package com.bornium.security.oauth2openid.client;

import com.bornium.http.Exchange;
import com.bornium.http.Method;
import com.bornium.http.RequestBuilder;
import com.bornium.http.Response;
import com.bornium.http.ResponseBuilder;
import com.bornium.http.util.UriUtil;
import com.bornium.security.oauth2openid.Constants;
import com.bornium.security.oauth2openid.Util;
import com.bornium.security.oauth2openid.providers.Session;
import com.bornium.security.oauth2openid.token.BearerTokenProvider;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/oauth2-openid-1.0.1.jar:com/bornium/security/oauth2openid/client/WebApplicationClient.class */
public class WebApplicationClient {
    private final ClientProvider clientProvider;
    private final OAuth2ClientData clientData;
    private final OAuth2AuthorizationServerData serverData;
    Logger log = LoggerFactory.getLogger((Class<?>) WebApplicationClient.class);
    private Cache<String, Exchange> originalRequestsForState = CacheBuilder.newBuilder().expireAfterAccess(10, TimeUnit.MINUTES).build();
    private BearerTokenProvider stateTokenProvider = new BearerTokenProvider();

    public WebApplicationClient(ClientProvider clientProvider, OAuth2ClientData oAuth2ClientData, OAuth2AuthorizationServerData oAuth2AuthorizationServerData) {
        this.clientProvider = clientProvider;
        this.clientData = oAuth2ClientData;
        this.serverData = oAuth2AuthorizationServerData;
    }

    public Exchange invokeOn(Exchange exchange) throws Exception {
        Session session = this.clientProvider.getSessionProvider().getSession(exchange);
        if (session != null && session.getValue(Constants.SESSION_LOGGED_IN) != null && session.getValue(Constants.SESSION_LOGGED_IN).equals("yes")) {
            exchange.setResponse(doRequestWithToken(exchange));
            return exchange;
        }
        Exchange invokeWhenCallback = isCallbackCall(exchange) ? invokeWhenCallback(exchange) : invokeAuthRedirect(exchange);
        if (invokeWhenCallback.getRequest() == null) {
            invokeWhenCallback.setRequest(exchange.getRequest());
        }
        if (exchange != null && !exchange.getProperties().isEmpty()) {
            invokeWhenCallback.setProperties(exchange.getProperties());
        }
        return invokeWhenCallback;
    }

    private Response doRequestWithToken(Exchange exchange) throws Exception {
        exchange.getRequest().getHeader().append("Authorization", this.clientProvider.getSessionProvider().getSession(exchange).getValue(Constants.PARAMETER_TOKEN_TYPE) + StringUtils.SPACE + this.clientProvider.getSessionProvider().getSession(exchange).getValue("access_token"));
        return this.clientProvider.getHttpClient().sendExchange(exchange).getResponse();
    }

    private Exchange invokeAuthRedirect(Exchange exchange) throws Exception {
        return createAuthorizationEndpointRedirectForResourceOwner(exchange);
    }

    private Exchange invokeWhenCallback(Exchange exchange) throws Exception {
        Map<String, String> queryToParameters = UriUtil.queryToParameters(exchange.getRequest().getUri().getQuery());
        Session session = this.clientProvider.getSessionProvider().getSession(exchange);
        if (!session.getValue("state").equals(queryToParameters.get("state"))) {
            return new ResponseBuilder().statuscode(400).body(Constants.ERROR_POSSIBLE_CSRF).buildExchange();
        }
        if (queryToParameters.containsKey(Constants.PARAMETER_ERROR)) {
            return new ResponseBuilder().statuscode(400).body(queryToParameters.get(Constants.PARAMETER_ERROR)).buildExchange();
        }
        Exchange createAccessTokenRequest = createAccessTokenRequest(exchange, queryToParameters.get("code"));
        Map map = (Map) new ObjectMapper().readValue(this.clientProvider.getHttpClient().sendExchange(createAccessTokenRequest).getResponse().getBody(), Map.class);
        for (String str : map.keySet()) {
            session.putValue(str, map.get(str).toString());
        }
        session.putValue(Constants.SESSION_LOGGED_IN, "yes");
        exchange.setRequest(((Exchange) this.originalRequestsForState.getIfPresent(queryToParameters.get("state"))).getRequest());
        exchange.getRequest().getHeader().append("Cookie", createAccessTokenRequest.getRequest().getHeader().getValue("Cookie"));
        exchange.setResponse(doRequestWithToken(exchange));
        return exchange;
    }

    private Exchange createAccessTokenRequest(Exchange exchange, String str) throws URISyntaxException, UnsupportedEncodingException {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str);
        hashMap.put("redirect_uri", this.clientData.getRedirectUri());
        hashMap.put("scope", this.clientData.getScope());
        return new RequestBuilder().method(Method.POST).uri(this.serverData.getTokenEndpoint()).body(UriUtil.parametersToQuery(hashMap)).header("Authorization", getBasicAuthValue()).header("Cookie", exchange.getRequest().getHeader().getValue("Cookie")).buildExchange();
    }

    private String getBasicAuthValue() throws UnsupportedEncodingException {
        return Util.encodeToBasicAuthValue(this.clientData.getClientId(), this.clientData.getClientSecret());
    }

    private boolean isCallbackCall(Exchange exchange) {
        return this.clientData.getRedirectUri().endsWith(exchange.getRequest().getUri().getPath());
    }

    public Exchange createAuthorizationEndpointRedirectForResourceOwner(Exchange exchange) throws Exception {
        return new ResponseBuilder().redirectTempWithGet(getAuthorizationEndpointUriWithQuery(exchange)).buildExchange();
    }

    private String getAuthorizationEndpointUriWithQuery(Exchange exchange) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("response_type", "code");
        hashMap.put("client_id", this.clientData.getClientId());
        hashMap.put("redirect_uri", this.clientData.getRedirectUri());
        hashMap.put("scope", this.clientData.getScope());
        hashMap.put("state", createStateAndSaveOriginalRequestToIt(exchange));
        return this.serverData.getAuthEndpoint() + "?" + UriUtil.parametersToQuery(hashMap);
    }

    private String createStateAndSaveOriginalRequestToIt(Exchange exchange) throws Exception {
        String str = this.stateTokenProvider.get();
        this.originalRequestsForState.put(str, exchange);
        this.clientProvider.getSessionProvider().getSession(exchange).putValue("state", str);
        return str;
    }
}
