package leap.oauth2.webapp.login;

import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.http.QueryStringBuilder;
import leap.lang.intercepting.State;
import leap.lang.net.Urls;
import leap.oauth2.webapp.OAuth2Config;
import leap.oauth2.webapp.OAuth2Params;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfig;
import leap.web.security.SecurityInterceptor;
import leap.web.security.authc.AuthenticationContext;
import leap.web.security.login.LoginContext;

/* loaded from: input_file:leap/oauth2/webapp/login/OAuth2LoginInterceptor.class */
public class OAuth2LoginInterceptor implements SecurityInterceptor {
    private static final String REDIRECT_BACK_PARAM = "oauth2_redirect";

    @Inject
    protected OAuth2Config config;

    @Inject
    protected SecurityConfig sc;

    @Inject
    protected OAuth2LoginHandler handler;

    public State preResolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) throws Throwable {
        return (this.config.isEnabled() && this.config.isLogin() && isRedirectBackFromServer(request)) ? this.handler.handleServerRedirectRequest(request, response, authenticationContext) : State.CONTINUE;
    }

    public State postResolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) throws Throwable {
        return this.handler.handleAuthenticationResolved(request, response, authenticationContext);
    }

    public State prePromoteLogin(Request request, Response response, LoginContext loginContext) throws Throwable {
        if (this.config.isEnabled() && this.config.isLogin() && !isRedirectBackFromServer(request)) {
            loginContext.setLoginUrl(buildLoginUrl(request));
        }
        return State.CONTINUE;
    }

    protected boolean isRedirectBackFromServer(Request request) {
        return "1".equals(request.getParameter(REDIRECT_BACK_PARAM));
    }

    protected String buildLoginUrl(Request request) {
        QueryStringBuilder queryStringBuilder = new QueryStringBuilder();
        queryStringBuilder.add(OAuth2Params.RESPONSE_TYPE, this.config.isLoginWithAccessToken() ? "code id_token" : OAuth2Params.ID_TOKEN);
        queryStringBuilder.add(OAuth2Params.CLIENT_ID, this.config.getClientId());
        queryStringBuilder.add(OAuth2Params.REDIRECT_URI, buildClientRedirectUri(request));
        queryStringBuilder.add(OAuth2Params.LOGOUT_URI, buildClientLogoutUri(request));
        return "redirect:" + Urls.appendQueryString(this.config.getAuthorizeUrl(), queryStringBuilder.build());
    }

    protected String buildClientRedirectUri(Request request) {
        String appendQueryString;
        String redirectUri = this.config.getRedirectUri();
        if (Strings.isEmpty(redirectUri)) {
            appendQueryString = request.getServletRequest().getRequestURL().toString();
        } else {
            appendQueryString = Urls.appendQueryString(Strings.startsWithIgnoreCase(redirectUri, "http") ? redirectUri : request.getContextUrl() + redirectUri, this.sc.getReturnUrlParameterName() + "=" + Urls.encode(request.getUri()));
        }
        return Urls.appendQueryString(appendQueryString, "oauth2_redirect=1");
    }

    protected String buildClientLogoutUri(Request request) {
        return request.getContextUrl() + this.sc.getLogoutAction();
    }
}
