package org.ovirt.engine.core.sso.servlets;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Stack;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.core.sso.utils.InteractiveAuth;
import org.ovirt.engine.core.sso.utils.OAuthBadRequestException;
import org.ovirt.engine.core.sso.utils.OAuthException;
import org.ovirt.engine.core.sso.utils.SsoConstants;
import org.ovirt.engine.core.sso.utils.SsoContext;
import org.ovirt.engine.core.sso.utils.SsoSession;
import org.ovirt.engine.core.sso.utils.SsoUtils;
import org.ovirt.engine.core.uutils.net.URLBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/servlets/OAuthAuthorizeServlet.class */
public class OAuthAuthorizeServlet extends HttpServlet {
    private static final long serialVersionUID = -4822437649213489822L;
    private static Logger log = LoggerFactory.getLogger(OAuthAuthorizeServlet.class);
    private SsoContext ssoContext;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.ssoContext = SsoUtils.getSsoContext(servletConfig.getServletContext());
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            handleRequest(httpServletRequest, httpServletResponse);
        } catch (OAuthBadRequestException e) {
            httpServletResponse.sendError(400, e.getMessage());
        } catch (Exception e2) {
            SsoUtils.redirectToErrorPage(httpServletRequest, httpServletResponse, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        log.debug("Entered AuthorizeServlet QueryString: {}, Parameters : {}", httpServletRequest.getQueryString(), SsoUtils.getRequestParameters(httpServletRequest));
        String requestParameter = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.JSON_RESPONSE_TYPE, true);
        if (!requestParameter.equals(SsoConstants.HTTP_PARAM_AUTHORIZATION_CODE)) {
            throw new OAuthBadRequestException(SsoConstants.ERR_CODE_INVALID_REQUEST, String.format(this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_UNSUPPORTED_PARAMETER_IN_REQUEST, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)), requestParameter, SsoConstants.JSON_RESPONSE_TYPE));
        }
        login(httpServletRequest, httpServletResponse, buildSsoSession(httpServletRequest));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SsoSession buildSsoSession(HttpServletRequest httpServletRequest) throws Exception {
        String requestParameter = SsoUtils.getRequestParameter(httpServletRequest, "client_id", true);
        String parameter = httpServletRequest.getParameter(SsoConstants.HTTP_PARAM_REDIRECT_URI);
        SsoUtils.validateRedirectUri(httpServletRequest, requestParameter, parameter);
        String scopeRequestParameter = SsoUtils.getScopeRequestParameter(httpServletRequest, "");
        String requestParameter2 = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_STATE, "");
        String requestParameter3 = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_APP_URL, "");
        String requestParameter4 = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_SOURCE_ADDR, "UNKNOWN");
        validateClientRequest(httpServletRequest, requestParameter, scopeRequestParameter, parameter);
        httpServletRequest.getSession(true);
        SsoSession ssoSession = SsoUtils.getSsoSession(httpServletRequest);
        ssoSession.setAppUrl(requestParameter3);
        ssoSession.setClientId(requestParameter);
        ssoSession.setSourceAddr(requestParameter4);
        ssoSession.setRedirectUri(parameter);
        ssoSession.setScope(scopeRequestParameter);
        ssoSession.setState(requestParameter2);
        ssoSession.getHttpSession().setMaxInactiveInterval(-1);
        return ssoSession;
    }

    protected void validateClientRequest(HttpServletRequest httpServletRequest, String str, String str2, String str3) {
        SsoUtils.validateClientRequest(httpServletRequest, str, null, str2, str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoSession ssoSession) throws Exception {
        String str;
        log.debug("Entered login queryString: {}", httpServletRequest.getQueryString());
        if (SsoUtils.isUserAuthenticated(httpServletRequest)) {
            log.debug("User is authenticated redirecting to interactive-redirect-to-module");
            str = httpServletRequest.getContextPath() + SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI;
        } else if (SsoUtils.scopeAsList(SsoUtils.getScopeRequestParameter(httpServletRequest, "")).contains("ovirt-ext=auth:identity")) {
            str = new URLBuilder(SsoUtils.getRedirectUrl(httpServletRequest)).addParameter(SsoConstants.ERROR, SsoConstants.ERR_OVIRT_CODE_NOT_AUTHENTICATED).addParameter(SsoConstants.ERROR_DESCRIPTION, SsoConstants.ERR_CODE_NOT_AUTHENTICATED_MSG).build();
        } else {
            ssoSession.setAuthStack(getAuthSeq(ssoSession));
            if (ssoSession.getAuthStack().isEmpty()) {
                throw new OAuthException(SsoConstants.ERR_CODE_ACCESS_DENIED, this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_NO_VALID_AUTHENTICATION_MECHANISM_FOUND, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
            }
            str = httpServletRequest.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI;
        }
        log.debug("Redirecting to url: {}", str);
        httpServletResponse.sendRedirect(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Stack<InteractiveAuth> getAuthSeq(SsoSession ssoSession) {
        String scope = ssoSession.getScope();
        String property = this.ssoContext.getSsoLocalConfig().getProperty("SSO_AUTH_LOGIN_SEQUENCE");
        String str = null;
        if (StringUtils.isEmpty(scope) || !scope.contains("ovirt-ext=auth:sequence-priority=")) {
            str = "~";
        } else {
            for (String str2 : SsoUtils.scopeAsList(scope)) {
                if (str2.startsWith("ovirt-ext=auth:sequence-priority=")) {
                    str = str2.trim().split("=", 3)[2];
                }
            }
        }
        List<InteractiveAuth> authListForSeq = getAuthListForSeq(str);
        if (StringUtils.isNotEmpty(str) && str.startsWith("~")) {
            for (char c : property.toCharArray()) {
                if (!authListForSeq.contains(InteractiveAuth.valueOf("" + c))) {
                    authListForSeq.add(InteractiveAuth.valueOf("" + c));
                }
            }
            authListForSeq.retainAll(getAuthListForSeq(property));
        }
        Collections.reverse(authListForSeq);
        Stack<InteractiveAuth> stack = new Stack<>();
        stack.addAll(authListForSeq);
        return stack;
    }

    private static List<InteractiveAuth> getAuthListForSeq(String str) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isNotEmpty(str)) {
            for (char c : str.toCharArray()) {
                if (c != '~') {
                    arrayList.add(InteractiveAuth.valueOf("" + c));
                }
            }
        }
        return arrayList;
    }
}
