package org.xdi.oxd.server.op;

import com.google.common.collect.Sets;
import com.google.inject.Injector;
import java.io.UnsupportedEncodingException;
import java.util.HashSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.TokenClient;
import org.xdi.oxauth.client.TokenRequest;
import org.xdi.oxauth.client.TokenResponse;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.common.GrantType;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.util.Util;
import org.xdi.oxd.common.Command;
import org.xdi.oxd.common.CommandResponse;
import org.xdi.oxd.common.ErrorResponseCode;
import org.xdi.oxd.common.ErrorResponseException;
import org.xdi.oxd.common.params.GetClientTokenParams;
import org.xdi.oxd.common.response.GetClientTokenResponse;
import org.xdi.oxd.server.Utils;

/* loaded from: input_file:org/xdi/oxd/server/op/GetClientTokenOperation.class */
public class GetClientTokenOperation extends BaseOperation<GetClientTokenParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GetClientTokenOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public GetClientTokenOperation(Command command, Injector injector) {
        super(command, injector, GetClientTokenParams.class);
    }

    @Override // org.xdi.oxd.server.op.IOperation
    public CommandResponse execute(GetClientTokenParams getClientTokenParams) {
        TokenResponse execClientCredentialsGrant;
        try {
            AuthenticationMethod fromString = AuthenticationMethod.fromString(getClientTokenParams.getAuthenticationMethod());
            String tokenEndpoint = getDiscoveryService().getConnectDiscoveryResponse(getClientTokenParams.getOpHost(), getClientTokenParams.getOpDiscoveryPath()).getTokenEndpoint();
            TokenClient tokenClient = new TokenClient(tokenEndpoint);
            tokenClient.setExecutor(getHttpService().getClientExecutor());
            if (fromString == AuthenticationMethod.PRIVATE_KEY_JWT) {
                LOG.trace("Getting client token with private_key_jwt client authentication ...");
                SignatureAlgorithm fromString2 = SignatureAlgorithm.fromString(getClientTokenParams.getAlgorithm());
                if (fromString2 == null) {
                    throw new ErrorResponseException(ErrorResponseCode.INVALID_ALGORITHM);
                }
                TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
                tokenRequest.setScope(scopeAsString(getClientTokenParams));
                tokenRequest.setAuthUsername(getClientTokenParams.getClientId());
                tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
                tokenRequest.setAlgorithm(fromString2);
                tokenRequest.setCryptoProvider(getCryptoProvider());
                tokenRequest.setKeyId(getClientTokenParams.getKeyId());
                tokenRequest.setAudience(tokenEndpoint);
                tokenClient.setRequest(tokenRequest);
                execClientCredentialsGrant = tokenClient.exec();
            } else {
                execClientCredentialsGrant = tokenClient.execClientCredentialsGrant(scopeAsString(getClientTokenParams), getClientTokenParams.getClientId(), getClientTokenParams.getClientSecret());
            }
            if (execClientCredentialsGrant == null) {
                LOG.error("No response from TokenClient");
                LOG.error("Please check AS logs for more details (oxauth.log for CE).");
            } else {
                if (Util.allNotBlank(execClientCredentialsGrant.getAccessToken())) {
                    GetClientTokenResponse getClientTokenResponse = new GetClientTokenResponse();
                    getClientTokenResponse.setAccessToken(execClientCredentialsGrant.getAccessToken());
                    getClientTokenResponse.setExpiresIn(execClientCredentialsGrant.getExpiresIn().intValue());
                    getClientTokenResponse.setRefreshToken(execClientCredentialsGrant.getRefreshToken());
                    getClientTokenResponse.setScope(execClientCredentialsGrant.getScope());
                    return okResponse(getClientTokenResponse);
                }
                LOG.error("access_token is blank in response, params: " + getClientTokenParams + ", response: " + execClientCredentialsGrant);
                LOG.error("Please check AS logs for more details (oxauth.log for CE).");
            }
        } catch (ErrorResponseException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), (Throwable) e2);
        }
        return CommandResponse.INTERNAL_ERROR_RESPONSE;
    }

    private String scopeAsString(GetClientTokenParams getClientTokenParams) throws UnsupportedEncodingException {
        HashSet newHashSet = Sets.newHashSet();
        newHashSet.add("openid");
        if (getClientTokenParams.getScope() != null) {
            newHashSet.addAll(getClientTokenParams.getScope());
        }
        return Utils.joinAndUrlEncode(newHashSet);
    }
}
