package com.predic8.membrane.core.interceptor.oauth2;

import com.floreysoft.jmte.Engine;
import com.floreysoft.jmte.ErrorHandler;
import com.floreysoft.jmte.message.ParseException;
import com.floreysoft.jmte.token.Token;
import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.Constants;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Header;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.server.WebServerInterceptor;
import com.predic8.membrane.core.resolver.ResolverMap;
import com.predic8.membrane.core.util.URLParamUtil;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.validation.DataBinder;

@MCElement(name = "oauth2Resource")
/* loaded from: input_file:lib/service-proxy-core-4.2.0.jar:com/predic8/membrane/core/interceptor/oauth2/OAuth2ResourceInterceptor.class */
public class OAuth2ResourceInterceptor extends AbstractInterceptor {
    private static Log log = LogFactory.getLog(OAuth2ResourceInterceptor.class.getName());
    private String loginLocation;
    private String publicURL;
    private AuthorizationService authorizationService;
    private SessionManager sessionManager;
    private String loginPath = "/login/";
    private final WebServerInterceptor wsi = new WebServerInterceptor();

    public String getLoginLocation() {
        return this.loginLocation;
    }

    @Required
    @MCAttribute
    public void setLoginLocation(String str) {
        this.loginLocation = str;
    }

    public String getLoginPath() {
        return this.loginPath;
    }

    @MCAttribute
    public void setLoginPath(String str) {
        this.loginPath = str;
    }

    public String getPublicURL() {
        return this.publicURL;
    }

    @Required
    @MCAttribute
    public void setPublicURL(String str) {
        this.publicURL = str;
    }

    public AuthorizationService getAuthorizationService() {
        return this.authorizationService;
    }

    @MCChildElement(order = 10)
    @Required
    public void setAuthorizationService(AuthorizationService authorizationService) {
        this.authorizationService = authorizationService;
    }

    public SessionManager getSessionManager() {
        return this.sessionManager;
    }

    @MCChildElement(order = 20)
    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public void init(Router router) throws Exception {
        super.init(router);
        this.authorizationService.init(router);
        if (this.sessionManager == null) {
            this.sessionManager = new SessionManager();
        }
        this.sessionManager.init(router);
        this.wsi.setDocBase(this.loginLocation);
        router.getResolverMap().resolve(ResolverMap.combine(router.getBaseLocation(), this.wsi.getDocBase(), "./index.html")).close();
        this.wsi.init(router);
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        if (isLoginRequest(exchange)) {
            handleLoginRequest(exchange);
            return Outcome.RETURN;
        }
        SessionManager.Session session = this.sessionManager.getSession(exchange.getRequest());
        if (session == null) {
            return respondWithRedirect(exchange);
        }
        if (session.isAuthorized()) {
            applyBackendAuthorization(exchange, session);
            return Outcome.CONTINUE;
        }
        if (!this.authorizationService.handleRequest(exchange, session.getUserAttributes().get("state"), this.publicURL, session)) {
            return respondWithRedirect(exchange);
        }
        if (exchange.getResponse().getStatusCode() >= 400) {
            session.clear();
        }
        return Outcome.RETURN;
    }

    private void applyBackendAuthorization(Exchange exchange, SessionManager.Session session) {
        Header header = exchange.getRequest().getHeader();
        for (Map.Entry<String, String> entry : session.getUserAttributes().entrySet()) {
            if (entry.getKey().startsWith(com.predic8.membrane.core.http.xml.Header.ELEMENT_NAME)) {
                String substring = entry.getKey().substring(6);
                header.removeFields(substring);
                header.add(substring, entry.getValue());
            }
        }
    }

    private Outcome respondWithRedirect(Exchange exchange) {
        exchange.setResponse(Response.redirect(this.loginPath, false).build());
        return Outcome.RETURN;
    }

    public boolean isLoginRequest(Exchange exchange) {
        return this.router.getUriFactory().createWithoutException(exchange.getRequest().getUri()).getPath().startsWith(this.loginPath);
    }

    private void showPage(Exchange exchange, String str, Object... objArr) throws Exception {
        String defaultString = StringUtils.defaultString(URLParamUtil.getParams(this.router.getUriFactory(), exchange).get(DataBinder.DEFAULT_OBJECT_NAME));
        exchange.getDestinations().set(0, "/index.html");
        this.wsi.handleRequest(exchange);
        Engine engine = new Engine();
        engine.setErrorHandler(new ErrorHandler() { // from class: com.predic8.membrane.core.interceptor.oauth2.OAuth2ResourceInterceptor.1
            @Override // com.floreysoft.jmte.ErrorHandler
            public void error(String str2, Token token, Map<String, Object> map) throws ParseException {
                OAuth2ResourceInterceptor.log.error(str2);
            }

            @Override // com.floreysoft.jmte.ErrorHandler
            public void error(String str2, Token token) throws ParseException {
                OAuth2ResourceInterceptor.log.error(str2);
            }
        });
        HashMap hashMap = new HashMap();
        hashMap.put("loginPath", StringEscapeUtils.escapeXml(this.loginPath));
        hashMap.put("loginURL", this.authorizationService.getLoginURL(str, this.publicURL, this.router.getUriFactory().create(exchange.getDestinations().get(0)).getPath()));
        hashMap.put(DataBinder.DEFAULT_OBJECT_NAME, StringEscapeUtils.escapeXml(defaultString));
        hashMap.put("authid", str);
        for (int i = 0; i < objArr.length; i += 2) {
            hashMap.put((String) objArr[i], objArr[i + 1]);
        }
        exchange.getResponse().setBodyContent(engine.transform(exchange.getResponse().getBodyAsStringDecoded(), hashMap).getBytes(Constants.UTF_8_CHARSET));
    }

    public void handleLoginRequest(Exchange exchange) throws Exception {
        SessionManager.Session session = this.sessionManager.getSession(exchange.getRequest());
        String substring = exchange.getRequest().getUri().substring(this.loginPath.length() - 1);
        if (substring.indexOf(63) >= 0) {
            substring = substring.substring(0, substring.indexOf(63));
        }
        exchange.getDestinations().set(0, substring);
        if (substring.equals("/logout")) {
            if (session != null) {
                session.clear();
            }
            exchange.setResponse(Response.redirect("/", false).build());
        } else {
            if (!substring.equals("/")) {
                this.wsi.handleRequest(exchange);
                return;
            }
            if (session != null && session.isAuthorized()) {
                showPage(exchange, session.getUserAttributes().get("state"), new Object[0]);
                return;
            }
            String bigInteger = new BigInteger(130, new SecureRandom()).toString(32);
            showPage(exchange, bigInteger, new Object[0]);
            SessionManager.Session createSession = this.sessionManager.createSession(exchange);
            HashMap hashMap = new HashMap();
            hashMap.put("state", bigInteger);
            createSession.preAuthorize("", hashMap);
        }
    }
}
