package org.iplass.mtp.impl.auth.authenticate.oidc.command;

import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.SessionContext;
import org.iplass.mtp.impl.auth.authenticate.oidc.MetaOpenIdConnect;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCCredential;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCRuntimeException;
import org.iplass.mtp.impl.auth.authenticate.oidc.OIDCState;
import org.iplass.mtp.impl.auth.authenticate.oidc.OpenIdConnectService;
import org.iplass.mtp.impl.auth.oauth.util.OAuthEndpointConstants;
import org.iplass.mtp.impl.web.WebResourceBundleUtil;
import org.iplass.mtp.impl.web.WebUtil;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.util.StringUtil;
import org.iplass.mtp.web.WebRequestConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/auth/authenticate/oidc/command/AbstractCallbackCommand.class */
public abstract class AbstractCallbackCommand implements Command {
    public static final String PARAM_DEFINITION_NAME = "defName";
    public static final String STAT_SUCCESS = "SUCCESS";
    public static final String REQUEST_ERROR_TEMPLATE = "org.iplass.mtp.oidc.errorTemplate";
    private static Logger logger = LoggerFactory.getLogger(AbstractCallbackCommand.class);
    private OpenIdConnectService service = (OpenIdConnectService) ServiceRegistry.getRegistry().getService(OpenIdConnectService.class);
    private String sessionOidStateKey;

    public AbstractCallbackCommand(String str) {
        this.sessionOidStateKey = str;
    }

    public String execute(RequestContext requestContext) {
        String stripToNull = StringUtil.stripToNull(requestContext.getParam(OAuthEndpointConstants.PARAM_ERROR));
        String stripToNull2 = StringUtil.stripToNull(requestContext.getParam("defName"));
        String param = requestContext.getParam("state");
        String param2 = requestContext.getParam("code");
        String param3 = requestContext.getParam("iss");
        MetaOpenIdConnect.OpenIdConnectRuntime orDefault = this.service.getOrDefault(stripToNull2);
        if (orDefault == null) {
            throw new OIDCRuntimeException("no OpenIdProvider Definition:" + stripToNull2);
        }
        OIDCState oIDCState = null;
        SessionContext session = requestContext.getSession(false);
        if (session != null) {
            oIDCState = (OIDCState) session.getAttribute(this.sessionOidStateKey);
            if (oIDCState != null) {
                session.removeAttribute(this.sessionOidStateKey);
            }
        }
        setErrorTemplate(requestContext, oIDCState);
        if (stripToNull != null) {
            String stripToEmpty = StringUtil.stripToEmpty(requestContext.getParam(OAuthEndpointConstants.PARAM_ERROR_DESCRIPTION));
            logger.error("oidc error: error=" + stripToNull + ", error_desc=" + stripToEmpty + ", error_uri=" + StringUtil.stripToEmpty(requestContext.getParam(OAuthEndpointConstants.PARAM_ERROR_URI)));
            throw new ApplicationException(WebResourceBundleUtil.resourceString("impl.auth.authenticate.oidc.command.AbstractCallbackCommand.error", StringUtil.stripToEmpty(stripToEmpty), stripToNull));
        }
        if (oIDCState == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("invalid state:" + oIDCState);
            }
            logger.error("oidc error: error=invalid client state");
            throw new ApplicationException(WebResourceBundleUtil.resourceString("impl.auth.authenticate.oidc.command.AbstractCallbackCommand.error", "", "invalid_client_state"));
        }
        executeImpl(orDefault, requestContext, new OIDCCredential(stripToNull2, param2, param, createRedirectUri(orDefault, requestContext), param3, oIDCState));
        if (oIDCState.getBackUrlAfterAuth() == null) {
            throw new OIDCRuntimeException("No redirect url");
        }
        if (WebUtil.isValidInternalUrl(oIDCState.getBackUrlAfterAuth())) {
            requestContext.setAttribute(WebRequestConstants.REDIRECT_PATH, oIDCState.getBackUrlAfterAuth());
            return "SUCCESS";
        }
        if (logger.isDebugEnabled()) {
            logger.debug("invalid redirect url: " + oIDCState.getBackUrlAfterAuth());
        }
        throw new OIDCRuntimeException("Invalid redirect url");
    }

    protected abstract void executeImpl(MetaOpenIdConnect.OpenIdConnectRuntime openIdConnectRuntime, RequestContext requestContext, OIDCCredential oIDCCredential);

    protected abstract String createRedirectUri(MetaOpenIdConnect.OpenIdConnectRuntime openIdConnectRuntime, RequestContext requestContext);

    void setErrorTemplate(RequestContext requestContext, OIDCState oIDCState) {
        String str = null;
        if (oIDCState != null) {
            str = oIDCState.getErrorTemplateName();
        }
        if (str == null) {
            str = MetaDataRefs.TMPL_OIDC_ERROR;
        }
        requestContext.setAttribute("org.iplass.mtp.oidc.errorTemplate", str);
    }
}
