package org.ovirt.engine.core.sso.servlets;

import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Stack;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.core.sso.utils.InteractiveAuth;
import org.ovirt.engine.core.sso.utils.OAuthException;
import org.ovirt.engine.core.sso.utils.SsoConstants;
import org.ovirt.engine.core.sso.utils.SsoSession;
import org.ovirt.engine.core.sso.utils.SsoUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/servlets/OpenIdAuthorizeServlet.class */
public class OpenIdAuthorizeServlet extends OAuthAuthorizeServlet {
    private static Logger log = LoggerFactory.getLogger(OpenIdAuthorizeServlet.class);
    private static List<String> unsupportedScopes = Arrays.asList("profile", "email", "address", "phone");

    @Override // org.ovirt.engine.core.sso.servlets.OAuthAuthorizeServlet
    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            handleRequest(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            SsoUtils.getSsoSession(httpServletRequest, true).setRedirectUri(httpServletRequest.getParameter(SsoConstants.HTTP_PARAM_REDIRECT_URI));
            if ((e instanceof OAuthException) && ((OAuthException) e).getCode().equals(SsoConstants.ERR_CODE_INVALID_REQUEST) && e.getMessage().equals(SsoConstants.ERR_REDIRECT_URI_NOTREG_MSG)) {
                SsoUtils.sendJsonDataWithMessage(httpServletRequest, httpServletResponse, (OAuthException) e);
            } else {
                SsoUtils.redirectToErrorPage(httpServletRequest, httpServletResponse, e);
            }
        }
    }

    @Override // org.ovirt.engine.core.sso.servlets.OAuthAuthorizeServlet
    protected void validateClientRequest(HttpServletRequest httpServletRequest, String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList(SsoUtils.scopeAsList(str2));
        arrayList.removeAll(unsupportedScopes);
        SsoUtils.validateClientRequest(httpServletRequest, str, null, StringUtils.join(arrayList, ' '), str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.ovirt.engine.core.sso.servlets.OAuthAuthorizeServlet
    public SsoSession buildSsoSession(HttpServletRequest httpServletRequest) throws Exception {
        SsoSession buildSsoSession = super.buildSsoSession(httpServletRequest);
        buildSsoSession.setOpenIdScope(true);
        buildSsoSession.setOpenIdNonce(httpServletRequest.getParameter(SsoConstants.HTTP_PARAM_OPENID_NONCE));
        buildSsoSession.setOpenIdPrompt(httpServletRequest.getParameter(SsoConstants.HTTP_PARAM_OPENID_PROMPT));
        buildSsoSession.setOpenIdDisplay(httpServletRequest.getParameter(SsoConstants.HTTP_PARAM_OPENID_DISPLAY));
        String parameter = httpServletRequest.getParameter(SsoConstants.HTTP_PARAM_OPENID_MAX_AGE);
        if ("login".equals(buildSsoSession.getOpenIdPrompt())) {
            buildSsoSession.setStatus(SsoSession.Status.unauthenticated);
        } else if (buildSsoSession.getStatus() == SsoSession.Status.authenticated && StringUtils.isNotEmpty(parameter)) {
            if (Duration.between(buildSsoSession.getAuthTime().toInstant(), Instant.now()).toMillis() > Long.parseLong(parameter) * 1000) {
                buildSsoSession.setStatus(SsoSession.Status.unauthenticated);
            }
        }
        return buildSsoSession;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.ovirt.engine.core.sso.servlets.OAuthAuthorizeServlet
    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoSession ssoSession) throws Exception {
        log.debug("Entered login queryString: {}", httpServletRequest.getQueryString());
        switch (ssoSession.getStatus()) {
            case unauthenticated:
                if (StringUtils.isNotEmpty(ssoSession.getAccessToken()) && StringUtils.isNotEmpty(ssoSession.getAuthorizationCode())) {
                    ssoSession = (SsoSession) ssoSession.clone();
                    httpServletRequest.getSession().setAttribute(SsoConstants.OVIRT_SSO_SESSION, ssoSession);
                    break;
                }
                break;
            case authenticated:
                ssoSession.setTokenIssued(false);
                ssoSession.setActive(true);
                break;
        }
        super.login(httpServletRequest, httpServletResponse, ssoSession);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.ovirt.engine.core.sso.servlets.OAuthAuthorizeServlet
    public Stack<InteractiveAuth> getAuthSeq(SsoSession ssoSession) {
        Stack<InteractiveAuth> authSeq = super.getAuthSeq(ssoSession);
        if ("none".equals(ssoSession.getOpenIdPrompt())) {
            authSeq.remove(InteractiveAuth.I);
            authSeq.remove(InteractiveAuth.B);
        }
        if ("popup".equals(ssoSession.getOpenIdDisplay())) {
            authSeq.remove(InteractiveAuth.I);
            authSeq.push(InteractiveAuth.b);
            authSeq.push(InteractiveAuth.B);
        }
        return authSeq;
    }
}
