package net.trajano.openidconnect.provider.endpoints;

import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import javax.ejb.EJB;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import net.trajano.openidconnect.core.ErrorCode;
import net.trajano.openidconnect.core.ErrorResponse;
import net.trajano.openidconnect.core.OpenIdConnectException;
import net.trajano.openidconnect.provider.internal.AuthorizationUtil;
import net.trajano.openidconnect.provider.internal.ClientCredentials;
import net.trajano.openidconnect.provider.spi.ClientManager;
import net.trajano.openidconnect.provider.spi.KeyProvider;
import net.trajano.openidconnect.provider.spi.TokenProvider;
import net.trajano.openidconnect.token.GrantType;
import net.trajano.openidconnect.token.IdTokenResponse;

@Produces({"application/json"})
@Path("token")
/* loaded from: input_file:net/trajano/openidconnect/provider/endpoints/TokenEndpoint.class */
public class TokenEndpoint {

    @EJB
    private ClientManager cm;

    @EJB
    private KeyProvider kp;

    @EJB
    private TokenProvider tp;

    @GET
    public Response getOp(@NotNull @QueryParam("grant_type") GrantType grantType, @QueryParam("code") String str, @QueryParam("refresh_token") String str2, @QueryParam("redirect_uri") URI uri, @Context HttpServletRequest httpServletRequest) throws IOException, GeneralSecurityException {
        return op(grantType, str, str2, uri, httpServletRequest);
    }

    @POST
    @Consumes({"application/x-www-form-urlencoded"})
    public Response op(@FormParam("grant_type") @NotNull GrantType grantType, @FormParam("code") String str, @FormParam("refresh_token") String str2, @FormParam("redirect_uri") URI uri, @Context HttpServletRequest httpServletRequest) throws IOException, GeneralSecurityException {
        ClientCredentials processBasicOrQuery = AuthorizationUtil.processBasicOrQuery(httpServletRequest);
        if (grantType != GrantType.authorization_code) {
            if (grantType == GrantType.refresh_token) {
                return Response.ok(this.tp.refreshToken(processBasicOrQuery.getClientId(), str2, null, null)).build();
            }
            throw new OpenIdConnectException(ErrorCode.invalid_grant);
        }
        IdTokenResponse byCode = this.tp.getByCode(str, true);
        if (byCode == null) {
            return Response.ok(new ErrorResponse(ErrorCode.access_denied, "unable to obtain response token")).status(Response.Status.BAD_REQUEST).build();
        }
        if (byCode.getIdToken(this.kp.getJwks()).getAud().equals(processBasicOrQuery.getClientId())) {
            return Response.ok(byCode).build();
        }
        throw new WebApplicationException();
    }
}
