package org.gluu.oxd.server.op;

import com.google.common.base.Strings;
import com.google.inject.Injector;
import org.gluu.oxauth.client.OpenIdConfigurationResponse;
import org.gluu.oxauth.client.TokenClient;
import org.gluu.oxauth.client.TokenRequest;
import org.gluu.oxauth.client.TokenResponse;
import org.gluu.oxauth.model.common.AuthenticationMethod;
import org.gluu.oxauth.model.common.GrantType;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.oxd.common.Command;
import org.gluu.oxd.common.ErrorResponseCode;
import org.gluu.oxd.common.Jackson2;
import org.gluu.oxd.common.params.GetTokensByCodeParams;
import org.gluu.oxd.common.response.GetTokensByCodeResponse;
import org.gluu.oxd.common.response.IOpResponse;
import org.gluu.oxd.server.HttpException;
import org.gluu.oxd.server.op.Validator;
import org.gluu.oxd.server.service.Rp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/oxd/server/op/GetTokensByCodeOperation.class */
public class GetTokensByCodeOperation extends BaseOperation<GetTokensByCodeParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GetTokensByCodeOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public GetTokensByCodeOperation(Command command, Injector injector) {
        super(command, injector, GetTokensByCodeParams.class);
    }

    @Override // org.gluu.oxd.server.op.IOperation
    public IOpResponse execute(GetTokensByCodeParams getTokensByCodeParams) throws Exception {
        validate(getTokensByCodeParams);
        Rp rp = getRp();
        OpenIdConfigurationResponse connectDiscoveryResponse = getDiscoveryService().getConnectDiscoveryResponse(rp);
        TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
        tokenRequest.setCode(getTokensByCodeParams.getCode());
        tokenRequest.setRedirectUri(rp.getRedirectUri());
        tokenRequest.setAuthUsername(rp.getClientId());
        tokenRequest.setAuthPassword(rp.getClientSecret());
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
        TokenClient createTokenClient = getOpClientFactory().createTokenClient(connectDiscoveryResponse.getTokenEndpoint());
        createTokenClient.setExecutor(getHttpService().getClientExecutor());
        createTokenClient.setRequest(tokenRequest);
        TokenResponse exec = createTokenClient.exec();
        if (exec.getStatus() != 200 && exec.getStatus() != 302) {
            if (exec.getStatus() == 400) {
                throw new HttpException(ErrorResponseCode.BAD_REQUEST_INVALID_CODE);
            }
            LOG.error("Failed to get tokens because response code is: " + exec.getScope());
            return null;
        }
        if (Strings.isNullOrEmpty(exec.getIdToken())) {
            LOG.error("id_token is not returned. Please check: 1) OP log file for error (oxauth.log) 2) whether 'openid' scope is present for 'get_authorization_url' command");
            LOG.error("Entity: " + exec.getEntity());
            throw new HttpException(ErrorResponseCode.NO_ID_TOKEN_RETURNED);
        }
        if (Strings.isNullOrEmpty(exec.getAccessToken())) {
            LOG.error("access_token is not returned");
            throw new HttpException(ErrorResponseCode.NO_ACCESS_TOKEN_RETURNED);
        }
        Jwt parse = Jwt.parse(exec.getIdToken());
        Validator build = new Validator.Builder().discoveryResponse(connectDiscoveryResponse).idToken(parse).keyService(getKeyService()).opClientFactory(getOpClientFactory()).oxdServerConfiguration(getConfigurationService().getConfiguration()).rp(rp).build();
        build.validateNonce(getStateService());
        build.validateIdToken();
        build.validateAccessToken(exec.getAccessToken());
        rp.setIdToken(exec.getIdToken());
        rp.setAccessToken(exec.getAccessToken());
        getRpService().update(rp);
        getStateService().deleteExpiredObjectsByKey(getTokensByCodeParams.getState());
        LOG.trace("Scope: " + exec.getScope());
        GetTokensByCodeResponse getTokensByCodeResponse = new GetTokensByCodeResponse();
        getTokensByCodeResponse.setAccessToken(exec.getAccessToken());
        getTokensByCodeResponse.setIdToken(exec.getIdToken());
        getTokensByCodeResponse.setRefreshToken(exec.getRefreshToken());
        getTokensByCodeResponse.setExpiresIn(exec.getExpiresIn() != null ? exec.getExpiresIn().intValue() : -1);
        getTokensByCodeResponse.setIdTokenClaims(Jackson2.createJsonMapper().readTree(parse.getClaims().toJsonString()));
        return getTokensByCodeResponse;
    }

    private void validate(GetTokensByCodeParams getTokensByCodeParams) {
        if (Strings.isNullOrEmpty(getTokensByCodeParams.getCode())) {
            throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_CODE);
        }
        if (Strings.isNullOrEmpty(getTokensByCodeParams.getState())) {
            throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_STATE);
        }
        if (!getStateService().isExpiredObjectPresent(getTokensByCodeParams.getState())) {
            throw new HttpException(ErrorResponseCode.BAD_REQUEST_STATE_NOT_VALID);
        }
    }
}
