package org.mitre.oauth2.web;

import com.google.common.collect.Sets;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpSession;
import org.mitre.oauth2.exception.DeviceCodeCreationException;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.DeviceCode;
import org.mitre.oauth2.model.SystemScope;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.DeviceCodeService;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.oauth2.token.DeviceTokenGranter;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.mitre.openid.connect.view.UserInfoJWTView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
/* loaded from: input_file:org/mitre/oauth2/web/DeviceEndpoint.class */
public class DeviceEndpoint {
    public static final String URL = "devicecode";
    public static final String USER_URL = "device";
    public static final Logger logger = LoggerFactory.getLogger(DeviceEndpoint.class);

    @Autowired
    private ClientDetailsEntityService clientService;

    @Autowired
    private SystemScopeService scopeService;

    @Autowired
    private ConfigurationPropertiesBean config;

    @Autowired
    private DeviceCodeService deviceCodeService;

    @Autowired
    private OAuth2RequestFactory oAuth2RequestFactory;

    @RequestMapping(value = {"/devicecode"}, method = {RequestMethod.POST}, consumes = {"application/x-www-form-urlencoded"}, produces = {"application/json"})
    public String requestDeviceCode(@RequestParam("client_id") String str, @RequestParam(name = "scope", required = false) String str2, Map<String, String> map, ModelMap modelMap) {
        try {
            ClientDetailsEntity loadClientByClientId = this.clientService.loadClientByClientId(str);
            Set authorizedGrantTypes = loadClientByClientId.getAuthorizedGrantTypes();
            if (authorizedGrantTypes != null && !authorizedGrantTypes.isEmpty() && !authorizedGrantTypes.contains(DeviceTokenGranter.GRANT_TYPE)) {
                throw new InvalidClientException("Unauthorized grant type: urn:ietf:params:oauth:grant-type:device_code");
            }
            if (loadClientByClientId == null) {
                logger.error("could not find client " + str);
                modelMap.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                return HttpCodeView.VIEWNAME;
            }
            Set parseParameterList = OAuth2Utils.parseParameterList(str2);
            Set scope = loadClientByClientId.getScope();
            if (!this.scopeService.scopesMatch(scope, parseParameterList)) {
                logger.error("Client asked for " + parseParameterList + " but is allowed " + scope);
                modelMap.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                modelMap.put("error", "invalid_scope");
                return JsonErrorView.VIEWNAME;
            }
            try {
                DeviceCode createNewDeviceCode = this.deviceCodeService.createNewDeviceCode(parseParameterList, loadClientByClientId, map);
                HashMap hashMap = new HashMap();
                hashMap.put("device_code", createNewDeviceCode.getDeviceCode());
                hashMap.put("user_code", createNewDeviceCode.getUserCode());
                hashMap.put("verification_uri", this.config.getIssuer() + USER_URL);
                if (loadClientByClientId.getDeviceCodeValiditySeconds() != null) {
                    hashMap.put("expires_in", loadClientByClientId.getDeviceCodeValiditySeconds());
                }
                modelMap.put(JsonEntityView.ENTITY, hashMap);
                return JsonEntityView.VIEWNAME;
            } catch (DeviceCodeCreationException e) {
                modelMap.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                modelMap.put("error", e.getError());
                modelMap.put(JsonErrorView.ERROR_MESSAGE, e.getMessage());
                return JsonErrorView.VIEWNAME;
            }
        } catch (IllegalArgumentException e2) {
            logger.error("IllegalArgumentException was thrown when attempting to load client", e2);
            modelMap.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
            return HttpCodeView.VIEWNAME;
        }
    }

    @RequestMapping(value = {"/device"}, method = {RequestMethod.GET})
    @PreAuthorize("hasRole('ROLE_USER')")
    public String requestUserCode(ModelMap modelMap) {
        return "requestUserCode";
    }

    @RequestMapping(value = {"/device/verify"}, method = {RequestMethod.POST})
    @PreAuthorize("hasRole('ROLE_USER')")
    public String readUserCode(@RequestParam("user_code") String str, ModelMap modelMap, HttpSession httpSession) {
        DeviceCode lookUpByUserCode = this.deviceCodeService.lookUpByUserCode(str);
        if (lookUpByUserCode == null) {
            modelMap.addAttribute("error", "noUserCode");
            return "requestUserCode";
        }
        if (lookUpByUserCode.getExpiration() != null && lookUpByUserCode.getExpiration().before(new Date())) {
            modelMap.addAttribute("error", "expiredUserCode");
            return "requestUserCode";
        }
        if (lookUpByUserCode.isApproved()) {
            modelMap.addAttribute("error", "userCodeAlreadyApproved");
            return "requestUserCode";
        }
        modelMap.put(UserInfoJWTView.CLIENT, this.clientService.loadClientByClientId(lookUpByUserCode.getClientId()));
        modelMap.put("dc", lookUpByUserCode);
        Set fromStrings = this.scopeService.fromStrings(lookUpByUserCode.getScope());
        LinkedHashSet linkedHashSet = new LinkedHashSet(fromStrings.size());
        Set<SystemScope> all = this.scopeService.getAll();
        for (SystemScope systemScope : all) {
            if (fromStrings.contains(systemScope)) {
                linkedHashSet.add(systemScope);
            }
        }
        linkedHashSet.addAll(Sets.difference(fromStrings, all));
        modelMap.put("scopes", linkedHashSet);
        httpSession.setAttribute("authorizationRequest", this.oAuth2RequestFactory.createAuthorizationRequest(lookUpByUserCode.getRequestParameters()));
        httpSession.setAttribute("deviceCode", lookUpByUserCode);
        return "approveDevice";
    }

    @RequestMapping(value = {"/device/approve"}, method = {RequestMethod.POST})
    @PreAuthorize("hasRole('ROLE_USER')")
    public String approveDevice(@RequestParam("user_code") String str, @RequestParam("user_oauth_approval") Boolean bool, ModelMap modelMap, Authentication authentication, HttpSession httpSession) {
        AuthorizationRequest authorizationRequest = (AuthorizationRequest) httpSession.getAttribute("authorizationRequest");
        DeviceCode deviceCode = (DeviceCode) httpSession.getAttribute("deviceCode");
        if (!deviceCode.getUserCode().equals(str)) {
            modelMap.addAttribute("error", "userCodeMismatch");
            return "requestUserCode";
        }
        if (deviceCode.getExpiration() != null && deviceCode.getExpiration().before(new Date())) {
            modelMap.addAttribute("error", "expiredUserCode");
            return "requestUserCode";
        }
        modelMap.put(UserInfoJWTView.CLIENT, this.clientService.loadClientByClientId(deviceCode.getClientId()));
        if (!bool.booleanValue()) {
            modelMap.addAttribute("approved", false);
            return "deviceApproved";
        }
        this.deviceCodeService.approveDeviceCode(deviceCode, new OAuth2Authentication(this.oAuth2RequestFactory.createOAuth2Request(authorizationRequest), authentication));
        Set fromStrings = this.scopeService.fromStrings(deviceCode.getScope());
        LinkedHashSet linkedHashSet = new LinkedHashSet(fromStrings.size());
        Set<SystemScope> all = this.scopeService.getAll();
        for (SystemScope systemScope : all) {
            if (fromStrings.contains(systemScope)) {
                linkedHashSet.add(systemScope);
            }
        }
        linkedHashSet.addAll(Sets.difference(fromStrings, all));
        modelMap.put("scopes", linkedHashSet);
        modelMap.put("approved", true);
        return "deviceApproved";
    }
}
