package org.ox.oxprox.ws;

import com.google.common.collect.Lists;
import com.google.inject.Inject;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.lang.StringUtils;
import org.jboss.resteasy.client.ClientRequest;
import org.jboss.resteasy.client.ClientResponse;
import org.ox.oxprox.Utils;
import org.ox.oxprox.conf.Configuration;
import org.ox.oxprox.ldap.oxProxClient;
import org.ox.oxprox.model.ws.ResponseErrorType;
import org.ox.oxprox.service.ClientService;
import org.ox.oxprox.service.ErrorService;
import org.ox.oxprox.service.HttpService;
import org.ox.oxprox.service.OicDiscoveryService;
import org.ox.oxprox.service.SessionService;
import org.python.google.common.base.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.AuthorizationResponse;
import org.xdi.oxauth.client.OpenIdConfigurationResponse;
import org.xdi.oxauth.model.common.Prompt;
import org.xdi.oxauth.model.util.Util;

@Path("/rest")
/* loaded from: input_file:org/ox/oxprox/ws/AuthorizationWS.class */
public class AuthorizationWS {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationWS.class);

    @Inject
    Configuration conf;

    @Inject
    OicDiscoveryService discoveryService;

    @Inject
    ErrorService errorService;

    @Inject
    ClientService clientService;

    @Inject
    HttpService httpService;

    @GET
    @Produces({"text/plain"})
    @Path("/authorize")
    public Response requestAuthorizationGet(@Context HttpServletRequest httpServletRequest, @Context SecurityContext securityContext) {
        return requestAuthorization(new SessionService(httpServletRequest.getSession()), httpServletRequest.getHeader("Authorization"));
    }

    @POST
    @Produces({"text/plain"})
    @Path("/authorize")
    public Response requestAuthorizationPost(@Context HttpServletRequest httpServletRequest, @Context SecurityContext securityContext) {
        return requestAuthorization(new SessionService(httpServletRequest.getSession()), httpServletRequest.getHeader("Authorization"));
    }

    public Response requestAuthorization(SessionService sessionService, String str) {
        try {
            String opDomain = sessionService.getOpDomain();
            Map<String, String[]> parameterMap = sessionService.getParameterMap();
            LOG.debug("Attempting to request authorization opDomain = {}, parameterMap = {}", opDomain, Utils.mapAsString(parameterMap));
            OpenIdConfigurationResponse discoveryResponseByAmHost = this.discoveryService.getDiscoveryResponseByAmHost(opDomain);
            oxProxClient client = getClient(parameterMap);
            String id = this.clientService.getOpClient(sessionService.getOpDomain(), client).getId();
            if (id == null) {
                LOG.warn("Failed to resolve OP client.");
                throw new WebApplicationException(this.errorService.response(Response.Status.BAD_REQUEST, ResponseErrorType.NO_MAPPING_TO_OP_CLIENT));
            }
            LOG.trace("Resolved op client from proxy client: {}, (op: {}) to op client: {}", new Object[]{client.getClientId(), sessionService.getOpDomain(), id});
            sessionService.setOpClientId(id);
            return this.httpService.contains(sessionService.getParameterMap().get("prompt"), Prompt.NONE.getParamName()) ? directWsCall(parameterMap, discoveryResponseByAmHost, client, id, str) : redirectEndUserForAuth(parameterMap, discoveryResponseByAmHost, client, id);
        } catch (Exception e) {
            if (e instanceof WebApplicationException) {
                throw e;
            }
            LOG.error(e.getMessage(), e);
            LOG.trace("Internal error occurred.");
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

    private Response directWsCall(Map<String, String[]> map, OpenIdConfigurationResponse openIdConfigurationResponse, oxProxClient oxproxclient, String str, String str2) throws Exception {
        String str3;
        ClientRequest clientRequest = new ClientRequest(openIdConfigurationResponse.getAuthorizationEndpoint());
        clientRequest.header("Content-Type", "application/x-www-form-urlencoded");
        clientRequest.setHttpMethod("POST");
        clientRequest.header("Authorization", str2);
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            String key = entry.getKey();
            if (key.equals("redirect_uri")) {
                clientRequest.formParameter(key, this.conf.getRedirectEndpoint());
            } else if (key.equals("client_id")) {
                clientRequest.formParameter(key, str);
            } else if (key.equals("scope")) {
                ArrayList newArrayList = Lists.newArrayList();
                for (String str4 : prepareRpScopes(entry.getValue())) {
                    String str5 = oxproxclient.getScopeMappingMap().get(str4);
                    if (Strings.isNullOrEmpty(str5)) {
                        str3 = str4;
                    } else {
                        LOG.trace("Remapped scope, clientId: {}, rpScope: {}, opScope: {}", new Object[]{oxproxclient.getClientId(), str4, str5});
                        str3 = str5;
                    }
                    newArrayList.add(str3);
                }
                clientRequest.formParameter(key, this.httpService.formParameterValue(newArrayList));
            } else {
                clientRequest.formParameter(key, this.httpService.formParameterValue(entry.getValue()));
            }
        }
        ClientResponse post = clientRequest.post(String.class);
        LOG.trace("Post response on direct WS call: {}", post);
        try {
            AuthorizationResponse authorizationResponse = new AuthorizationResponse(post);
            if (Util.allNotBlank(new String[]{authorizationResponse.getCode(), authorizationResponse.getScope(), post.getLocation().getHref()})) {
                StringBuilder sb = new StringBuilder(this.httpService.getRedirectUriParameter(map));
                sb.append("?code=").append(encode(authorizationResponse.getCode())).append("&session_id=").append(encode(authorizationResponse.getSessionId())).append("&scope=").append(encode(rpScopes(oxproxclient, authorizationResponse.getScope()))).append("&state=").append(encode(authorizationResponse.getState())).append("&access_token=").append(encode(authorizationResponse.getAccessToken())).append("&id_token=").append(encode(authorizationResponse.getIdToken())).append("&token_type=").append(authorizationResponse.getTokenType() != null ? authorizationResponse.getTokenType().toString() : "");
                return Response.status(post.getStatus()).entity(post.getEntity()).location(new URI(sb.toString())).build();
            }
        } catch (Exception e) {
            LOG.trace(e.getMessage(), e);
        }
        return post;
    }

    private String encode(String str) {
        try {
            return URLEncoder.encode(Strings.nullToEmpty(str), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            LOG.error(e.getMessage(), e);
            return "";
        }
    }

    public static String rpScopes(oxProxClient oxproxclient, String str) {
        Map<String, String> scopeMappingMap = oxproxclient.getScopeMappingMap();
        List<String> splittedStringAsList = Util.splittedStringAsList(str, " ");
        ArrayList newArrayList = Lists.newArrayList();
        for (Map.Entry<String, String> entry : scopeMappingMap.entrySet()) {
            for (String str2 : splittedStringAsList) {
                if (!newArrayList.contains(str2)) {
                    if (entry.getValue().equalsIgnoreCase(str2)) {
                        newArrayList.add(entry.getKey());
                    } else {
                        newArrayList.add(str2);
                    }
                }
            }
        }
        return Util.listAsString(newArrayList);
    }

    private List<String> prepareRpScopes(String[] strArr) {
        return strArr != null ? (strArr.length == 1 && strArr[0].contains(" ")) ? Util.splittedStringAsList(strArr[0], " ") : Arrays.asList(strArr) : Collections.emptyList();
    }

    private Response redirectEndUserForAuth(Map<String, String[]> map, OpenIdConfigurationResponse openIdConfigurationResponse, oxProxClient oxproxclient, String str) throws URISyntaxException {
        StringBuilder sb = new StringBuilder();
        Iterator<Map.Entry<String, String[]>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            appendEntry(sb, (Map.Entry) it.next(), str, oxproxclient);
        }
        String str2 = openIdConfigurationResponse.getAuthorizationEndpoint() + sb.toString();
        LOG.trace("Authorize to : {}", str2);
        return Response.seeOther(new URI(str2)).build();
    }

    private oxProxClient getClient(Map map) {
        oxProxClient client;
        Object obj = map.get("client_id");
        if ((obj instanceof String) && StringUtils.isNotBlank((String) obj)) {
            return this.clientService.getClient((String) obj);
        }
        if (obj instanceof String[]) {
            String[] strArr = (String[]) obj;
            if (strArr.length > 0 && StringUtils.isNotBlank(strArr[0]) && (client = this.clientService.getClient(strArr[0])) != null) {
                return client;
            }
        }
        LOG.warn("Failed to resolve oxProx client.");
        throw new WebApplicationException(this.errorService.response(Response.Status.BAD_REQUEST, ResponseErrorType.INVALID_CLIENT));
    }

    private void appendEntry(StringBuilder sb, Map.Entry<String, ?> entry, String str, oxProxClient oxproxclient) {
        try {
            String key = entry.getKey();
            Object value = entry.getValue();
            if (Strings.isNullOrEmpty(key) || value == null) {
                LOG.error("parameter name ({}) or value ({}) is blank.", key, value);
            } else {
                sb.append(sb.indexOf("?") != -1 ? "&" : "?");
                sb.append(key).append("=");
                appendValue(sb, key, value, str, oxproxclient);
            }
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
    }

    private void appendValue(StringBuilder sb, String str, Object obj, String str2, oxProxClient oxproxclient) throws UnsupportedEncodingException {
        String str3;
        if (str.equals("redirect_uri")) {
            sb.append(URLEncoder.encode(this.conf.getRedirectEndpoint(), "UTF-8"));
            return;
        }
        if (str.equals("client_id")) {
            sb.append(URLEncoder.encode(str2, "UTF-8"));
            return;
        }
        if (!str.equals("scope") || !(obj instanceof String[]) || ((String[]) obj).length <= 0) {
            if (!(obj instanceof String[])) {
                if (obj instanceof String) {
                    sb.append(obj);
                    return;
                }
                return;
            } else {
                for (String str4 : (String[]) obj) {
                    sb.append(URLEncoder.encode(str4, "UTF-8")).append(URLEncoder.encode(" ", "UTF-8"));
                }
                return;
            }
        }
        for (String str5 : StringUtils.split(((String[]) obj)[0], " ")) {
            String str6 = oxproxclient.getScopeMappingMap().get(str5);
            if (Strings.isNullOrEmpty(str6)) {
                str3 = str5;
            } else {
                LOG.trace("Remapped scope, clientId: {}, rpScope: {}, opScope: {}", new Object[]{oxproxclient.getClientId(), str5, str6});
                str3 = str6;
            }
            sb.append(URLEncoder.encode(str3, "UTF-8")).append(URLEncoder.encode(" ", "UTF-8"));
        }
    }
}
