package org.forgerock.oauth2.core;

import java.util.Set;
import javax.inject.Inject;
import org.forgerock.oauth2.core.exceptions.AuthorizationDeclinedException;
import org.forgerock.oauth2.core.exceptions.AuthorizationPendingException;
import org.forgerock.oauth2.core.exceptions.BadRequestException;
import org.forgerock.oauth2.core.exceptions.ClientAuthenticationFailureFactory;
import org.forgerock.oauth2.core.exceptions.ExpiredTokenException;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.InvalidCodeException;
import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
import org.forgerock.oauth2.core.exceptions.InvalidRequestException;
import org.forgerock.oauth2.core.exceptions.InvalidScopeException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.OAuth2Exception;
import org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.oauth2.core.exceptions.UnauthorizedClientException;
import org.forgerock.openam.oauth2.OAuth2UrisFactory;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/oauth2/core/DeviceCodeGrantTypeHandler.class */
public class DeviceCodeGrantTypeHandler extends GrantTypeHandler {
    private final Logger logger;
    private final TokenStore tokenStore;
    private final ClientRegistrationStore clientRegistrationStore;
    private final ClientAuthenticationFailureFactory failureFactory;
    private final GrantTypeAccessTokenGenerator accessTokenGenerator;

    @Inject
    public DeviceCodeGrantTypeHandler(OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory, ClientAuthenticator clientAuthenticator, TokenStore tokenStore, ClientRegistrationStore clientRegistrationStore, ClientAuthenticationFailureFactory clientAuthenticationFailureFactory, OAuth2UrisFactory oAuth2UrisFactory, GrantTypeAccessTokenGenerator grantTypeAccessTokenGenerator) {
        super(oAuth2ProviderSettingsFactory, oAuth2UrisFactory, clientAuthenticator);
        this.logger = LoggerFactory.getLogger("OAuth2Provider");
        this.tokenStore = tokenStore;
        this.clientRegistrationStore = clientRegistrationStore;
        this.failureFactory = clientAuthenticationFailureFactory;
        this.accessTokenGenerator = grantTypeAccessTokenGenerator;
    }

    @Override // org.forgerock.oauth2.core.GrantTypeHandler
    protected AccessToken handle(OAuth2Request oAuth2Request, ClientRegistration clientRegistration, OAuth2ProviderSettings oAuth2ProviderSettings) throws RedirectUriMismatchException, InvalidRequestException, InvalidGrantException, InvalidCodeException, ServerException, UnauthorizedClientException, InvalidScopeException, NotFoundException, InvalidClientException, AuthorizationDeclinedException, ExpiredTokenException, BadRequestException, AuthorizationPendingException {
        String str = (String) oAuth2Request.getParameter("device_code");
        if (StringUtils.isEmpty(str)) {
            throw new BadRequestException("code is a required parameter");
        }
        String clientId = clientRegistration.getClientId();
        DeviceCode readDeviceCode = this.tokenStore.readDeviceCode(clientId, str, oAuth2Request);
        if (readDeviceCode == null || !clientId.equals(readDeviceCode.getClientId()) || !oAuth2Request.getParameter("realm").equals(readDeviceCode.getRealm())) {
            throw new AuthorizationDeclinedException();
        }
        try {
            if (readDeviceCode.isAuthorized()) {
                AccessToken generateAccessToken = generateAccessToken(oAuth2ProviderSettings, (String) oAuth2Request.getParameter("grant_type"), clientId, readDeviceCode.getResourceOwnerId(), readDeviceCode.getScope(), oAuth2ProviderSettings.validateRequestedClaims(readDeviceCode.getStringProperty("claims")), oAuth2Request);
                if (readDeviceCode.isAuthorized() || readDeviceCode.getExpiryTime() < Time.currentTimeMillis()) {
                    try {
                        this.tokenStore.deleteDeviceCode(clientId, str, oAuth2Request);
                    } catch (OAuth2Exception e) {
                        this.logger.warn("Could not delete issued/expired device code", e);
                    }
                }
                return generateAccessToken;
            }
            if (readDeviceCode.getExpiryTime() < Time.currentTimeMillis()) {
                throw new ExpiredTokenException();
            }
            if (readDeviceCode.isAuthorized() || readDeviceCode.getExpiryTime() < Time.currentTimeMillis()) {
                try {
                    this.tokenStore.deleteDeviceCode(clientId, str, oAuth2Request);
                } catch (OAuth2Exception e2) {
                    this.logger.warn("Could not delete issued/expired device code", e2);
                }
            }
            try {
                if (readDeviceCode.getLastPollTime() + (oAuth2ProviderSettings.getDeviceCodePollInterval() * 1000) > Time.currentTimeMillis()) {
                    throw new BadRequestException("slow_down", "The polling interval has not elapsed since the last request");
                }
                throw new AuthorizationPendingException();
            } catch (Throwable th) {
                readDeviceCode.poll();
                this.tokenStore.updateDeviceCode(readDeviceCode, oAuth2Request);
                throw th;
            }
        } catch (Throwable th2) {
            if (readDeviceCode.isAuthorized() || readDeviceCode.getExpiryTime() < Time.currentTimeMillis()) {
                try {
                    this.tokenStore.deleteDeviceCode(clientId, str, oAuth2Request);
                } catch (OAuth2Exception e3) {
                    this.logger.warn("Could not delete issued/expired device code", e3);
                }
            }
            throw th2;
        }
    }

    private AccessToken generateAccessToken(OAuth2ProviderSettings oAuth2ProviderSettings, String str, String str2, String str3, Set<String> set, String str4, OAuth2Request oAuth2Request) throws ServerException, NotFoundException {
        return this.accessTokenGenerator.generateAccessToken(oAuth2ProviderSettings, str, str2, str3, null, set, str4, null, null, oAuth2Request);
    }
}
