package com.appiancorp.oauth.inbound.token;

import com.appiancorp.core.expr.portable.cdt.HttpMethod;
import com.appiancorp.oauth.inbound.OAuthTokenResponseGenerator;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthInvalidRequestException;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthUnsupportedGrantTypeException;
import com.appiancorp.oauth.inbound.exceptions.OAuthException;
import com.appiancorp.oauth.inbound.monitor.OAuthAccessTokenResponseLogger;
import com.appiancorp.oauth.inbound.monitor.OAuthInboundEvent;
import com.appiancorp.oauth.inbound.monitor.OAuthInboundProductMetricsLogger;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.ServletUtils;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.HttpRequestHandler;

/* loaded from: input_file:com/appiancorp/oauth/inbound/token/OAuthTokenRequestHandler.class */
public class OAuthTokenRequestHandler implements HttpRequestHandler {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthTokenRequestHandler.class);
    private final List<OAuthTokenRequestHandlerStrategy> oAuthTokenRequestHandlerStrategyList;
    private final OAuthTokenResponseGenerator oAuthTokenResponseGenerator;
    private final OAuthInboundProductMetricsLogger oAuthInboundProductMetricsLogger;

    public OAuthTokenRequestHandler(List<OAuthTokenRequestHandlerStrategy> list, OAuthTokenResponseGenerator oAuthTokenResponseGenerator, OAuthInboundProductMetricsLogger oAuthInboundProductMetricsLogger) {
        this.oAuthTokenRequestHandlerStrategyList = list;
        this.oAuthTokenResponseGenerator = oAuthTokenResponseGenerator;
        this.oAuthInboundProductMetricsLogger = oAuthInboundProductMetricsLogger;
    }

    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (!HttpMethod.POST.value().equals(httpServletRequest.getMethod())) {
                LOG.error("Only POST is allowed as HTTP request method for token endpoint. Given: {}", httpServletRequest.getMethod());
                throw new OAuthInvalidRequestException("The HTTP request method must be POST");
            }
            HTTPRequest createHTTPRequest = ServletUtils.createHTTPRequest(httpServletRequest);
            TokenRequest tokenRequest = getTokenRequest(createHTTPRequest);
            GrantType type = tokenRequest.getAuthorizationGrant().getType();
            Optional<OAuthTokenRequestHandlerStrategy> findFirst = this.oAuthTokenRequestHandlerStrategyList.stream().filter(oAuthTokenRequestHandlerStrategy -> {
                try {
                    return oAuthTokenRequestHandlerStrategy.supports(tokenRequest);
                } catch (OAuthException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }).findFirst();
            if (findFirst.isPresent()) {
                findFirst.get().handle(createHTTPRequest, tokenRequest, httpServletResponse);
                OAuthAccessTokenResponseLogger.logResponseTime(System.currentTimeMillis() - currentTimeMillis);
            } else {
                if (this.oAuthTokenRequestHandlerStrategyList.stream().filter(oAuthTokenRequestHandlerStrategy2 -> {
                    return oAuthTokenRequestHandlerStrategy2.supports(type);
                }).findFirst().isPresent()) {
                    LOG.error("We found supported grant types but other request parameters couldn't be used to narrow down a strategy to use.");
                    throw new OAuthInvalidRequestException("Invalid token request.");
                }
                LOG.error("Didn't find any supported strategy for incoming token request of grant type: {}.", type);
                throw new OAuthUnsupportedGrantTypeException(type + " grant is not supported.");
            }
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.error("Error while handling token generation request. Error: {}", e.getMessage(), e);
            } else {
                LOG.error("Error while handling token generation request. Error: {}", e.getMessage());
            }
            this.oAuthTokenResponseGenerator.applyErrorToResponse(e, httpServletResponse, System.currentTimeMillis() - currentTimeMillis, null);
            this.oAuthInboundProductMetricsLogger.logEvent(OAuthInboundEvent.AUTH_SERVER_FAILURE);
        }
    }

    private TokenRequest getTokenRequest(HTTPRequest hTTPRequest) throws OAuthException {
        try {
            return TokenRequest.parse(hTTPRequest);
        } catch (ParseException e) {
            ErrorObject errorObject = e.getErrorObject();
            if (errorObject == null) {
                throw new OAuthInvalidRequestException(e.getMessage(), e);
            }
            if (!OAuth2Error.UNSUPPORTED_GRANT_TYPE.getCode().equals(errorObject.getCode())) {
                throw new OAuthInvalidRequestException(errorObject.getDescription(), e);
            }
            LOG.error("Grant type not recognized by OAuth spec.");
            throw new OAuthUnsupportedGrantTypeException("Unsupported grant type.");
        }
    }
}
