package de.adorsys.oauth.client.undertow;

import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import de.adorsys.oauth.client.protocol.OAuthProtocol;
import de.adorsys.oauth.client.protocol.UserInfoResolver;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMechanismFactory;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormParserFactory;
import io.undertow.servlet.handlers.ServletRequestContext;
import java.net.URI;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/oauth/client/undertow/OAuthAuthenticationMechanism.class */
public class OAuthAuthenticationMechanism implements AuthenticationMechanism {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthAuthenticationMechanism.class);
    private OAuthProtocol oauthProtocol;
    private UserInfoResolver userInfoResolver;
    private boolean supportAuthCode;
    private boolean supportGuest;
    private String mechanismName;

    /* loaded from: input_file:de/adorsys/oauth/client/undertow/OAuthAuthenticationMechanism$Factory.class */
    public static final class Factory implements AuthenticationMechanismFactory {
        private Map<String, String> contextProperties = new HashMap();

        public Factory(ServletContext servletContext) {
            Enumeration initParameterNames = servletContext.getInitParameterNames();
            while (initParameterNames.hasMoreElements()) {
                String str = (String) initParameterNames.nextElement();
                this.contextProperties.put(str, servletContext.getInitParameter(str));
            }
            OAuthAuthenticationMechanism.LOG.info("initialize OAuthAuthenticationMechanism for {}", servletContext.getContextPath());
        }

        public AuthenticationMechanism create(String str, FormParserFactory formParserFactory, Map<String, String> map) {
            map.putAll(this.contextProperties);
            return new OAuthAuthenticationMechanism(str, map);
        }
    }

    public OAuthAuthenticationMechanism(String str, Map<String, String> map) {
        this.mechanismName = str;
        this.oauthProtocol = OAuthProtocol.from(map);
        this.userInfoResolver = UserInfoResolver.from(map);
        this.supportAuthCode = extract(map, "supportAuthCode", true);
        this.supportGuest = extract(map, "supportAuthCode", false);
        LOG.info("use {} {}", this.oauthProtocol, this.userInfoResolver);
    }

    private boolean extract(Map<String, String> map, String str, boolean z) {
        return map.containsKey(str) ? Boolean.valueOf(map.get(str)).booleanValue() : z;
    }

    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpServletRequest originalRequest = servletRequestContext.getOriginalRequest();
        HttpServletResponse originalResponse = servletRequestContext.getOriginalResponse();
        if (originalRequest.getUserPrincipal() != null) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        URI extractURI = this.oauthProtocol.extractURI(originalRequest);
        LOG.debug("Request " + extractURI);
        AccessToken resolveAccessToken = this.oauthProtocol.resolveAccessToken(originalRequest);
        if (resolveAccessToken == null && this.supportGuest) {
            securityContext.getIdentityManager().verify("guest", new PasswordCredential("NONE".toCharArray()));
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        if (authenticate(securityContext, resolveAccessToken, originalRequest, originalResponse)) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        if (!this.supportAuthCode) {
            originalResponse.setStatus(401);
            return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
        if (authenticate(securityContext, this.oauthProtocol.runAuthorizationCodeFlow(extractURI), originalRequest, originalResponse)) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        this.oauthProtocol.doAuthorizationRequest(originalResponse, extractURI);
        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

    private boolean authenticate(SecurityContext securityContext, AccessToken accessToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (accessToken == null) {
            return false;
        }
        LOG.debug("authenticate with accessToken {}", accessToken);
        UserInfo resolve = this.userInfoResolver.resolve(accessToken);
        if (resolve == null) {
            LOG.trace("no userInfo available for {}", accessToken.getValue());
            return false;
        }
        IdentityManager identityManager = securityContext.getIdentityManager();
        httpServletRequest.setAttribute(UserInfo.class.getName(), resolve);
        Account verify = identityManager.verify(resolve.getSubject().getValue(), new PasswordCredential(accessToken.getValue().toCharArray()));
        if (verify != null) {
            securityContext.authenticationComplete(verify, this.mechanismName, true);
            httpServletResponse.setHeader("Authorization", accessToken.toAuthorizationHeader());
            return true;
        }
        if (this.supportGuest) {
            return false;
        }
        LOG.error("no account created for {} {}, OAuthLoginModule configured correctly ?", resolve.getSubject().getValue(), accessToken.getValue());
        return false;
    }

    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        return new AuthenticationMechanism.ChallengeResult(false);
    }
}
