package pl.edu.icm.unity.oauth.as.token.access;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.oauth2.sdk.token.Tokens;
import jakarta.ws.rs.core.Response;
import java.util.Date;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.entity.EntityParam;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthToken;
import pl.edu.icm.unity.oauth.as.OAuthValidationException;
import pl.edu.icm.unity.oauth.as.token.BaseOAuthResource;
import pl.edu.icm.unity.oauth.as.token.ClientCredentialsProcessor;

/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/access/CredentialFlowHandler.class */
class CredentialFlowHandler {
    private static final Logger log = Log.getLogger("unity.server.oauth", CredentialFlowHandler.class);
    private final OAuthASProperties config;
    private final ClientCredentialsProcessor clientGrantProcessor;
    private final OAuthTokenStatisticPublisher statisticPublisher;
    private final AccessTokenFactory accessTokenFactory;
    private final OAuthAccessTokenRepository accessTokensDAO;
    private final ClientAttributesProvider clientAttributesProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialFlowHandler(OAuthASProperties oAuthASProperties, ClientCredentialsProcessor clientCredentialsProcessor, OAuthTokenStatisticPublisher oAuthTokenStatisticPublisher, AccessTokenFactory accessTokenFactory, OAuthAccessTokenRepository oAuthAccessTokenRepository, ClientAttributesProvider clientAttributesProvider) {
        this.config = oAuthASProperties;
        this.clientGrantProcessor = clientCredentialsProcessor;
        this.statisticPublisher = oAuthTokenStatisticPublisher;
        this.accessTokenFactory = accessTokenFactory;
        this.accessTokensDAO = oAuthAccessTokenRepository;
        this.clientAttributesProvider = clientAttributesProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Response handleClientCredentialFlow(String str, String str2) throws EngineException, JsonProcessingException {
        Date date = new Date();
        try {
            OAuthToken processClientFlowRequest = this.clientGrantProcessor.processClientFlowRequest(str);
            AccessToken create = this.accessTokenFactory.create(processClientFlowRequest, date, str2);
            processClientFlowRequest.setAccessToken(create.getValue());
            Date accessTokenExpiration = TokenUtils.getAccessTokenExpiration(this.config, date);
            log.info("Client cred grant: issuing new access token {}, valid until {}", BaseOAuthResource.tokenToLog(create.getValue()), accessTokenExpiration);
            AccessTokenResponse accessTokenResponse = new AccessTokenResponse(new Tokens(create, (RefreshToken) null));
            this.statisticPublisher.reportSuccess(processClientFlowRequest.getClientUsername(), processClientFlowRequest.getClientName(), new EntityParam(Long.valueOf(processClientFlowRequest.getClientId())));
            this.accessTokensDAO.storeAccessToken(create, processClientFlowRequest, new EntityParam(Long.valueOf(processClientFlowRequest.getClientId())), date, accessTokenExpiration);
            return BaseOAuthResource.toResponse(Response.ok(BaseOAuthResource.getResponseContent(accessTokenResponse)));
        } catch (OAuthValidationException e) {
            LoginSession loginSession = InvocationContext.getCurrent().getLoginSession();
            this.statisticPublisher.reportFail((String) loginSession.getAuthenticatedIdentities().iterator().next(), this.clientAttributesProvider.getClientName(new EntityParam(Long.valueOf(loginSession.getEntityId()))));
            return BaseOAuthResource.makeError(OAuth2Error.INVALID_REQUEST, e.getMessage());
        }
    }
}
