package org.jboss.resteasy.skeleton.key.as7;

import java.io.IOException;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.jboss.logging.Logger;
import org.jboss.resteasy.skeleton.key.RSATokenVerifier;
import org.jboss.resteasy.skeleton.key.RealmConfiguration;
import org.jboss.resteasy.skeleton.key.VerificationException;
import org.jboss.resteasy.skeleton.key.representations.AccessTokenResponse;
import org.jboss.resteasy.skeleton.key.representations.SkeletonKeyToken;
import org.jboss.resteasy.util.BasicAuthHelper;

/* loaded from: input_file:org/jboss/resteasy/skeleton/key/as7/ServletOAuthLogin.class */
public class ServletOAuthLogin {
    protected HttpServletRequest request;
    protected HttpServletResponse response;
    protected boolean codePresent;
    protected RealmConfiguration realmInfo;
    protected int redirectPort;
    protected String tokenString;
    protected SkeletonKeyToken token;
    private static final Logger log = Logger.getLogger(ServletOAuthLogin.class);
    protected static final AtomicLong counter = new AtomicLong();

    public ServletOAuthLogin(RealmConfiguration realmConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) {
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.realmInfo = realmConfiguration;
        this.redirectPort = i;
    }

    public String getTokenString() {
        return this.tokenString;
    }

    public SkeletonKeyToken getToken() {
        return this.token;
    }

    public RealmConfiguration getRealmInfo() {
        return this.realmInfo;
    }

    protected String getDefaultCookiePath() {
        String contextPath = this.request.getContextPath();
        if ("".equals(contextPath) || contextPath == null) {
            contextPath = "/";
        }
        return contextPath;
    }

    protected String getRequestUrl() {
        return this.request.getRequestURL().toString();
    }

    protected boolean isRequestSecure() {
        return this.request.isSecure();
    }

    protected void sendError(int i) {
        try {
            this.response.sendError(i);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    protected void sendRedirect(String str) {
        try {
            this.response.sendRedirect(str);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    protected Cookie getCookie(String str) {
        if (this.request.getCookies() == null) {
            return null;
        }
        for (Cookie cookie : this.request.getCookies()) {
            if (cookie.getName().equals(str)) {
                return cookie;
            }
        }
        return null;
    }

    protected String getCookieValue(String str) {
        Cookie cookie = getCookie(str);
        if (cookie == null) {
            return null;
        }
        return cookie.getValue();
    }

    protected String getQueryParamValue(String str) {
        String queryString = this.request.getQueryString();
        if (queryString == null) {
            return null;
        }
        for (String str2 : queryString.split("&")) {
            int indexOf = str2.indexOf(61);
            if (indexOf != -1 && str2.substring(0, indexOf).equals(str)) {
                return str2.substring(indexOf + 1);
            }
        }
        return null;
    }

    public String getError() {
        return getQueryParamValue("error");
    }

    public String getCode() {
        return getQueryParamValue("code");
    }

    protected void setCookie(String str, String str2, String str3, String str4, boolean z) {
        Cookie cookie = new Cookie(str, str2);
        if (str3 != null) {
            cookie.setDomain(str3);
        }
        if (str4 != null) {
            cookie.setPath(str4);
        }
        if (z) {
            cookie.setSecure(true);
        }
        this.response.addCookie(cookie);
    }

    protected String getRedirectUri(String str) {
        String requestUrl = getRequestUrl();
        if (!isRequestSecure() && this.realmInfo.isSslRequired()) {
            int i = this.redirectPort;
            if (i < 0) {
                return null;
            }
            UriBuilder port = UriBuilder.fromUri(requestUrl).scheme("https").port(-1);
            if (i != 443) {
                port.port(i);
            }
            requestUrl = port.build(new Object[0]).toString();
        }
        return this.realmInfo.getAuthUrl().clone().queryParam("client_id", new Object[]{this.realmInfo.getClientId()}).queryParam("redirect_uri", new Object[]{requestUrl}).queryParam("state", new Object[]{str}).queryParam("login", new Object[]{"true"}).build(new Object[0]).toString();
    }

    protected String getStateCode() {
        return counter.getAndIncrement() + "/" + UUID.randomUUID().toString();
    }

    public void loginRedirect() {
        String stateCode = getStateCode();
        String redirectUri = getRedirectUri(stateCode);
        if (redirectUri == null) {
            sendError(Response.Status.FORBIDDEN.getStatusCode());
        } else {
            setCookie(this.realmInfo.getStateCookieName(), stateCode, null, getDefaultCookiePath(), this.realmInfo.isSslRequired());
            sendRedirect(redirectUri);
        }
    }

    public boolean checkStateCookie() {
        Cookie cookie = getCookie(this.realmInfo.getStateCookieName());
        if (cookie == null) {
            sendError(400);
            log.warn("No state cookie");
            return false;
        }
        Cookie cookie2 = new Cookie(cookie.getName(), cookie.getValue());
        cookie2.setPath(cookie.getPath());
        cookie2.setMaxAge(0);
        this.response.addCookie(cookie2);
        String cookieValue = getCookieValue(this.realmInfo.getStateCookieName());
        String parameter = this.request.getParameter("state");
        if (parameter == null) {
            sendError(400);
            log.warn("state parameter was null");
            return false;
        }
        if (parameter.equals(cookieValue)) {
            return true;
        }
        sendError(400);
        log.warn("state parameter invalid");
        log.warn("cookie: " + cookieValue);
        log.warn("queryParam: " + parameter);
        return false;
    }

    public boolean resolveCode(String str) {
        if (this.realmInfo.isSslRequired() && !isRequestSecure()) {
            log.info("SSL is required");
            sendError(Response.Status.FORBIDDEN.getStatusCode());
            return false;
        }
        if (!checkStateCookie()) {
            return false;
        }
        String createHeader = BasicAuthHelper.createHeader(this.realmInfo.getClientId(), (String) this.realmInfo.getCredentials().asMap().getFirst("password"));
        String stripOauthParametersFromRedirect = stripOauthParametersFromRedirect();
        Form form = new Form();
        form.param("grant_type", "authorization_code").param("code", str).param("redirect_uri", stripOauthParametersFromRedirect);
        Response post = this.realmInfo.getCodeUrl().request().header("Authorization", createHeader).post(Entity.form(form));
        try {
            if (post.getStatus() != 200) {
                log.info("failed to turn code into token");
                sendError(Response.Status.FORBIDDEN.getStatusCode());
                post.close();
                return false;
            }
            log.info("media type: " + post.getMediaType());
            log.info("Content-Type header: " + post.getHeaderString("Content-Type"));
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) post.readEntity(AccessTokenResponse.class);
            post.close();
            this.tokenString = accessTokenResponse.getToken();
            try {
                this.token = RSATokenVerifier.verifyToken(this.tokenString, this.realmInfo.getMetadata());
                log.info("Verification succeeded!");
                sendRedirect(stripOauthParametersFromRedirect);
                return true;
            } catch (VerificationException e) {
                log.info("failed verification of token");
                sendError(Response.Status.FORBIDDEN.getStatusCode());
                return false;
            }
        } catch (Throwable th) {
            post.close();
            throw th;
        }
    }

    protected String stripOauthParametersFromRedirect() {
        return UriBuilder.fromUri(this.request.getRequestURL().append("?").append(this.request.getQueryString()).toString()).replaceQueryParam("code", (Object[]) null).replaceQueryParam("state", (Object[]) null).build(new Object[0]).toString();
    }
}
