package org.wso2.carbon.identity.oauth2.token;

import java.util.Hashtable;
import java.util.Map;
import org.apache.amber.oauth2.common.message.types.GrantType;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.OAuthAppDO;
import org.wso2.carbon.identity.oauth.common.OAuth2ErrorCodes;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.token.handlers.AuthorizationCodeHandler;
import org.wso2.carbon.identity.oauth2.token.handlers.AuthorizationGrantHandler;
import org.wso2.carbon.identity.oauth2.token.handlers.PasswordGrantHandler;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.class */
public class AccessTokenIssuer {
    private Map<String, AuthorizationGrantHandler> authzGrantHandlers = new Hashtable();
    private static AccessTokenIssuer instance;
    private static Log log = LogFactory.getLog(AccessTokenIssuer.class);

    public static AccessTokenIssuer getInstance() throws IdentityOAuth2Exception {
        if (instance == null) {
            synchronized (AccessTokenIssuer.class) {
                if (instance == null) {
                    instance = new AccessTokenIssuer();
                }
            }
        }
        return instance;
    }

    private AccessTokenIssuer() throws IdentityOAuth2Exception {
        this.authzGrantHandlers.put(GrantType.AUTHORIZATION_CODE.toString(), new AuthorizationCodeHandler());
        this.authzGrantHandlers.put(GrantType.PASSWORD.toString(), new PasswordGrantHandler());
    }

    public OAuth2AccessTokenRespDTO issue(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO) throws IdentityException {
        AuthorizationGrantHandler authorizationGrantHandler = this.authzGrantHandlers.get(oAuth2AccessTokenReqDTO.getGrantType());
        OAuthAppDO appInformation = new OAuthAppDAO().getAppInformation(oAuth2AccessTokenReqDTO.getClientId());
        OAuthTokenReqMessageContext oAuthTokenReqMessageContext = new OAuthTokenReqMessageContext(oAuth2AccessTokenReqDTO);
        if (!authorizationGrantHandler.authenticateClient(oAuthTokenReqMessageContext)) {
            log.warn("Client Authentication Failed for client id : " + oAuth2AccessTokenReqDTO.getClientId());
            return handleError(OAuth2ErrorCodes.INVALID_CLIENT, "Client credentials are invalid.", oAuth2AccessTokenReqDTO);
        }
        if (!authorizationGrantHandler.validateGrant(oAuthTokenReqMessageContext)) {
            log.warn("Invalid Grant provided by the client, id : " + oAuth2AccessTokenReqDTO.getClientId());
            return handleError(OAuth2ErrorCodes.INVALID_GRANT, "Provided Authorization Grant is invalid.", oAuth2AccessTokenReqDTO);
        }
        if (!authorizationGrantHandler.authorizeAccessDelegation(oAuthTokenReqMessageContext)) {
            log.warn("Resource owner is not authorized to grant access, client id : " + oAuth2AccessTokenReqDTO.getClientId());
            return handleError(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Unauthorized Client!", oAuth2AccessTokenReqDTO);
        }
        if (!authorizationGrantHandler.validateScope(oAuthTokenReqMessageContext)) {
            log.warn("Invalid Scope provided. client id : " + oAuth2AccessTokenReqDTO.getClientId());
            return handleError(OAuth2ErrorCodes.INVALID_SCOPE, "Invalid Scope!", oAuth2AccessTokenReqDTO);
        }
        OAuth2AccessTokenRespDTO issue = authorizationGrantHandler.issue(oAuthTokenReqMessageContext);
        issue.setCallbackURI(appInformation.getCallbackUrl());
        return issue;
    }

    private OAuth2AccessTokenRespDTO handleError(String str, String str2, OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO) {
        if (log.isDebugEnabled()) {
            log.debug("OAuth Error Code : " + str + ", client id : " + oAuth2AccessTokenReqDTO.getClientId() + ", Grant Type : " + oAuth2AccessTokenReqDTO.getGrantType() + ", Scope : " + OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope()));
        }
        OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO = new OAuth2AccessTokenRespDTO();
        oAuth2AccessTokenRespDTO.setError(true);
        oAuth2AccessTokenRespDTO.setErrorCode(str);
        oAuth2AccessTokenRespDTO.setErrorMsg(str2);
        return oAuth2AccessTokenRespDTO;
    }
}
