package fr.paris.lutece.plugins.oauth2.web;

import fr.paris.lutece.plugins.oauth2.business.AuthClientConf;
import fr.paris.lutece.plugins.oauth2.business.AuthServerConf;
import fr.paris.lutece.plugins.oauth2.business.Token;
import fr.paris.lutece.plugins.oauth2.dataclient.DataClient;
import fr.paris.lutece.plugins.oauth2.jwt.JWTParser;
import fr.paris.lutece.plugins.oauth2.jwt.TokenValidationException;
import fr.paris.lutece.plugins.oauth2.service.DataClientService;
import fr.paris.lutece.plugins.oauth2.service.TokenService;
import fr.paris.lutece.portal.service.util.AppPathService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import fr.paris.lutece.util.httpaccess.HttpAccessException;
import fr.paris.lutece.util.url.UrlItem;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.security.SecureRandom;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:fr/paris/lutece/plugins/oauth2/web/CallbackHandler.class */
public class CallbackHandler implements Serializable {
    private static final String PROPERTY_ERROR_PAGE = "oauth2.error.page";
    private static final long serialVersionUID = 1;
    private static Logger _logger = Logger.getLogger(Constants.LOGGER_OAUTH2);
    private String _handlerName;
    private AuthServerConf _authServerConf;
    private AuthClientConf _authClientConf;
    private JWTParser _jWTParser;
    private boolean _bDefault;

    public AuthServerConf getAuthServerConf() {
        return this._authServerConf;
    }

    public void setAuthServerConf(AuthServerConf authServerConf) {
        this._authServerConf = authServerConf;
    }

    public AuthClientConf getAuthClientConf() {
        return this._authClientConf;
    }

    public void setAuthClientConf(AuthClientConf authClientConf) {
        this._authClientConf = authClientConf;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(Constants.PARAMETER_ERROR);
        String parameter2 = httpServletRequest.getParameter("code");
        if (parameter != null) {
            handleError(httpServletRequest, httpServletResponse, parameter);
        } else if (parameter2 != null) {
            handleAuthorizationCodeResponse(httpServletRequest, httpServletResponse);
        } else {
            handleAuthorizationRequest(httpServletRequest, httpServletResponse);
        }
    }

    private void handleError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        DataClient client = DataClientService.instance().getClient(httpServletRequest);
        if (client != null) {
            client.handleError(httpServletRequest, httpServletResponse, str);
            return;
        }
        try {
            UrlItem urlItem = new UrlItem(AppPathService.getBaseUrl(httpServletRequest) + AppPropertiesService.getProperty("oauth2.error.page"));
            urlItem.addParameter(Constants.PARAMETER_ERROR, str);
            _logger.info(str);
            httpServletResponse.sendRedirect(urlItem.getUrl());
        } catch (IOException e) {
            _logger.error("Error redirecting to the error page : " + e.getMessage(), e);
        }
    }

    private void handleAuthorizationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            HttpSession session = httpServletRequest.getSession(true);
            DataClient client = DataClientService.instance().getClient(httpServletRequest);
            UrlItem urlItem = new UrlItem(this._authServerConf.getAuthorizationEndpointUri());
            urlItem.addParameter(Constants.PARAMETER_CLIENT_ID, this._authClientConf.getClientId());
            urlItem.addParameter(Constants.PARAMETER_RESPONSE_TYPE, "code");
            urlItem.addParameter(Constants.PARAMETER_REDIRECT_URI, URLEncoder.encode(generateRedirectUrl(httpServletRequest, client), "UTF-8"));
            urlItem.addParameter(Constants.PARAMETER_SCOPE, client.getScopes());
            urlItem.addParameter("state", createState(session));
            urlItem.addParameter("nonce", createNonce(session));
            addComplementaryParameters(urlItem, httpServletRequest);
            String acrValues = client.getAcrValues();
            if (acrValues != null) {
                urlItem.addParameter(Constants.PARAMETER_ACR_VALUES, acrValues);
            }
            String url = urlItem.getUrl();
            _logger.debug("OAuth request : " + url);
            httpServletResponse.sendRedirect(url);
        } catch (IOException e) {
            _logger.error("Error retrieving an authorization code : " + e.getMessage(), e);
            handleError(httpServletRequest, httpServletResponse, Constants.ERROR_TYPE_RETRIEVING_AUTHORIZATION_CODE);
        }
    }

    private void handleAuthorizationCodeResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("code");
        _logger.info("OAuth Authorization code received : " + parameter);
        if (!checkState(httpServletRequest)) {
            handleError(httpServletRequest, httpServletResponse, Constants.ERROR_TYPE_INVALID_STATE);
            return;
        }
        try {
            HttpSession session = httpServletRequest.getSession();
            DataClient client = DataClientService.instance().getClient(httpServletRequest);
            client.handleToken(getToken(generateRedirectUrl(httpServletRequest, client), parameter, session), httpServletRequest, httpServletResponse);
        } catch (HttpAccessException e) {
            String str = "Error retrieving token : " + e.getMessage();
            _logger.error(str, e);
            handleError(httpServletRequest, httpServletResponse, str);
        } catch (TokenValidationException e2) {
            String str2 = "Error retrieving token : " + e2.getMessage();
            _logger.error(str2, e2);
            handleError(httpServletRequest, httpServletResponse, str2);
        } catch (IOException e3) {
            String str3 = "Error retrieving token : " + e3.getMessage();
            _logger.error(str3, e3);
            handleError(httpServletRequest, httpServletResponse, str3);
        }
    }

    private Token getToken(String str, String str2, HttpSession httpSession) throws IOException, HttpAccessException, TokenValidationException {
        return TokenService.getService().getToken(str, this._authClientConf, this._authServerConf, str2, httpSession, this._jWTParser, getStoredNonce(httpSession));
    }

    private String createNonce(HttpSession httpSession) {
        String bigInteger = new BigInteger(50, new SecureRandom()).toString(16);
        httpSession.setAttribute(getNonceAttributeSessionName(), bigInteger);
        return bigInteger;
    }

    private String getStoredNonce(HttpSession httpSession) {
        return getStoredSessionString(httpSession, getNonceAttributeSessionName());
    }

    private String getNonceAttributeSessionName() {
        return getHandlerName() == null ? "nonce" : getHandlerName() + "nonce";
    }

    private boolean checkState(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("state");
        String storedState = getStoredState(httpServletRequest.getSession());
        boolean z = parameter == null || parameter.equals(storedState);
        if (!z) {
            _logger.debug("Bad state returned by server : " + parameter + " while expecting : " + storedState);
        }
        return z;
    }

    private String createState(HttpSession httpSession) {
        String bigInteger = new BigInteger(50, new SecureRandom()).toString(16);
        httpSession.setAttribute(getStateAttributeSessionName(), bigInteger);
        return bigInteger;
    }

    private String getStateAttributeSessionName() {
        return getHandlerName() == null ? "state" : getHandlerName() + "state";
    }

    private String getStoredState(HttpSession httpSession) {
        return getStoredSessionString(httpSession, getStateAttributeSessionName());
    }

    private static String getStoredSessionString(HttpSession httpSession, String str) {
        Object attribute = httpSession.getAttribute(str);
        if (attribute == null || !(attribute instanceof String)) {
            return null;
        }
        return attribute.toString();
    }

    public String getHandlerName() {
        return this._handlerName;
    }

    public void setHandlerName(String str) {
        this._handlerName = str;
    }

    public JWTParser getJWTParser() {
        return this._jWTParser;
    }

    public void setJWTParser(JWTParser jWTParser) {
        this._jWTParser = jWTParser;
    }

    public boolean isDefault() {
        return this._bDefault;
    }

    public void setDefault(boolean z) {
        this._bDefault = z;
    }

    private void addComplementaryParameters(UrlItem urlItem, HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(Constants.PARAMETER_COMPLEMENTARY_PARAMETER);
        if (StringUtils.isEmpty(parameter) || !parameter.contains("=")) {
            return;
        }
        String str = parameter.split("=")[0];
        String substring = parameter.substring(parameter.indexOf("=") + 1, parameter.length());
        try {
            substring = URLEncoder.encode(substring, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            _logger.error("error during urlEncode of param" + substring, e);
        }
        urlItem.addParameter(str, substring);
    }

    private String generateRedirectUrl(HttpServletRequest httpServletRequest, DataClient dataClient) {
        String str;
        String redirectUri = this._authClientConf.getRedirectUri();
        if (redirectUri == null) {
            str = DataClientService.instance().getDataClientUrl(httpServletRequest, dataClient.getName(), getHandlerName());
        } else {
            str = (redirectUri.contains("?") ? redirectUri + "&" : redirectUri + "?") + "data_client=" + dataClient.getName();
            if (getHandlerName() != null) {
                str = str + "handler_name=" + getHandlerName();
            }
        }
        return str;
    }
}
