package org.omnifaces.security.jaspic.authmodules;

import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.brickred.socialauth.Profile;
import org.brickred.socialauth.SocialAuthConfig;
import org.brickred.socialauth.SocialAuthManager;
import org.brickred.socialauth.util.SocialAuthUtil;
import org.omnifaces.security.cdi.Beans;
import org.omnifaces.security.jaspic.Utils;
import org.omnifaces.security.jaspic.core.HttpMsgContext;
import org.omnifaces.security.jaspic.core.HttpServerAuthModule;
import org.omnifaces.security.jaspic.core.Jaspic;
import org.omnifaces.security.jaspic.core.SamServices;
import org.omnifaces.security.jaspic.core.ServiceType;
import org.omnifaces.security.jaspic.exceptions.ProfileIncompleteException;
import org.omnifaces.security.jaspic.exceptions.RegistrationException;
import org.omnifaces.security.jaspic.user.SocialAuthPropertiesProvider;
import org.omnifaces.security.jaspic.user.SocialAuthenticator;

@SamServices({ServiceType.AUTO_REGISTER_SESSION, ServiceType.SAVE_AND_REDIRECT})
/* loaded from: input_file:org/omnifaces/security/jaspic/authmodules/SocialServerAuthModule.class */
public class SocialServerAuthModule extends HttpServerAuthModule {
    public static final String SOCIAL_PROFILE = "omnisecurity.socialProfile";
    public static final String CALLBACK_URL = "callbackUrl";
    public static final String PROFILE_INCOMPLETE_URL = "profileIncompleteUrl";
    public static final String REGISTRATION_ERROR_URL = "registrationErrorUrl";
    private static final String SOCIAL_AUTH_MANAGER = "socialAuthManager";
    private String providerId;

    public SocialServerAuthModule(String str) {
        this.providerId = str;
    }

    @Override // org.omnifaces.security.jaspic.core.HttpServerAuthModule
    public AuthStatus validateHttpRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) throws AuthException {
        if (isLoginRequest(httpServletRequest, httpServletResponse, httpMsgContext)) {
            return AuthStatus.SEND_CONTINUE;
        }
        try {
            if (isCallbackRequest(httpServletRequest, httpServletResponse, httpMsgContext)) {
                getUserProfileFromSocialProvider(httpServletRequest);
            }
            return isProfileAvailable(httpServletRequest) ? doSocialLogin(httpServletRequest, httpServletResponse, httpMsgContext) : AuthStatus.SUCCESS;
        } catch (Exception e) {
            throw new AuthException().initCause(e);
        }
    }

    private boolean isLoginRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) throws AuthException {
        if (((SocialAuthManager) httpServletRequest.getSession().getAttribute(SOCIAL_AUTH_MANAGER)) != null || !Jaspic.isAuthenticationRequest(httpServletRequest)) {
            return false;
        }
        SocialAuthConfig socialAuthConfig = new SocialAuthConfig();
        try {
            SocialAuthPropertiesProvider socialAuthPropertiesProvider = (SocialAuthPropertiesProvider) Beans.getReferenceOrNull(SocialAuthPropertiesProvider.class);
            if (socialAuthPropertiesProvider != null) {
                socialAuthConfig.load(socialAuthPropertiesProvider.getProperties());
            } else {
                socialAuthConfig.load();
            }
            SocialAuthManager socialAuthManager = new SocialAuthManager();
            socialAuthManager.setSocialAuthConfig(socialAuthConfig);
            httpServletRequest.getSession().setAttribute(SOCIAL_PROFILE, (Object) null);
            httpServletRequest.getSession().setAttribute(SOCIAL_AUTH_MANAGER, socialAuthManager);
            httpServletResponse.sendRedirect(socialAuthManager.getAuthenticationUrl(this.providerId, Utils.getBaseURL(httpServletRequest) + httpMsgContext.getModuleOption(CALLBACK_URL)));
            return true;
        } catch (Exception e) {
            throw new AuthException().initCause(e);
        }
    }

    private boolean isCallbackRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) throws Exception {
        return httpServletRequest.getRequestURI().equals(httpMsgContext.getModuleOption(CALLBACK_URL)) && httpServletRequest.getSession().getAttribute(SOCIAL_AUTH_MANAGER) != null;
    }

    private void getUserProfileFromSocialProvider(HttpServletRequest httpServletRequest) throws Exception {
        SocialAuthManager socialAuthManager = (SocialAuthManager) httpServletRequest.getSession().getAttribute(SOCIAL_AUTH_MANAGER);
        httpServletRequest.getSession().setAttribute(SOCIAL_AUTH_MANAGER, (Object) null);
        httpServletRequest.getSession().setAttribute(SOCIAL_PROFILE, socialAuthManager.connect(SocialAuthUtil.getRequestParametersMap(httpServletRequest)).getUserProfile());
    }

    private boolean isProfileAvailable(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession().getAttribute(SOCIAL_PROFILE) != null;
    }

    private AuthStatus doSocialLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) throws Exception {
        Profile profile = (Profile) httpServletRequest.getSession().getAttribute(SOCIAL_PROFILE);
        SocialAuthenticator socialAuthenticator = (SocialAuthenticator) Beans.getReference(SocialAuthenticator.class);
        try {
            if (socialAuthenticator.authenticateOrRegister(profile)) {
                httpMsgContext.registerWithContainer(socialAuthenticator.getUserName(), socialAuthenticator.getApplicationRoles());
                return AuthStatus.SUCCESS;
            }
        } catch (ProfileIncompleteException e) {
            if (e.getReason() == null || httpServletRequest.getServletPath().startsWith(httpMsgContext.getModuleOption(PROFILE_INCOMPLETE_URL))) {
                return AuthStatus.SUCCESS;
            }
            httpServletResponse.sendRedirect(httpMsgContext.getModuleOption(PROFILE_INCOMPLETE_URL));
            return AuthStatus.SEND_CONTINUE;
        } catch (RegistrationException e2) {
            if (e2.getReason() != null) {
                httpServletRequest.getSession().setAttribute(SOCIAL_PROFILE, (Object) null);
                httpServletResponse.sendRedirect(httpMsgContext.getModuleOption(REGISTRATION_ERROR_URL) + "?failure-reason=" + Utils.encodeURL(e2.getReason()));
            }
        }
        return AuthStatus.SEND_FAILURE;
    }
}
