package pl.edu.icm.unity.oauth.as.webauthz;

import com.google.common.collect.Sets;
import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.OIDCResponseTypeValue;
import com.nimbusds.openid.connect.sdk.OIDCScopeValue;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.client.utils.URIBuilder;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.AttributesManagement;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.utils.RoutingServlet;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;
import pl.edu.icm.unity.oauth.as.OAuthValidationException;
import pl.edu.icm.unity.oauth.as.token.OAuthTokenEndpoint;
import pl.edu.icm.unity.webui.idpcommon.EopException;

/* loaded from: input_file:pl/edu/icm/unity/oauth/as/webauthz/OAuthParseServlet.class */
public class OAuthParseServlet extends HttpServlet {
    public static final String SESSION_OAUTH_CONTEXT = "oauth2AuthnContextKey";
    private OAuthASProperties oauthConfig;
    private String oauthUiServletPath;
    private ErrorHandler errorHandler;
    private OAuthWebRequestValidator validator;
    private static final Logger log = Log.getLogger("unity.server.oauth", OAuthParseServlet.class);
    public static final Set<ResponseType.Value> KNOWN_RESPONSE_TYPES = Sets.newHashSet(new ResponseType.Value[]{ResponseType.Value.CODE, ResponseType.Value.TOKEN, OIDCResponseTypeValue.ID_TOKEN});

    public OAuthParseServlet(OAuthASProperties oAuthASProperties, String str, ErrorHandler errorHandler, EntityManagement entityManagement, AttributesManagement attributesManagement) {
        this.oauthConfig = oAuthASProperties;
        this.oauthUiServletPath = str;
        this.errorHandler = errorHandler;
        this.validator = new OAuthWebRequestValidator(oAuthASProperties, entityManagement, attributesManagement);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log.trace("Received GET request to the OAuth2 authorization endpoint");
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        try {
            processRequestInterruptible(httpServletRequest, httpServletResponse);
        } catch (EopException e) {
        }
    }

    private String getQueryString(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("oAuthRequest");
        return parameter != null ? new String(Base64.decodeBase64(parameter), StandardCharsets.UTF_8) : httpServletRequest.getQueryString();
    }

    protected void processRequestInterruptible(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException, EopException {
        AuthorizationRequest parse;
        log.trace("Starting OAuth2 authorization request processing");
        HttpSession session = httpServletRequest.getSession();
        OAuthAuthzContext oAuthAuthzContext = (OAuthAuthzContext) session.getAttribute(SESSION_OAUTH_CONTEXT);
        String queryString = getQueryString(httpServletRequest);
        try {
            parse = AuthenticationRequest.parse(queryString);
        } catch (ParseException e) {
            if (log.isTraceEnabled()) {
                log.trace("Request to OAuth2 endpoint address, which is not OIDC request, will try plain OAuth. OIDC parse error: " + e.toString());
            }
            try {
                parse = AuthorizationRequest.parse(queryString);
                Scope scope = parse.getScope();
                if (scope != null && scope.contains(OIDCScopeValue.OPENID)) {
                    log.debug("Request to OAuth2 endpoint address, which is not OIDC request, but OIDC profile requested. OIDC parse error: " + e.toString());
                    this.errorHandler.showErrorPage("Error parsing OAuth OIDC request", e.getMessage(), httpServletResponse);
                    return;
                }
            } catch (ParseException e2) {
                if (log.isTraceEnabled()) {
                    log.trace("Request to OAuth2 endpoint address, with invalid/missing parameters, error: " + e.toString());
                }
                this.errorHandler.showErrorPage("Error parsing OAuth request", e.getMessage(), httpServletResponse);
                return;
            }
        }
        if (oAuthAuthzContext != null) {
            if (!oAuthAuthzContext.isExpired() && log.isTraceEnabled()) {
                log.trace("Request to OAuth2 authZ address, we are forced to break the previous login: " + httpServletRequest.getRequestURI());
            }
            session.removeAttribute(SESSION_OAUTH_CONTEXT);
        }
        if (log.isTraceEnabled()) {
            log.trace("Request to protected address, with OAuth2 input, will be processed: " + httpServletRequest.getRequestURI());
        }
        try {
            if (log.isTraceEnabled()) {
                log.trace("Parsed OAuth request: " + httpServletRequest.getQueryString());
            }
            OAuthAuthzContext oAuthAuthzContext2 = new OAuthAuthzContext(parse, this.oauthConfig);
            this.validator.validate(oAuthAuthzContext2);
            session.setAttribute(SESSION_OAUTH_CONTEXT, oAuthAuthzContext2);
            RoutingServlet.clean(httpServletRequest);
            if (log.isTraceEnabled()) {
                log.trace("Request with OAuth input handled successfully");
            }
            httpServletResponse.sendRedirect(this.oauthUiServletPath + getQueryToAppend(parse));
        } catch (OAuthValidationException e3) {
            if (log.isDebugEnabled()) {
                log.debug("Processing of OAuth request failed", e3);
            }
            this.errorHandler.showErrorPage(e3.getMessage(), null, httpServletResponse);
        }
    }

    private String getQueryToAppend(AuthorizationRequest authorizationRequest) {
        Map customParameters = authorizationRequest.getCustomParameters();
        URIBuilder uRIBuilder = new URIBuilder();
        for (Map.Entry entry : customParameters.entrySet()) {
            Iterator it = ((List) entry.getValue()).iterator();
            while (it.hasNext()) {
                uRIBuilder.addParameter((String) entry.getKey(), (String) it.next());
            }
        }
        String str = null;
        try {
            str = uRIBuilder.build().getRawQuery();
        } catch (URISyntaxException e) {
            log.error("Can't re-encode URL query params, shouldn't happen", e);
        }
        return str == null ? OAuthTokenEndpoint.PATH : "?" + str;
    }
}
