package io.jans.ca.server.op;

import com.google.common.collect.Sets;
import io.jans.as.client.TokenClient;
import io.jans.as.client.TokenRequest;
import io.jans.as.client.TokenResponse;
import io.jans.as.model.common.AuthenticationMethod;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.util.Util;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.params.GetClientTokenParams;
import io.jans.ca.common.response.GetClientTokenResponse;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.Utils;
import io.jans.ca.server.service.DiscoveryService;
import io.jans.ca.server.service.HttpService;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.util.HashSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/ca/server/op/GetClientTokenOperation.class */
public class GetClientTokenOperation extends BaseOperation<GetClientTokenParams> {
    private static final Logger LOG = LoggerFactory.getLogger(GetClientTokenOperation.class);

    @Inject
    DiscoveryService discoveryService;

    @Inject
    HttpService httpService;

    @Inject
    OpClientFactoryImpl opClientFactory;

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(GetClientTokenParams getClientTokenParams, HttpServletRequest httpServletRequest) {
        TokenResponse execClientCredentialsGrant;
        try {
            AuthenticationMethod fromString = AuthenticationMethod.fromString(getClientTokenParams.getAuthenticationMethod());
            String tokenEndpoint = this.discoveryService.getConnectDiscoveryResponse(getClientTokenParams.getOpConfigurationEndpoint(), getClientTokenParams.getOpHost(), getClientTokenParams.getOpDiscoveryPath()).getTokenEndpoint();
            TokenClient createTokenClient = this.opClientFactory.createTokenClient(tokenEndpoint);
            createTokenClient.setExecutor(this.httpService.getClientEngine());
            if (fromString == AuthenticationMethod.PRIVATE_KEY_JWT) {
                LOG.trace("Getting client token with private_key_jwt client authentication ...");
                SignatureAlgorithm fromString2 = SignatureAlgorithm.fromString(getClientTokenParams.getAlgorithm());
                if (fromString2 == null) {
                    throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
                }
                TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
                tokenRequest.setScope(scopeAsString(getClientTokenParams));
                tokenRequest.setAuthUsername(getClientTokenParams.getClientId());
                tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
                tokenRequest.setAlgorithm(fromString2);
                tokenRequest.setCryptoProvider(getCryptoProvider());
                tokenRequest.setKeyId(getClientTokenParams.getKeyId());
                tokenRequest.setAudience(tokenEndpoint);
                createTokenClient.setRequest(tokenRequest);
                execClientCredentialsGrant = createTokenClient.exec();
            } else {
                execClientCredentialsGrant = createTokenClient.execClientCredentialsGrant(scopeAsString(getClientTokenParams), getClientTokenParams.getClientId(), getClientTokenParams.getClientSecret());
            }
            if (execClientCredentialsGrant == null) {
                LOG.error("No response from TokenClient");
                LOG.error("Please check AS logs for more details (oxauth.log for CE).");
            } else {
                if (Util.allNotBlank(new String[]{execClientCredentialsGrant.getAccessToken()})) {
                    GetClientTokenResponse getClientTokenResponse = new GetClientTokenResponse();
                    getClientTokenResponse.setAccessToken(execClientCredentialsGrant.getAccessToken());
                    getClientTokenResponse.setExpiresIn(execClientCredentialsGrant.getExpiresIn().intValue());
                    getClientTokenResponse.setRefreshToken(execClientCredentialsGrant.getRefreshToken());
                    getClientTokenResponse.setScope(Utils.stringToList(execClientCredentialsGrant.getScope()));
                    return getClientTokenResponse;
                }
                LOG.error("access_token is blank in response, params: " + getClientTokenParams + ", response: " + execClientCredentialsGrant);
                LOG.error("Please check AS logs for more details (oxauth.log for CE).");
            }
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), e2);
        }
        throw HttpException.internalError();
    }

    @Override // io.jans.ca.server.op.IOperation
    public Class<GetClientTokenParams> getParameterClass() {
        return GetClientTokenParams.class;
    }

    @Override // io.jans.ca.server.op.IOperation
    public String getReturnType() {
        return "application/json";
    }

    private String scopeAsString(GetClientTokenParams getClientTokenParams) throws UnsupportedEncodingException {
        HashSet newHashSet = Sets.newHashSet();
        newHashSet.add("openid");
        if (getClientTokenParams.getScope() != null) {
            newHashSet.addAll(getClientTokenParams.getScope());
        }
        return Utils.joinAndUrlEncode(newHashSet);
    }
}
