package org.ox.oxprox.service;

import com.google.inject.Inject;
import java.net.HttpURLConnection;
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.ox.oxprox.conf.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.uma.UmaClientFactory;
import org.xdi.oxauth.model.uma.AuthorizationResponse;
import org.xdi.oxauth.model.uma.MetadataConfiguration;
import org.xdi.oxauth.model.uma.RequesterPermissionTokenResponse;
import org.xdi.oxauth.model.uma.ResourceSetPermissionTicket;
import org.xdi.oxauth.model.uma.RptAuthorizationRequest;
import org.xdi.util.Util;

/* loaded from: input_file:org/ox/oxprox/service/UmaService.class */
public class UmaService {
    private static final Logger LOG = LoggerFactory.getLogger(UmaService.class);
    public static final String SAML_TOKEN_COOKIE = "saml_token";
    public static final String RPT_COOKIE = "rpt";

    @Inject
    HttpService m_httpService;

    @Inject
    OicDiscoveryService discoveryService;

    @Inject
    AatService aatService;

    @Inject
    Configuration conf;

    public String getSamlToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.m_httpService.getValueWithCookieSet(httpServletRequest, httpServletResponse, SAML_TOKEN_COOKIE);
    }

    public String getRpt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.m_httpService.getValueWithCookieSet(httpServletRequest, httpServletResponse, RPT_COOKIE);
    }

    public String obtainRpt(String str) {
        LOG.debug("Try to obtain RPT with AAT on AS, AAT: {}", str);
        try {
            UmaClientFactory.instance().createRequesterPermissionTokenService(this.discoveryService.getUmaDiscovery(null));
            RequesterPermissionTokenResponse requesterPermissionTokenResponse = null;
            if (0 != 0 && StringUtils.isNotBlank(requesterPermissionTokenResponse.getToken())) {
                String token = requesterPermissionTokenResponse.getToken();
                LOG.debug("RPT is successfully obtained from AS. RPT: " + token);
                return token;
            }
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        LOG.debug("Failed to obtain RPT.");
        return null;
    }

    public boolean authorize(String str, String str2) {
        try {
            if (StringUtils.isBlank(str)) {
                LOG.debug("Target url is blank.");
                return false;
            }
            if (StringUtils.isBlank(str2)) {
                LOG.debug("RPT is blank.");
                return false;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setAllowUserInteraction(false);
            httpURLConnection.setInstanceFollowRedirects(false);
            httpURLConnection.connect();
            switch (httpURLConnection.getResponseCode()) {
                case 200:
                    return true;
                case 403:
                    String iOUtils = IOUtils.toString(httpURLConnection.getInputStream());
                    LOG.trace("RS response entity: {}", iOUtils);
                    return authorizeAgainstRS(str, str2, iOUtils);
                default:
                    return false;
            }
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            return false;
        }
    }

    private boolean authorizeAgainstRS(String str, String str2, String str3) {
        try {
            MetadataConfiguration umaDiscovery = this.discoveryService.getUmaDiscovery(null);
            String ticket = ((ResourceSetPermissionTicket) Util.createJsonMapper().readValue(str3, ResourceSetPermissionTicket.class)).getTicket();
            RptAuthorizationRequest rptAuthorizationRequest = new RptAuthorizationRequest(str2, ticket);
            LOG.debug("Try to authorize RPT with ticket: {}...", ticket);
            if (((AuthorizationResponse) UmaClientFactory.instance().createAuthorizationRequestService(umaDiscovery).requestRptPermissionAuthorization("Bearer " + this.aatService.obtainAat(str2), (String) null, rptAuthorizationRequest).getEntity()) == null) {
                return false;
            }
            LOG.trace("RPT is authorized. RPT: {}, targetUrl: ", str2, str);
            return true;
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            return false;
        }
    }
}
