package io.jans.ca.server.op;

import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import io.jans.as.client.TokenClient;
import io.jans.as.client.TokenResponse;
import io.jans.as.model.util.Util;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.params.GetAccessTokenByRefreshTokenParams;
import io.jans.ca.common.response.GetClientTokenResponse;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.Utils;
import io.jans.ca.server.configuration.model.Rp;
import io.jans.ca.server.service.DiscoveryService;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.util.HashSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/ca/server/op/GetAccessTokenByRefreshTokenOperation.class */
public class GetAccessTokenByRefreshTokenOperation extends BaseOperation<GetAccessTokenByRefreshTokenParams> {
    private static final Logger LOG = LoggerFactory.getLogger(GetAccessTokenByRefreshTokenOperation.class);

    @Inject
    DiscoveryService discoveryService;

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(GetAccessTokenByRefreshTokenParams getAccessTokenByRefreshTokenParams, HttpServletRequest httpServletRequest) {
        try {
            validate(getAccessTokenByRefreshTokenParams);
            Rp rp = getRp(getAccessTokenByRefreshTokenParams);
            TokenClient tokenClient = new TokenClient(this.discoveryService.getConnectDiscoveryResponse(rp).getTokenEndpoint());
            tokenClient.setExecutor(this.discoveryService.getHttpService().getClientEngine());
            TokenResponse execRefreshToken = tokenClient.execRefreshToken(scopeAsString(getAccessTokenByRefreshTokenParams), getAccessTokenByRefreshTokenParams.getRefreshToken(), rp.getClientId(), rp.getClientSecret());
            if (execRefreshToken == null) {
                LOG.error("No response from TokenClient");
            } else {
                if (Util.allNotBlank(new String[]{execRefreshToken.getAccessToken()})) {
                    GetClientTokenResponse getClientTokenResponse = new GetClientTokenResponse();
                    getClientTokenResponse.setAccessToken(execRefreshToken.getAccessToken());
                    getClientTokenResponse.setExpiresIn(execRefreshToken.getExpiresIn().intValue());
                    getClientTokenResponse.setRefreshToken(execRefreshToken.getRefreshToken());
                    getClientTokenResponse.setScope(Utils.stringToList(execRefreshToken.getScope()));
                    return getClientTokenResponse;
                }
                LOG.error("access_token is blank in response, params: " + getAccessTokenByRefreshTokenParams + ", response: " + execRefreshToken);
                LOG.error("Please check AS logs for more details (oxauth.log for CE).");
            }
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), e2);
        }
        throw HttpException.internalError();
    }

    @Override // io.jans.ca.server.op.IOperation
    public Class<GetAccessTokenByRefreshTokenParams> getParameterClass() {
        return GetAccessTokenByRefreshTokenParams.class;
    }

    @Override // io.jans.ca.server.op.IOperation
    public String getReturnType() {
        return "application/json";
    }

    private String scopeAsString(GetAccessTokenByRefreshTokenParams getAccessTokenByRefreshTokenParams) throws UnsupportedEncodingException {
        HashSet newHashSet = Sets.newHashSet();
        newHashSet.add("openid");
        if (getAccessTokenByRefreshTokenParams.getScope() != null) {
            newHashSet.addAll(getAccessTokenByRefreshTokenParams.getScope());
        }
        return Utils.joinAndUrlEncode(newHashSet);
    }

    private void validate(GetAccessTokenByRefreshTokenParams getAccessTokenByRefreshTokenParams) {
        if (Strings.isNullOrEmpty(getAccessTokenByRefreshTokenParams.getRefreshToken())) {
            throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_REFRESH_TOKEN);
        }
    }
}
