package io.syndesis.server.endpoint.v1.handler.credential;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.syndesis.server.credential.CredentialFlowState;
import io.syndesis.server.credential.Credentials;
import io.syndesis.server.endpoint.v1.state.ClientSideState;
import io.syndesis.server.endpoint.v1.util.Urls;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Path("/credentials")
@Tag(name = "credentials")
@Component
/* loaded from: input_file:BOOT-INF/lib/server-endpoint-1.11.0.fuse-780011-redhat-00001.jar:io/syndesis/server/endpoint/v1/handler/credential/CredentialHandler.class */
public class CredentialHandler {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CredentialHandler.class);
    private static final ObjectWriter SERIALIZER = new ObjectMapper().writerFor(CallbackStatus.class);
    private final Credentials credentials;
    private final ClientSideState state;

    public CredentialHandler(Credentials credentials, ClientSideState clientSideState) {
        this.credentials = credentials;
        this.state = clientSideState;
    }

    @GET
    @Path("/callback")
    public Response callback(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        try {
            ClientSideState clientSideState = this.state;
            Objects.requireNonNull(clientSideState);
            Set<CredentialFlowState> restoreFrom = CredentialFlowState.Builder.restoreFrom((v1, v2) -> {
                return r0.restoreFrom(v1, v2);
            }, httpServletRequest);
            if (restoreFrom.isEmpty()) {
                return fail(httpServletRequest, httpServletResponse, "Unable to recall the state of authorization, called callback without initiating OAuth autorization?");
            }
            CredentialFlowState next = restoreFrom.iterator().next();
            String providerId = next.getProviderId();
            URI returnUrl = next.getReturnUrl();
            try {
                Optional findFirst = restoreFrom.stream().map(credentialFlowState -> {
                    return credentialFlowState.updateFrom(httpServletRequest);
                }).flatMap(credentialFlowState2 -> {
                    return tryToFinishAcquisition(httpServletRequest, credentialFlowState2);
                }).findFirst();
                if (!findFirst.isPresent()) {
                    return fail(httpServletRequest, httpServletResponse, returnUrl, providerId, "Unable to finish authorization, OAuth authorization timed out?");
                }
                CredentialFlowState credentialFlowState3 = (CredentialFlowState) findFirst.get();
                return Response.temporaryRedirect(addFragmentTo(credentialFlowState3.getReturnUrl(), CallbackStatus.success(credentialFlowState3.getConnectorId(), "Successfully authorized Syndesis's access"))).cookie(this.state.persist(credentialFlowState3.persistenceKey(), "/", credentialFlowState3)).build();
            } catch (RuntimeException e) {
                LOG.debug("Unable to update credential flow state from request", (Throwable) e);
                return fail(httpServletRequest, httpServletResponse, returnUrl, providerId, "Unable to update the state of authorization");
            }
        } catch (RuntimeException e2) {
            LOG.debug("Unable to restore credential flow state from request", (Throwable) e2);
            return fail(httpServletRequest, httpServletResponse, "Unable to restore the state of authorization");
        }
    }

    protected Stream<CredentialFlowState> tryToFinishAcquisition(HttpServletRequest httpServletRequest, CredentialFlowState credentialFlowState) {
        try {
            return Stream.of(this.credentials.finishAcquisition(credentialFlowState, Urls.apiBase(httpServletRequest)));
        } catch (RuntimeException e) {
            LOG.debug("Unable to perform OAuth callback on flow state: {}", credentialFlowState, e);
            return Stream.empty();
        }
    }

    static URI addFragmentTo(URI uri, CallbackStatus callbackStatus) {
        try {
            return new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), uri.getPath(), uri.getQuery(), SERIALIZER.writeValueAsString(callbackStatus));
        } catch (JsonProcessingException | URISyntaxException e) {
            throw new IllegalStateException("Unable to add fragment to URI: " + uri + ", for state: " + callbackStatus, e);
        }
    }

    static Response fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        return fail(httpServletRequest, httpServletResponse, Urls.appHome(httpServletRequest), null, str);
    }

    static Response fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, URI uri, String str, String str2) {
        removeCredentialCookies(httpServletRequest, httpServletResponse);
        return Response.temporaryRedirect(addFragmentTo(uri, CallbackStatus.failure(str, str2))).build();
    }

    static void removeCredentialCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return;
        }
        Arrays.stream(cookies).filter(cookie -> {
            return cookie.getName().startsWith(CredentialFlowState.CREDENTIAL_PREFIX);
        }).forEach(cookie2 -> {
            Cookie cookie2 = new Cookie(cookie2.getName(), "");
            cookie2.setPath("/");
            cookie2.setMaxAge(0);
            cookie2.setHttpOnly(true);
            cookie2.setSecure(true);
            httpServletResponse.addCookie(cookie2);
        });
    }
}
