package com.predic8.membrane.core.interceptor.oauth2.request.tokenrequest;

import com.bornium.security.oauth2openid.Constants;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.MimeType;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.oauth2.ClaimRenamer;
import com.predic8.membrane.core.interceptor.oauth2.Client;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.oauth2.parameter.ClaimsParameter;
import com.predic8.membrane.core.interceptor.oauth2.request.NoResponse;
import com.predic8.membrane.core.interceptor.oauth2.tokengenerators.JwtGenerator;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import org.codehaus.groovy.syntax.Types;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.3.3.jar:com/predic8/membrane/core/interceptor/oauth2/request/tokenrequest/PasswordFlow.class */
public class PasswordFlow extends TokenRequest {
    public PasswordFlow(OAuth2AuthorizationServerInterceptor oAuth2AuthorizationServerInterceptor, Exchange exchange) throws Exception {
        super(oAuth2AuthorizationServerInterceptor, exchange);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response checkForMissingParameters() throws Exception {
        return (getGrantType() == null || getUsername() == null || getPassword() == null || getClientId() == null || getClientSecret() == null) ? OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_INVALID_REQUEST) : new NoResponse();
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response processWithParameters() throws Exception {
        Client client;
        if (!verifyClientThroughParams()) {
            return OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, "unauthorized_client");
        }
        Map<String, String> verifyUserThroughParams = verifyUserThroughParams();
        if (verifyUserThroughParams == null) {
            return OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_ACCESS_DENIED);
        }
        this.scope = getScope();
        this.token = createTokenForVerifiedUserAndClient();
        this.refreshToken = this.authServer.getRefreshTokenGenerator().getToken(getUsername(), getClientId(), getClientSecret());
        SessionManager.Session createSessionForAuthorizedUserWithParams = createSessionForAuthorizedUserWithParams();
        synchronized (createSessionForAuthorizedUserWithParams) {
            createSessionForAuthorizedUserWithParams.getUserAttributes().put("access_token", this.token);
            createSessionForAuthorizedUserWithParams.getUserAttributes().putAll(verifyUserThroughParams);
        }
        this.authServer.getSessionFinder().addSessionForToken(this.token, createSessionForAuthorizedUserWithParams);
        try {
            synchronized (this.authServer.getClientList()) {
                client = this.authServer.getClientList().getClient(getClientId());
            }
            if (!client.getGrantTypes().contains(getGrantType())) {
                return OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, "invalid_grant_type");
            }
            this.refreshToken = this.authServer.getRefreshTokenGenerator().getToken(client.getClientId(), client.getClientId(), client.getClientSecret());
            if (this.authServer.isIssueNonSpecIdTokens() && OAuth2Util.isOpenIdScope(this.scope)) {
                this.idToken = createSignedIdToken(createSessionForAuthorizedUserWithParams, client.getClientId(), client);
            }
            this.exc.setResponse(getEarlyResponse());
            return new NoResponse();
        } catch (Exception e) {
            return OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_INVALID_CLIENT);
        }
    }

    private JwtGenerator.Claim[] getValidIdTokenClaims(SessionManager.Session session) {
        ClaimsParameter claimsParameter = new ClaimsParameter(this.authServer.getClaimList().getSupportedClaims(), session.getUserAttributes().get("claims"));
        ArrayList arrayList = new ArrayList();
        if (claimsParameter.hasClaims()) {
            Iterator<String> it = claimsParameter.getIdTokenClaims().iterator();
            while (it.hasNext()) {
                String next = it.next();
                arrayList.add(new JwtGenerator.Claim(next, session.getUserAttributes().get(ClaimRenamer.convert(next))));
            }
        }
        return (JwtGenerator.Claim[]) arrayList.toArray(new JwtGenerator.Claim[0]);
    }

    private String createSignedIdToken(SessionManager.Session session, String str, Client client) throws JoseException {
        return getSignedIdToken(str, client, getValidIdTokenClaims(session));
    }

    private String getSignedIdToken(String str, Client client, JwtGenerator.Claim... claimArr) throws JoseException {
        return this.authServer.getJwtGenerator().getSignedIdToken(this.authServer.getIssuer(), str, client.getClientId(), Types.KEYWORD_VOID, claimArr);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response getResponse() throws Exception {
        return this.exc.getResponse();
    }

    private Response getEarlyResponse() throws IOException {
        return Response.ok().body(getTokenJSONResponse()).contentType(MimeType.APPLICATION_JSON_UTF8).dontCache().build();
    }
}
