package leap.oauth2.webapp.code;

import java.util.Map;
import leap.core.annotation.Inject;
import leap.core.el.ElConfig;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.http.ContentTypes;
import leap.lang.http.HTTP;
import leap.lang.http.Headers;
import leap.lang.http.client.HttpClient;
import leap.lang.http.client.HttpRequest;
import leap.lang.http.client.HttpResponse;
import leap.lang.json.JSON;
import leap.lang.json.JsonValue;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.oauth2.webapp.OAuth2Config;
import leap.oauth2.webapp.OAuth2InternalServerException;
import leap.oauth2.webapp.OAuth2Params;
import leap.oauth2.webapp.token.DefaultTokenInfoLookup;
import leap.oauth2.webapp.token.at.AccessToken;
import leap.oauth2.webapp.token.at.SimpleAccessToken;

/* loaded from: input_file:leap/oauth2/webapp/code/DefaultCodeVerifier.class */
public class DefaultCodeVerifier implements CodeVerifier {
    private static final Log log = LogFactory.get((Class<?>) DefaultTokenInfoLookup.class);

    @Inject
    protected OAuth2Config config;

    @Inject
    protected HttpClient httpClient;

    @Override // leap.oauth2.webapp.code.CodeVerifier
    public AccessToken verifyCode(String str) {
        if (null == this.config.getTokenUrl()) {
            throw new IllegalStateException("The tokenUrl must be configured");
        }
        return fetchAccessToken(this.httpClient.request(this.config.getTokenUrl()).addFormParam("grant_type", "authorization_code").addFormParam(OAuth2Params.CODE, str).setMethod(HTTP.Method.POST));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessToken fetchAccessToken(HttpRequest httpRequest) {
        if (null != this.config.getClientId()) {
            httpRequest.addHeader(Headers.AUTHORIZATION, "Basic " + Base64.encode(this.config.getClientId() + ElConfig.FUNCTION_NAME_SEPERATOR + this.config.getClientSecret()));
        }
        HttpResponse send = httpRequest.send();
        if (!ContentTypes.APPLICATION_JSON_TYPE.isCompatible(send.getContentType())) {
            throw new OAuth2InternalServerException("Invalid response from auth server");
        }
        String string = send.getString();
        log.debug("Received response : {}", string);
        JsonValue parse = JSON.parse(string);
        if (!parse.isMap()) {
            throw new OAuth2InternalServerException("Invalid response from auth server : not a json map");
        }
        Map<String, Object> asMap = parse.asMap();
        String str = (String) asMap.get(OAuth2Params.ERROR);
        if (Strings.isEmpty(str)) {
            return createAccessToken(asMap);
        }
        throw new OAuth2InternalServerException("Auth server response error '" + str + "' : " + asMap.get(OAuth2Params.ERROR_DESCRIPTION));
    }

    protected AccessToken createAccessToken(Map<String, Object> map) {
        SimpleAccessToken simpleAccessToken = new SimpleAccessToken((String) map.remove("access_token"));
        simpleAccessToken.setRefreshToken((String) map.remove("refresh_token"));
        simpleAccessToken.setClientId((String) map.remove(OAuth2Params.CLIENT_ID));
        simpleAccessToken.setUserId((String) map.remove("user_id"));
        simpleAccessToken.setCreated(System.currentTimeMillis());
        simpleAccessToken.setExpiresIn(((Integer) map.remove("expires_in")).intValue());
        simpleAccessToken.setScope((String) map.remove("scope"));
        return simpleAccessToken;
    }
}
