package org.gluu.oxauth.client.validation;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.gluu.oxauth.client.session.AbstractOAuthFilter;
import org.gluu.oxauth.client.session.OAuthData;
import org.gluu.oxauth.client.util.Configuration;
import org.xdi.oxauth.client.TokenClient;
import org.xdi.oxauth.client.TokenResponse;
import org.xdi.oxauth.client.UserInfoClient;
import org.xdi.oxauth.client.UserInfoResponse;
import org.xdi.oxauth.client.ValidateTokenClient;
import org.xdi.oxauth.client.ValidateTokenResponse;
import org.xdi.util.AssertionHelper;
import org.xdi.util.StringHelper;
import org.xdi.util.security.StringEncrypter;

/* loaded from: input_file:org/gluu/oxauth/client/validation/OAuthValidationFilter.class */
public class OAuthValidationFilter extends AbstractOAuthFilter {
    private String oAuthAuthorizeUrl;
    private String oAuthTokenUrl;
    private String oAuthValidationUrl;
    private String oAuthCheckSessionUrl;
    private String oAuthUserInfoUrl;
    private String oAuthHost;
    private String oAuthClientId;
    private String oAuthClientPassword;

    public final void init(FilterConfig filterConfig) throws ServletException {
        this.oAuthAuthorizeUrl = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_AUTHORIZE_URL, null);
        if (this.oAuthAuthorizeUrl != null) {
            this.oAuthHost = getOAuthHost(this.oAuthAuthorizeUrl);
        }
        this.oAuthTokenUrl = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_TOKEN_URL, null);
        this.oAuthValidationUrl = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_TOKEN_VALIDATION_URL, null);
        this.oAuthCheckSessionUrl = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_CHECKSESSION_URL, null);
        this.oAuthUserInfoUrl = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_USERINFO_URL, null);
        this.oAuthClientId = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_CLIENT_ID, null);
        this.oAuthClientPassword = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, null);
        if (this.oAuthClientPassword != null) {
            try {
                this.oAuthClientPassword = StringEncrypter.defaultInstance().decrypt(this.oAuthClientPassword);
            } catch (StringEncrypter.EncryptionException e) {
                this.log.error("Failed to decrypt property: oxauth.client.password", e);
            }
        }
        AssertionHelper.assertNotNull(this.oAuthAuthorizeUrl, "oxauth.authorize.urlcannot be null");
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        this.log.debug("Attempting to validate grants");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!preFilter(servletRequest, servletResponse, filterChain)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        String parameter = getParameter(httpServletRequest, Configuration.OAUTH_CODE);
        String parameter2 = getParameter(httpServletRequest, Configuration.OAUTH_ID_TOKEN);
        this.log.debug("Attempting to validate code: " + parameter + " and id_token: " + parameter2);
        try {
            session.setAttribute(Configuration.SESSION_OAUTH_DATA, getOAuthData(httpServletRequest, parameter, parameter2));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            httpServletResponse.setStatus(403);
            this.log.warn("Failed to validate code and id_token", e);
            throw new ServletException(e);
        }
    }

    protected final boolean preFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getSession(false) == null) {
            return false;
        }
        return StringHelper.isNotEmpty(getParameter(httpServletRequest, Configuration.OAUTH_CODE)) && StringHelper.isNotEmpty(getParameter(httpServletRequest, Configuration.OAUTH_ID_TOKEN));
    }

    private OAuthData getOAuthData(HttpServletRequest httpServletRequest, String str, String str2) throws Exception {
        String parameter = getParameter(httpServletRequest, Configuration.OAUTH_SCOPE);
        this.log.trace("scopes : " + parameter);
        this.log.trace("Getting access token");
        TokenResponse execAuthorizationCode = new TokenClient(this.oAuthTokenUrl).execAuthorizationCode(str, constructRedirectUrl(httpServletRequest), this.oAuthClientId, this.oAuthClientPassword);
        this.log.trace("tokenResponse : " + execAuthorizationCode);
        this.log.trace("tokenResponse.getErrorType() : " + execAuthorizationCode.getErrorType());
        String accessToken = execAuthorizationCode.getAccessToken();
        this.log.trace("accessToken : " + accessToken);
        this.log.trace("Validating access token ");
        ValidateTokenResponse execValidateToken = new ValidateTokenClient(this.oAuthValidationUrl).execValidateToken(accessToken);
        this.log.trace(" response3.getStatus() : " + execValidateToken.getStatus());
        this.log.info("validate check session status:" + execValidateToken.getStatus());
        if (execValidateToken.getErrorDescription() != null) {
            this.log.error("validate token status message:" + execValidateToken.getErrorDescription());
        }
        if (execValidateToken.getStatus() != 200) {
            this.log.error("Token validation failed. User is NOT logged in");
            return null;
        }
        this.log.info("Session validation successful. User is logged in");
        UserInfoResponse execUserInfo = new UserInfoClient(this.oAuthUserInfoUrl).execUserInfo(accessToken);
        OAuthData oAuthData = new OAuthData();
        oAuthData.setHost(this.oAuthHost);
        List list = (List) execUserInfo.getClaims().get("sub");
        if (list == null || list.size() == 0) {
            this.log.error("User infor response doesn't contains uid claim");
            return null;
        }
        oAuthData.setUserUid((String) list.get(0));
        oAuthData.setAccessToken(accessToken);
        oAuthData.setAccessTokenExpirationInSeconds(execValidateToken.getExpiresIn().intValue());
        oAuthData.setScopes(parameter);
        oAuthData.setIdToken(str2);
        this.log.trace("User uid:" + oAuthData.getUserUid());
        return oAuthData;
    }

    private String getOAuthHost(String str) {
        try {
            URL url = new URL(str);
            return String.format("%s://%s:%s", url.getProtocol(), url.getHost(), Integer.valueOf(url.getPort()));
        } catch (MalformedURLException e) {
            this.log.error("Invalid oAuth authorization URI: " + str, e);
            return null;
        }
    }

    public void destroy() {
    }
}
