package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.DefaultAuthenticationResult;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.6.15.jar:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenPasswordGrantRequestExtractor.class */
public class AccessTokenPasswordGrantRequestExtractor extends BaseAccessTokenGrantRequestExtractor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AccessTokenPasswordGrantRequestExtractor.class);

    public AccessTokenPasswordGrantRequestExtractor(OAuth20ConfigurationContext oAuth20ConfigurationContext) {
        super(oAuth20ConfigurationContext);
    }

    /* JADX WARN: Type inference failed for: r0v43, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    /* JADX WARN: Type inference failed for: r0v58, types: [org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext$AccessTokenRequestContextBuilder] */
    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.BaseAccessTokenGrantRequestExtractor
    public AccessTokenRequestContext extractRequest(WebContext webContext) {
        String key = getConfigurationContext().getRequestParameterResolver().resolveClientIdAndClientSecret(webContext, getConfigurationContext().getSessionStore()).getKey();
        Set<String> resolveRequestScopes = getConfigurationContext().getRequestParameterResolver().resolveRequestScopes(webContext);
        LOGGER.debug("Locating OAuth registered service by client id [{}]", key);
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(getConfigurationContext().getServicesManager(), key);
        LOGGER.debug("Located OAuth registered service [{}]", registeredOAuthServiceByClientId);
        Optional<UserProfile> profile = new ProfileManager(webContext, getConfigurationContext().getSessionStore()).getProfile();
        if (profile.isEmpty()) {
            throw new UnauthorizedServiceException("OAuth user profile cannot be determined");
        }
        UserProfile userProfile = profile.get();
        LOGGER.debug("Creating matching service request based on [{}]", registeredOAuthServiceByClientId);
        boolean isRequireServiceHeader = getConfigurationContext().getCasProperties().getAuthn().getOauth().getGrants().getResourceOwner().isRequireServiceHeader();
        Service buildService = getConfigurationContext().getAuthenticationBuilder().buildService(registeredOAuthServiceByClientId, webContext, isRequireServiceHeader);
        LOGGER.debug("Authenticating the OAuth request indicated by [{}]", buildService);
        Authentication build = getConfigurationContext().getAuthenticationBuilder().build(userProfile, registeredOAuthServiceByClientId, webContext, buildService);
        getConfigurationContext().getRegisteredServiceAccessStrategyEnforcer().execute(AuditableContext.builder().service(buildService).authentication(build).registeredService(registeredOAuthServiceByClientId).build()).throwExceptionIfNeeded();
        return AccessTokenRequestContext.builder().scopes(resolveRequestScopes).service(buildService).authentication(build).registeredService(registeredOAuthServiceByClientId).grantType(getGrantType()).ticketGrantingTicket(getConfigurationContext().getCentralAuthenticationService().createTicketGrantingTicket(new DefaultAuthenticationResult(build, isRequireServiceHeader ? buildService : null))).generateRefreshToken(registeredOAuthServiceByClientId != null && registeredOAuthServiceByClientId.isGenerateRefreshToken()).build();
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean supports(WebContext webContext) {
        return OAuth20Utils.isGrantType(getConfigurationContext().getRequestParameterResolver().resolveRequestParameter(webContext, "grant_type").orElse(""), getGrantType());
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20ResponseTypes getResponseType() {
        return null;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public OAuth20GrantTypes getGrantType() {
        return OAuth20GrantTypes.PASSWORD;
    }

    @Override // org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor
    public boolean requestMustBeAuthenticated() {
        return true;
    }
}
