package be.atbash.ee.security.octopus.oauth2.servlet;

import be.atbash.ee.security.octopus.SecurityUtils;
import be.atbash.ee.security.octopus.authc.AuthenticationException;
import be.atbash.ee.security.octopus.config.OctopusJSFConfiguration;
import be.atbash.ee.security.octopus.oauth2.OAuth2UserToken;
import be.atbash.ee.security.octopus.oauth2.info.OAuth2InfoProvider;
import be.atbash.ee.security.octopus.session.SessionUtil;
import be.atbash.ee.security.octopus.util.SavedRequest;
import be.atbash.ee.security.octopus.util.WebUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/atbash/ee/security/octopus/oauth2/servlet/OAuth2CallbackProcessor.class */
public abstract class OAuth2CallbackProcessor {
    protected Logger logger = LoggerFactory.getLogger(getClass());

    @Inject
    private OctopusJSFConfiguration jsfConfiguration;

    @Inject
    private SessionUtil sessionUtil;

    @Inject
    private OAuth2SessionAttributesUtil sessionAttributesUtil;

    public abstract void processCallback(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException;

    protected boolean checkCSRFToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean z = true;
        String cSRFToken = this.sessionAttributesUtil.getCSRFToken(httpServletRequest);
        String parameter = httpServletRequest.getParameter("state");
        if (cSRFToken == null || !cSRFToken.equals(parameter)) {
            this.logger.warn(String.format("The CSRF token does not match (session %s - request %s)", cSRFToken, parameter));
            redirectToRoot(httpServletRequest, httpServletResponse);
            z = false;
        }
        return z;
    }

    protected void redirectToRoot(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletRequest.getSession().invalidate();
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
    }

    protected void doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth2InfoProvider oAuth2InfoProvider) throws IOException {
        try {
            OAuth2UserToken retrieveUserInfo = oAuth2InfoProvider.retrieveUserInfo(this.sessionAttributesUtil.getOAuth2Service(httpServletRequest).getAccessToken(httpServletRequest.getParameter(getAccessTokenParameterName())), httpServletRequest);
            try {
                SavedRequest andClearSavedRequest = WebUtils.getAndClearSavedRequest(SecurityUtils.getSubject());
                this.sessionUtil.invalidateCurrentSession(httpServletRequest);
                SecurityUtils.getSubject().login(retrieveUserInfo);
                httpServletResponse.sendRedirect(andClearSavedRequest != null ? andClearSavedRequest.getRequestUrl() : httpServletRequest.getContextPath());
            } catch (AuthenticationException e) {
                HttpSession session = httpServletRequest.getSession();
                session.setAttribute("oAuth2UserInfo", retrieveUserInfo);
                session.setAttribute("AuthenticationExceptionMessage", e.getMessage());
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.jsfConfiguration.getUnauthorizedExceptionPage());
            }
        } catch (InterruptedException | ExecutionException e2) {
            throw new AtbashUnexpectedException(e2);
        }
    }

    protected String getAccessTokenParameterName() {
        return "code";
    }
}
