package org.clazzes.login.oauth;

import java.io.IOException;
import java.net.PasswordAuthentication;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.ParseException;
import java.util.Locale;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.clazzes.login.oauth.i18n.OAuthMessages;
import org.clazzes.util.aop.i18n.Messages;
import org.clazzes.util.http.LocaleHelper;
import org.clazzes.util.http.RequestHelper;
import org.clazzes.util.http.UrlHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/oauth/OAuthStartServlet.class */
public class OAuthStartServlet extends OAuthAbstrServlet {
    private static final long serialVersionUID = 6376913713678650071L;
    private static final Logger log = LoggerFactory.getLogger(OAuthStartServlet.class);

    protected void writeRedirect(Messages messages, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) throws IOException, ServletException {
        try {
            String xsLanguage = LocaleHelper.toXsLanguage(messages.getLocale());
            httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
            httpServletResponse.setHeader("Content-Language", xsLanguage);
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setHeader("Expires", "0");
            httpServletResponse.setContentType("application/xhtml+xml");
            httpServletResponse.getOutputStream().write("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n".getBytes("UTF-8"));
            XMLStreamWriter createXMLStreamWriter = xmlOutputFactory.createXMLStreamWriter(httpServletResponse.getOutputStream(), "UTF-8");
            createXMLStreamWriter.setDefaultNamespace("http://www.w3.org/1999/xhtml");
            createXMLStreamWriter.writeStartElement("html");
            createXMLStreamWriter.writeDefaultNamespace("http://www.w3.org/1999/xhtml");
            createXMLStreamWriter.writeAttribute("lang", xsLanguage);
            createXMLStreamWriter.writeAttribute("xml:lang", xsLanguage);
            createXMLStreamWriter.writeStartElement("head");
            createXMLStreamWriter.writeEmptyElement("meta");
            createXMLStreamWriter.writeAttribute("http-equiv", "Content-Type");
            createXMLStreamWriter.writeAttribute("content", "application/xhtml+xml");
            createXMLStreamWriter.writeEmptyElement("link");
            createXMLStreamWriter.writeAttribute("type", "text/css");
            createXMLStreamWriter.writeAttribute("rel", "stylesheet");
            createXMLStreamWriter.writeAttribute("href", str == null ? "oauth-login.css" : str);
            createXMLStreamWriter.writeStartElement("script");
            createXMLStreamWriter.writeCharacters("\nvar reloadUri = function() { window.location.href='" + str3 + "';};\n");
            createXMLStreamWriter.writeCharacters("\nsetTimeout(reloadUri,100);\n");
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeStartElement("title");
            createXMLStreamWriter.writeCharacters("OAuth Single-Sign-On");
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeStartElement("body");
            createXMLStreamWriter.writeStartElement("form");
            createXMLStreamWriter.writeAttribute("id", "loginStateForm");
            createXMLStreamWriter.writeEmptyElement("input");
            createXMLStreamWriter.writeAttribute("type", "hidden");
            createXMLStreamWriter.writeAttribute("name", "state");
            createXMLStreamWriter.writeAttribute("value", str4);
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeStartElement("p");
            createXMLStreamWriter.writeCharacters(messages.formatString("redirecting-to", new Object[]{str2}));
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndDocument();
            createXMLStreamWriter.close();
            httpServletResponse.flushBuffer();
        } catch (XMLStreamException e) {
            throw new ServletException("Error setting XML stream writer", e);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String pathInfo = httpServletRequest.getPathInfo();
        try {
            URI originalRequestUri = RequestHelper.getOriginalRequestUri(httpServletRequest);
            if (log.isDebugEnabled()) {
                log.debug("Received request to [{}]", originalRequestUri);
            }
            if (pathInfo != null) {
                httpServletResponse.sendError(404);
                return;
            }
            String parameter = httpServletRequest.getParameter("domain");
            DomainConfig domainConfiguration = this.configurationService.getDomainConfiguration(parameter);
            if (domainConfiguration == null) {
                log.info("Received request to [{}] with invalid domain parameter.", originalRequestUri);
                httpServletResponse.sendError(400);
                return;
            }
            String parameter2 = httpServletRequest.getParameter("state");
            if (parameter2 == null) {
                log.info("Received request to [{}] without state parameter.", originalRequestUri);
                httpServletResponse.sendError(400);
                return;
            }
            AuthState authState = this.authStateCache.getAuthState(parameter2);
            if (authState == null) {
                log.info("Received request to [{}] with invalid or expired state parameter.", originalRequestUri);
                httpServletResponse.sendError(400);
                return;
            }
            String parameter3 = httpServletRequest.getParameter("css");
            Locale requestLocale = getRequestLocale(httpServletRequest);
            Messages messsages = OAuthMessages.getMesssages(requestLocale);
            authState.init(parameter, System.currentTimeMillis() + 900000);
            URI authorizationLocation = domainConfiguration.getAuthorizationLocation();
            PasswordAuthentication clientCredentials = domainConfiguration.getClientCredentials();
            if (authorizationLocation == null) {
                try {
                    authorizationLocation = domainConfiguration.getOpenIdLocation("authorization_endpoint");
                } catch (IllegalStateException e) {
                    log.error("OpenID configuration of domain [" + domainConfiguration.getDomain() + "] not loaded while requesting authorization location", e);
                    httpServletResponse.sendError(400);
                    return;
                } catch (URISyntaxException e2) {
                    throw new ServletException("Error assembling redirect or authorization URI", e2);
                }
            }
            if (authorizationLocation == null) {
                throw new ServletException("No authorization URI given by OpenID configuration for domain [" + domainConfiguration.getDomain() + "] or OpenID configuration not yet loaded.");
            }
            URI uri = new URI(originalRequestUri.getScheme(), originalRequestUri.getUserInfo(), originalRequestUri.getHost(), originalRequestUri.getPort(), this.oauthHttpLoginService.getRedirectUrl(), null, originalRequestUri.getFragment());
            String uri2 = authorizationLocation.toString();
            if (log.isDebugEnabled()) {
                log.debug("Raw authorization URI is [{}].", uri2);
            }
            String appendQueryParameterToUrl = UrlHelper.appendQueryParameterToUrl(UrlHelper.appendQueryParameterToUrl(UrlHelper.appendQueryParameterToUrl(uri2, "client_id", clientCredentials.getUserName()), "response_type", "code"), "redirect_uri", uri.toString());
            if (domainConfiguration.getScope() != null) {
                appendQueryParameterToUrl = UrlHelper.appendQueryParameterToUrl(appendQueryParameterToUrl, "scope", domainConfiguration.getScope());
            }
            if (domainConfiguration.getPrompt() != null) {
                appendQueryParameterToUrl = UrlHelper.appendQueryParameterToUrl(appendQueryParameterToUrl, "prompt", domainConfiguration.getPrompt());
            }
            if (domainConfiguration.getAccessType() != null) {
                appendQueryParameterToUrl = UrlHelper.appendQueryParameterToUrl(appendQueryParameterToUrl, "access_type", domainConfiguration.getAccessType());
            }
            if (domainConfiguration.getResource() != null) {
                appendQueryParameterToUrl = UrlHelper.appendQueryParameterToUrl(appendQueryParameterToUrl, "resource", domainConfiguration.getResource());
            }
            if (domainConfiguration.getOptions().contains(ConfigOptions.propagateLocale)) {
                appendQueryParameterToUrl = UrlHelper.appendQueryParameterToUrl(appendQueryParameterToUrl, "locale", LocaleHelper.toXsLanguage(requestLocale));
            }
            String appendQueryParameterToUrl2 = UrlHelper.appendQueryParameterToUrl(appendQueryParameterToUrl, "state", authState.getState());
            if (log.isDebugEnabled()) {
                log.debug("Using full authorization URI [{}].", appendQueryParameterToUrl2);
            }
            writeRedirect(messsages, httpServletResponse, parameter3, authState.getDomain(), appendQueryParameterToUrl2, authState.getState());
        } catch (URISyntaxException | ParseException e3) {
            throw new ServletException("Unable to parse full request URI for request to [" + RequestHelper.getRequestUrl(httpServletRequest) + "]", e3);
        }
    }

    public String getServletInfo() {
        return OAuthStartServlet.class.getSimpleName();
    }
}
