package win.zqxu.shiro.oltu.server;

import java.io.IOException;
import java.util.HashMap;
import java.util.Set;
import java.util.UUID;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.ResponseType;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:win/zqxu/shiro/oltu/server/AuthorizeFilter.class */
public class AuthorizeFilter extends AdviceFilter {
    private static final String SAVED_OAUTH_REQUEST_KEY = AuthorizeFilter.class.getName() + "_SAVED_OAUTH_REQUEST";
    private OAuthService oAuthService;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:win/zqxu/shiro/oltu/server/AuthorizeFilter$SavedOAuthRequest.class */
    public static class SavedOAuthRequest {
        public String confirmKey = UUID.randomUUID().toString();
        public String clientId;
        public String state;
        public Set<String> scopes;
        public String redirectURI;

        public SavedOAuthRequest(OAuthAuthzRequest oAuthAuthzRequest) {
            this.clientId = oAuthAuthzRequest.getClientId();
            this.state = oAuthAuthzRequest.getState();
            this.scopes = oAuthAuthzRequest.getScopes();
            this.redirectURI = oAuthAuthzRequest.getRedirectURI();
        }
    }

    public OAuthService getoAuthService() {
        return this.oAuthService;
    }

    public void setoAuthService(OAuthService oAuthService) {
        this.oAuthService = oAuthService;
    }

    protected boolean preHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        I18N i18n = new I18N(servletRequest.getLocale());
        if (!SecurityUtils.getSubject().isAuthenticated()) {
            throw new IllegalStateException(i18n.getString("NOT_AUTHENTICATED"));
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            return noSavedRequest() ? processOAuthRequest(httpServletRequest, httpServletResponse) : processSavedRequest(httpServletRequest, httpServletResponse);
        } catch (OAuthProblemException e) {
            return OAuthUtils.isEmpty(e.getError()) ? ResponseUtils.processResponse(httpServletResponse, e.getRedirectUri(), ResponseUtils.responseInvalidRequest(e.getDescription())) : ResponseUtils.processResponse(httpServletResponse, e.getRedirectUri(), ResponseUtils.responseBadRequest(e));
        }
    }

    protected boolean processOAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OAuthProblemException, OAuthSystemException {
        I18N i18n = new I18N(httpServletRequest.getLocale());
        OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(httpServletRequest);
        String clientId = oAuthAuthzRequest.getClientId();
        String redirectURI = oAuthAuthzRequest.getRedirectURI();
        if (!this.oAuthService.checkClient(clientId)) {
            return ResponseUtils.processResponse(httpServletResponse, redirectURI, ResponseUtils.responseInvalidClient(i18n.getString("INVALID_CLIENT_ID")));
        }
        if (!ResponseType.CODE.toString().equals(oAuthAuthzRequest.getResponseType())) {
            return ResponseUtils.processResponse(httpServletResponse, redirectURI, ResponseUtils.responseInvalidRequest(i18n.getString("UNSUPPORT_RESP_TYPE")));
        }
        Set<String> scopes = oAuthAuthzRequest.getScopes();
        if (scopes.isEmpty() && this.oAuthService.scopeRequired(clientId)) {
            return ResponseUtils.processResponse(httpServletResponse, redirectURI, ResponseUtils.responseInvalidScope(i18n.getString("SCOPE_REQUIRED")));
        }
        for (String str : scopes) {
            if (!this.oAuthService.checkScope(clientId, str)) {
                return ResponseUtils.processResponse(httpServletResponse, redirectURI, ResponseUtils.responseInvalidScope(i18n.getString("INVALID_SCOPE") + " " + str));
            }
        }
        String confirmationURI = this.oAuthService.confirmationURI(clientId, scopes);
        return !OAuthUtils.isEmpty(confirmationURI) ? redirectToConfirmation(httpServletRequest, httpServletResponse, oAuthAuthzRequest, confirmationURI) : generateAuthorizationCode(httpServletRequest, httpServletResponse, new SavedOAuthRequest(oAuthAuthzRequest));
    }

    protected boolean redirectToConfirmation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuthAuthzRequest oAuthAuthzRequest, String str) throws IOException {
        saveOAuthRequest(oAuthAuthzRequest);
        SavedOAuthRequest readSavedRequest = readSavedRequest();
        HashMap hashMap = new HashMap();
        hashMap.put(OAuthService.CONFIRM_KEY, readSavedRequest.confirmKey);
        hashMap.put("client_id", oAuthAuthzRequest.getClientId());
        hashMap.put("scope", oAuthAuthzRequest.getParam("scope"));
        hashMap.put("redirect_uri", httpServletRequest.getRequestURI());
        WebUtils.issueRedirect(httpServletRequest, httpServletResponse, str, hashMap);
        return false;
    }

    protected boolean processSavedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OAuthProblemException, OAuthSystemException {
        I18N i18n = new I18N(httpServletRequest.getLocale());
        String parameter = httpServletRequest.getParameter(OAuthService.CONFIRM_KEY);
        if (OAuthUtils.isEmpty(parameter)) {
            clearSavedRequest();
            return processOAuthRequest(httpServletRequest, httpServletResponse);
        }
        SavedOAuthRequest readSavedRequest = readSavedRequest();
        if (!readSavedRequest.confirmKey.equals(parameter)) {
            return ResponseUtils.processResponse(httpServletResponse, null, ResponseUtils.responseInvalidRequest(i18n.getString("REQUEST_EXPIRED")));
        }
        if (!Boolean.valueOf(httpServletRequest.getParameter(OAuthService.CONFIRM_RESULT)).booleanValue()) {
            return ResponseUtils.processResponse(httpServletResponse, readSavedRequest.redirectURI, ResponseUtils.responseAccessDenied(i18n.getString("CONFIRMATION_REJECTED")));
        }
        readSavedRequest.scopes = OAuthUtils.decodeScopes(httpServletRequest.getParameter("scope"));
        return generateAuthorizationCode(httpServletRequest, httpServletResponse, readSavedRequest);
    }

    protected boolean generateAuthorizationCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SavedOAuthRequest savedOAuthRequest) throws IOException, OAuthSystemException {
        String authorizationCode = new OAuthIssuerImpl(new MD5Generator()).authorizationCode();
        String str = null;
        if (savedOAuthRequest.scopes != null) {
            str = OAuthUtils.encodeScopes(savedOAuthRequest.scopes);
        }
        this.oAuthService.addAuthCode(authorizationCode, savedOAuthRequest.clientId, savedOAuthRequest.scopes);
        clearSavedRequest();
        return ResponseUtils.processResponse(httpServletResponse, savedOAuthRequest.redirectURI, ResponseUtils.responseAuthCode(httpServletRequest, authorizationCode, str, savedOAuthRequest.state));
    }

    protected boolean noSavedRequest() {
        return SecurityUtils.getSubject().getSession().getAttribute(SAVED_OAUTH_REQUEST_KEY) == null;
    }

    protected void saveOAuthRequest(OAuthAuthzRequest oAuthAuthzRequest) {
        SecurityUtils.getSubject().getSession().setAttribute(SAVED_OAUTH_REQUEST_KEY, new SavedOAuthRequest(oAuthAuthzRequest));
    }

    protected SavedOAuthRequest readSavedRequest() {
        return (SavedOAuthRequest) SecurityUtils.getSubject().getSession().getAttribute(SAVED_OAUTH_REQUEST_KEY);
    }

    protected void clearSavedRequest() {
        SecurityUtils.getSubject().getSession().removeAttribute(SAVED_OAUTH_REQUEST_KEY);
    }
}
