package org.wso2.carbon.identity.oauth.ui.endpoints.token;

import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.amber.oauth2.as.response.OAuthASResponse;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.amber.oauth2.common.message.OAuthResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.common.CarbonOAuthTokenRequest;
import org.wso2.carbon.identity.oauth.ui.OAuthClientException;
import org.wso2.carbon.identity.oauth.ui.OAuthConstants;
import org.wso2.carbon.identity.oauth.ui.util.OAuthUIUtil;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.stub.types.ResponseHeader;

@Path("/")
/* loaded from: input_file:org/wso2/carbon/identity/oauth/ui/endpoints/token/OAuth2TokenEndpoint.class */
public class OAuth2TokenEndpoint {
    private static Log log = LogFactory.getLog(OAuth2TokenEndpoint.class);

    @Path("/")
    @Consumes({"application/x-www-form-urlencoded"})
    @POST
    @Produces({"application/json"})
    public Response issueAccessToken(@Context HttpServletRequest httpServletRequest, MultivaluedMap<String, String> multivaluedMap) throws OAuthSystemException {
        OAuthRequestWrapper oAuthRequestWrapper = new OAuthRequestWrapper(httpServletRequest, multivaluedMap);
        if (log.isDebugEnabled()) {
            logAccessTokenRequest(oAuthRequestWrapper);
        }
        boolean z = false;
        if (httpServletRequest.getHeader(OAuthConstants.HTTP_REQ_HEADER_AUTHZ) != null) {
            try {
                String[] extractCredentialsFromAuthzHeader = OAuthUIUtil.extractCredentialsFromAuthzHeader(httpServletRequest.getHeader(OAuthConstants.HTTP_REQ_HEADER_AUTHZ));
                if (multivaluedMap.containsKey("client_id") && multivaluedMap.containsKey("client_secret")) {
                    return handleBasicAuthFailure();
                }
                multivaluedMap.add("client_id", extractCredentialsFromAuthzHeader[0]);
                multivaluedMap.add("client_secret", extractCredentialsFromAuthzHeader[1]);
                z = true;
                log.debug("HTTP Authorization Header is available which will take precedence over the client credentials available as request parameters.");
            } catch (OAuthClientException e) {
                return handleBasicAuthFailure();
            }
        }
        try {
            OAuth2AccessTokenRespDTO accessToken = new OAuth2TokenClient().getAccessToken(new CarbonOAuthTokenRequest(oAuthRequestWrapper));
            if (accessToken.getError()) {
                if (z && "invalid_client".equals(accessToken.getErrorCode())) {
                    return handleBasicAuthFailure();
                }
                OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(400).setError(accessToken.getErrorCode()).setErrorDescription(accessToken.getErrorMsg()).buildJSONMessage();
                return Response.status(buildJSONMessage.getResponseStatus()).entity(buildJSONMessage.getBody()).build();
            }
            OAuthResponse buildJSONMessage2 = OAuthASResponse.tokenResponse(200).setAccessToken(accessToken.getAccessToken()).setRefreshToken(accessToken.getRefreshToken()).setExpiresIn(Long.toString(accessToken.getExpiresIn())).setTokenType("bearer").buildJSONMessage();
            ResponseHeader[] respHeaders = accessToken.getRespHeaders();
            Response.ResponseBuilder header = Response.status(buildJSONMessage2.getResponseStatus()).header(OAuthConstants.HTTP_RESP_HEADER_CACHE_CONTROL, OAuthConstants.HTTP_RESP_HEADER_VAL_CACHE_CONTROL_NO_STORE).header(OAuthConstants.HTTP_RESP_HEADER_PRAGMA, OAuthConstants.HTTP_RESP_HEADER_VAL_PRAGMA_NO_CACHE);
            if (respHeaders != null && respHeaders.length > 0) {
                for (int i = 0; i < respHeaders.length; i++) {
                    if (respHeaders[i] != null) {
                        header.header(respHeaders[i].getKey(), respHeaders[i].getValue());
                    }
                }
            }
            return header.entity(buildJSONMessage2.getBody()).build();
        } catch (OAuthProblemException e2) {
            log.debug(e2.getError());
            OAuthResponse buildJSONMessage3 = OAuthASResponse.errorResponse(400).error(e2).buildJSONMessage();
            return Response.status(buildJSONMessage3.getResponseStatus()).entity(buildJSONMessage3.getBody()).build();
        } catch (OAuthClientException e3) {
            OAuthResponse buildJSONMessage4 = OAuthASResponse.errorResponse(500).setError("server_error").setErrorDescription(e3.getMessage()).buildJSONMessage();
            return Response.status(buildJSONMessage4.getResponseStatus()).entity(buildJSONMessage4.getBody()).build();
        }
    }

    private Response handleBasicAuthFailure() throws OAuthSystemException {
        OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(401).setError("invalid_client").setErrorDescription("Client Authentication was failed.").buildJSONMessage();
        return Response.status(buildJSONMessage.getResponseStatus()).header(OAuthConstants.HTTP_RESP_HEADER_AUTHENTICATE, OAuthUIUtil.getRealmInfo()).entity(buildJSONMessage.getBody()).build();
    }

    private void logAccessTokenRequest(HttpServletRequest httpServletRequest) {
        log.debug("Received a request : " + httpServletRequest.getRequestURI());
        log.debug("----------logging request headers.----------");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                log.debug(str + " : " + headers.nextElement());
            }
        }
        log.debug("----------logging request parameters.----------");
        log.debug("grant_type - " + httpServletRequest.getParameter("grant_type"));
        log.debug("client_id - " + httpServletRequest.getParameter("client_id"));
        log.debug("code - " + httpServletRequest.getParameter("code"));
        log.debug("redirect_uri - " + httpServletRequest.getParameter("redirect_uri"));
    }
}
