package org.picketlink.social.auth;

import java.io.IOException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.social.facebook.FacebookProcessor;
import org.picketlink.social.openid.auth.OpenIDProcessor;

/* loaded from: input_file:org/picketlink/social/auth/ExternalAuthenticator.class */
public class ExternalAuthenticator extends FormAuthenticator {
    protected static Logger log = Logger.getLogger(ExternalAuthenticator.class);
    public static final String AUTH_TYPE = "authType";
    protected FacebookProcessor facebookProcessor;
    protected OpenIDProcessor openidProcessor;
    protected String returnURL;
    protected String clientID;
    protected String clientSecret;
    protected boolean trace = log.isTraceEnabled();
    protected String facebookScope = "email";
    private String requiredAttributes = "name,email,ax_firstName,ax_lastName,ax_fullName,ax_email";
    private String optionalAttributes = null;
    protected boolean saveRestoreRequest = true;
    private Method theSuperRegisterMethod = null;
    protected List<String> roles = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/picketlink/social/auth/ExternalAuthenticator$AUTH_PROVIDERS.class */
    public enum AUTH_PROVIDERS {
        FACEBOOK,
        OPENID
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/picketlink/social/auth/ExternalAuthenticator$STATES.class */
    public enum STATES {
        AUTH,
        AUTHZ,
        FINISH
    }

    public void setRoleString(String str) {
        if (str == null) {
            throw new RuntimeException("Role String is null in configuration");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(StringUtil.getSystemPropertyAsString(str), ",");
        while (stringTokenizer.hasMoreElements()) {
            this.roles.add(stringTokenizer.nextToken());
        }
    }

    public void setSaveRestoreRequest(boolean z) {
        this.saveRestoreRequest = z;
    }

    public void setReturnURL(String str) {
        this.returnURL = StringUtil.getSystemPropertyAsString(str);
    }

    public void setClientID(String str) {
        this.clientID = StringUtil.getSystemPropertyAsString(str);
    }

    public void setClientSecret(String str) {
        this.clientSecret = StringUtil.getSystemPropertyAsString(str);
    }

    public void setFacebookScope(String str) {
        this.facebookScope = StringUtil.getSystemPropertyAsString(str);
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        if (!(httpServletRequest instanceof Request)) {
            throw new IOException("Not of type Catalina request");
        }
        if (httpServletResponse instanceof Response) {
            return authenticate((Request) httpServletRequest, (Response) httpServletResponse, loginConfig);
        }
        throw new IOException("Not of type Catalina response");
    }

    public boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        if (httpServletResponse instanceof Response) {
            return authenticate(request, (Response) httpServletResponse, loginConfig);
        }
        throw new RuntimeException("Wrong type of response:" + httpServletResponse);
    }

    public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        if (this.trace) {
            log.trace("authenticate");
        }
        if (this.facebookProcessor == null) {
            this.facebookProcessor = new FacebookProcessor(this.clientID, this.clientSecret, this.facebookScope, this.returnURL, this.roles);
        }
        if (this.openidProcessor == null) {
            this.openidProcessor = new OpenIDProcessor(this.returnURL, this.requiredAttributes, this.optionalAttributes);
        }
        HttpSession session = request.getSession();
        String parameter = request.getParameter(AUTH_TYPE);
        if (parameter != null && parameter.length() > 0) {
            session.setAttribute(AUTH_TYPE, parameter);
        }
        if (parameter == null || parameter.length() == 0) {
            parameter = (String) session.getAttribute(AUTH_TYPE);
        }
        if (parameter == null) {
            parameter = AUTH_PROVIDERS.FACEBOOK.name();
        }
        return (parameter == null || !parameter.equals(AUTH_PROVIDERS.FACEBOOK.name())) ? processOpenID(request, response) : processFacebook(request, response);
    }

    protected boolean processFacebook(Request request, Response response) throws IOException {
        String str = (String) request.getSession().getAttribute("STATE");
        if (this.trace) {
            log.trace("state=" + str);
        }
        if (STATES.FINISH.name().equals(str)) {
            Principal principal = request.getPrincipal();
            if (principal == null) {
                principal = this.facebookProcessor.getPrincipal(request, response, this.context.getRealm());
            }
            if (principal != null) {
                return dealWithFacebookPrincipal(request, response, principal);
            }
            response.sendError(403);
            return false;
        }
        if (str == null || str.isEmpty()) {
            if (this.saveRestoreRequest) {
                saveRequest(request, request.getSessionInternal());
            }
            return this.facebookProcessor.initialInteraction(request, response);
        }
        if (str.equals(STATES.AUTH.name())) {
            return this.facebookProcessor.handleAuthStage(request, response);
        }
        if (!str.equals(STATES.AUTHZ.name())) {
            return false;
        }
        Principal principal2 = this.facebookProcessor.getPrincipal(request, response, this.context.getRealm());
        if (principal2 != null) {
            return dealWithFacebookPrincipal(request, response, principal2);
        }
        log.error("Principal was null. Maybe login modules need to be configured properly. Or user chose no data");
        response.sendError(403);
        return false;
    }

    protected boolean processOpenID(Request request, Response response) throws IOException {
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            if (!this.trace) {
                return true;
            }
            log.trace("Logged in as:" + userPrincipal);
            return true;
        }
        if (!this.openidProcessor.isInitialized()) {
            try {
                this.openidProcessor.initialize(this.roles);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        HttpSession session = request.getSession();
        String str = (String) session.getAttribute("STATE");
        if (this.trace) {
            log.trace("state=" + str);
        }
        if (STATES.FINISH.name().equals(str)) {
            session.setAttribute("STATE", STATES.AUTH.name());
            return this.openidProcessor.prepareAndSendAuthRequest(request, response);
        }
        if (str == null || str.isEmpty()) {
            return this.openidProcessor.prepareAndSendAuthRequest(request, response);
        }
        if (!str.equals(STATES.AUTH.name())) {
            return false;
        }
        Principal processIncomingAuthResult = this.openidProcessor.processIncomingAuthResult(request, response, this.context.getRealm());
        if (processIncomingAuthResult != null) {
            return dealWithOpenIDPrincipal(request, response, processIncomingAuthResult);
        }
        log.error("Principal was null. Maybe login modules need to be configured properly. Or user chose no data");
        return false;
    }

    protected void registerWithAuthenticatorBase(Request request, Response response, Principal principal, String str) {
        try {
            register(request, response, principal, "FORM", str, "");
        } catch (NoSuchMethodError e) {
            if (this.theSuperRegisterMethod == null) {
                this.theSuperRegisterMethod = SecurityActions.getMethod(getClass().getSuperclass(), "register", new Class[]{Request.class, HttpServletResponse.class, Principal.class, String.class, String.class, String.class});
            }
            if (this.theSuperRegisterMethod != null) {
                try {
                    this.theSuperRegisterMethod.invoke(this, request, response.getResponse(), principal, "FORM", str, FacebookProcessor.EMPTY_PASSWORD);
                } catch (Exception e2) {
                    log.error("Unable to register:", e2);
                }
            }
        }
    }

    private boolean dealWithFacebookPrincipal(Request request, Response response, Principal principal) throws IOException {
        String name = principal.getName();
        request.getSessionInternal().setNote("org.apache.catalina.session.USERNAME", name);
        request.getSessionInternal().setNote("org.apache.catalina.session.PASSWORD", "");
        request.setUserPrincipal(principal);
        if (this.saveRestoreRequest) {
            restoreRequest(request, request.getSessionInternal());
        }
        registerWithAuthenticatorBase(request, response, principal, name);
        request.getSession().setAttribute("STATE", STATES.FINISH.name());
        return true;
    }

    private boolean dealWithOpenIDPrincipal(Request request, Response response, Principal principal) throws IOException {
        HttpSession session = request.getSession();
        String name = principal.getName();
        request.getSessionInternal().setNote("org.apache.catalina.session.USERNAME", name);
        request.getSessionInternal().setNote("org.apache.catalina.session.PASSWORD", "");
        request.setUserPrincipal(principal);
        if (this.saveRestoreRequest) {
            restoreRequest(request, request.getSessionInternal());
        }
        if (this.trace) {
            log.trace("Logged in as:" + principal);
        }
        registerWithAuthenticatorBase(request, response, principal, name);
        session.setAttribute("STATE", STATES.FINISH.name());
        return true;
    }
}
