package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Set;
import java.util.TreeSet;
import lombok.Generated;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.ticket.OAuth20Token;
import org.apereo.cas.ticket.OAuth20UnauthorizedScopeRequestException;
import org.pac4j.core.context.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.5.5.jar:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenRefreshTokenGrantRequestExtractor.class */
public class AccessTokenRefreshTokenGrantRequestExtractor extends AccessTokenAuthorizationCodeGrantRequestExtractor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AccessTokenRefreshTokenGrantRequestExtractor.class);

    public AccessTokenRefreshTokenGrantRequestExtractor(OAuth20ConfigurationContext oAuth20ConfigurationContext) {
        super(oAuth20ConfigurationContext);
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor, org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean supports(WebContext webContext) {
        return OAuth20Utils.isGrantType(OAuth20Utils.getRequestParameter(webContext, "grant_type").orElse(""), getGrantType());
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor, org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20GrantTypes getGrantType() {
        return OAuth20GrantTypes.REFRESH_TOKEN;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor
    protected String getOAuthParameterName() {
        return "refresh_token";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor
    public AccessTokenRequestContext extractInternal(WebContext webContext, AccessTokenRequestContext.AccessTokenRequestContextBuilder accessTokenRequestContextBuilder) {
        OAuthRegisteredService oAuthRegisteredServiceBy = getOAuthRegisteredServiceBy(webContext);
        if (oAuthRegisteredServiceBy == null) {
            throw new UnauthorizedServiceException("Unable to locate service in registry ");
        }
        boolean z = oAuthRegisteredServiceBy.isGenerateRefreshToken() && oAuthRegisteredServiceBy.isRenewRefreshToken();
        accessTokenRequestContextBuilder.generateRefreshToken(z);
        accessTokenRequestContextBuilder.expireOldRefreshToken(z);
        return super.extractInternal(webContext, accessTokenRequestContextBuilder);
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor
    protected OAuthRegisteredService getOAuthRegisteredServiceBy(WebContext webContext) {
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(getOAuthConfigurationContext().getServicesManager(), getRegisteredServiceIdentifierFromRequest(webContext));
        LOGGER.debug("Located registered service [{}]", registeredOAuthServiceByClientId);
        return registeredOAuthServiceByClientId;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor
    protected String getRegisteredServiceIdentifierFromRequest(WebContext webContext) {
        return OAuth20Utils.getClientIdAndClientSecret(webContext, getOAuthConfigurationContext().getSessionStore()).getLeft();
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor
    protected Set<String> extractRequestedScopesByToken(Set<String> set, OAuth20Token oAuth20Token, WebContext webContext) {
        if (set.isEmpty() || set.equals(oAuth20Token.getScopes())) {
            return new TreeSet(oAuth20Token.getScopes());
        }
        LOGGER.error("Requested scopes [{}] exceed the granted scopes [{}] for token [{}]", set, oAuth20Token.getScopes(), oAuth20Token.getId());
        throw new OAuth20UnauthorizedScopeRequestException(oAuth20Token.getId());
    }
}
