package org.nuxeo.ecm.platform.oauth2.openid.auth;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider;
import org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProviderRegistry;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/oauth2/openid/auth/OpenIDConnectAuthenticator.class */
public class OpenIDConnectAuthenticator implements NuxeoAuthenticationPlugin {
    private static final Log log = LogFactory.getLog(OpenIDConnectAuthenticator.class);
    public static final String CODE_URL_PARAM_NAME = "code";
    public static final String ERROR_URL_PARAM_NAME = "error";
    public static final String PROVIDER_URL_PARAM_NAME = "provider";
    protected UserResolverHelper userResolver = new UserResolverHelper();

    protected void sendError(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.setAttribute("org.nuxeo.ecm.login.error", str);
    }

    public UserIdentificationInfo retrieveIdentityFromOAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("error");
        if (parameter != null && parameter.length() > 0) {
            sendError(httpServletRequest, "There was an error: \"" + parameter + "\".");
            return null;
        }
        String parameter2 = httpServletRequest.getParameter("code");
        if (parameter2 == null || parameter2.isEmpty()) {
            sendError(httpServletRequest, "There was an error: \"" + parameter2 + "\".");
            return null;
        }
        String parameter3 = httpServletRequest.getParameter(PROVIDER_URL_PARAM_NAME);
        if (parameter3 == null || parameter3.isEmpty()) {
            sendError(httpServletRequest, "Missing OpenID Connect Provider ID.");
            return null;
        }
        try {
            OpenIDConnectProvider provider = ((OpenIDConnectProviderRegistry) Framework.getLocalService(OpenIDConnectProviderRegistry.class)).getProvider(parameter3);
            if (provider == null) {
                sendError(httpServletRequest, "No service provider called: \"" + parameter3 + "\".");
                return null;
            }
            String accessToken = provider.getAccessToken(httpServletRequest, parameter2);
            if (accessToken == null) {
                return null;
            }
            OpenIdUserInfo userInfo = provider.getUserInfo(accessToken);
            String findNuxeoUser = this.userResolver.findNuxeoUser(userInfo);
            if (findNuxeoUser != null) {
                return new UserIdentificationInfo(findNuxeoUser, findNuxeoUser);
            }
            sendError(httpServletRequest, "No user found with email: \"" + userInfo.email + "\".");
            return null;
        } catch (Exception e) {
            log.error("Error while retrieve Identity From OAuth", e);
            return null;
        }
    }

    public List<String> getUnAuthenticatedURLPrefix() {
        return new ArrayList();
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("error");
        String parameter2 = httpServletRequest.getParameter("code");
        if (httpServletRequest.getParameter(PROVIDER_URL_PARAM_NAME) == null) {
            return null;
        }
        if (parameter2 == null && parameter == null) {
            return null;
        }
        UserIdentificationInfo retrieveIdentityFromOAuth = retrieveIdentityFromOAuth(httpServletRequest, httpServletResponse);
        if (retrieveIdentityFromOAuth != null) {
            retrieveIdentityFromOAuth.setAuthPluginName("TRUSTED_LM");
        }
        return retrieveIdentityFromOAuth;
    }

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        return false;
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        return false;
    }

    public void initPlugin(Map<String, String> map) {
    }
}
