package org.picketlink.social.facebook;

import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/picketlink-consolidated-social-1.0.1-SNAPSHOT.jar:org/picketlink/social/facebook/FacebookProcessor.class */
public class FacebookProcessor {
    protected boolean trace = log.isTraceEnabled();
    protected FacebookUtil util = new FacebookUtil(FacebookConstants.SERVICE_URL);
    protected List<String> roles = new ArrayList();
    protected String clientID;
    protected String clientSecret;
    protected String scope;
    private String returnURL;
    protected static Logger log = Logger.getLogger(FacebookProcessor.class);
    public static ThreadLocal<Principal> cachedPrincipal = new ThreadLocal<>();
    public static ThreadLocal<List<String>> cachedRoles = new ThreadLocal<>();
    public static String EMPTY_PASSWORD = "EMPTY";

    /* loaded from: input_file:WEB-INF/lib/picketlink-consolidated-social-1.0.1-SNAPSHOT.jar:org/picketlink/social/facebook/FacebookProcessor$STATES.class */
    public enum STATES {
        AUTH,
        AUTHZ,
        FINISH
    }

    public FacebookProcessor(String str, String str2, String str3, String str4, List<String> list) {
        this.clientID = str;
        this.clientSecret = str2;
        this.scope = str3;
        this.returnURL = str4;
        this.roles.addAll(list);
    }

    public void setRoleString(String str) {
        if (str == null) {
            throw new RuntimeException("Role String is null in configuration");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreElements()) {
            this.roles.add(stringTokenizer.nextToken());
        }
    }

    public boolean initialInteraction(Request request, Response response) throws IOException {
        HttpSession session = request.getSession();
        HashMap hashMap = new HashMap();
        hashMap.put(OAuthConstants.REDIRECT_URI_PARAMETER, this.returnURL);
        hashMap.put(OAuthConstants.CLIENT_ID_PARAMETER, this.clientID);
        if (this.scope != null) {
            hashMap.put(OAuthConstants.SCOPE_PARAMETER, this.scope);
        }
        String str = FacebookConstants.SERVICE_URL + "?" + this.util.createQueryString(hashMap);
        try {
            session.setAttribute("STATE", STATES.AUTH.name());
            if (this.trace) {
                log.trace("Redirect:" + str);
            }
            response.sendRedirect(str);
            return false;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean handleAuthStage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.getSession().setAttribute("STATE", STATES.AUTHZ.name());
        sendAuthorizeRequest(this.returnURL, httpServletResponse);
        return false;
    }

    protected void sendAuthorizeRequest(String str, HttpServletResponse httpServletResponse) {
        HashMap hashMap = new HashMap();
        hashMap.put(OAuthConstants.REDIRECT_URI_PARAMETER, str);
        hashMap.put(OAuthConstants.CLIENT_ID_PARAMETER, this.clientID);
        if (this.scope != null) {
            hashMap.put(OAuthConstants.SCOPE_PARAMETER, this.scope);
        }
        try {
            httpServletResponse.sendRedirect(FacebookConstants.AUTHENTICATION_ENDPOINT_URL + "?" + this.util.createQueryString(hashMap));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public Principal getPrincipal(Request request, Response response, Realm realm) {
        Principal genericPrincipal;
        Principal handleAuthenticationResponse = handleAuthenticationResponse(request, response);
        if (handleAuthenticationResponse == null) {
            return null;
        }
        request.getSession().setAttribute("PRINCIPAL", handleAuthenticationResponse);
        cachedPrincipal.set(handleAuthenticationResponse);
        if (isJBossEnv()) {
            cachedRoles.set(this.roles);
            genericPrincipal = realm.authenticate(handleAuthenticationResponse.getName(), EMPTY_PASSWORD);
        } else {
            genericPrincipal = new GenericPrincipal(realm, handleAuthenticationResponse.getName(), (String) null, this.roles, handleAuthenticationResponse);
        }
        return genericPrincipal;
    }

    protected Principal handleAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(OAuthConstants.ERROR_PARAMETER);
        if (parameter != null) {
            throw new RuntimeException("error:" + parameter);
        }
        String str = this.returnURL;
        String parameter2 = httpServletRequest.getParameter(OAuthConstants.CODE_PARAMETER);
        if (parameter2 == null) {
            log.error("Authorization code parameter not found");
            return null;
        }
        Map<String, String> formUrlDecode = formUrlDecode(readUrlContent(sendAccessTokenRequest(str, parameter2, httpServletResponse)));
        String str2 = formUrlDecode.get(OAuthConstants.ACCESS_TOKEN_PARAMETER);
        String str3 = formUrlDecode.get("expires");
        if (this.trace) {
            log.trace("Access Token=" + str2 + " :: Expires=" + str3);
        }
        if (str2 == null) {
            throw new RuntimeException("No access token found");
        }
        return readInIdentity(httpServletRequest, httpServletResponse, str2, str);
    }

    protected URLConnection sendAccessTokenRequest(String str, String str2, HttpServletResponse httpServletResponse) {
        String str3 = this.returnURL;
        HashMap hashMap = new HashMap();
        hashMap.put(OAuthConstants.REDIRECT_URI_PARAMETER, str3);
        hashMap.put(OAuthConstants.CLIENT_ID_PARAMETER, this.clientID);
        hashMap.put(OAuthConstants.CLIENT_SECRET_PARAMETER, this.clientSecret);
        hashMap.put(OAuthConstants.CODE_PARAMETER, str2);
        String str4 = FacebookConstants.ACCESS_TOKEN_ENDPOINT_URL + "?" + this.util.createQueryString(hashMap);
        try {
            if (this.trace) {
                log.trace("AccessToken Request=" + str4);
            }
            return new URL(str4).openConnection();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean isJBossEnv() {
        Class<?> loadClass = SecurityActions.loadClass(getClass(), "org.jboss.as.web.WebServer");
        if (loadClass == null) {
            loadClass = SecurityActions.loadClass(getClass(), "org.jboss.system.Service");
        }
        return loadClass != null;
    }

    private Principal readInIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        try {
            String str3 = FacebookConstants.PROFILE_ENDPOINT_URL + "?access_token=" + URLEncoder.encode(str, "UTF-8");
            if (this.trace) {
                log.trace("Profile read:" + str3);
            }
            JSONObject jSONObject = new JSONObject(readUrlContent(new URL(str3).openConnection()));
            FacebookPrincipal facebookPrincipal = new FacebookPrincipal();
            facebookPrincipal.setAccessToken(str);
            facebookPrincipal.setId(jSONObject.getString("id"));
            facebookPrincipal.setName(jSONObject.getString("name"));
            facebookPrincipal.setFirstName(jSONObject.getString("first_name"));
            facebookPrincipal.setLastName(jSONObject.getString("last_name"));
            facebookPrincipal.setGender(jSONObject.getString("gender"));
            facebookPrincipal.setTimezone(jSONObject.getString("timezone"));
            facebookPrincipal.setLocale(jSONObject.getString("locale"));
            if (jSONObject.getString("email") != null) {
                facebookPrincipal.setEmail(jSONObject.getString("email"));
            }
            return facebookPrincipal;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (JSONException e2) {
            throw new RuntimeException(e2);
        }
    }

    private String readUrlContent(URLConnection uRLConnection) {
        StringBuilder sb = new StringBuilder();
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(uRLConnection.getInputStream());
            char[] cArr = new char[50];
            while (true) {
                int read = inputStreamReader.read(cArr);
                if (read == -1) {
                    return sb.toString();
                }
                sb.append(cArr, 0, read);
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private Map<String, String> formUrlDecode(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            if (split.length != 2) {
                throw new RuntimeException("Unexpected name-value pair in response: " + str2);
            }
            try {
                hashMap.put(split[0], URLDecoder.decode(split[1], "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        return hashMap;
    }
}
