package org.gatein.security.oauth.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.exoplatform.services.organization.User;
import org.exoplatform.web.security.AuthenticationRegistry;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.security.oauth.spi.OAuthPrincipal;
import org.gatein.security.oauth.spi.SocialNetworkService;
import org.gatein.security.oauth.utils.OAuthUtils;
import org.gatein.sso.agent.filter.api.AbstractSSOInterceptor;

/* loaded from: input_file:org/gatein/security/oauth/web/OAuthAuthenticationFilter.class */
public class OAuthAuthenticationFilter extends AbstractSSOInterceptor {
    private static Logger log = LoggerFactory.getLogger(OAuthAuthenticationFilter.class);
    private String loginUrl;
    private String registrationUrl;
    private boolean attachUsernamePasswordToLoginURL;
    private SocialNetworkService socialNetworkService;
    private AuthenticationRegistry authenticationRegistry;

    protected void initImpl() {
        this.loginUrl = getInitParameter("loginUrl");
        this.registrationUrl = getInitParameter("registrationUrl");
        if (this.registrationUrl == null) {
            this.registrationUrl = "/" + getExoContainer().getContext().getName() + "/";
        }
        String initParameter = getInitParameter("attachUsernamePasswordToLoginURL");
        this.attachUsernamePasswordToLoginURL = initParameter == null ? true : Boolean.parseBoolean(initParameter);
        log.debug("OAuthAuthenticationFilter configuration: loginURL=" + this.loginUrl + ", registrationUrl=" + this.registrationUrl + ", attachUsernamePasswordToLoginURL=" + this.attachUsernamePasswordToLoginURL);
        this.socialNetworkService = (SocialNetworkService) getExoContainer().getComponentInstanceOfType(SocialNetworkService.class);
        this.authenticationRegistry = (AuthenticationRegistry) getExoContainer().getComponentInstanceOfType(AuthenticationRegistry.class);
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getRemoteUser() != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (((User) this.authenticationRegistry.getAttributeOfClient(httpServletRequest, "_authenticatedPortalUser")) != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        OAuthPrincipal oAuthPrincipal = (OAuthPrincipal) this.authenticationRegistry.getAttributeOfClient(httpServletRequest, "_authenticatedOAuthPrincipal");
        if (oAuthPrincipal != null) {
            processPrincipal(httpServletRequest, httpServletResponse, oAuthPrincipal);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    protected void processPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuthPrincipal oAuthPrincipal) throws IOException {
        User findUserByOAuthProviderUsername = this.socialNetworkService.findUserByOAuthProviderUsername(oAuthPrincipal.getOauthProviderType(), oAuthPrincipal.getUserName());
        if (findUserByOAuthProviderUsername == null) {
            handleRedirectToRegistrationForm(httpServletRequest, httpServletResponse, oAuthPrincipal);
        } else {
            handleRedirectToPortalLogin(httpServletRequest, httpServletResponse, findUserByOAuthProviderUsername, oAuthPrincipal);
            cleanAuthenticationContext(httpServletRequest);
        }
    }

    protected void handleRedirectToRegistrationForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuthPrincipal oAuthPrincipal) throws IOException {
        if (log.isTraceEnabled()) {
            log.trace("Not found portalUser with username " + oAuthPrincipal.getUserName() + ". Redirecting to registration form");
        }
        this.authenticationRegistry.setAttributeOfClient(httpServletRequest, "_authenticatedPortalUser", oAuthPrincipal.getOauthProviderType().getOauthPrincipalProcessor().convertToGateInUser(oAuthPrincipal));
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getRegistrationRedirectURL(httpServletRequest)));
    }

    protected String getRegistrationRedirectURL(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getSession().getAttribute("_urlToRedirectAfterLinkSocialAccount");
        if (str == null) {
            str = this.registrationUrl;
        }
        return str;
    }

    protected void handleRedirectToPortalLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user, OAuthPrincipal oAuthPrincipal) throws IOException {
        if (log.isTraceEnabled()) {
            log.trace("Found portalUser " + user + " corresponding to oauthPrincipal");
        }
        this.authenticationRegistry.setAttributeOfClient(httpServletRequest, "_authenticatedPortalUserForJaas", user);
        if (user.isEnabled()) {
            this.socialNetworkService.updateOAuthAccessToken(oAuthPrincipal.getOauthProviderType(), user.getUserName(), oAuthPrincipal.getAccessToken());
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getLoginRedirectUrl(httpServletRequest, user.getUserName())));
    }

    protected String getLoginRedirectUrl(HttpServletRequest httpServletRequest, String str) {
        StringBuilder sb = new StringBuilder(this.loginUrl);
        if (this.attachUsernamePasswordToLoginURL) {
            sb.append("?username=").append(str).append("&password=").append(httpServletRequest.getSession().getId() + "_" + String.valueOf(System.currentTimeMillis()));
            sb.append("&").append("initialURI").append("=").append(OAuthUtils.encodeParam(OAuthUtils.getURLToRedirectAfterLinkAccount(httpServletRequest, httpServletRequest.getSession())));
        }
        return sb.toString();
    }

    protected void cleanAuthenticationContext(HttpServletRequest httpServletRequest) {
        this.authenticationRegistry.removeAttributeOfClient(httpServletRequest, "_authenticatedOAuthPrincipal");
        this.authenticationRegistry.removeAttributeOfClient(httpServletRequest, "_authenticatedPortalUser");
    }
}
