package be.atbash.ee.security.octopus.sso.servlet;

import be.atbash.ee.security.octopus.sso.ClientCallbackHelper;
import be.atbash.ee.security.octopus.sso.client.OpenIdVariableClientData;
import be.atbash.ee.security.octopus.sso.config.OctopusSSOClientConfiguration;
import be.atbash.ee.security.octopus.util.URLUtil;
import be.atbash.util.CDIUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.net.URI;
import java.net.URISyntaxException;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;

@WebServlet({"/octopus"})
/* loaded from: input_file:be/atbash/ee/security/octopus/sso/servlet/OctopusServlet.class */
public class OctopusServlet extends HttpServlet {

    @Inject
    private Logger logger;

    @Inject
    private URLUtil urlUtil;

    @Inject
    private OctopusSSOClientConfiguration octopusSSOClientConfiguration;
    private ClientCallbackHelper clientCallbackHelper;

    public void init() throws ServletException {
        this.clientCallbackHelper = (ClientCallbackHelper) CDIUtils.retrieveOptionalInstance(ClientCallbackHelper.class, new Annotation[0]);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        OpenIdVariableClientData openIdVariableClientData = new OpenIdVariableClientData(this.clientCallbackHelper == null ? this.urlUtil.determineRoot(httpServletRequest) : this.clientCallbackHelper.determineCallbackRoot(httpServletRequest));
        storeClientData(httpServletRequest, openIdVariableClientData);
        try {
            httpServletResponse.sendRedirect(determineActualLoginURL(openIdVariableClientData));
        } catch (IOException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    private String determineActualLoginURL(OpenIdVariableClientData openIdVariableClientData) {
        String loginPage = this.octopusSSOClientConfiguration.getLoginPage();
        try {
            return loginPage + '?' + new AuthenticationRequest(new URI(loginPage), this.octopusSSOClientConfiguration.getSSOType().getResponseType(), Scope.parse("openid octopus " + this.octopusSSOClientConfiguration.getSSOScopes()), new ClientID(this.octopusSSOClientConfiguration.getSSOClientId()), new URI(openIdVariableClientData.getRootURL() + "/sso/SSOCallback"), openIdVariableClientData.getState(), openIdVariableClientData.getNonce()).toHTTPRequest().getQuery();
        } catch (URISyntaxException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    private void storeClientData(HttpServletRequest httpServletRequest, OpenIdVariableClientData openIdVariableClientData) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session.getAttribute(OpenIdVariableClientData.class.getName()) != null) {
            this.logger.warn("State and Nonce value for OpenIdConnect already present within session");
        }
        session.setAttribute(OpenIdVariableClientData.class.getName(), openIdVariableClientData);
    }
}
