package com.mulesoft.modules.oauth2.provider.internal.processor;

import com.mulesoft.modules.oauth2.provider.api.AuthorizationRequest;
import com.mulesoft.modules.oauth2.provider.api.Constants;
import com.mulesoft.modules.oauth2.provider.api.ResourceOwnerAuthentication;
import com.mulesoft.modules.oauth2.provider.api.client.Client;
import com.mulesoft.modules.oauth2.provider.api.token.Token;
import com.mulesoft.modules.oauth2.provider.internal.Utils;
import com.mulesoft.modules.oauth2.provider.internal.config.OAuthConfiguration;
import com.mulesoft.modules.oauth2.provider.internal.processor.RequestProcessingException;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.mule.runtime.api.security.SecurityException;
import org.mule.runtime.http.api.domain.message.response.HttpResponseBuilder;

/* loaded from: input_file:com/mulesoft/modules/oauth2/provider/internal/processor/AuthorizationRequestProcessor.class */
public class AuthorizationRequestProcessor extends OAuth2ProviderRequestProcessor {
    public AuthorizationRequestProcessor(OAuthConfiguration oAuthConfiguration) {
        super(oAuthConfiguration);
    }

    public void processRequest(RequestData requestData, HttpResponseBuilder httpResponseBuilder) throws SecurityException {
        Constants.ResponseType supportedResponseTypeOrFail = getSupportedResponseTypeOrFail(requestData);
        Client knownClientOrFail = getKnownClientOrFail(requestData);
        Pair<Boolean, ResourceOwnerAuthentication> validateResourceOwnerCredentials = validateResourceOwnerCredentials(knownClientOrFail, requestData);
        if (!((Boolean) validateResourceOwnerCredentials.getLeft()).booleanValue()) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.ACCESS_DENIED);
        }
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(knownClientOrFail.getClientId(), supportedResponseTypeOrFail, getValidRedirectionUriOrFail(knownClientOrFail, requestData), (ResourceOwnerAuthentication) validateResourceOwnerCredentials.getRight());
        Set<String> effectiveScopes = getEffectiveScopes(requestData, knownClientOrFail);
        if (CollectionUtils.isNotEmpty(effectiveScopes)) {
            authorizationRequest.getScopes().addAll(effectiveScopes);
        }
        if (supportedResponseTypeOrFail == Constants.ResponseType.CODE) {
            processCodeRequest(authorizationRequest, requestData, httpResponseBuilder);
        } else {
            if (supportedResponseTypeOrFail != Constants.ResponseType.TOKEN) {
                throw new RequestProcessingException(RequestProcessingException.ErrorType.UNSUPPORTED_RESPONSE_TYPE, "Unsupported response type: " + supportedResponseTypeOrFail);
            }
            processTokenRequest((ResourceOwnerAuthentication) validateResourceOwnerCredentials.getRight(), authorizationRequest, requestData, httpResponseBuilder);
        }
    }

    private void processCodeRequest(AuthorizationRequest authorizationRequest, RequestData requestData, HttpResponseBuilder httpResponseBuilder) throws SecurityException {
        setRedirectResponse(httpResponseBuilder, buildRedirectUri(authorizationRequest.getRedirectUri(), requestData, Constants.CODE_PARAMETER, this.configuration.getAuthorizationCodeManager().generateAuthorizationCode(authorizationRequest)));
    }

    private void processTokenRequest(ResourceOwnerAuthentication resourceOwnerAuthentication, AuthorizationRequest authorizationRequest, RequestData requestData, HttpResponseBuilder httpResponseBuilder) throws RequestProcessingException {
        Token grantAccessToken = this.configuration.getTokenManager().grantAccessToken(Constants.RequestGrantType.TOKEN, authorizationRequest, resourceOwnerAuthentication);
        setRedirectResponse(httpResponseBuilder, buildRedirectUri(authorizationRequest.getRedirectUri(), requestData, Constants.ACCESS_TOKEN_PARAMETER, grantAccessToken.getAccessToken(), Constants.TOKEN_TYPE_PARAMETER, grantAccessToken.getType(), Constants.EXPIRES_IN_PARAMETER, Long.toString(this.configuration.getTokenConfig().getTokenTtlInSeconds().longValue()), Constants.SCOPE_PARAMETER, Utils.stringifyScopes(authorizationRequest.getScopes())));
    }
}
