package net.krotscheck.kangaroo.authz.oauth2.resource;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.math.BigInteger;
import java.net.URI;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2Client;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2Principal;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.oauth2.resource.token.AuthorizationCodeGrantHandler;
import net.krotscheck.kangaroo.authz.oauth2.resource.token.ClientCredentialsGrantHandler;
import net.krotscheck.kangaroo.authz.oauth2.resource.token.OwnerCredentialsGrantHandler;
import net.krotscheck.kangaroo.authz.oauth2.resource.token.RefreshTokenGrantHandler;
import net.krotscheck.kangaroo.common.hibernate.transaction.Transactional;
import net.krotscheck.kangaroo.util.ObjectUtil;
import org.glassfish.jersey.internal.inject.InjectionManager;
import org.jvnet.hk2.annotations.Optional;

@Transactional
@Api(tags = {"OAuth2"})
@Path("/token")
/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/TokenService.class */
public final class TokenService {
    private final SecurityContext securityContext;
    private final InjectionManager injector;

    @Inject
    public TokenService(SecurityContext securityContext, InjectionManager injectionManager) {
        this.securityContext = securityContext;
        this.injector = injectionManager;
    }

    @Consumes({"application/x-www-form-urlencoded"})
    @O2Client
    @ApiOperation("OAuth2 Token endpoint.")
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @ApiParam(name = "token")
    public Response tokenRequest(@Context UriInfo uriInfo, @Optional @FormParam("code") @ApiParam(type = "string") BigInteger bigInteger, @Optional @FormParam("redirect_uri") URI uri, @Optional @FormParam("state") String str, @Optional @FormParam("scope") String str2, @Optional @FormParam("username") String str3, @Optional @FormParam("password") String str4, @Optional @FormParam("refresh_token") @ApiParam(type = "string") BigInteger bigInteger2, @FormParam("grant_type") @ApiParam(required = true, allowableValues = "authorization_code,client_credentials,password,refresh_token") GrantType grantType) {
        TokenResponseEntity handle;
        Client context = ((O2Principal) ObjectUtil.safeCast(this.securityContext.getUserPrincipal(), O2Principal.class).orElseThrow(RFC6749.AccessDeniedException::new)).getContext();
        if (GrantType.AuthorizationCode.equals(grantType)) {
            handle = ((AuthorizationCodeGrantHandler) this.injector.getInstance(AuthorizationCodeGrantHandler.class)).handle(context, bigInteger, uri, str);
        } else if (GrantType.ClientCredentials.equals(grantType)) {
            handle = ((ClientCredentialsGrantHandler) this.injector.getInstance(ClientCredentialsGrantHandler.class)).handle(context, str2, str);
        } else if (GrantType.Password.equals(grantType)) {
            handle = ((OwnerCredentialsGrantHandler) this.injector.getInstance(OwnerCredentialsGrantHandler.class)).handle(context, str2, str, str3, str4);
        } else {
            if (!GrantType.RefreshToken.equals(grantType)) {
                throw new RFC6749.InvalidGrantException();
            }
            handle = ((RefreshTokenGrantHandler) this.injector.getInstance(RefreshTokenGrantHandler.class)).handle(context, str2, str, bigInteger2);
        }
        return Response.ok().entity(handle).build();
    }
}
