package org.nuxeo.ecm.platform.oauth2;

import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.oauth2.clients.OAuth2ClientService;
import org.nuxeo.ecm.platform.oauth2.tokens.NuxeoOAuth2Token;
import org.nuxeo.ecm.platform.oauth2.tokens.OAuth2TokenStore;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.transaction.TransactionHelper;

/* loaded from: input_file:org/nuxeo/ecm/platform/oauth2/NuxeoOAuth2Authenticator.class */
public class NuxeoOAuth2Authenticator implements NuxeoAuthenticationPlugin {
    private static final Log log = LogFactory.getLog(NuxeoOAuth2Authenticator.class);
    public static final String ACCESS_TOKEN = "access_token";
    public static final String BEARER_SP = "Bearer ";
    protected OAuth2TokenStore tokenStore = new OAuth2TokenStore(Constants.TOKEN_SERVICE);

    public void initPlugin(Map<String, String> map) {
    }

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        return Boolean.FALSE;
    }

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        return Boolean.FALSE;
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String accessToken = getAccessToken(httpServletRequest);
        if (accessToken == null) {
            log.trace("OAuth2 token not found");
            return null;
        }
        NuxeoOAuth2Token nuxeoOAuth2Token = (NuxeoOAuth2Token) TransactionHelper.runInTransaction(() -> {
            return this.tokenStore.getToken(accessToken);
        });
        OAuth2ClientService oAuth2ClientService = (OAuth2ClientService) Framework.getService(OAuth2ClientService.class);
        if (nuxeoOAuth2Token == null) {
            log.trace("OAuth2 token unknown");
            return null;
        }
        if (nuxeoOAuth2Token.isExpired()) {
            log.trace("OAuth2 token expired");
            return null;
        }
        if (oAuth2ClientService.hasClient(nuxeoOAuth2Token.getClientId())) {
            String nuxeoLogin = nuxeoOAuth2Token.getNuxeoLogin();
            log.trace("OAuth2 token found for user: " + nuxeoLogin);
            return new UserIdentificationInfo(nuxeoLogin, nuxeoLogin);
        }
        if (!log.isTraceEnabled()) {
            return null;
        }
        log.trace("OAuth2 token for unknown client: " + nuxeoOAuth2Token.getClientId());
        return null;
    }

    protected String getAccessToken(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("access_token");
        if (StringUtils.isNotBlank(parameter)) {
            log.trace("Found access_token request parameter");
            return parameter;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith(BEARER_SP)) {
            return null;
        }
        log.trace("Found Authorization: Bearer request header");
        return header.substring(BEARER_SP.length()).trim();
    }
}
