package org.wso2.carbon.identity.oauth.endpoint.token;

import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.amber.oauth2.as.response.OAuthASResponse;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.amber.oauth2.common.message.OAuthResponse;
import org.apache.amber.oauth2.common.message.types.GrantType;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.oauth.common.CarbonOAuthTokenRequest;
import org.wso2.carbon.identity.oauth.common.exception.OAuthClientException;
import org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper;
import org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil;
import org.wso2.carbon.identity.oauth2.ResponseHeader;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;

@Path("/token")
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.class */
public class OAuth2TokenEndpoint {
    private static Log log = LogFactory.getLog(OAuth2TokenEndpoint.class);

    @Path("/")
    @Consumes({"application/x-www-form-urlencoded"})
    @POST
    @Produces({"application/json"})
    public Response issueAccessToken(@Context HttpServletRequest httpServletRequest, MultivaluedMap<String, String> multivaluedMap) throws OAuthSystemException {
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(-1234);
            threadLocalCarbonContext.setTenantDomain("carbon.super");
            OAuthRequestWrapper oAuthRequestWrapper = new OAuthRequestWrapper(httpServletRequest, multivaluedMap);
            if (log.isDebugEnabled()) {
                logAccessTokenRequest(oAuthRequestWrapper);
            }
            if (httpServletRequest.getHeader("Authorization") != null) {
                try {
                    String[] extractCredentialsFromAuthzHeader = EndpointUtil.extractCredentialsFromAuthzHeader(httpServletRequest.getHeader("Authorization"));
                    if (multivaluedMap.containsKey("client_id") && multivaluedMap.containsKey("client_secret")) {
                        Response handleBasicAuthFailure = handleBasicAuthFailure();
                        PrivilegedCarbonContext.endTenantFlow();
                        return handleBasicAuthFailure;
                    }
                    multivaluedMap.add("client_id", extractCredentialsFromAuthzHeader[0]);
                    multivaluedMap.add("client_secret", extractCredentialsFromAuthzHeader[1]);
                } catch (OAuthClientException e) {
                    Response handleBasicAuthFailure2 = handleBasicAuthFailure();
                    PrivilegedCarbonContext.endTenantFlow();
                    return handleBasicAuthFailure2;
                }
            }
            try {
                OAuth2AccessTokenRespDTO accessToken = getAccessToken(new CarbonOAuthTokenRequest(oAuthRequestWrapper));
                if (accessToken.getErrorMsg() != null) {
                    if ("invalid_client".equals(accessToken.getErrorCode())) {
                        Response handleBasicAuthFailure3 = handleBasicAuthFailure();
                        PrivilegedCarbonContext.endTenantFlow();
                        return handleBasicAuthFailure3;
                    }
                    OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(400).setError(accessToken.getErrorCode()).setErrorDescription(accessToken.getErrorMsg()).buildJSONMessage();
                    Response build = Response.status(buildJSONMessage.getResponseStatus()).entity(buildJSONMessage.getBody()).build();
                    PrivilegedCarbonContext.endTenantFlow();
                    return build;
                }
                OAuthASResponse.OAuthTokenResponseBuilder tokenType = OAuthASResponse.tokenResponse(200).setAccessToken(accessToken.getAccessToken()).setRefreshToken(accessToken.getRefreshToken()).setExpiresIn(Long.toString(accessToken.getExpiresIn())).setTokenType("bearer");
                if (accessToken.getIDToken() != null) {
                    tokenType.setParam("id_token", accessToken.getIDToken());
                }
                OAuthResponse buildJSONMessage2 = tokenType.buildJSONMessage();
                ResponseHeader[] responseHeaders = accessToken.getResponseHeaders();
                Response.ResponseBuilder header = Response.status(buildJSONMessage2.getResponseStatus()).header("Cache-Control", "no-store").header("Pragma", "no-cache");
                if (responseHeaders != null && responseHeaders.length > 0) {
                    for (int i = 0; i < responseHeaders.length; i++) {
                        if (responseHeaders[i] != null) {
                            header.header(responseHeaders[i].getKey(), responseHeaders[i].getValue());
                        }
                    }
                }
                Response build2 = header.entity(buildJSONMessage2.getBody()).build();
                PrivilegedCarbonContext.endTenantFlow();
                return build2;
            } catch (OAuthClientException e2) {
                OAuthResponse buildJSONMessage3 = OAuthASResponse.errorResponse(500).setError("server_error").setErrorDescription(e2.getMessage()).buildJSONMessage();
                Response build3 = Response.status(buildJSONMessage3.getResponseStatus()).entity(buildJSONMessage3.getBody()).build();
                PrivilegedCarbonContext.endTenantFlow();
                return build3;
            } catch (OAuthProblemException e3) {
                log.debug(e3.getError());
                OAuthResponse buildJSONMessage4 = OAuthASResponse.errorResponse(400).error(e3).buildJSONMessage();
                Response build4 = Response.status(buildJSONMessage4.getResponseStatus()).entity(buildJSONMessage4.getBody()).build();
                PrivilegedCarbonContext.endTenantFlow();
                return build4;
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    private Response handleBasicAuthFailure() throws OAuthSystemException {
        OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(401).setError("invalid_client").setErrorDescription("Client Authentication failed.").buildJSONMessage();
        return Response.status(buildJSONMessage.getResponseStatus()).header("WWW-Authenticate", EndpointUtil.getRealmInfo()).entity(buildJSONMessage.getBody()).build();
    }

    private void logAccessTokenRequest(HttpServletRequest httpServletRequest) {
        log.debug("Received a request : " + httpServletRequest.getRequestURI());
        log.debug("----------logging request headers.----------");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                log.debug(str + " : " + headers.nextElement());
            }
        }
        log.debug("----------logging request parameters.----------");
        log.debug("grant_type - " + httpServletRequest.getParameter("grant_type"));
        log.debug("client_id - " + httpServletRequest.getParameter("client_id"));
        log.debug("code - " + httpServletRequest.getParameter("code"));
        log.debug("redirect_uri - " + httpServletRequest.getParameter("redirect_uri"));
    }

    private OAuth2AccessTokenRespDTO getAccessToken(CarbonOAuthTokenRequest carbonOAuthTokenRequest) throws OAuthClientException {
        OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = new OAuth2AccessTokenReqDTO();
        String grantType = carbonOAuthTokenRequest.getGrantType();
        oAuth2AccessTokenReqDTO.setGrantType(grantType);
        oAuth2AccessTokenReqDTO.setClientId(carbonOAuthTokenRequest.getClientId());
        oAuth2AccessTokenReqDTO.setClientSecret(carbonOAuthTokenRequest.getClientSecret());
        oAuth2AccessTokenReqDTO.setCallbackURI(carbonOAuthTokenRequest.getRedirectURI());
        oAuth2AccessTokenReqDTO.setScope((String[]) carbonOAuthTokenRequest.getScopes().toArray(new String[carbonOAuthTokenRequest.getScopes().size()]));
        if (GrantType.AUTHORIZATION_CODE.toString().equals(grantType)) {
            oAuth2AccessTokenReqDTO.setAuthorizationCode(carbonOAuthTokenRequest.getCode());
        } else if (GrantType.PASSWORD.toString().equals(grantType)) {
            oAuth2AccessTokenReqDTO.setResourceOwnerUsername(carbonOAuthTokenRequest.getUsername().toLowerCase());
            oAuth2AccessTokenReqDTO.setResourceOwnerPassword(carbonOAuthTokenRequest.getPassword());
        } else if (GrantType.REFRESH_TOKEN.toString().equals(grantType)) {
            oAuth2AccessTokenReqDTO.setRefreshToken(carbonOAuthTokenRequest.getRefreshToken());
        } else if (org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString().equals(grantType)) {
            oAuth2AccessTokenReqDTO.setAssertion(carbonOAuthTokenRequest.getAssertion());
            oAuth2AccessTokenReqDTO.setIdp(carbonOAuthTokenRequest.getIdP());
        }
        return EndpointUtil.getOAuth2Service().issueAccessToken(oAuth2AccessTokenReqDTO);
    }
}
