package org.forgerock.oauth2.core;

import java.util.Set;
import javax.inject.Inject;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.InvalidCodeException;
import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
import org.forgerock.oauth2.core.exceptions.InvalidRequestException;
import org.forgerock.oauth2.core.exceptions.InvalidScopeException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.oauth2.core.exceptions.UnauthorizedClientException;
import org.forgerock.openam.oauth2.OAuth2UrisFactory;

/* loaded from: input_file:org/forgerock/oauth2/core/JwtBearerGrantTypeHandler.class */
public class JwtBearerGrantTypeHandler extends GrantTypeHandler {
    private final TokenStore tokenStore;

    @Inject
    public JwtBearerGrantTypeHandler(ClientAuthenticator clientAuthenticator, TokenStore tokenStore, OAuth2UrisFactory oAuth2UrisFactory, OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory) {
        super(oAuth2ProviderSettingsFactory, oAuth2UrisFactory, clientAuthenticator);
        this.tokenStore = tokenStore;
    }

    @Override // org.forgerock.oauth2.core.GrantTypeHandler
    public AccessToken handle(OAuth2Request oAuth2Request, ClientRegistration clientRegistration, OAuth2ProviderSettings oAuth2ProviderSettings) throws RedirectUriMismatchException, InvalidRequestException, InvalidGrantException, InvalidCodeException, ServerException, UnauthorizedClientException, InvalidScopeException, InvalidClientException, NotFoundException {
        OAuth2Jwt create = OAuth2Jwt.create((String) oAuth2Request.getParameter("assertion"));
        if (create.isExpired()) {
            throw new InvalidGrantException("JWT has expired");
        }
        if (!clientRegistration.verifyJwtIdentity(create)) {
            throw new InvalidGrantException("JWT is not valid");
        }
        String str = (String) oAuth2Request.getParameter("redirect_uri");
        String str2 = (String) oAuth2Request.getParameter("grant_type");
        Set<String> validateAccessTokenScope = oAuth2ProviderSettings.validateAccessTokenScope(clientRegistration, Utils.splitScope((String) oAuth2Request.getParameter("scope")), oAuth2Request);
        AccessToken createAccessToken = this.tokenStore.createAccessToken(str2, "Bearer", null, create.getSubject(), clientRegistration.getClientId(), str, validateAccessTokenScope, null, null, oAuth2ProviderSettings.validateRequestedClaims((String) oAuth2Request.getParameter("claims")), oAuth2Request);
        oAuth2ProviderSettings.additionalDataToReturnFromTokenEndpoint(createAccessToken, oAuth2Request);
        if (validateAccessTokenScope != null && !validateAccessTokenScope.isEmpty()) {
            createAccessToken.addExtraData("scope", Utils.joinScope(validateAccessTokenScope));
        }
        this.tokenStore.updateAccessToken(oAuth2Request, createAccessToken);
        return createAccessToken;
    }
}
