package org.ovirt.engine.core.sso.servlets;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.api.extensions.aaa.Authz;
import org.ovirt.engine.core.sso.search.DirectorySearch;
import org.ovirt.engine.core.sso.utils.OAuthException;
import org.ovirt.engine.core.sso.utils.SsoConstants;
import org.ovirt.engine.core.sso.utils.SsoContext;
import org.ovirt.engine.core.sso.utils.SsoSession;
import org.ovirt.engine.core.sso.utils.SsoUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/servlets/OAuthTokenInfoServlet.class */
public class OAuthTokenInfoServlet extends HttpServlet {
    private static final long serialVersionUID = 5190618483759215735L;
    private static Logger log = LoggerFactory.getLogger(OAuthTokenInfoServlet.class);
    private Map<String, DirectorySearch> directoryQueries = new HashMap();
    private Map<String, DirectorySearch> directoryPublicQueries = new HashMap();
    private SsoContext ssoContext;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.ssoContext = SsoUtils.getSsoContext(servletConfig.getServletContext());
        for (DirectorySearch directorySearch : DirectorySearch.values()) {
            if (directorySearch.isPublicQuery()) {
                this.directoryPublicQueries.put(directorySearch.getName(), directorySearch);
            } else {
                this.directoryQueries.put(directorySearch.getName(), directorySearch);
            }
        }
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log.debug("Entered OAuthTokenInfo QueryString: {}, Parameters : {}", httpServletRequest.getQueryString(), SsoUtils.getRequestParameters(httpServletRequest));
        try {
            String requestParameter = SsoUtils.getRequestParameter(httpServletRequest, "scope", "");
            boolean contains = SsoUtils.scopeAsList(requestParameter).contains(SsoConstants.VALIDATE_SCOPE);
            boolean contains2 = SsoUtils.scopeAsList(requestParameter).contains(SsoConstants.AUTHZ_SEARCH_SCOPE);
            boolean contains3 = SsoUtils.scopeAsList(requestParameter).contains(SsoConstants.PUBLIC_AUTHZ_SEARCH_SCOPE);
            SsoUtils.validateClientAcceptHeader(httpServletRequest);
            if (contains) {
                SsoUtils.getSsoSession(httpServletRequest, null, SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_TOKEN), true);
                log.debug("Sending json response");
                SsoUtils.sendJsonData(httpServletResponse, (Map<String, Object>) Collections.emptyMap());
            } else {
                String[] clientIdClientSecret = SsoUtils.getClientIdClientSecret(httpServletRequest);
                SsoUtils.validateClientRequest(httpServletRequest, clientIdClientSecret[0], clientIdClientSecret[1], null, null);
                if (contains2 || contains3) {
                    validateQueryType(httpServletRequest);
                }
                if (!contains3) {
                    String requestParameter2 = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_TOKEN);
                    SsoUtils.validateRequestScope(httpServletRequest, requestParameter2, requestParameter);
                    SsoUtils.getSsoSession(httpServletRequest, clientIdClientSecret[0], requestParameter2, true).getAssociatedClientIds().add(clientIdClientSecret[0]);
                }
                log.debug("Sending json response");
                SsoUtils.sendJsonData(httpServletResponse, (contains2 || contains3) ? buildSearchResponse(httpServletRequest, contains3) : buildResponse(httpServletRequest, clientIdClientSecret[0], requestParameter));
            }
        } catch (OAuthException e) {
            SsoUtils.sendJsonDataWithMessage(httpServletRequest, httpServletResponse, e, false);
        } catch (Exception e2) {
            SsoUtils.sendJsonDataWithMessage(httpServletRequest, httpServletResponse, SsoConstants.ERR_CODE_SERVER_ERROR, e2);
        }
    }

    private void validateQueryType(HttpServletRequest httpServletRequest) throws Exception {
        String requestParameter = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_SEARCH_QUERY_TYPE);
        if (!this.directoryQueries.containsKey(requestParameter) && !this.directoryPublicQueries.containsKey(requestParameter)) {
            throw new OAuthException(SsoConstants.ERR_CODE_INVALID_REQUEST, String.format(this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_UNSUPPORTED_PARAMETER_IN_REQUEST, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)), requestParameter, SsoConstants.HTTP_PARAM_SEARCH_QUERY_TYPE));
        }
    }

    private Map<String, Object> buildSearchResponse(HttpServletRequest httpServletRequest, boolean z) throws Exception {
        log.debug("Entered SearchDirectoryServlet Query String: {}, Parameters : {}", httpServletRequest.getQueryString(), SsoUtils.getRequestParameters(httpServletRequest));
        HashMap hashMap = new HashMap();
        hashMap.put("result", z ? this.directoryPublicQueries.get(SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_SEARCH_QUERY_TYPE)).executeQuery(this.ssoContext, httpServletRequest) : this.directoryQueries.get(SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_SEARCH_QUERY_TYPE)).executeQuery(this.ssoContext, httpServletRequest));
        return hashMap;
    }

    private Map<String, Object> buildResponse(HttpServletRequest httpServletRequest, String str, String str2) throws Exception {
        SsoSession ssoSession = SsoUtils.getSsoSession(httpServletRequest, str, SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_TOKEN), true);
        String str3 = null;
        if (SsoUtils.scopeAsList(str2).contains(SsoConstants.PASSWORD_ACCESS_SCOPE)) {
            str3 = ssoSession.getPassword();
        }
        return buildResponse(ssoSession, str3);
    }

    private Map<String, Object> buildResponse(SsoSession ssoSession, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(SsoConstants.JSON_ACTIVE, Boolean.valueOf(ssoSession.isActive()));
        hashMap.put(SsoConstants.JSON_TOKEN_TYPE, "bearer");
        hashMap.put("client_id", ssoSession.getClientId());
        hashMap.put(SsoConstants.JSON_USER_ID, ssoSession.getUserIdWithProfile());
        hashMap.put("scope", StringUtils.isEmpty(ssoSession.getScope()) ? "" : ssoSession.getScope());
        hashMap.put(SsoConstants.JSON_EXPIRES_IN, ssoSession.getValidTo().toString());
        HashMap hashMap2 = new HashMap();
        hashMap2.put("version", SsoConstants.OVIRT_SSO_VERSION);
        hashMap2.put("principal_id", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.ID));
        hashMap2.put("email", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.EMAIL));
        hashMap2.put(SsoConstants.HTTP_PARAM_NAMESPACE, ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.NAMESPACE));
        hashMap2.put("first_name", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.FIRST_NAME));
        hashMap2.put("last_name", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.LAST_NAME));
        hashMap2.put("group_ids", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.GROUPS, Collections.emptyList()));
        if (str != null) {
            hashMap2.put("password", str);
        }
        hashMap2.put("capability_credentials_change", Boolean.valueOf(this.ssoContext.getSsoProfilesSupportingPasswdChange().contains(ssoSession.getProfile())));
        hashMap.put("ovirt", hashMap2);
        return hashMap;
    }
}
