiResponse(code = 200, message = "Ok", response = TokenResponse.class), @ApiResponse(code = 400, message = "Bad request", responseHeaders = {@ResponseHeader(name = "error", description = "invalid request")})})
    @ApiOperation(value = "Exchange Token", notes = "Create an access or refresh token given a valide subject token.")
    public ResponseEntity<Object> tokenExchange(@RequestParam(value = "grant_type", defaultValue = "urn:ietf:params:oauth:grant-type:token-exchange") @ApiParam(name = "grant_type", value = "Indicates that a token exchange is being performed.", required = true, example = "urn:ietf:params:oauth:grant-type:token-exchange", defaultValue = "urn:ietf:params:oauth:grant-type:token-exchange") String str, @RequestParam(name = "resource", required = false) @ApiParam(name = "resource", value = "Indicates the physical location of the target service or resource where the client intends to use the requested security token.  This enables the authorization server to apply policy as appropriate for the target, such as determining the type and content of the token to be issued or if and how the token is to be encrypted.", allowMultiple = true, example = "http://localhost:8080/multibanking-service") String[] strArr, @RequestParam(name = "audience", required = false) @ApiParam(name = "audience", value = "The logical name of the target service where the client intends to use the requested security token.  This serves a purpose similar to the resource parameter, but with the client providing a logical name rather than a physical location.", allowMultiple = true, example = "http://localhost:8080/multibanking-service") String[] strArr2, @RequestParam(name = "scope", required = false) @ApiParam(name = "scope", value = "A list of space-delimited, case-sensitive strings that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used.", allowMultiple = false, example = "user banking") String str2, @RequestParam(name = "requested_token_type", required = false) @ApiParam(name = "requested_token_type", value = "An identifier for the type of the requested security token.  If the requested type is unspecified, the issued token type is at the discretion of the authorization server and may be dictated by knowledge of the requirements of the service or resource indicated by the resource or audience parameter. This can be urn:ietf:params:oauth:token-type:jwt or urn:ietf:params:oauth:token-type:saml.", required = false, allowMultiple = false, example = "urn:ietf:params:oauth:token-type:jwt", defaultValue = "urn:ietf:params:oauth:token-type:jwt") String str3, @RequestParam("subject_token") @ApiParam(name = "subject_token", value = "A security token that represents the identity of the party on behalf of whom the request is being made.  Typically, the subject of this token will be the subject of the security token issued in response to this request.", required = true, allowMultiple = false, example = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJNYXhNdXN0ZXJtYW4iLCJyb2xlIjoiVVNFUiIsImV4cCI6MTQ5NTM5MTAxM30.mN9eFMnEuYgh_KCULI8Gpm1X49wWaA67Ps1M7EFV0BQ") String str4, @RequestParam(value = "subject_token_type", defaultValue = "urn:ietf:params:oauth:token-type:jwt") @ApiParam(name = "subject_token_type", value = "An identifier for the type of the requested security token.  If the requested type is unspecified, the issued token type is at the discretion of the authorization server and may be dictated by knowledge of the requirements of the service or resource indicated by the resource or audience parameter. This can be urn:ietf:params:oauth:token-type:jwt or urn:ietf:params:oauth:token-type:saml. This can be urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token.", required = true, allowMultiple = false, example = "urn:ietf:params:oauth:token-type:jwt", defaultValue = "urn:ietf:params:oauth:token-type:jwt") String str5, @RequestParam(name = "actor_token", required = false) @ApiParam(name = "actor_token", value = "A security token that represents the identity of the acting party.  Typically this will be the party that is authorized to use the requested security token and act on behalf of the subject.", required = false, allowMultiple = false, example = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJNYXhNdXN0ZXJtYW4iLCJyb2xlIjoiVVNFUiIsImV4cCI6MTQ5NTM5MTAxM30.mN9eFMnEuYgh_KCULI8Gpm1X49wWaA67Ps1M7EFV0BQ") String str6, @RequestParam(name = "actor_token_type", required = false) @ApiParam(name = "actor_token_type", value = "An identifier for the type of the requested security token.  If the requested type is unspecified, the issued token type is at the discretion of the authorization server and may be dictated by knowledge of the requirements of the service or resource indicated by the resource or audience parameter. This can be urn:ietf:params:oauth:token-type:jwt or urn:ietf:params:oauth:token-type:saml. This can be urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token.", required = false, allowMultiple = false, example = "urn:ietf:params:oauth:token-type:jwt") String str7, HttpServletRequest httpServletRequest) {
        if (logger.isTraceEnabled()) {
            logger.trace("POST tokenExchange started...");
        }
        try {
            try {
                try {
                    try {
                        ResponseEntity<Object> ok = ResponseEntity.ok(this.tokenExchangeService.exchangeToken(TokenExchangeRequest.builder().grantType(str).resources(strArr).subjectToken(str4).subjectTokenType(str5).actorToken(str6).actorTokenType(str7).issuer(ResponseUtils.getIssuer(httpServletRequest)).scope(str2).requestedTokenType(str3).audiences(strArr2).build()));
                        if (logger.isTraceEnabled()) {
                            logger.trace("POST tokenExchange finished.");
                        }
                        return ok;
                    } catch (MissingParameterException e) {
                        ResponseEntity<Object> missingParam = ResponseUtils.missingParam(e.getMessage());
                        if (logger.isTraceEnabled()) {
                            logger.trace("POST tokenExchange finished.");
                        }
                        return missingParam;
                    }
                } catch (InvalidParameterException e2) {
                    ResponseEntity<Object> invalidParam = ResponseUtils.invalidParam(e2.getMessage());
                    if (logger.isTraceEnabled()) {
                        logger.trace("POST tokenExchange finished.");
                    }
                    return invalidParam;
                }
            } catch (TokenValidationException e3) {
                ResponseEntity<Object> body = ResponseEntity.badRequest().body(ResponseUtils.invalidParam(e3.getMessage()));
                if (logger.isTraceEnabled()) {
                    logger.trace("POST tokenExchange finished.");
                }
                return body;
            }
        } catch (Throwable th) {
            if (logger.isTraceEnabled()) {
                logger.trace("POST tokenExchange finished.");
            }
            throw th;
        }
    }
}
