package org.keycloak.social.twitter;

import java.net.URI;
import javax.ws.rs.GET;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.utils.MediaType;
import twitter4j.Twitter;
import twitter4j.TwitterFactory;
import twitter4j.User;
import twitter4j.auth.AccessToken;
import twitter4j.auth.RequestToken;

/* loaded from: input_file:org/keycloak/social/twitter/TwitterIdentityProvider.class */
public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2IdentityProviderConfig> implements SocialIdentityProvider<OAuth2IdentityProviderConfig> {
    protected static final Logger logger = Logger.getLogger(TwitterIdentityProvider.class);

    /* loaded from: input_file:org/keycloak/social/twitter/TwitterIdentityProvider$Endpoint.class */
    protected class Endpoint {
        protected RealmModel realm;
        protected IdentityProvider.AuthenticationCallback callback;

        @Context
        protected KeycloakSession session;

        @Context
        protected ClientConnection clientConnection;

        @Context
        protected HttpHeaders headers;

        @Context
        protected UriInfo uriInfo;

        public Endpoint(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback) {
            this.realm = realmModel;
            this.callback = authenticationCallback;
        }

        @GET
        public Response authResponse(@QueryParam("state") String str, @QueryParam("denied") String str2, @QueryParam("oauth_verifier") String str3) {
            if (str2 != null) {
                return this.callback.cancelled(str);
            }
            try {
                Twitter twitterFactory = new TwitterFactory().getInstance();
                twitterFactory.setOAuthConsumer(((OAuth2IdentityProviderConfig) TwitterIdentityProvider.this.getConfig()).getClientId(), ((OAuth2IdentityProviderConfig) TwitterIdentityProvider.this.getConfig()).getClientSecret());
                ClientSessionModel clientSession = parseClientSessionCode(str).getClientSession();
                AccessToken oAuthAccessToken = twitterFactory.getOAuthAccessToken(new RequestToken(clientSession.getNote("twitter_token"), clientSession.getNote("twitter_tokenSecret")), str3);
                User verifyCredentials = twitterFactory.verifyCredentials();
                BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(Long.toString(verifyCredentials.getId()));
                brokeredIdentityContext.setIdp(TwitterIdentityProvider.this);
                brokeredIdentityContext.setUsername(verifyCredentials.getScreenName());
                brokeredIdentityContext.setName(verifyCredentials.getName());
                StringBuilder sb = new StringBuilder();
                sb.append("{");
                sb.append("\"oauth_token\":").append("\"").append(oAuthAccessToken.getToken()).append("\"").append(",");
                sb.append("\"oauth_token_secret\":").append("\"").append(oAuthAccessToken.getTokenSecret()).append("\"").append(",");
                sb.append("\"screen_name\":").append("\"").append(oAuthAccessToken.getScreenName()).append("\"").append(",");
                sb.append("\"user_id\":").append("\"").append(oAuthAccessToken.getUserId()).append("\"");
                sb.append("}");
                brokeredIdentityContext.setToken(sb.toString());
                brokeredIdentityContext.setCode(str);
                brokeredIdentityContext.setIdpConfig(TwitterIdentityProvider.this.getConfig());
                return this.callback.authenticated(brokeredIdentityContext);
            } catch (Exception e) {
                TwitterIdentityProvider.logger.error("Could get user profile from twitter.", e);
                EventBuilder eventBuilder = new EventBuilder(this.realm, this.session, this.clientConnection);
                eventBuilder.event(EventType.LOGIN);
                eventBuilder.error("twitter_login_failed");
                return ErrorPage.error(this.session, Messages.UNEXPECTED_ERROR_HANDLING_RESPONSE, new Object[0]);
            }
        }

        private ClientSessionCode parseClientSessionCode(String str) {
            ClientSessionCode parse = ClientSessionCode.parse(str, this.session, this.realm);
            if (parse == null || !parse.isValid(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
                throw new IdentityBrokerException("Invalid code, please login again through your application.");
            }
            ClientSessionModel clientSession = parse.getClientSession();
            if (clientSession != null) {
                ClientModel client = clientSession.getClient();
                if (client == null) {
                    throw new IdentityBrokerException("Invalid client");
                }
                TwitterIdentityProvider.logger.debugf("Got authorization code from client [%s].", client.getClientId());
            }
            TwitterIdentityProvider.logger.debugf("Authorization code is valid.", new Object[0]);
            return parse;
        }
    }

    public TwitterIdentityProvider(OAuth2IdentityProviderConfig oAuth2IdentityProviderConfig) {
        super(oAuth2IdentityProviderConfig);
    }

    public Object callback(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
        return new Endpoint(realmModel, authenticationCallback);
    }

    public Response performLogin(AuthenticationRequest authenticationRequest) {
        try {
            Twitter twitterFactory = new TwitterFactory().getInstance();
            twitterFactory.setOAuthConsumer(((OAuth2IdentityProviderConfig) getConfig()).getClientId(), ((OAuth2IdentityProviderConfig) getConfig()).getClientSecret());
            RequestToken oAuthRequestToken = twitterFactory.getOAuthRequestToken(new URI(authenticationRequest.getRedirectUri() + "?state=" + authenticationRequest.getState()).toString());
            ClientSessionModel clientSession = authenticationRequest.getClientSession();
            clientSession.setNote("twitter_token", oAuthRequestToken.getToken());
            clientSession.setNote("twitter_tokenSecret", oAuthRequestToken.getTokenSecret());
            return Response.temporaryRedirect(URI.create(oAuthRequestToken.getAuthenticationURL())).build();
        } catch (Exception e) {
            throw new IdentityBrokerException("Could send authentication request to twitter.", e);
        }
    }

    public Response retrieveToken(KeycloakSession keycloakSession, FederatedIdentityModel federatedIdentityModel) {
        return Response.ok(federatedIdentityModel.getToken()).type(MediaType.APPLICATION_JSON).build();
    }
}
