package be.atbash.ee.security.sso.server.endpoint;

import be.atbash.ee.security.octopus.SecurityUtils;
import be.atbash.ee.security.octopus.config.Debug;
import be.atbash.ee.security.octopus.config.OctopusCoreConfiguration;
import be.atbash.ee.security.octopus.subject.UserPrincipal;
import be.atbash.ee.security.sso.server.config.OctopusSSOServerConfiguration;
import be.atbash.ee.security.sso.server.endpoint.helper.OIDCTokenHelper;
import be.atbash.ee.security.sso.server.store.OIDCStoreData;
import be.atbash.ee.security.sso.server.store.SSOTokenStore;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jwt.JWT;
import com.nimbusds.oauth2.sdk.AbstractRequest;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.ResponseMode;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import java.io.IOException;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebServlet({"/octopus/sso/authenticate"})
/* loaded from: input_file:be/atbash/ee/security/sso/server/endpoint/AuthenticationServlet.class */
public class AuthenticationServlet extends HttpServlet {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationServlet.class);

    @Inject
    private OctopusSSOServerConfiguration ssoServerConfiguration;

    @Inject
    private SSOTokenStore tokenStore;

    @Inject
    private OctopusCoreConfiguration octopusCoreConfiguration;

    @Inject
    private OIDCTokenHelper oidcTokenHelper;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        UserPrincipal principal = SecurityUtils.getSubject().getPrincipal();
        AuthenticationRequest authenticationRequest = (AuthenticationRequest) httpServletRequest.getAttribute(AbstractRequest.class.getName());
        ClientID clientID = authenticationRequest.getClientID();
        IDTokenClaimsSet defineIDToken = this.oidcTokenHelper.defineIDToken(httpServletRequest, principal, clientID, authenticationRequest);
        OIDCStoreData oIDCStoreData = new OIDCStoreData(new BearerAccessToken(this.ssoServerConfiguration.getOIDCTokenLength(), this.ssoServerConfiguration.getSSOAccessTokenTimeToLive(), authenticationRequest.getScope()));
        AuthorizationCode authorizationCode = null;
        AccessToken accessToken = null;
        JWT jwt = null;
        if (authenticationRequest.getResponseType().impliesCodeFlow()) {
            authorizationCode = new AuthorizationCode(this.ssoServerConfiguration.getOIDCTokenLength());
            oIDCStoreData.setAuthorizationCode(authorizationCode);
        } else {
            if (authenticationRequest.getResponseType().contains("token")) {
                accessToken = oIDCStoreData.getAccessToken();
            }
            jwt = this.oidcTokenHelper.signIdToken(clientID, defineIDToken);
        }
        oIDCStoreData.setIdTokenClaimsSet(defineIDToken);
        oIDCStoreData.setClientId(authenticationRequest.getClientID());
        oIDCStoreData.setScope(authenticationRequest.getScope());
        this.tokenStore.addLoginFromClient(SecurityUtils.getSubject().getPrincipal(), (String) principal.getUserInfo("OCTOPUS_SSO_COOKIE_TOKEN"), httpServletRequest.getHeader("User-Agent"), httpServletRequest.getRemoteAddr(), oIDCStoreData);
        try {
            try {
                String uri = new AuthenticationSuccessResponse(authenticationRequest.getRedirectionURI(), authorizationCode, jwt, accessToken, authenticationRequest.getState(), (State) null, ResponseMode.QUERY).toURI().toString();
                showDebugInfo(principal);
                httpServletResponse.sendRedirect(uri);
                httpServletRequest.getSession().invalidate();
            } catch (IOException e) {
                throw new AtbashUnexpectedException(e);
            }
        } catch (Throwable th) {
            httpServletRequest.getSession().invalidate();
            throw th;
        }
    }

    private void showDebugInfo(UserPrincipal userPrincipal) {
        if (this.octopusCoreConfiguration.showDebugFor().contains(Debug.SSO_FLOW)) {
            LOGGER.info(String.format("(SSO Server) User %s is authenticated and cookie written if needed.", userPrincipal.getName()));
        }
    }
}
