package org.clazzes.login.oauth;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.ParseException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.clazzes.login.oauth.i18n.OAuthMessages;
import org.clazzes.util.aop.i18n.Messages;
import org.clazzes.util.http.LocaleHelper;
import org.clazzes.util.http.RequestHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/oauth/OAuthAuthServlet.class */
public class OAuthAuthServlet extends OAuthAbstrServlet {
    private static final long serialVersionUID = 6376913713678650071L;
    private static final Logger log = LoggerFactory.getLogger(OAuthAuthServlet.class);

    protected void renderAuthenticationResult(Messages messages, HttpServletResponse httpServletResponse, String str, String str2, String str3, OAuthTokenErrorResponse oAuthTokenErrorResponse) throws IOException, ServletException {
        try {
            String xsLanguage = LocaleHelper.toXsLanguage(messages.getLocale());
            httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
            httpServletResponse.setHeader("Content-Language", xsLanguage);
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setHeader("Expires", "0");
            httpServletResponse.setContentType("text/html; charset=utf-8");
            httpServletResponse.getOutputStream().write("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n".getBytes("UTF-8"));
            XMLStreamWriter createXMLStreamWriter = xmlOutputFactory.createXMLStreamWriter(httpServletResponse.getOutputStream(), "UTF-8");
            createXMLStreamWriter.setDefaultNamespace("http://www.w3.org/1999/xhtml");
            createXMLStreamWriter.writeStartElement("html");
            createXMLStreamWriter.writeDefaultNamespace("http://www.w3.org/1999/xhtml");
            createXMLStreamWriter.writeAttribute("lang", xsLanguage);
            createXMLStreamWriter.writeAttribute("xml:lang", xsLanguage);
            createXMLStreamWriter.writeStartElement("head");
            createXMLStreamWriter.writeEmptyElement("meta");
            createXMLStreamWriter.writeAttribute("http-equiv", "Content-Type");
            createXMLStreamWriter.writeAttribute("content", "text/html; charset=utf-8");
            createXMLStreamWriter.writeEmptyElement("link");
            createXMLStreamWriter.writeAttribute("type", "text/css");
            createXMLStreamWriter.writeAttribute("rel", "stylesheet");
            createXMLStreamWriter.writeAttribute("href", str == null ? "oauth-login.css" : str);
            createXMLStreamWriter.writeStartElement("script");
            createXMLStreamWriter.writeCharacters("\nsetTimeout(window.close,3000);\n");
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeStartElement("body");
            if (str3 != null) {
                createXMLStreamWriter.writeStartElement("p");
                createXMLStreamWriter.writeCharacters(messages.formatString("authenticated-with-scope", new Object[]{str3}));
                createXMLStreamWriter.writeEndElement();
            }
            if (oAuthTokenErrorResponse != null) {
                createXMLStreamWriter.writeStartElement("p");
                createXMLStreamWriter.writeCharacters(messages.formatString("authentication-failed", new Object[]{str2}));
                createXMLStreamWriter.writeEndElement();
                createXMLStreamWriter.writeStartElement("p");
                createXMLStreamWriter.writeCharacters(oAuthTokenErrorResponse.getError());
                if (oAuthTokenErrorResponse.getErrorDescription() != null) {
                    createXMLStreamWriter.writeEmptyElement("br");
                    createXMLStreamWriter.writeCharacters(oAuthTokenErrorResponse.getErrorDescription());
                }
                createXMLStreamWriter.writeEndElement();
            }
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndDocument();
            createXMLStreamWriter.close();
            httpServletResponse.flushBuffer();
        } catch (XMLStreamException e) {
            throw new ServletException("Error setting XML stream writer", e);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("state");
        String parameter2 = httpServletRequest.getParameter("css");
        String pathInfo = httpServletRequest.getPathInfo();
        try {
            URI originalRequestUri = RequestHelper.getOriginalRequestUri(httpServletRequest);
            if (log.isDebugEnabled()) {
                log.debug("Received request to [{}]", originalRequestUri);
            }
            if (pathInfo != null) {
                httpServletResponse.sendError(404);
                return;
            }
            if (parameter == null) {
                log.info("Received request to [{}] without state parameter.", originalRequestUri);
                httpServletResponse.sendError(400);
                return;
            }
            AuthState authState = this.authStateCache.getAuthState(parameter);
            if (authState == null) {
                log.info("Received request to [{}] with invalid or expired state parameter.", originalRequestUri);
                httpServletResponse.sendError(400);
                return;
            }
            Messages messsages = OAuthMessages.getMesssages(authState.getLocale());
            String parameter3 = httpServletRequest.getParameter("code");
            if (parameter3 == null) {
                String parameter4 = httpServletRequest.getParameter("error");
                if (parameter4 == null) {
                    log.info("Received request to [{}] with neither an authentication code nor an error.", originalRequestUri);
                    httpServletResponse.sendError(400);
                    return;
                }
                String parameter5 = httpServletRequest.getParameter("error_description");
                log.info("Received request to [{}] with authentication error.", originalRequestUri);
                OAuthTokenErrorResponse oAuthTokenErrorResponse = new OAuthTokenErrorResponse(parameter4, parameter5, null, null, null, null, null);
                authState.setError(oAuthTokenErrorResponse);
                renderAuthenticationResult(messsages, httpServletResponse, parameter2, authState.getDomain(), null, oAuthTokenErrorResponse);
                return;
            }
            DomainConfig domainConfiguration = this.configurationService.getDomainConfiguration(authState.getDomain());
            URI tokenLocation = domainConfiguration.getTokenLocation();
            if (tokenLocation == null) {
                try {
                    tokenLocation = domainConfiguration.getOpenIdLocation("token_endpoint");
                } catch (IllegalStateException e) {
                    log.error("OpenID configuration of domain [" + domainConfiguration.getDomain() + "] not loaded while requesting token location", e);
                    renderAuthenticationResult(messsages, httpServletResponse, parameter2, authState.getDomain(), null, new OAuthTokenErrorResponse("openid-configuration-not-loaded", messsages));
                    return;
                } catch (URISyntaxException e2) {
                    log.error("Cannot build redirect URI for request to [" + originalRequestUri + "].", e2);
                    OAuthTokenErrorResponse oAuthTokenErrorResponse2 = new OAuthTokenErrorResponse("invalid_redirect_uri", "configured redirect URI is malformed", null, null, null, null, null);
                    authState.setError(oAuthTokenErrorResponse2);
                    renderAuthenticationResult(messsages, httpServletResponse, parameter2, authState.getDomain(), null, oAuthTokenErrorResponse2);
                    return;
                } catch (OAuthTokenErrorResponse e3) {
                    log.error("Token request to [{}] with authentication code [{}] failed.", tokenLocation, parameter3);
                    authState.setError(e3);
                    renderAuthenticationResult(messsages, httpServletResponse, parameter2, authState.getDomain(), null, e3);
                    return;
                }
            }
            if (tokenLocation == null) {
                throw new OAuthTokenErrorResponse("openid-configuration-invalid", messsages);
            }
            String scope = domainConfiguration.getScope();
            log.info("Requesting token from [{}] upon request to [{}] with valid authentication code.", tokenLocation, originalRequestUri);
            OAuthTokenResponse requestToken = this.oauthHttpClient.requestToken(tokenLocation, new URI(originalRequestUri.getScheme(), originalRequestUri.getUserInfo(), originalRequestUri.getHost(), originalRequestUri.getPort(), this.oauthHttpLoginService.getRedirectUrl(), null, originalRequestUri.getFragment()).toString(), parameter, scope, domainConfiguration.getClientCredentials(), parameter3);
            authState.setResponse(requestToken);
            renderAuthenticationResult(messsages, httpServletResponse, parameter2, authState.getDomain(), requestToken.getScope(), null);
        } catch (URISyntaxException | ParseException e4) {
            throw new ServletException("Unable to parse full request URI for request to [" + RequestHelper.getRequestUrl(httpServletRequest) + "]", e4);
        }
    }

    public String getServletInfo() {
        return OAuthAuthServlet.class.getSimpleName();
    }
}
