package org.gatein.security.oauth.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.exoplatform.web.security.AuthenticationRegistry;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.security.oauth.exception.OAuthException;
import org.gatein.security.oauth.spi.AccessTokenContext;
import org.gatein.security.oauth.spi.InteractionState;
import org.gatein.security.oauth.spi.OAuthPrincipal;
import org.gatein.security.oauth.spi.OAuthProviderProcessor;
import org.gatein.security.oauth.spi.OAuthProviderType;
import org.gatein.security.oauth.spi.OAuthProviderTypeRegistry;
import org.gatein.security.oauth.spi.SocialNetworkService;
import org.gatein.security.oauth.utils.OAuthUtils;
import org.gatein.sso.agent.filter.api.AbstractSSOInterceptor;

/* loaded from: input_file:org/gatein/security/oauth/web/OAuthProviderFilter.class */
public abstract class OAuthProviderFilter<T extends AccessTokenContext> extends AbstractSSOInterceptor {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private AuthenticationRegistry authenticationRegistry;
    private OAuthProviderProcessor<T> oauthProviderProcessor;
    private OAuthProviderTypeRegistry oAuthProviderTypeRegistry;
    private SocialNetworkService socialNetworkService;

    protected void initImpl() {
        this.authenticationRegistry = (AuthenticationRegistry) getExoContainer().getComponentInstanceOfType(AuthenticationRegistry.class);
        this.oAuthProviderTypeRegistry = (OAuthProviderTypeRegistry) getExoContainer().getComponentInstanceOfType(OAuthProviderTypeRegistry.class);
        this.socialNetworkService = (SocialNetworkService) getExoContainer().getComponentInstanceOfType(SocialNetworkService.class);
        this.oauthProviderProcessor = getOAuthProvider().getOauthProviderProcessor();
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        InteractionState<T> processOAuthInteraction;
        OAuthPrincipal<T> oAuthPrincipal;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        if ("start".equals(httpServletRequest.getParameter("_oauthInteraction"))) {
            initInteraction(httpServletRequest, httpServletResponse);
            saveInitialURI(httpServletRequest);
        }
        String obtainCustomScopeIfAvailable = obtainCustomScopeIfAvailable(httpServletRequest);
        try {
            if (obtainCustomScopeIfAvailable == null) {
                processOAuthInteraction = getOauthProviderProcessor().processOAuthInteraction(httpServletRequest, httpServletResponse);
            } else {
                if (this.log.isTraceEnabled()) {
                    this.log.trace("Process oauth interaction with scope: " + obtainCustomScopeIfAvailable);
                }
                processOAuthInteraction = getOauthProviderProcessor().processOAuthInteraction(httpServletRequest, httpServletResponse, obtainCustomScopeIfAvailable);
            }
            if (!InteractionState.State.FINISH.equals(processOAuthInteraction.getState()) || (oAuthPrincipal = getOAuthPrincipal(httpServletRequest, httpServletResponse, processOAuthInteraction)) == null) {
                return;
            }
            if (httpServletRequest.getRemoteUser() == null) {
                this.authenticationRegistry.setAttributeOfClient(httpServletRequest, "_authenticatedOAuthPrincipal", oAuthPrincipal);
            } else {
                httpServletRequest.setAttribute("_authenticatedOAuthPrincipal", oAuthPrincipal);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (OAuthException e) {
            this.log.warn("Error during OAuth flow with: " + e.getMessage());
            session.setAttribute("_oauthException", e);
            redirectAfterOAuthError(httpServletRequest, httpServletResponse);
        }
    }

    protected AuthenticationRegistry getAuthenticationRegistry() {
        return this.authenticationRegistry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthProviderProcessor<T> getOauthProviderProcessor() {
        return this.oauthProviderProcessor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthProviderTypeRegistry getOAuthProviderTypeRegistry() {
        return this.oAuthProviderTypeRegistry;
    }

    protected SocialNetworkService getSocialNetworkService() {
        return this.socialNetworkService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String obtainCustomScopeIfAvailable(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("_oauthCustomScope");
        if (parameter == null) {
            return null;
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser == null) {
            this.log.warn("Parameter _oauthCustomScope found but there is no user available. Ignoring it.");
            return null;
        }
        AccessTokenContext oAuthAccessToken = this.socialNetworkService.getOAuthAccessToken(getOAuthProvider(), remoteUser);
        if (oAuthAccessToken == null) {
            return parameter;
        }
        oAuthAccessToken.addScope(parameter);
        return oAuthAccessToken.getScopesAsString();
    }

    protected void redirectAfterOAuthError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String uRLToRedirectAfterLinkAccount = OAuthUtils.getURLToRedirectAfterLinkAccount(httpServletRequest, httpServletRequest.getSession());
        if (this.log.isTraceEnabled()) {
            this.log.trace("Will redirect user to URL: " + uRLToRedirectAfterLinkAccount);
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(uRLToRedirectAfterLinkAccount));
    }

    protected void saveInitialURI(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("_initialURI");
        if (parameter != null) {
            httpServletRequest.getSession().setAttribute("_urlToRedirectAfterLinkSocialAccount", parameter);
        }
    }

    protected abstract OAuthProviderType<T> getOAuthProvider();

    protected abstract void initInteraction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    protected abstract OAuthPrincipal<T> getOAuthPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, InteractionState<T> interactionState);
}
