package org.nuxeo.ecm.platform.oauth2.request;

import java.io.UnsupportedEncodingException;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.platform.oauth2.clients.ClientRegistry;
import org.nuxeo.ecm.platform.oauth2.providers.NuxeoOAuth2ServiceProvider;
import org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/oauth2/request/AuthorizationRequest.class */
public class AuthorizationRequest extends Oauth2Request {
    private static final Log log = LogFactory.getLog(AuthorizationRequest.class);
    protected static Map<String, AuthorizationRequest> requests = new ConcurrentHashMap();
    protected String responseType;
    protected String scope;
    protected String state;
    protected String sessionId;
    protected Date creationDate;
    protected String authorizationCode;
    protected String authorizationKey;
    protected String username;
    public static final String RESPONSE_TYPE = "response_type";
    public static final String SCOPE = "scope";
    public static final String STATE = "state";

    public AuthorizationRequest() {
    }

    public AuthorizationRequest(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.responseType = httpServletRequest.getParameter(RESPONSE_TYPE);
        this.scope = httpServletRequest.getParameter(SCOPE);
        this.state = httpServletRequest.getParameter(STATE);
        this.sessionId = httpServletRequest.getSession(true).getId();
        this.creationDate = new Date();
        this.authorizationKey = RandomStringUtils.random(6, true, false);
    }

    public String checkError() {
        if (StringUtils.isBlank(this.responseType) || StringUtils.isBlank(this.clientId) || StringUtils.isBlank(this.redirectUri)) {
            return NuxeoOAuth2Filter.ERRORS.invalid_request.toString();
        }
        try {
            if (!((ClientRegistry) Framework.getLocalService(ClientRegistry.class)).hasClient(this.clientId)) {
                return NuxeoOAuth2Filter.ERRORS.unauthorized_client.toString();
            }
            if (NuxeoOAuth2ServiceProvider.CODE_URL_PARAMETER.equals(this.responseType)) {
                return null;
            }
            return NuxeoOAuth2Filter.ERRORS.unsupported_response_type.toString();
        } catch (DirectoryException e) {
            log.warn(e, e);
            return NuxeoOAuth2Filter.ERRORS.server_error.toString();
        }
    }

    public boolean isExpired() {
        return new Date().getTime() - this.creationDate.getTime() > 600000;
    }

    public boolean isValidState(HttpServletRequest httpServletRequest) {
        return StringUtils.isBlank(getState()) || httpServletRequest.getParameter(STATE).equals(getState());
    }

    public String getUsername() {
        return this.username;
    }

    public String getResponseType() {
        return this.responseType;
    }

    public String getScope() {
        return this.scope;
    }

    public String getState() {
        return this.state;
    }

    public String getAuthorizationCode() {
        if (StringUtils.isBlank(this.authorizationCode)) {
            this.authorizationCode = RandomStringUtils.random(10, true, true);
        }
        return this.authorizationCode;
    }

    public String getAuthorizationKey() {
        return this.authorizationKey;
    }

    private static void deleteExpiredRequests() {
        AuthorizationRequest next;
        Iterator<AuthorizationRequest> it = requests.values().iterator();
        while (it.hasNext() && (next = it.next()) != null) {
            if (next.isExpired()) {
                requests.remove(next.sessionId);
            }
        }
    }

    public static AuthorizationRequest from(HttpServletRequest httpServletRequest) throws UnsupportedEncodingException {
        deleteExpiredRequests();
        String id = httpServletRequest.getSession(true).getId();
        if (requests.containsKey(id)) {
            AuthorizationRequest authorizationRequest = requests.get(id);
            if (!authorizationRequest.isExpired() && authorizationRequest.isValidState(httpServletRequest)) {
                return authorizationRequest;
            }
        }
        AuthorizationRequest authorizationRequest2 = new AuthorizationRequest(httpServletRequest);
        requests.put(id, authorizationRequest2);
        return authorizationRequest2;
    }

    public static AuthorizationRequest fromCode(String str) {
        for (AuthorizationRequest authorizationRequest : requests.values()) {
            if (authorizationRequest.authorizationCode != null && authorizationRequest.authorizationCode.equals(str)) {
                if (authorizationRequest.sessionId != null) {
                    requests.remove(authorizationRequest.sessionId);
                }
                if (authorizationRequest.isExpired()) {
                    return null;
                }
                return authorizationRequest;
            }
        }
        return null;
    }

    public void setUsername(String str) {
        this.username = str;
    }
}
