package org.jasig.cas.support.oauth.web;

import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.support.oauth.OAuthConstants;
import org.jasig.cas.support.oauth.OAuthUtils;
import org.jasig.cas.ticket.ServiceTicket;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.ticket.registry.TicketRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;

/* loaded from: input_file:org/jasig/cas/support/oauth/web/OAuth20AccessTokenController.class */
public final class OAuth20AccessTokenController extends AbstractController {
    private static Logger log = LoggerFactory.getLogger(OAuth20AccessTokenController.class);
    private final ServicesManager servicesManager;
    private final TicketRegistry ticketRegistry;
    private final long timeout;

    public OAuth20AccessTokenController(ServicesManager servicesManager, TicketRegistry ticketRegistry, long j) {
        this.servicesManager = servicesManager;
        this.ticketRegistry = ticketRegistry;
        this.timeout = j;
    }

    protected ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String parameter = httpServletRequest.getParameter(OAuthConstants.REDIRECT_URI);
        log.debug("redirect_uri : {}", parameter);
        String parameter2 = httpServletRequest.getParameter(OAuthConstants.CLIENT_ID);
        log.debug("clientId : {}", parameter2);
        String parameter3 = httpServletRequest.getParameter(OAuthConstants.CLIENT_SECRET);
        log.debug("clientSecret : {}", parameter3);
        String parameter4 = httpServletRequest.getParameter(OAuthConstants.CODE);
        log.debug("code : {}", parameter3);
        if (StringUtils.isBlank(parameter2)) {
            log.error("missing clientId");
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        if (StringUtils.isBlank(parameter)) {
            log.error("missing redirectUri");
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        if (StringUtils.isBlank(parameter3)) {
            log.error("missing clientSecret");
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        if (StringUtils.isBlank(parameter4)) {
            log.error("missing code");
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        RegisteredService registeredService = null;
        Iterator it = this.servicesManager.getAllServices().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            RegisteredService registeredService2 = (RegisteredService) it.next();
            if (StringUtils.equals(registeredService2.getName(), parameter2)) {
                registeredService = registeredService2;
                break;
            }
        }
        if (registeredService == null) {
            log.error("Unknown clientId : {}", parameter2);
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        String serviceId = registeredService.getServiceId();
        if (!StringUtils.startsWith(parameter, serviceId)) {
            log.error("Unsupported redirectUri : {} for serviceId : {}", parameter, serviceId);
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        String description = registeredService.getDescription();
        if (!StringUtils.equals(description, parameter3)) {
            log.error("Wrong client secret : {} for service description : {}", parameter3, description);
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_REQUEST, 400);
        }
        ServiceTicket ticket = this.ticketRegistry.getTicket(parameter4);
        if (ticket == null || ticket.isExpired()) {
            log.error("Code expired : {}", parameter4);
            return OAuthUtils.writeTextError(httpServletResponse, OAuthConstants.INVALID_GRANT, 400);
        }
        TicketGrantingTicket grantingTicket = ticket.getGrantingTicket();
        this.ticketRegistry.deleteTicket(ticket.getId());
        httpServletResponse.setContentType("text/plain");
        String str = "access_token=" + grantingTicket.getId() + "&expires=" + ((int) (this.timeout - ((System.currentTimeMillis() - grantingTicket.getCreationTime()) / 1000)));
        log.debug("text : {}", str);
        return OAuthUtils.writeText(httpServletResponse, str, 200);
    }

    static void setLogger(Logger logger) {
        log = logger;
    }
}
