package com.stormpath.sdk.impl.oauth.authc;

import com.stormpath.sdk.api.ApiAuthenticationResult;
import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.error.authc.OauthAuthenticationException;
import com.stormpath.sdk.impl.authc.BasicApiAuthenticator;
import com.stormpath.sdk.impl.ds.InternalDataStore;
import com.stormpath.sdk.impl.error.ApiAuthenticationExceptionFactory;
import com.stormpath.sdk.impl.jwt.signer.DefaultJwtSigner;
import com.stormpath.sdk.impl.jwt.signer.JwtSigner;
import com.stormpath.sdk.impl.oauth.authz.DefaultTokenResponse;
import com.stormpath.sdk.impl.oauth.issuer.JwtOauthIssuer;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.oauth.AccessTokenResult;
import com.stormpath.sdk.resource.ResourceException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.message.types.TokenType;

/* loaded from: input_file:lib/stormpath-sdk-oauth-1.0.RC9.2.jar:com/stormpath/sdk/impl/oauth/authc/AccessTokenRequestAuthenticator.class */
public class AccessTokenRequestAuthenticator {
    public static final char SPACE_SEPARATOR = ' ';
    private static final EnumSet<GrantType> SUPPORTED_GRANT_TYPES = EnumSet.of(GrantType.CLIENT_CREDENTIALS);
    public static final String ACCESS_TOKEN_ISSUER_FIELD_NAME = "iss";
    public static final String ACCESS_TOKEN_SUBJECT_FIELD_NAME = "sub";
    public static final String ACCESS_TOKEN_CREATION_TIMESTAMP_FIELD_NAME = "iat";
    public static final String ACCESS_TOKEN_EXPIRATION_TIMESTAMP_FIELD_NAME = "exp";
    private final InternalDataStore dataStore;
    private final JwtSigner jwtSigner;

    public AccessTokenRequestAuthenticator(InternalDataStore internalDataStore) {
        this.dataStore = internalDataStore;
        this.jwtSigner = new DefaultJwtSigner(this.dataStore.getApiKey().getId(), this.dataStore.getApiKey().getSecret());
    }

    public AccessTokenResult authenticate(Application application, AccessTokenAuthenticationRequest accessTokenAuthenticationRequest) {
        Set<String> emptySet;
        String str;
        Assert.notNull(accessTokenAuthenticationRequest, "request cannot be null.");
        validateSupportedGrantType(accessTokenAuthenticationRequest.getGrantType());
        try {
            ApiAuthenticationResult authenticate = new BasicApiAuthenticator(this.dataStore).authenticate(application, accessTokenAuthenticationRequest.getClientId(), accessTokenAuthenticationRequest.getClientSecret());
            long ttl = accessTokenAuthenticationRequest.getTtl();
            DefaultTokenResponse.Builder expiresIn = DefaultTokenResponse.tokenType(TokenType.BEARER).expiresIn(String.valueOf(ttl));
            if (accessTokenAuthenticationRequest.hasScopeFactory()) {
                StringBuilder sb = new StringBuilder();
                emptySet = accessTokenAuthenticationRequest.getScopeFactory().createScope(authenticate, accessTokenAuthenticationRequest.getScopes());
                Iterator<String> it = emptySet.iterator();
                while (it.hasNext()) {
                    sb.append(it.next());
                    if (it.hasNext()) {
                        sb.append(' ');
                    }
                }
                str = sb.toString();
                expiresIn.scope(str);
            } else {
                emptySet = Collections.emptySet();
                str = null;
            }
            expiresIn.accessToken(createAccessToken(application, authenticate, ttl, str)).applicationHref(application.getHref());
            return new DefaultAccessTokenResult(this.dataStore, authenticate.getApiKey(), emptySet, expiresIn.build());
        } catch (ResourceException e) {
            throw ApiAuthenticationExceptionFactory.newOauthException(OauthAuthenticationException.class, "invalid_client");
        }
    }

    private void validateSupportedGrantType(String str) {
        Iterator it = SUPPORTED_GRANT_TYPES.iterator();
        while (it.hasNext()) {
            if (((GrantType) it.next()).toString().equalsIgnoreCase(str)) {
                return;
            }
        }
        throw ApiAuthenticationExceptionFactory.newOauthException(OauthAuthenticationException.class, "unsupported_grant_type");
    }

    private String createAccessToken(Application application, ApiAuthenticationResult apiAuthenticationResult, long j, String str) {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        HashMap hashMap = new HashMap();
        hashMap.put("iss", application.getHref());
        hashMap.put("sub", apiAuthenticationResult.getApiKey().getId());
        hashMap.put("iat", Long.valueOf(currentTimeMillis));
        hashMap.put("exp", Long.valueOf(currentTimeMillis + j));
        if (Strings.hasText(str)) {
            hashMap.put("scope", str);
        }
        try {
            return new JwtOauthIssuer(this.jwtSigner, hashMap).accessToken();
        } catch (OAuthSystemException e) {
            throw new IllegalStateException("Unexpected exception occurred while creating access token.");
        }
    }
}
