package ru.org.openam.auth.modules;

import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.service.LoginState;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.PagePropertiesCallback;
import com.sun.identity.authentication.spi.UserNamePasswordValidationException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import java.security.Principal;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ru.org.openam.idm.User;
import ru.org.openam.oauth.v2.data.Permission;

/* loaded from: input_file:ru/org/openam/auth/modules/OAuth2Sso.class */
public class OAuth2Sso extends OAuth2AMLoginModule {
    public static Logger logger = LoggerFactory.getLogger(OAuth2Sso.class);
    private CallbackHandler callbackHandler;
    public SSOToken userToken;
    public LoginState ls;
    String sid;
    public Permission permission = null;
    Principal userPrincipal = null;

    @Override // ru.org.openam.auth.modules.OAuth2AMLoginModule
    public void init(Subject subject, Map map, Map map2) {
        super.init(subject, map, map2);
        this.callbackHandler = getCallbackHandler();
        try {
            setAuthLevel(Integer.parseInt(CollectionHelper.getMapAttr(map2, "ru.org.openam.auth.modules.OAuth2Sso.authlevel", "0")));
        } catch (Exception e) {
            setAuthLevel(0);
        }
    }

    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        this.ls = getLoginState(OAuth2Sso.class.getName());
        this.ls.setSessionUpgrade(false);
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            return 0;
        }
        try {
            ConfirmationCallback[] submittedInfo = this.ls.getSubmittedInfo();
            if (submittedInfo != null) {
                if (submittedInfo == null || submittedInfo.length <= 1 || !(submittedInfo[1] instanceof ConfirmationCallback) || submittedInfo[1].getSelectedIndex() != 1) {
                    throw new UserNamePasswordValidationException("invalid authorize");
                }
                this.userPrincipal = new OAuth2Principal(this.permission.getIdentity().getUniversalId());
                return -1;
            }
            this.sid = httpServletRequest.getParameter("IDToken1");
            if (StringUtils.isBlank(this.sid)) {
                return 0;
            }
            this.userToken = SSOTokenManager.getInstance().createSSOToken(this.sid.replaceFirst("^\\d{2}(.*)$", "$1"), httpServletRequest.getRemoteAddr());
            String property = this.userToken.getProperty("am.protected.oauth2.accept");
            if (property == null) {
                return 0;
            }
            this.permission = Permission.fromString(property);
            if (this.permission.getIdentity() == null) {
                throw new UserNamePasswordValidationException("identity null");
            }
            Set<String> scope = this.permission.getScope();
            if (scope != null && !scope.isEmpty() && !scope.contains("sso") && !this.permission.trust.booleanValue()) {
                throw new UserNamePasswordValidationException("scope denied");
            }
            this.callbackHandler.handle(new Callback[]{new PagePropertiesCallback("Confirm", "Please authorize", (String) null, 600, "Login.jsp", false, (String) null), new ConfirmationCallback("Please authorize convert access_token to sso token", 0, new String[]{"Decline", "Accept"}, 0)});
            return 0;
        } catch (Exception e) {
            Logger logger2 = logger;
            Object[] objArr = new Object[3];
            objArr[0] = e instanceof AuthLoginException ? e.getMessage() : "error";
            objArr[1] = this.userToken == null ? this.sid : User.debugToken(this.userToken);
            objArr[2] = e.toString();
            logger2.warn("{} access_token=({}): {}", objArr);
            if (e instanceof AuthLoginException) {
                throw e;
            }
            throw new UserNamePasswordValidationException(e);
        }
    }

    public Principal getPrincipal() {
        return this.userPrincipal;
    }
}
