package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Set;
import java.util.TreeSet;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.ticket.OAuth20Token;
import org.apereo.cas.util.function.FunctionUtils;
import org.pac4j.core.context.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.6.10.jar:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenAuthorizationCodeGrantRequestExtractor.class */
public class AccessTokenAuthorizationCodeGrantRequestExtractor extends BaseAccessTokenGrantRequestExtractor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AccessTokenAuthorizationCodeGrantRequestExtractor.class);

    public AccessTokenAuthorizationCodeGrantRequestExtractor(OAuth20ConfigurationContext oAuth20ConfigurationContext) {
        super(oAuth20ConfigurationContext);
    }

    protected static boolean isAllowedToGenerateRefreshToken() {
        return true;
    }

    /* JADX WARN: Type inference failed for: r0v32, types: [org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext$AccessTokenRequestContextBuilder] */
    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.BaseAccessTokenGrantRequestExtractor
    public AccessTokenRequestContext extractRequest(WebContext webContext) {
        LOGGER.debug("OAuth grant type is [{}]", getConfigurationContext().getRequestParameterResolver().resolveRequestParameter(webContext, "grant_type"));
        String registeredServiceIdentifierFromRequest = getRegisteredServiceIdentifierFromRequest(webContext);
        OAuthRegisteredService oAuthRegisteredServiceBy = getOAuthRegisteredServiceBy(webContext);
        FunctionUtils.throwIf(oAuthRegisteredServiceBy == null, () -> {
            return new UnauthorizedServiceException("Unable to locate service in registry for redirect URI " + registeredServiceIdentifierFromRequest);
        });
        Set<String> resolveRequestScopes = getConfigurationContext().getRequestParameterResolver().resolveRequestScopes(webContext);
        LOGGER.debug("Requested scopes are [{}]", resolveRequestScopes);
        OAuth20Token oAuthTokenFromRequest = getOAuthTokenFromRequest(webContext);
        ensureTicketGrantingTicketIsNotExpired(oAuthTokenFromRequest);
        Set<String> extractRequestedScopesByToken = extractRequestedScopesByToken(resolveRequestScopes, oAuthTokenFromRequest, webContext);
        return extractInternal(webContext, AccessTokenRequestContext.builder().scopes(extractRequestedScopesByToken).service(getConfigurationContext().getWebApplicationServiceServiceFactory().createService(registeredServiceIdentifierFromRequest)).authentication(oAuthTokenFromRequest.getAuthentication()).registeredService(oAuthRegisteredServiceBy).grantType(getGrantType()).generateRefreshToken(isAllowedToGenerateRefreshToken() && oAuthRegisteredServiceBy.isGenerateRefreshToken()).token(oAuthTokenFromRequest).claims(oAuthTokenFromRequest.getClaims()).ticketGrantingTicket(oAuthTokenFromRequest.getTicketGrantingTicket()));
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean supports(WebContext webContext) {
        return OAuth20Utils.isGrantType(getConfigurationContext().getRequestParameterResolver().resolveRequestParameter(webContext, "grant_type").orElse(""), getGrantType());
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20GrantTypes getGrantType() {
        return OAuth20GrantTypes.AUTHORIZATION_CODE;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20ResponseTypes getResponseType() {
        return OAuth20ResponseTypes.NONE;
    }

    protected boolean ensureTicketGrantingTicketIsNotExpired(OAuth20Token oAuth20Token) {
        return oAuth20Token.isCode() && getConfigurationContext().getTicketRegistry().getTicket(oAuth20Token.getTicketGrantingTicket().getId()) != null;
    }

    protected Set<String> extractRequestedScopesByToken(Set<String> set, OAuth20Token oAuth20Token, WebContext webContext) {
        TreeSet treeSet = new TreeSet(set);
        treeSet.addAll(oAuth20Token.getScopes());
        return treeSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessTokenRequestContext extractInternal(WebContext webContext, AccessTokenRequestContext.AccessTokenRequestContextBuilder accessTokenRequestContextBuilder) {
        return accessTokenRequestContextBuilder.build();
    }

    protected String getRegisteredServiceIdentifierFromRequest(WebContext webContext) {
        return getConfigurationContext().getRequestParameterResolver().resolveRequestParameter(webContext, "redirect_uri").orElse("");
    }

    protected String getOAuthParameterName() {
        return "code";
    }

    protected String getOAuthParameter(WebContext webContext) {
        return getConfigurationContext().getRequestParameterResolver().resolveRequestParameter(webContext, getOAuthParameterName()).orElse("");
    }

    protected OAuth20Token getOAuthTokenFromRequest(WebContext webContext) {
        return (OAuth20Token) getConfigurationContext().getTicketRegistry().getTicket(getOAuthParameter(webContext), OAuth20Token.class);
    }

    protected OAuthRegisteredService getOAuthRegisteredServiceBy(WebContext webContext) {
        String left = getConfigurationContext().getRequestParameterResolver().resolveClientIdAndClientSecret(webContext, getConfigurationContext().getSessionStore()).getLeft();
        String registeredServiceIdentifierFromRequest = getRegisteredServiceIdentifierFromRequest(webContext);
        OAuthRegisteredService registeredOAuthServiceByClientId = StringUtils.isNotBlank(left) ? OAuth20Utils.getRegisteredOAuthServiceByClientId(getConfigurationContext().getServicesManager(), left) : OAuth20Utils.getRegisteredOAuthServiceByRedirectUri(getConfigurationContext().getServicesManager(), registeredServiceIdentifierFromRequest);
        FunctionUtils.doIf(registeredOAuthServiceByClientId == null, obj -> {
            LOGGER.warn("Unable to locate registered service for clientId [{}] or redirectUri [{}]", left, registeredServiceIdentifierFromRequest);
        }, obj2 -> {
            LOGGER.debug("Located registered service [{}]", registeredOAuthServiceByClientId);
        }).accept(registeredOAuthServiceByClientId);
        return registeredOAuthServiceByClientId;
    }
}
