package aQute.openapi.oauth2.provider;

import aQute.openapi.oauth2.provider.Handler;
import aQute.openapi.security.api.Authentication;
import aQute.openapi.security.api.OpenAPIAuthenticator;
import aQute.openapi.security.api.OpenAPISecurityDefinition;
import aQute.openapi.security.api.OpenAPISecurityProviderInfo;
import aQute.openapi.security.environment.api.OpenAPISecurityEnvironment;
import aQute.www.http.util.HttpRequest;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.SecureRandom;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.Designate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = OAuth2Configuration.class, factory = true)
@Component(service = {OAuth2AuthenticationProvider.class, OpenAPIAuthenticator.class}, configurationPid = {OAuth2AuthenticationProvider.PID}, configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"openapi.type=oauth2"})
/* loaded from: input_file:aQute/openapi/oauth2/provider/OAuth2AuthenticationProvider.class */
public class OAuth2AuthenticationProvider implements OpenAPIAuthenticator {
    public static final String OAUTH2 = "oauth2";
    public static final String PID = "biz.aQute.openapi.oauth2";
    final Map<String, Progress> progress = new ConcurrentHashMap();
    URI errorEndpoint;
    Handler handler;
    String sessionKey;
    String name;

    @Reference
    OpenAPISecurityEnvironment security;
    static final Logger logger = LoggerFactory.getLogger(OAuth2AuthenticationProvider.class);
    static final SecureRandom random = new SecureRandom();
    private static final long CALLBACK_TIMEOUT = TimeUnit.MINUTES.toMillis(10);

    /* loaded from: input_file:aQute/openapi/oauth2/provider/OAuth2AuthenticationProvider$Progress.class */
    static class Progress {
        String state = OAuth2AuthenticationProvider.random.nextLong() + "";
        long time = System.currentTimeMillis();
        String ip;
        public String callback;
        public URI success;
        public URI fail;

        Progress() {
        }
    }

    @Activate
    public void activate(OAuth2Configuration oAuth2Configuration) throws Exception {
        ProviderDefinition providerDefinition = oAuth2Configuration.provider().getProviderDefinition();
        if (providerDefinition == null) {
            providerDefinition = new ProviderDefinition();
        }
        this.handler = oAuth2Configuration.provider().handler(logger, oAuth2Configuration, providerDefinition);
        this.sessionKey = "biz.aQute.openapi.oauth2." + oAuth2Configuration.openapi_name();
        this.name = oAuth2Configuration.openapi_name();
        this.errorEndpoint = new URI(oAuth2Configuration.finalEndpoint());
    }

    public Authentication authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OpenAPISecurityDefinition openAPISecurityDefinition) {
        final String str = (String) httpServletRequest.getSession().getAttribute(this.sessionKey);
        return new Authentication() { // from class: aQute.openapi.oauth2.provider.OAuth2AuthenticationProvider.1
            public void requestCredentials() throws Exception {
            }

            public boolean needsCredentials() throws Exception {
                return false;
            }

            public boolean isAuthenticated() throws Exception {
                return str != null;
            }

            public boolean ignore() {
                return false;
            }

            public String getUser() {
                return str;
            }
        };
    }

    public URI login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String str = (String) httpServletRequest.getSession().getAttribute(this.sessionKey);
        if (str != null) {
            return report(ErrorEnum.ok, str, httpServletResponse);
        }
        Progress progress = new Progress();
        progress.ip = httpServletRequest.getRemoteAddr() + ":" + httpServletRequest.getRemotePort();
        this.progress.put(progress.state, progress);
        progress.callback = new URI(httpServletRequest.getRequestURL().toString()).resolve("callback").toString();
        return this.handler.authorize(progress.callback, progress.state);
    }

    public URI other(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!str.equals("callback")) {
            return report(ErrorEnum.x_unknown_request, str, httpServletResponse);
        }
        Progress remove = this.progress.remove(httpServletRequest.getParameter("state"));
        if (remove == null) {
            return report(ErrorEnum.x_no_callback_expected, "?", httpServletResponse);
        }
        if (remove.time + CALLBACK_TIMEOUT < System.currentTimeMillis()) {
            return report(ErrorEnum.x_callback_expired, "Callback should happen within " + TimeUnit.MILLISECONDS.toMinutes(CALLBACK_TIMEOUT), httpServletResponse);
        }
        String parameter = httpServletRequest.getParameter("error");
        String parameter2 = httpServletRequest.getParameter("error_description");
        if (parameter != null) {
            return report(parameter, parameter2, httpServletResponse);
        }
        AccessTokenResponse accessToken = this.handler.getAccessToken(httpServletRequest.getParameter("code"), remove.callback);
        if (accessToken.error != null) {
            return report(accessToken.error, accessToken.body, httpServletResponse);
        }
        Handler.AuthenticateResult authenticate = this.handler.authenticate(accessToken, this.security);
        if (authenticate.error != null) {
            return report(authenticate.error, authenticate.error_description, httpServletResponse);
        }
        if (authenticate.user == null) {
            return report(ErrorEnum.x_authentication_failed, authenticate.user, httpServletResponse);
        }
        httpServletRequest.getSession().setAttribute(this.sessionKey, authenticate.user);
        return report(ErrorEnum.ok, this.name + " -> " + authenticate.user, httpServletResponse);
    }

    private URI report(String str, String str2, HttpServletResponse httpServletResponse) throws URISyntaxException {
        try {
            return report(ErrorEnum.valueOf(str), str2, httpServletResponse);
        } catch (IllegalArgumentException e) {
            return report(ErrorEnum.x_unknown_error, str + ":" + str2, httpServletResponse);
        }
    }

    private URI report(ErrorEnum errorEnum, String str, HttpServletResponse httpServletResponse) throws URISyntaxException {
        if (errorEnum != ErrorEnum.ok) {
            logger.warn("{} - {}", errorEnum, str);
        }
        return new URI(HttpRequest.append(this.errorEndpoint.toString(), new Object[]{"error", errorEnum.toString(), "error_description", str}));
    }

    public URI logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws URISyntaxException {
        if (((String) httpServletRequest.getSession().getAttribute(this.sessionKey)) == null) {
            return report(ErrorEnum.x_not_logged_in, "", httpServletResponse);
        }
        httpServletRequest.getSession().removeAttribute(this.sessionKey);
        return report(ErrorEnum.ok, "", httpServletResponse);
    }

    public void setEmail(String str, String str2) {
        this.security.setProperty(str, this.handler.nameKey, str2);
    }

    public OpenAPISecurityProviderInfo getInfo(HttpServletRequest httpServletRequest) {
        OpenAPISecurityProviderInfo openAPISecurityProviderInfo = new OpenAPISecurityProviderInfo();
        openAPISecurityProviderInfo.name = this.name;
        openAPISecurityProviderInfo.type = OAUTH2;
        openAPISecurityProviderInfo.idKey = this.handler.nameKey;
        String str = (String) httpServletRequest.getSession().getAttribute(this.sessionKey);
        if (str != null) {
            openAPISecurityProviderInfo.currentUser = str;
            openAPISecurityProviderInfo.idValue = (String) this.security.getProperty(str, this.handler.nameKey).orElse(null);
        }
        return openAPISecurityProviderInfo;
    }

    public String toString() {
        return "OpenAPI.OAuth2[" + this.name + "]";
    }
}
