package de.adorsys.oauth.server;

import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse;
import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URL;
import java.net.URLDecoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("auth")
@ApplicationScoped
/* loaded from: input_file:de/adorsys/oauth/server/AuthResource.class */
public class AuthResource {
    private static final Logger LOG = LoggerFactory.getLogger(AuthResource.class);
    private static final String CLIENT_ID_STR = "client_id";

    @Context
    private HttpServletRequest servletRequest;

    @Context
    private ServletContext servletContext;

    @Inject
    private UserInfoFactory userInfoFactory;

    @Inject
    private TokenStore tokenStore;
    private long tokenLifetime;

    @PostConstruct
    public void postConstruct() {
        try {
            this.tokenLifetime = Long.valueOf(this.servletContext.getInitParameter("lifetime")).longValue();
        } catch (Exception e) {
            this.tokenLifetime = 28800L;
        }
        LOG.info("token lifetime {}", Long.valueOf(this.tokenLifetime));
    }

    @POST
    @Consumes({"application/x-www-form-urlencoded"})
    public Response authorizePost() throws Exception {
        UserInfo createUserInfo;
        URI uri;
        AuthorizationRequest resolveAuthorizationRequest = resolveAuthorizationRequest();
        Response.ResponseBuilder status = Response.status(302);
        if (resolveAuthorizationRequest.getRedirectionURI() == null) {
            return status.location(new AuthorizationErrorResponse(resolveAuthorizationRequest.getEndpointURI(), OAuth2Error.INVALID_REQUEST, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toURI()).build();
        }
        if (this.servletRequest.getUserPrincipal() == null) {
            return status.location(new AuthorizationErrorResponse(resolveAuthorizationRequest.getRedirectionURI(), OAuth2Error.UNAUTHORIZED_CLIENT, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toURI()).build();
        }
        if (resolveAuthorizationRequest.getClientID() == null) {
            return status.location(new AuthorizationErrorResponse(resolveAuthorizationRequest.getRedirectionURI(), OAuth2Error.INVALID_CLIENT, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toURI()).build();
        }
        if (resolveAuthorizationRequest.getResponseType() == null) {
            return status.location(new AuthorizationErrorResponse(resolveAuthorizationRequest.getRedirectionURI(), OAuth2Error.UNSUPPORTED_RESPONSE_TYPE, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toURI()).build();
        }
        LoginSessionToken loginSessionToken = (LoginSessionToken) this.servletRequest.getAttribute("loginSession");
        if (loginSessionToken != null && RememberMeCookieUtil.getCookieToken(this.servletRequest, resolveAuthorizationRequest.getClientID()) != null && !this.tokenStore.isValid(loginSessionToken)) {
            this.servletRequest.removeAttribute("loginSession");
            this.tokenStore.removeLoginSession(loginSessionToken);
            return status.location(resolveAuthorizationRequest.toURI()).build();
        }
        if (loginSessionToken != null) {
            createUserInfo = this.tokenStore.loadUserInfoFromLoginSession(loginSessionToken);
            if (createUserInfo == null) {
                createUserInfo = this.userInfoFactory.createUserInfo(this.servletRequest);
                this.tokenStore.addLoginSession(loginSessionToken, createUserInfo);
            }
        } else {
            createUserInfo = this.userInfoFactory.createUserInfo(this.servletRequest);
        }
        LOG.debug(createUserInfo.toJSONObject().toJSONString());
        BearerAccessToken bearerAccessToken = new BearerAccessToken(this.tokenLifetime, resolveAuthorizationRequest.getScope());
        if (resolveAuthorizationRequest.getResponseType().impliesCodeFlow()) {
            AuthorizationCode authorizationCode = new AuthorizationCode();
            LOG.info("impliesCodeFlow {}", authorizationCode.toJSONString());
            this.tokenStore.addAuthCode(authorizationCode, createUserInfo, resolveAuthorizationRequest.getClientID(), loginSessionToken, resolveAuthorizationRequest.getRedirectionURI());
            uri = new AuthorizationSuccessResponse(resolveAuthorizationRequest.getRedirectionURI(), authorizationCode, (AccessToken) null, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toURI();
        } else {
            LOG.info("impliesTokenFlow {}", bearerAccessToken.toJSONString());
            this.tokenStore.addAccessToken(bearerAccessToken, createUserInfo, resolveAuthorizationRequest.getClientID(), null);
            uri = new AuthorizationSuccessResponse(resolveAuthorizationRequest.getRedirectionURI(), (AuthorizationCode) null, bearerAccessToken, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toURI();
        }
        LOG.info("location {}", uri);
        return status.location(uri).build();
    }

    @GET
    public Response authorizeGet() throws Exception {
        return authorizePost();
    }

    private AuthorizationRequest resolveAuthorizationRequest() throws ParseException {
        if (isNotBlank(this.servletRequest.getParameter(CLIENT_ID_STR))) {
            return AuthorizationRequest.parse(extractURI(this.servletRequest), requestParameters(this.servletRequest));
        }
        if (contains(this.servletRequest.getQueryString(), CLIENT_ID_STR)) {
            return AuthorizationRequest.parse(extractURI(this.servletRequest), this.servletRequest.getQueryString());
        }
        if (this.servletRequest.getParameter("SAMLResponse") != null && this.servletRequest.getParameter("RelayState") != null) {
            try {
                URL url = new URL(this.servletRequest.getParameter("RelayState"));
                if (contains(url.getQuery(), CLIENT_ID_STR)) {
                    return AuthorizationRequest.parse(url.getQuery());
                }
            } catch (Exception e) {
            }
        }
        throw new ParseException(String.format("unable to resolve AuthorizationRequest from %s", this.servletRequest.getRequestURI()));
    }

    private boolean contains(String str, String str2) {
        return str != null && str.contains(str2);
    }

    private boolean isNotBlank(String str) {
        return str != null && str.trim().length() > 0;
    }

    public Map<String, String> requestParameters(HttpServletRequest httpServletRequest) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        HashMap hashMap = new HashMap();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String parameter = httpServletRequest.getParameter(str);
            try {
                hashMap.put(str, URLDecoder.decode(parameter, "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                hashMap.put(str, parameter);
            }
        }
        return hashMap;
    }

    private URI extractURI(HttpServletRequest httpServletRequest) {
        try {
            String str = httpServletRequest.getQueryString() == null ? "" : "?" + httpServletRequest.getQueryString();
            return new URL(httpServletRequest.getScheme(), httpServletRequest.getServerName(), httpServletRequest.getServerPort(), httpServletRequest.getRequestURI()).toURI();
        } catch (Exception e) {
            LOG.warn("Error extracting auth/ URI: " + e.getMessage());
            return null;
        }
    }
}
