package org.apache.cxf.rs.security.oauth2.services;

import java.util.List;
import javax.ws.rs.Path;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OOBAuthorizationResponse;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.provider.OOBResponseDeliverer;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;

@Path("/authorize")
/* loaded from: input_file:WEB-INF/lib/cxf-bundle-2.7.18.jar:org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.class */
public class AuthorizationCodeGrantService extends RedirectionBasedGrantService {
    private boolean canSupportPublicClients;
    private OOBResponseDeliverer oobDeliverer;

    public AuthorizationCodeGrantService() {
        super("code", OAuthConstants.AUTHORIZATION_CODE_GRANT);
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected Response createGrant(MultivaluedMap<String, String> multivaluedMap, Client client, String str, List<String> list, List<String> list2, UserSubject userSubject, ServerAccessToken serverAccessToken) {
        AuthorizationCodeRegistration authorizationCodeRegistration = new AuthorizationCodeRegistration();
        authorizationCodeRegistration.setClient(client);
        authorizationCodeRegistration.setRedirectUri(str);
        authorizationCodeRegistration.setRequestedScope(list);
        authorizationCodeRegistration.setApprovedScope(list2);
        authorizationCodeRegistration.setSubject(userSubject);
        authorizationCodeRegistration.setAudience(multivaluedMap.getFirst(OAuthConstants.CLIENT_AUDIENCE));
        authorizationCodeRegistration.setTempClientSecretHash(multivaluedMap.getFirst(OAuthConstants.TEMP_CLIENT_SECRET_HASH));
        try {
            ServerAuthorizationCodeGrant createCodeGrant = ((AuthorizationCodeDataProvider) getDataProvider()).createCodeGrant(authorizationCodeRegistration);
            if (str != null) {
                UriBuilder redirectUriBuilder = getRedirectUriBuilder(multivaluedMap.getFirst("state"), str);
                redirectUriBuilder.queryParam("code", createCodeGrant.getCode());
                return Response.seeOther(redirectUriBuilder.build(new Object[0])).build();
            }
            OOBAuthorizationResponse oOBAuthorizationResponse = new OOBAuthorizationResponse();
            oOBAuthorizationResponse.setClientId(client.getClientId());
            oOBAuthorizationResponse.setAuthorizationCode(createCodeGrant.getCode());
            oOBAuthorizationResponse.setUserId(userSubject.getLogin());
            oOBAuthorizationResponse.setLifetime(createCodeGrant.getLifetime());
            return deliverOOBResponse(oOBAuthorizationResponse);
        } catch (OAuthServiceException e) {
            return createErrorResponse(multivaluedMap, str, OAuthConstants.ACCESS_DENIED);
        }
    }

    protected Response deliverOOBResponse(OOBAuthorizationResponse oOBAuthorizationResponse) {
        return this.oobDeliverer != null ? this.oobDeliverer.deliver(oOBAuthorizationResponse) : Response.ok(oOBAuthorizationResponse).type("text/html").build();
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected Response createErrorResponse(MultivaluedMap<String, String> multivaluedMap, String str, String str2) {
        if (str == null) {
            return Response.status(401).entity(str2).build();
        }
        UriBuilder redirectUriBuilder = getRedirectUriBuilder(multivaluedMap.getFirst("state"), str);
        redirectUriBuilder.queryParam(OAuthConstants.ERROR_KEY, str2);
        return Response.seeOther(redirectUriBuilder.build(new Object[0])).build();
    }

    protected UriBuilder getRedirectUriBuilder(String str, String str2) {
        UriBuilder fromUri = UriBuilder.fromUri(str2);
        if (str != null) {
            fromUri.queryParam("state", str);
        }
        return fromUri;
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected boolean canSupportPublicClient(Client client) {
        return this.canSupportPublicClients && !client.isConfidential() && client.getClientSecret() == null;
    }

    @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
    protected boolean canRedirectUriBeEmpty(Client client) {
        return canSupportPublicClient(client) && client.getRedirectUris().isEmpty();
    }

    public void setCanSupportPublicClients(boolean z) {
        this.canSupportPublicClients = z;
    }
}
