package org.apache.cxf.rs.security.oauth2.services;

import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.http.HttpHeaders;

@Path("/token")
/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/services/AccessTokenService.class */
public class AccessTokenService extends AbstractTokenService {
    private List<AccessTokenGrantHandler> grantHandlers = new LinkedList();
    private List<AccessTokenResponseFilter> responseHandlers = new LinkedList();

    public void setGrantHandlers(List<AccessTokenGrantHandler> list) {
        this.grantHandlers = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.rs.security.oauth2.services.AbstractOAuthService
    public void injectContextIntoOAuthProviders() {
        super.injectContextIntoOAuthProviders();
        Iterator<AccessTokenGrantHandler> it = this.grantHandlers.iterator();
        while (it.hasNext()) {
            OAuthUtils.injectContextIntoOAuthProvider(getMessageContext(), it.next());
        }
    }

    public void setGrantHandler(AccessTokenGrantHandler accessTokenGrantHandler) {
        setGrantHandlers(Collections.singletonList(accessTokenGrantHandler));
    }

    public void setResponseFilters(List<AccessTokenResponseFilter> list) {
        this.responseHandlers = list;
    }

    public void setResponseFilter(AccessTokenResponseFilter accessTokenResponseFilter) {
        this.responseHandlers.add(accessTokenResponseFilter);
    }

    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @Consumes({"application/x-www-form-urlencoded"})
    public Response handleTokenRequest(MultivaluedMap<String, String> multivaluedMap) {
        Client authenticateClientIfNeeded = authenticateClientIfNeeded(multivaluedMap);
        if (!OAuthUtils.isGrantSupportedForClient(authenticateClientIfNeeded, isCanSupportPublicClients(), multivaluedMap.getFirst(OAuthConstants.GRANT_TYPE))) {
            LOG.log(Level.FINE, "The grant type {} is not supported for the client", multivaluedMap.getFirst(OAuthConstants.GRANT_TYPE));
            return createErrorResponse(multivaluedMap, OAuthConstants.UNAUTHORIZED_CLIENT);
        }
        try {
            checkAudience(authenticateClientIfNeeded, multivaluedMap);
            AccessTokenGrantHandler findGrantHandler = findGrantHandler(multivaluedMap);
            if (findGrantHandler == null) {
                LOG.fine("No Grant Handler found");
                return createErrorResponse(multivaluedMap, OAuthConstants.UNSUPPORTED_GRANT_TYPE);
            }
            try {
                ServerAccessToken createAccessToken = findGrantHandler.createAccessToken(authenticateClientIfNeeded, multivaluedMap);
                if (createAccessToken == null) {
                    LOG.fine("No access token was created");
                    return createErrorResponse(multivaluedMap, OAuthConstants.INVALID_GRANT);
                }
                ClientAccessToken clientAccessToken = OAuthUtils.toClientAccessToken(createAccessToken, isWriteOptionalParameters());
                processClientAccessToken(clientAccessToken, createAccessToken);
                return Response.ok(clientAccessToken).header("Cache-Control", "no-store").header(HttpHeaders.PRAGMA, "no-cache").build();
            } catch (WebApplicationException e) {
                throw e;
            } catch (RuntimeException e2) {
                LOG.log(Level.FINE, "Error creating the access token", (Throwable) e2);
                return handleException(e2 instanceof OAuthServiceException ? (OAuthServiceException) e2 : new OAuthServiceException(e2), OAuthConstants.INVALID_GRANT);
            }
        } catch (OAuthServiceException e3) {
            return super.createErrorResponseFromBean(e3.getError());
        }
    }

    protected void processClientAccessToken(ClientAccessToken clientAccessToken, ServerAccessToken serverAccessToken) {
        Iterator<AccessTokenResponseFilter> it = this.responseHandlers.iterator();
        while (it.hasNext()) {
            it.next().process(clientAccessToken, serverAccessToken);
        }
    }

    protected void checkAudience(Client client, MultivaluedMap<String, String> multivaluedMap) {
        String first = multivaluedMap.getFirst(OAuthConstants.CLIENT_AUDIENCE);
        if (OAuthUtils.validateAudience(first, client.getRegisteredAudiences())) {
            return;
        }
        LOG.log(Level.FINE, "Error validating the audience parameter. Supplied audience {0} does not match with the registered audiences {1}", new Object[]{first, client.getRegisteredAudiences()});
        throw new OAuthServiceException(new OAuthError(OAuthConstants.ACCESS_DENIED));
    }

    protected AccessTokenGrantHandler findGrantHandler(MultivaluedMap<String, String> multivaluedMap) {
        String first = multivaluedMap.getFirst(OAuthConstants.GRANT_TYPE);
        if (first == null) {
            return null;
        }
        for (AccessTokenGrantHandler accessTokenGrantHandler : this.grantHandlers) {
            if (accessTokenGrantHandler.getSupportedGrantTypes().contains(first)) {
                return accessTokenGrantHandler;
            }
        }
        if (!(super.getDataProvider() instanceof AuthorizationCodeDataProvider)) {
            return null;
        }
        AuthorizationCodeGrantHandler authorizationCodeGrantHandler = new AuthorizationCodeGrantHandler();
        if (!authorizationCodeGrantHandler.getSupportedGrantTypes().contains(first)) {
            return null;
        }
        authorizationCodeGrantHandler.setDataProvider(super.getDataProvider());
        return authorizationCodeGrantHandler;
    }
}
