package org.mule.modules.oauth2.provider.processor;

import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.mule.api.MuleEvent;
import org.mule.api.security.Authentication;
import org.mule.modules.oauth2.provider.AuthorizationRequest;
import org.mule.modules.oauth2.provider.Constants;
import org.mule.modules.oauth2.provider.OAuth2Exception;
import org.mule.modules.oauth2.provider.Utils;
import org.mule.modules.oauth2.provider.client.Client;
import org.mule.modules.oauth2.provider.config.Configuration;
import org.mule.modules.oauth2.provider.processor.RequestProcessingException;
import org.mule.modules.oauth2.provider.token.Token;

/* loaded from: input_file:mule/lib/mule/mule-module-security-oauth2-provider-1.5.0.jar:org/mule/modules/oauth2/provider/processor/AuthorizationRequestMessageProcessor.class */
public class AuthorizationRequestMessageProcessor extends AbstractHttpRequestMessageProcessor {
    public AuthorizationRequestMessageProcessor(Configuration configuration) {
        super(configuration);
    }

    @Override // org.mule.modules.oauth2.provider.processor.AbstractHttpRequestMessageProcessor
    protected MuleEvent processRequest(MuleEvent muleEvent) throws OAuth2Exception {
        Constants.ResponseType supportedResponseTypeOrFail = getSupportedResponseTypeOrFail(muleEvent);
        Client knownClientOrFail = getKnownClientOrFail(muleEvent);
        Pair<Boolean, Authentication> validateResourceOwnerCredentials = validateResourceOwnerCredentials(knownClientOrFail, muleEvent);
        if (!validateResourceOwnerCredentials.getLeft().booleanValue()) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.ACCESS_DENIED);
        }
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(knownClientOrFail.getClientId(), supportedResponseTypeOrFail, getValidRedirectionUriOrFail(knownClientOrFail, muleEvent), validateResourceOwnerCredentials.getRight());
        List<String> effectiveScopes = getEffectiveScopes(muleEvent, knownClientOrFail);
        if (CollectionUtils.isNotEmpty(effectiveScopes)) {
            authorizationRequest.getScopes().addAll(effectiveScopes);
        }
        if (supportedResponseTypeOrFail == Constants.ResponseType.CODE) {
            processCodeRequest(authorizationRequest, effectiveScopes, muleEvent);
        } else {
            if (supportedResponseTypeOrFail != Constants.ResponseType.TOKEN) {
                throw new RequestProcessingException(RequestProcessingException.ErrorType.UNSUPPORTED_RESPONSE_TYPE, "Unsupported response type: " + supportedResponseTypeOrFail);
            }
            processTokenRequest(validateResourceOwnerCredentials.getRight(), authorizationRequest, effectiveScopes, muleEvent);
        }
        return muleEvent;
    }

    private void processCodeRequest(AuthorizationRequest authorizationRequest, List<String> list, MuleEvent muleEvent) throws RequestProcessingException, OAuth2Exception {
        setRedirectResponse(muleEvent, buildRedirectUri(authorizationRequest.getRedirectUri(), muleEvent, "code", this.configuration.getAuthorizationCodeManager().generateAuthorizationCode(authorizationRequest)));
    }

    private void processTokenRequest(Authentication authentication, AuthorizationRequest authorizationRequest, List<String> list, MuleEvent muleEvent) throws RequestProcessingException {
        Token grantAccessToken = this.configuration.getTokenManager().grantAccessToken(Constants.RequestGrantType.TOKEN, false, authorizationRequest, authentication);
        setRedirectResponse(muleEvent, buildRedirectUri(authorizationRequest.getRedirectUri(), muleEvent, "access_token", grantAccessToken.getAccessToken(), Constants.TOKEN_TYPE_PARAMETER, grantAccessToken.getType(), "expires_in", Long.toString(grantAccessToken.getExpiresIn().toDuration().getStandardSeconds()), "scope", Utils.stringifyScopes(authorizationRequest.getScopes())));
    }
}
