package de.adorsys.oauth.server;

import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse;
import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.http.ServletUtils;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLDecoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebServlet({"/api/auth"})
@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/oauth-server-0.23.jar:de/adorsys/oauth/server/AuthResource.class */
public class AuthResource extends HttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(AuthResource.class);
    private static final String CLIENT_ID_STR = "client_id";

    @Inject
    private UserInfoFactory userInfoFactory;

    @Inject
    private TokenStore tokenStore;
    private long tokenLifetime;

    public void init(ServletConfig servletConfig) throws ServletException {
        try {
            this.tokenLifetime = Long.valueOf(servletConfig.getServletContext().getInitParameter("lifetime")).longValue();
        } catch (Exception e) {
            this.tokenLifetime = 28800L;
        }
        LOG.info("token lifetime {}", Long.valueOf(this.tokenLifetime));
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        authorize(httpServletRequest, httpServletResponse);
    }

    private void authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UserInfo createUserInfo;
        HTTPResponse hTTPResponse;
        try {
            AuthorizationRequest resolveAuthorizationRequest = resolveAuthorizationRequest(httpServletRequest);
            URI redirectionURI = resolveAuthorizationRequest.getRedirectionURI();
            if (redirectionURI == null) {
                ServletUtils.applyHTTPResponse(new AuthorizationErrorResponse(resolveAuthorizationRequest.getEndpointURI(), OAuth2Error.INVALID_REQUEST, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toHTTPResponse(), httpServletResponse);
                return;
            }
            if (httpServletRequest.getUserPrincipal() == null) {
                ServletUtils.applyHTTPResponse(new AuthorizationErrorResponse(redirectionURI, OAuth2Error.UNAUTHORIZED_CLIENT, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toHTTPResponse(), httpServletResponse);
                return;
            }
            if (resolveAuthorizationRequest.getClientID() == null) {
                ServletUtils.applyHTTPResponse(new AuthorizationErrorResponse(redirectionURI, OAuth2Error.INVALID_CLIENT, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toHTTPResponse(), httpServletResponse);
            }
            if (resolveAuthorizationRequest.getResponseType() == null) {
                ServletUtils.applyHTTPResponse(new AuthorizationErrorResponse(redirectionURI, OAuth2Error.UNSUPPORTED_RESPONSE_TYPE, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toHTTPResponse(), httpServletResponse);
            }
            LoginSessionToken loginSessionToken = (LoginSessionToken) httpServletRequest.getAttribute("loginSession");
            if (loginSessionToken != null && RememberMeCookieUtil.getCookieToken(httpServletRequest, resolveAuthorizationRequest.getClientID()) != null && !this.tokenStore.isValid(loginSessionToken)) {
                httpServletRequest.removeAttribute("loginSession");
                this.tokenStore.removeLoginSession(loginSessionToken);
                HTTPResponse hTTPResponse2 = new HTTPResponse(HttpStatus.SC_SEE_OTHER);
                hTTPResponse2.setLocation(resolveAuthorizationRequest.toURI());
                ServletUtils.applyHTTPResponse(hTTPResponse2, httpServletResponse);
                return;
            }
            if (loginSessionToken != null) {
                createUserInfo = this.tokenStore.loadUserInfoFromLoginSession(loginSessionToken);
                if (createUserInfo == null) {
                    createUserInfo = this.userInfoFactory.createUserInfo(httpServletRequest);
                    this.tokenStore.addLoginSession(loginSessionToken, createUserInfo);
                }
            } else {
                createUserInfo = this.userInfoFactory.createUserInfo(httpServletRequest);
            }
            LOG.debug(createUserInfo.toJSONObject().toJSONString());
            BearerAccessToken bearerAccessToken = new BearerAccessToken(this.tokenLifetime, resolveAuthorizationRequest.getScope());
            if (resolveAuthorizationRequest.getResponseType().impliesCodeFlow()) {
                AuthorizationCode authorizationCode = new AuthorizationCode();
                LOG.debug("impliesCodeFlow {}", authorizationCode.toJSONString());
                this.tokenStore.addAuthCode(authorizationCode, createUserInfo, resolveAuthorizationRequest.getClientID(), loginSessionToken, redirectionURI);
                hTTPResponse = new AuthorizationSuccessResponse(redirectionURI, authorizationCode, null, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode()).toHTTPResponse();
            } else {
                LOG.debug("impliesTokenFlow {}", bearerAccessToken.toJSONString());
                this.tokenStore.addAccessToken(bearerAccessToken, createUserInfo, resolveAuthorizationRequest.getClientID(), null);
                hTTPResponse = new LoginSessionAuthorizationSuccessResponse(getCleanUrl(redirectionURI), null, bearerAccessToken, resolveAuthorizationRequest.getState(), resolveAuthorizationRequest.getResponseMode(), loginSessionToken, redirectionURI.getFragment()).toHTTPResponse();
            }
            LOG.debug("location {}", hTTPResponse.getHeader("location"));
            ServletUtils.applyHTTPResponse(hTTPResponse, httpServletResponse);
        } catch (ParseException e) {
            ServletUtils.applyHTTPResponse(new TokenErrorResponse(OAuth2Error.INVALID_REQUEST).toHTTPResponse(), httpServletResponse);
        }
    }

    private URI getCleanUrl(URI uri) {
        try {
            return new URI(uri.toString().replace("#" + uri.getFragment(), ""));
        } catch (URISyntaxException e) {
            throw new OAuthException("clean url cant be parsed", null);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        authorize(httpServletRequest, httpServletResponse);
    }

    private AuthorizationRequest resolveAuthorizationRequest(HttpServletRequest httpServletRequest) throws ParseException {
        if (isNotBlank(httpServletRequest.getParameter(CLIENT_ID_STR))) {
            return AuthorizationRequest.parse(extractURI(httpServletRequest), requestParameters(httpServletRequest));
        }
        if (contains(httpServletRequest.getQueryString(), CLIENT_ID_STR)) {
            return AuthorizationRequest.parse(extractURI(httpServletRequest), httpServletRequest.getQueryString());
        }
        if (httpServletRequest.getParameter("SAMLResponse") != null && httpServletRequest.getParameter("RelayState") != null) {
            try {
                URL url = new URL(httpServletRequest.getParameter("RelayState"));
                if (contains(url.getQuery(), CLIENT_ID_STR)) {
                    return AuthorizationRequest.parse(url.getQuery());
                }
            } catch (Exception e) {
            }
        }
        throw new ParseException(String.format("unable to resolve AuthorizationRequest from %s", httpServletRequest.getRequestURI()));
    }

    private boolean contains(String str, String str2) {
        return str != null && str.contains(str2);
    }

    private boolean isNotBlank(String str) {
        return str != null && str.trim().length() > 0;
    }

    public Map<String, String> requestParameters(HttpServletRequest httpServletRequest) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        HashMap hashMap = new HashMap();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String parameter = httpServletRequest.getParameter(str);
            try {
                hashMap.put(str, URLDecoder.decode(parameter, "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                hashMap.put(str, parameter);
            }
        }
        return hashMap;
    }

    private URI extractURI(HttpServletRequest httpServletRequest) {
        try {
            String str = httpServletRequest.getQueryString() == null ? "" : "?" + httpServletRequest.getQueryString();
            return new URL(httpServletRequest.getScheme(), httpServletRequest.getServerName(), httpServletRequest.getServerPort(), httpServletRequest.getRequestURI()).toURI();
        } catch (Exception e) {
            LOG.warn("Error extracting auth/ URI: " + e.getMessage());
            return null;
        }
    }
}
