package org.iplass.mtp.impl.auth.authenticate.token.web;

import javax.servlet.http.HttpServletRequest;
import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.impl.auth.UserContext;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginHandler;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginInstruction;
import org.iplass.mtp.impl.auth.authenticate.token.AuthToken;
import org.iplass.mtp.impl.auth.authenticate.token.AuthTokenHandler;
import org.iplass.mtp.impl.auth.authenticate.token.AuthTokenService;
import org.iplass.mtp.impl.session.Session;
import org.iplass.mtp.impl.session.SessionService;
import org.iplass.mtp.impl.webapi.rest.RestRequestContext;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.web.template.tags.BindTag;
import org.iplass.mtp.webapi.definition.MethodType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/auth/authenticate/token/web/BearerTokenAutoLoginHandler.class */
public class BearerTokenAutoLoginHandler implements AutoLoginHandler {
    private static Logger logger = LoggerFactory.getLogger(BearerTokenAutoLoginHandler.class);
    public static final String HEADER_AUTHORIZATION = "Authorization";
    public static final String AUTH_SCHEME_BEARER = "Bearer";
    public static final String PARAM_ACCESS_TOKEN = "access_token";
    private static final String SESSION_ATTRIBUTE_BEARER_TOKEN = "mtp.auth.token.bearer.encodedToken";
    private SessionService sessionService = ServiceRegistry.getRegistry().getService(SessionService.class);
    private AuthTokenHandler authTokenHandler;
    private boolean rejectAmbiguousRequest;
    private boolean bearerTokenHeaderOnly;
    private String authTokenType;

    public boolean isBearerTokenHeaderOnly() {
        return this.bearerTokenHeaderOnly;
    }

    public void setBearerTokenHeaderOnly(boolean z) {
        this.bearerTokenHeaderOnly = z;
    }

    public String getAuthTokenType() {
        return this.authTokenType;
    }

    public void setAuthTokenType(String str) {
        this.authTokenType = str;
        this.authTokenHandler = ServiceRegistry.getRegistry().getService(AuthTokenService.class).getHandler(str);
    }

    public boolean isRejectAmbiguousRequest() {
        return this.rejectAmbiguousRequest;
    }

    public void setRejectAmbiguousRequest(boolean z) {
        this.rejectAmbiguousRequest = z;
    }

    public void setAuthTokenHandler(AuthTokenHandler authTokenHandler) {
        this.authTokenHandler = authTokenHandler;
    }

    private boolean isForm(HttpServletRequest httpServletRequest, RestRequestContext restRequestContext) {
        return (this.bearerTokenHeaderOnly || !"application/x-www-form-urlencoded".equals(httpServletRequest.getContentType()) || restRequestContext.methodType() == MethodType.GET) ? false : true;
    }

    private String tokenFromRequest(RequestContext requestContext) {
        String str = null;
        HttpServletRequest httpServletRequest = (HttpServletRequest) requestContext.getAttribute("servletRequest");
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.regionMatches(true, 0, "Bearer ", 0, "Bearer".length() + 1)) {
            str = header.substring("Bearer".length() + 1).trim();
            logger.debug("handle bearer token from HTTP header");
        } else if (isForm(httpServletRequest, (RestRequestContext) requestContext)) {
            str = requestContext.getParam("access_token");
            if (str != null) {
                logger.debug("handle bearer token from body(form parameter)");
            }
        }
        if (str == null || str.length() <= 0) {
            return null;
        }
        return str;
    }

    public AutoLoginInstruction handle(RequestContext requestContext, boolean z, UserContext userContext) {
        String str;
        if (!z) {
            if ((requestContext instanceof RestRequestContext) && ((RestRequestContext) requestContext).supportBearerToken() && (str = tokenFromRequest(requestContext)) != null) {
                AuthToken authToken = new AuthToken(str);
                return !this.authTokenHandler.getType().equals(authToken.getType()) ? AutoLoginInstruction.THROUGH : new AutoLoginInstruction(this.authTokenHandler.toCredential(authToken));
            }
            return AutoLoginInstruction.THROUGH;
        }
        if ((requestContext instanceof RestRequestContext) && ((RestRequestContext) requestContext).supportBearerToken()) {
            String str2 = tokenFromRequest(requestContext);
            if (str2 == null) {
                return AutoLoginInstruction.THROUGH;
            }
            if (this.rejectAmbiguousRequest) {
                String str3 = null;
                Session session = this.sessionService.getSession(false);
                if (session != null) {
                    str3 = (String) session.getAttribute(SESSION_ATTRIBUTE_BEARER_TOKEN);
                }
                if (!str2.equals(str3)) {
                    throw new AuthorizationRequiredException("Bearer", null, "invalid_request", "another login session is avaliable");
                }
            } else {
                AuthToken authToken2 = new AuthToken(str2);
                logger.warn("login session is avaliable, but another bearer token is specified. currentUser:" + userContext.getAccount().getUnmodifiableUniqueKey() + ", token:" + authToken2.getType() + BindTag.DEFAULT_PROPERTY_DELIMITER + authToken2.getSeries() + "...");
            }
            return AutoLoginInstruction.THROUGH;
        }
        return AutoLoginInstruction.ERROR;
    }

    public void handleSuccess(AutoLoginInstruction autoLoginInstruction, RequestContext requestContext, UserContext userContext) {
        Session session;
        if (this.sessionService.isSessionStateless() || (session = this.sessionService.getSession(false)) == null) {
            return;
        }
        session.setAttribute(SESSION_ATTRIBUTE_BEARER_TOKEN, autoLoginInstruction.getCredential().getToken());
    }

    public Exception handleException(AutoLoginInstruction autoLoginInstruction, ApplicationException applicationException, RequestContext requestContext, boolean z, UserContext userContext) {
        throw new AuthorizationRequiredException("Bearer", null, AuthorizationRequiredException.CODE_INVALID_TOKEN, "See server log for details");
    }
}
