package org.apache.cxf.rs.security.oauth2.services;

import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.security.SecurityContext;

@Path("/authorize-direct")
/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.class */
public class DirectAuthorizationService extends AbstractOAuthService {
    private SubjectCreator subjectCreator;
    private boolean partialMatchScopeValidation;
    private boolean useAllClientScopes;

    @POST
    @Produces({"text/html"})
    @Consumes({"application/x-www-form-urlencoded"})
    public Response authorize(MultivaluedMap<String, String> multivaluedMap) {
        SecurityContext andValidateSecurityContext = getAndValidateSecurityContext(multivaluedMap);
        Client client = getClient(multivaluedMap);
        UserSubject createUserSubject = createUserSubject(andValidateSecurityContext, multivaluedMap);
        AccessTokenRegistration accessTokenRegistration = new AccessTokenRegistration();
        accessTokenRegistration.setClient(client);
        accessTokenRegistration.setGrantType(OAuthConstants.DIRECT_TOKEN_GRANT);
        accessTokenRegistration.setSubject(createUserSubject);
        List<String> requestedScopes = OAuthUtils.getRequestedScopes(client, (String) multivaluedMap.getFirst("scope"), this.useAllClientScopes, this.partialMatchScopeValidation);
        accessTokenRegistration.setRequestedScope(requestedScopes);
        accessTokenRegistration.setApprovedScope(requestedScopes);
        return Response.ok(OAuthUtils.toClientAccessToken(getDataProvider().createAccessToken(accessTokenRegistration), isWriteOptionalParameters())).build();
    }

    protected SecurityContext getAndValidateSecurityContext(MultivaluedMap<String, String> multivaluedMap) {
        SecurityContext securityContext = (SecurityContext) getMessageContext().get(SecurityContext.class.getName());
        if (securityContext == null || securityContext.getUserPrincipal() == null) {
            throw ExceptionUtils.toNotAuthorizedException((Throwable) null, (Response) null);
        }
        checkTransportSecurity();
        return securityContext;
    }

    protected UserSubject createUserSubject(SecurityContext securityContext, MultivaluedMap<String, String> multivaluedMap) {
        UserSubject createUserSubject;
        if (this.subjectCreator != null && (createUserSubject = this.subjectCreator.createUserSubject(getMessageContext(), multivaluedMap)) != null) {
            return createUserSubject;
        }
        UserSubject userSubject = (UserSubject) getMessageContext().getContent(UserSubject.class);
        return userSubject != null ? userSubject : OAuthUtils.createSubject(securityContext);
    }

    public SubjectCreator getSubjectCreator() {
        return this.subjectCreator;
    }

    public void setSubjectCreator(SubjectCreator subjectCreator) {
        this.subjectCreator = subjectCreator;
    }

    protected Client getClient(MultivaluedMap<String, String> multivaluedMap) {
        Client client = null;
        try {
            client = getValidClient((String) multivaluedMap.getFirst("client_id"), multivaluedMap);
        } catch (OAuthServiceException e) {
            if (e.getError() != null) {
                reportInvalidRequestError(e.getError(), (MediaType) null);
            }
        }
        if (client == null) {
            reportInvalidRequestError("Client ID is invalid", (MediaType) null);
        }
        return client;
    }

    public boolean isPartialMatchScopeValidation() {
        return this.partialMatchScopeValidation;
    }

    public void setPartialMatchScopeValidation(boolean z) {
        this.partialMatchScopeValidation = z;
    }

    public void setUseAllClientScopes(boolean z) {
        this.useAllClientScopes = z;
    }
}
