package org.springframework.security.oauth2.provider.endpoint;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

@RequestMapping({"/oauth/token"})
@FrameworkEndpoint
/* loaded from: input_file:deps/libs/spring-security-oauth2-1.0.5.RELEASE.jar:org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.class */
public class TokenEndpoint extends AbstractEndpoint {
    @RequestMapping
    public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam(value = "grant_type", required = false) String str, @RequestParam Map<String, String> map) {
        if (!(principal instanceof Authentication)) {
            throw new InsufficientAuthenticationException("There is no client authentication. Try adding an appropriate authentication filter.");
        }
        HashMap hashMap = new HashMap(map);
        String clientId = getClientId(principal);
        if (clientId != null) {
            hashMap.put(AuthorizationRequest.CLIENT_ID, clientId);
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidRequestException("Missing grant type");
        }
        getAuthorizationRequestManager().validateParameters(map, getClientDetailsService().loadClientByClientId(clientId));
        DefaultAuthorizationRequest defaultAuthorizationRequest = new DefaultAuthorizationRequest(getAuthorizationRequestManager().createAuthorizationRequest(hashMap));
        if ((isAuthCodeRequest(map) || isRefreshTokenRequest(map)) && !defaultAuthorizationRequest.getScope().isEmpty()) {
            this.logger.debug("Clearing scope of incoming auth code request");
            defaultAuthorizationRequest.setScope(Collections.emptySet());
        }
        if (isRefreshTokenRequest(map)) {
            defaultAuthorizationRequest.setScope(OAuth2Utils.parseParameterList(map.get("scope")));
        }
        OAuth2AccessToken grant = getTokenGranter().grant(str, defaultAuthorizationRequest);
        if (grant == null) {
            throw new UnsupportedGrantTypeException("Unsupported grant type: " + str);
        }
        return getResponse(grant);
    }

    protected String getClientId(Principal principal) {
        Authentication authentication = (Authentication) principal;
        if (!authentication.isAuthenticated()) {
            throw new InsufficientAuthenticationException("The client is not authenticated.");
        }
        String name = authentication.getName();
        if (authentication instanceof OAuth2Authentication) {
            name = ((OAuth2Authentication) authentication).getAuthorizationRequest().getClientId();
        }
        return name;
    }

    @ExceptionHandler({ClientRegistrationException.class})
    public ResponseEntity<OAuth2Exception> handleClientRegistrationException(Exception exc) throws Exception {
        this.logger.info("Handling error: " + exc.getClass().getSimpleName() + ", " + exc.getMessage());
        return getExceptionTranslator().translate(new BadClientCredentialsException());
    }

    @ExceptionHandler({OAuth2Exception.class})
    public ResponseEntity<OAuth2Exception> handleException(Exception exc) throws Exception {
        this.logger.info("Handling error: " + exc.getClass().getSimpleName() + ", " + exc.getMessage());
        return getExceptionTranslator().translate(exc);
    }

    private ResponseEntity<OAuth2AccessToken> getResponse(OAuth2AccessToken oAuth2AccessToken) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set(org.apache.http.HttpHeaders.CACHE_CONTROL, "no-store");
        httpHeaders.set(org.apache.http.HttpHeaders.PRAGMA, "no-cache");
        return new ResponseEntity<>(oAuth2AccessToken, httpHeaders, HttpStatus.OK);
    }

    private boolean isRefreshTokenRequest(Map<String, String> map) {
        return OAuth2AccessToken.REFRESH_TOKEN.equals(map.get("grant_type")) && map.get(OAuth2AccessToken.REFRESH_TOKEN) != null;
    }

    private boolean isAuthCodeRequest(Map<String, String> map) {
        return "authorization_code".equals(map.get("grant_type")) && map.get("code") != null;
    }
}
