package io.micronaut.security.token.jwt.endpoints;

import io.micronaut.context.annotation.Requires;
import io.micronaut.http.HttpResponse;
import io.micronaut.http.HttpStatus;
import io.micronaut.http.annotation.Consumes;
import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Post;
import io.micronaut.security.annotation.Secured;
import io.micronaut.security.token.jwt.generator.AccessRefreshTokenGenerator;
import io.micronaut.security.token.jwt.render.AccessRefreshToken;
import io.micronaut.security.token.jwt.validator.JwtTokenValidator;
import io.micronaut.security.token.validator.TokenValidator;
import io.micronaut.validation.Validated;
import io.reactivex.Flowable;
import io.reactivex.Single;
import java.util.Optional;
import javax.validation.Valid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Secured({"isAnonymous()"})
@Requires(property = "micronaut.security.endpoints.oauth.enabled", value = "true")
@Controller("${micronaut.security.endpoints.oauth.path:/oauth/access_token}")
@Validated
/* loaded from: input_file:io/micronaut/security/token/jwt/endpoints/OauthController.class */
public class OauthController {
    private static final Logger LOG = LoggerFactory.getLogger(OauthController.class);
    protected final TokenValidator tokenValidator;
    protected final AccessRefreshTokenGenerator accessRefreshTokenGenerator;

    public OauthController(JwtTokenValidator jwtTokenValidator, AccessRefreshTokenGenerator accessRefreshTokenGenerator) {
        this.tokenValidator = jwtTokenValidator;
        this.accessRefreshTokenGenerator = accessRefreshTokenGenerator;
    }

    @Consumes({"application/x-www-form-urlencoded", "application/json"})
    @Post
    public Single<HttpResponse<AccessRefreshToken>> index(@Valid TokenRefreshRequest tokenRefreshRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("grantType: {} refreshToken: {}", tokenRefreshRequest.getGrantType(), tokenRefreshRequest.getRefreshToken());
        }
        return Flowable.fromPublisher(this.tokenValidator.validateToken(tokenRefreshRequest.getRefreshToken())).map(authentication -> {
            Optional<AccessRefreshToken> generate = this.accessRefreshTokenGenerator.generate(tokenRefreshRequest.getRefreshToken(), authentication.getAttributes());
            return generate.isPresent() ? HttpResponse.ok(generate.get()) : HttpResponse.serverError();
        }).first(HttpResponse.status(HttpStatus.FORBIDDEN));
    }
}
