package org.xwiki.contrib.oidc.provider.internal.endpoint;

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.Response;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.contrib.oidc.provider.internal.OIDCManager;
import org.xwiki.contrib.oidc.provider.internal.OIDCResourceReference;
import org.xwiki.contrib.oidc.provider.internal.store.OIDCConsent;
import org.xwiki.contrib.oidc.provider.internal.store.OIDCStore;

@Singleton
@Component
@Named(TokenOIDCEndpoint.HINT)
/* loaded from: input_file:org/xwiki/contrib/oidc/provider/internal/endpoint/TokenOIDCEndpoint.class */
public class TokenOIDCEndpoint implements OIDCEndpoint {
    public static final String HINT = "token";

    @Inject
    private OIDCStore store;

    @Inject
    private OIDCManager manager;

    @Inject
    private Logger logger;

    @Override // org.xwiki.contrib.oidc.provider.internal.endpoint.OIDCEndpoint
    public Response handle(HTTPRequest hTTPRequest, OIDCResourceReference oIDCResourceReference) throws Exception {
        this.logger.debug("OIDC: Entering [token] endpoint");
        TokenRequest parse = TokenRequest.parse(hTTPRequest);
        AuthorizationCodeGrant authorizationGrant = parse.getAuthorizationGrant();
        ClientID clientID = parse.getClientID();
        ClientAuthentication clientAuthentication = parse.getClientAuthentication();
        if (clientAuthentication != null) {
            clientID = clientAuthentication.getClientID();
        }
        if (authorizationGrant.getType().requiresClientAuthentication()) {
        }
        if (authorizationGrant.getType() != GrantType.AUTHORIZATION_CODE) {
            return new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE);
        }
        AuthorizationCodeGrant authorizationCodeGrant = authorizationGrant;
        this.logger.debug("OIDC.token: Grant request: code={} redirectionURI={} clientID={}", new Object[]{authorizationCodeGrant.getAuthorizationCode(), authorizationCodeGrant.getRedirectionURI(), clientID});
        OIDCConsent consent = this.store.getConsent(clientID, authorizationCodeGrant.getRedirectionURI(), authorizationCodeGrant.getAuthorizationCode());
        if (consent == null) {
            return new TokenErrorResponse(OAuth2Error.INVALID_GRANT);
        }
        if (consent.getAccessToken() == null) {
            consent.setAccessToken(new BearerAccessToken());
            this.store.saveConsent(consent, "Store new OIDC access token");
        }
        this.store.removeAuthorizationCode(authorizationCodeGrant.getAuthorizationCode());
        return new OIDCTokenResponse(new OIDCTokens(this.manager.createdIdToken(parse.getClientID(), consent.getUserReference(), null, consent.getClaims()), consent.getAccessToken(), (RefreshToken) null));
    }
}
