package com.adobe.granite.auth.oauth.impl;

import com.adobe.granite.auth.oauth.OAuthManager;
import com.adobe.granite.auth.oauth.Provider;
import com.adobe.granite.auth.oauth.ProviderConfigProperties;
import com.adobe.granite.auth.oauth.impl.helper.OAuthHelper;
import com.adobe.granite.auth.oauth.impl.helper.OAuthUser;
import com.adobe.granite.auth.oauth.impl.helper.ProviderConfigManager;
import com.adobe.granite.auth.oauth.impl.helper.RequestHelper;
import com.adobe.granite.crypto.CryptoSupport;
import com.day.crx.security.token.TokenUtil;
import java.io.IOException;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.auth.core.spi.AbstractAuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.settings.SlingSettingsService;
import org.osgi.framework.BundleContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({AuthenticationHandler.class})
@Component(metatype = true, policy = ConfigurationPolicy.REQUIRE)
@Properties({@Property(name = "path", value = {"/"}), @Property(name = "service.ranking", intValue = {5000})})
/* loaded from: input_file:com/adobe/granite/auth/oauth/impl/OAuthAuthenticationHandler.class */
public class OAuthAuthenticationHandler extends AbstractAuthenticationHandler {
    private static final String AUTH_TYPE = "OAUTH";

    @Property(name = "service.description")
    private static final String DESCRIPTION = "OAuth Authentication Handler";
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Reference
    private SlingRepository repository;

    @Reference
    private CryptoSupport cryptoSupport;

    @Reference
    private OAuthManager oauthManager;

    @Reference
    private SlingSettingsService settings;
    private String repositoryId;

    @Reference
    private ProviderConfigManager providerConfigManager;

    @Activate
    private void activate(BundleContext bundleContext, Map<String, Object> map) {
        this.repositoryId = RequestHelper.getRepositoryId(this.repository, this.settings);
        this.log.info("activate: Supporting tokens bound to Repository (Cluster) {}", this.repositoryId);
    }

    @Deactivate
    private void deactivate() {
    }

    public AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String authorizedId;
        String authenticatedConfigId = RequestHelper.getAuthenticatedConfigId(httpServletRequest);
        OAuthHelper helper = authenticatedConfigId == null ? null : this.providerConfigManager.getHelper(authenticatedConfigId);
        if (helper != null && !RequestHelper.isInitialCall(httpServletRequest, true) && (authorizedId = helper.getAuthorizedId(httpServletRequest)) != null) {
            return createAuthenticationInfo(httpServletRequest, httpServletResponse, authorizedId);
        }
        String configId = RequestHelper.getConfigId(httpServletRequest);
        OAuthHelper helper2 = configId == null ? null : this.providerConfigManager.getHelper(configId);
        if (RequestHelper.isInitialCall(httpServletRequest, true)) {
            String parameter = httpServletRequest.getParameter(RequestHelper.PARAM_CONFIG_ID);
            OAuthHelper helper3 = this.providerConfigManager.getHelper(parameter);
            Provider provider = this.oauthManager.getProvider(parameter);
            String loginResource = getLoginResource(httpServletRequest, ProviderConfigProperties.DEFAULT_CALL_BACK_URL);
            if (helper3 == null || provider == null) {
                this.log.error("extractCredentials: invalid config: helper is {} provider is {} ", helper3, provider);
            } else {
                try {
                    helper3.requestAuthorization(httpServletRequest, httpServletResponse, provider, loginResource, true);
                    return AuthenticationInfo.DOING_AUTH;
                } catch (IOException e) {
                    this.log.error("extractCredentials: Failure requesting authorization for configId " + parameter, e);
                }
            }
            setupAuthenticationFailure(httpServletRequest, httpServletResponse);
            return AuthenticationInfo.FAIL_AUTH;
        }
        if (!RequestHelper.isAuthzCode(httpServletRequest, true)) {
            return null;
        }
        Provider provider2 = this.oauthManager.getProvider(configId);
        if (helper2 == null || provider2 == null) {
            this.log.error("extractCredentials: Cannot process OAuth continuation; application seems unconfigured");
        } else {
            try {
                OAuthUser requestAccessCode = helper2.requestAccessCode(provider2, httpServletRequest, httpServletResponse, true, true);
                if (requestAccessCode == null) {
                    this.log.error("extractCredentials: Failed to retrieve user identification; cannot authenticate");
                } else {
                    Session session = null;
                    try {
                        Session loginAdministrative = this.repository.loginAdministrative((String) null);
                        User createOrUpdateCRXUser = helper2.createOrUpdateCRXUser(loginAdministrative, this.cryptoSupport, provider2, httpServletRequest, requestAccessCode);
                        if (createOrUpdateCRXUser != null) {
                            AuthenticationInfo createAuthenticationInfo = createAuthenticationInfo(httpServletRequest, httpServletResponse, createOrUpdateCRXUser.getID());
                            if (loginAdministrative != null && loginAdministrative.isLive()) {
                                loginAdministrative.logout();
                            }
                            return createAuthenticationInfo;
                        }
                        this.log.error("extractCredentials: Failed finding user for oauthUser={} of application {}", requestAccessCode, helper2.getClientId());
                        if (loginAdministrative != null && loginAdministrative.isLive()) {
                            loginAdministrative.logout();
                        }
                    } catch (Throwable th) {
                        if (0 != 0 && session.isLive()) {
                            session.logout();
                        }
                        throw th;
                    }
                }
            } catch (IOException e2) {
                this.log.error("extractCredentials: Failed to retrieve user identification; cannot authenticate", e2);
            } catch (RepositoryException e3) {
                this.log.error("extractCredentials: Failed to persist user or properties", e3);
            }
        }
        setupAuthenticationFailure(httpServletRequest, httpServletResponse);
        return AuthenticationInfo.FAIL_AUTH;
    }

    public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return false;
    }

    public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setAuthorizedId(httpServletRequest, httpServletResponse, null);
        RequestHelper.removeConfigId(httpServletRequest, httpServletResponse);
        RequestHelper.removeAuthenticatedConfigId(httpServletRequest, httpServletResponse);
    }

    public boolean authenticationSucceeded(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        boolean z;
        if (!RequestHelper.isAuthzCode(httpServletRequest, true)) {
            return false;
        }
        ResourceResolver resourceResolver = (ResourceResolver) httpServletRequest.getAttribute("org.apache.sling.auth.core.ResourceResolver");
        if (resourceResolver != null) {
            setAuthorizedId(httpServletRequest, httpServletResponse, resourceResolver.getUserID());
        } else {
            this.log.warn("authenticationSucceeded: ResourceResolver missing from request, cannot cache user id");
        }
        if (DefaultAuthenticationFeedbackHandler.handleRedirect(httpServletRequest, httpServletResponse)) {
            z = false;
        } else {
            RequestHelper.handleRedirectAfterAuthentication(httpServletRequest, httpServletResponse);
            z = true;
        }
        return z;
    }

    public void authenticationFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        dropCredentials(httpServletRequest, httpServletResponse);
    }

    public String toString() {
        return DESCRIPTION;
    }

    private void setupAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setLoginResourceAttribute(httpServletRequest, null);
        dropCredentials(httpServletRequest, httpServletResponse);
        httpServletRequest.setAttribute("j_reason", "Authentication Failed");
    }

    private AuthenticationInfo createAuthenticationInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        try {
            return TokenUtil.createCredentials(httpServletRequest, httpServletResponse, this.repository, str, true);
        } catch (RepositoryException e) {
            this.log.error("Unable to create token credentials", e);
            return new AuthenticationInfo(AUTH_TYPE, str);
        }
    }

    private void setAuthorizedId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String configId = RequestHelper.getConfigId(httpServletRequest);
        OAuthHelper helper = configId == null ? null : this.providerConfigManager.getHelper(configId);
        if (helper != null) {
            helper.setAuthorizedId(httpServletRequest, httpServletResponse, str);
            RequestHelper.storeAuthenticatedConfigId(configId, helper.getProviderConfig().getCookieMaxAge(), httpServletRequest, httpServletResponse);
        }
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }

    protected void bindOauthManager(OAuthManager oAuthManager) {
        this.oauthManager = oAuthManager;
    }

    protected void unbindOauthManager(OAuthManager oAuthManager) {
        if (this.oauthManager == oAuthManager) {
            this.oauthManager = null;
        }
    }

    protected void bindSettings(SlingSettingsService slingSettingsService) {
        this.settings = slingSettingsService;
    }

    protected void unbindSettings(SlingSettingsService slingSettingsService) {
        if (this.settings == slingSettingsService) {
            this.settings = null;
        }
    }

    protected void bindProviderConfigManager(ProviderConfigManager providerConfigManager) {
        this.providerConfigManager = providerConfigManager;
    }

    protected void unbindProviderConfigManager(ProviderConfigManager providerConfigManager) {
        if (this.providerConfigManager == providerConfigManager) {
            this.providerConfigManager = null;
        }
    }
}
