package org.apache.shindig.social.core.oauth2.validators;

import com.google.inject.Inject;
import org.apache.shindig.gadgets.oauth2.OAuth2Message;
import org.apache.shindig.social.core.oauth2.OAuth2Client;
import org.apache.shindig.social.core.oauth2.OAuth2DataService;
import org.apache.shindig.social.core.oauth2.OAuth2Exception;
import org.apache.shindig.social.core.oauth2.OAuth2NormalizedRequest;
import org.apache.shindig.social.core.oauth2.OAuth2NormalizedResponse;
import org.apache.shindig.social.core.oauth2.OAuth2Types;

/* loaded from: input_file:WEB-INF/lib/shindig-social-api-3.0.0-beta4.jar:org/apache/shindig/social/core/oauth2/validators/ClientCredentialsGrantValidator.class */
public class ClientCredentialsGrantValidator implements OAuth2GrantValidator {
    private OAuth2DataService service;

    @Inject
    public ClientCredentialsGrantValidator(OAuth2DataService oAuth2DataService) {
        this.service = oAuth2DataService;
    }

    public void setOAuth2DataService(OAuth2DataService oAuth2DataService) {
        this.service = oAuth2DataService;
    }

    @Override // org.apache.shindig.social.core.oauth2.validators.OAuth2GrantValidator
    public String getGrantType() {
        return OAuth2Message.CLIENT_CREDENTIALS;
    }

    @Override // org.apache.shindig.social.core.oauth2.validators.OAuth2RequestValidator
    public void validateRequest(OAuth2NormalizedRequest oAuth2NormalizedRequest) throws OAuth2Exception {
        OAuth2Client client = this.service.getClient(oAuth2NormalizedRequest.getClientId());
        if (client == null || client.getFlow() != OAuth2Client.Flow.CLIENT_CREDENTIALS) {
            throwAccessDenied("Bad client id or password");
        }
        if (client.getType() != OAuth2Client.ClientType.CONFIDENTIAL) {
            throwAccessDenied("Client credentials flow does not support public clients");
        }
        if (client.getSecret().equals(oAuth2NormalizedRequest.getClientSecret())) {
            return;
        }
        throwAccessDenied("Bad client id or password");
    }

    private void throwAccessDenied(String str) throws OAuth2Exception {
        OAuth2NormalizedResponse oAuth2NormalizedResponse = new OAuth2NormalizedResponse();
        oAuth2NormalizedResponse.setError(OAuth2Types.ErrorType.ACCESS_DENIED.toString());
        oAuth2NormalizedResponse.setErrorDescription(str);
        oAuth2NormalizedResponse.setStatus(403);
        throw new OAuth2Exception(oAuth2NormalizedResponse);
    }
}
