package org.nuxeo.ecm.platform.ui.web.auth.oauth;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.LinkedHashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.SimpleOAuthValidator;
import net.oauth.server.OAuthServlet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.common.utils.URIUtils;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.platform.oauth.consumers.NuxeoOAuthConsumer;
import org.nuxeo.ecm.platform.oauth.consumers.OAuthConsumerRegistry;
import org.nuxeo.ecm.platform.oauth.tokens.OAuthToken;
import org.nuxeo.ecm.platform.oauth.tokens.OAuthTokenStore;
import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/oauth/NuxeoOAuth1Servlet.class */
public class NuxeoOAuth1Servlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final Log log = LogFactory.getLog(NuxeoOAuth1Servlet.class);
    public static final String ENDPOINT_REQUEST_TOKEN = "/request-token";
    public static final String ENDPOINT_AUTHORIZE = "/authorize";
    public static final String ENDPOINT_ACCESS_TOKEN = "/access-token";
    public static final String OAUTH_VERIFIER = "oauth_verifier";
    public static final String OAUTH_CALLBACK_CONFIRMED = "oauth_callback_confirmed";
    public static final String NUXEO_LOGIN_PARAM = "nuxeo_login";
    public static final String DURATION_PARAM = "duration";
    public static final String OAUTH_INFO_SESSION_KEY = "OAUTH-INFO";
    public static final String GRANT_PAGE = "oauthGrant.jsp";
    public static final String LOGIN_PAGE = "login.jsp";
    public static final String APPLICATION_X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded";

    protected static String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            throw new NuxeoException(e);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            httpServletResponse.sendError(404);
            return;
        }
        if (pathInfo.equals(ENDPOINT_REQUEST_TOKEN)) {
            doGetRequestToken(httpServletRequest, httpServletResponse);
            return;
        }
        if (pathInfo.equals(ENDPOINT_AUTHORIZE)) {
            doGetAuthorize(httpServletRequest, httpServletResponse);
        } else if (pathInfo.equals(ENDPOINT_ACCESS_TOKEN)) {
            doGetAccessToken(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendError(404);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            httpServletResponse.sendError(404);
        } else if (pathInfo.equals(ENDPOINT_AUTHORIZE)) {
            doPostAuthorize(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendError(404);
        }
    }

    protected void doGetAuthorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("oauth_token");
        httpServletRequest.getSession(true).setAttribute(OAUTH_INFO_SESSION_KEY, ((OAuthTokenStore) Framework.getService(OAuthTokenStore.class)).getRequestToken(parameter));
        httpServletResponse.sendRedirect(VirtualHostHelper.getBaseURL(httpServletRequest) + LOGIN_PAGE + "?requestedUrl=" + urlEncode("oauthGrant.jsp?oauth_token=" + urlEncode(parameter)));
    }

    protected void doPostAuthorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("oauth_token");
        String parameter2 = httpServletRequest.getParameter(NUXEO_LOGIN_PARAM);
        OAuthToken addVerifierToRequestToken = ((OAuthTokenStore) Framework.getService(OAuthTokenStore.class)).addVerifierToRequestToken(parameter, Long.valueOf(httpServletRequest.getParameter(DURATION_PARAM)));
        addVerifierToRequestToken.setNuxeoLogin(parameter2);
        String callbackUrl = addVerifierToRequestToken.getCallbackUrl();
        if (callbackUrl == null) {
            NuxeoOAuthConsumer consumer = ((OAuthConsumerRegistry) Framework.getService(OAuthConsumerRegistry.class)).getConsumer(addVerifierToRequestToken.getConsumerKey());
            if (consumer == null) {
                httpServletResponse.sendError(((Integer) OAuth.Problems.TO_HTTP_CODE.get("consumer_key_unknown")).intValue(), "Unknown consumer key");
                return;
            }
            callbackUrl = consumer.getCallbackURL();
            if (callbackUrl == null) {
                log.error("No callback URL configured for consumer: " + addVerifierToRequestToken.getConsumerKey());
                httpServletResponse.sendError(500);
                return;
            }
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("oauth_token", addVerifierToRequestToken.getToken());
        linkedHashMap.put(OAUTH_VERIFIER, addVerifierToRequestToken.getVerifier());
        httpServletResponse.sendRedirect(URIUtils.addParametersToURIQuery(callbackUrl, linkedHashMap));
    }

    protected void doGetRequestToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, (String) null);
        String consumerKey = message.getConsumerKey();
        NuxeoOAuthConsumer consumer = ((OAuthConsumerRegistry) Framework.getService(OAuthConsumerRegistry.class)).getConsumer(consumerKey, message.getSignatureMethod());
        if (consumer == null) {
            httpServletResponse.sendError(((Integer) OAuth.Problems.TO_HTTP_CODE.get("consumer_key_unknown")).intValue(), "Unknown consumer key");
            return;
        }
        try {
            new SimpleOAuthValidator().validateMessage(message, new OAuthAccessor(consumer));
            OAuthToken createRequestToken = ((OAuthTokenStore) Framework.getService(OAuthTokenStore.class)).createRequestToken(consumerKey, message.getParameter("oauth_callback"));
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("oauth_token", createRequestToken.getToken());
            linkedHashMap.put("oauth_token_secret", createRequestToken.getTokenSecret());
            linkedHashMap.put(OAUTH_CALLBACK_CONFIRMED, "true");
            String uRIQuery = URIUtils.getURIQuery(linkedHashMap);
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType(APPLICATION_X_WWW_FORM_URLENCODED);
            httpServletResponse.getWriter().write(uRIQuery);
        } catch (OAuthException | IOException | URISyntaxException e) {
            httpServletResponse.sendError(((Integer) OAuth.Problems.TO_HTTP_CODE.get("signature_invalid")).intValue(), "Cannot validate signature");
        }
    }

    protected void doGetAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, (String) null);
        String consumerKey = message.getConsumerKey();
        String token = message.getToken();
        NuxeoOAuthConsumer consumer = ((OAuthConsumerRegistry) Framework.getService(OAuthConsumerRegistry.class)).getConsumer(consumerKey, message.getSignatureMethod());
        if (consumer == null) {
            httpServletResponse.sendError(((Integer) OAuth.Problems.TO_HTTP_CODE.get("consumer_key_unknown")).intValue(), "Unknown consumer key");
            return;
        }
        OAuthAccessor oAuthAccessor = new OAuthAccessor(consumer);
        OAuthTokenStore oAuthTokenStore = (OAuthTokenStore) Framework.getService(OAuthTokenStore.class);
        OAuthToken requestToken = oAuthTokenStore.getRequestToken(token);
        oAuthAccessor.requestToken = requestToken.getToken();
        oAuthAccessor.tokenSecret = requestToken.getTokenSecret();
        try {
            new SimpleOAuthValidator().validateMessage(message, oAuthAccessor);
            String parameter = message.getParameter(OAUTH_VERIFIER);
            boolean z = false;
            if (parameter == null) {
                z = consumer.allowBypassVerifier();
            }
            if (!requestToken.getVerifier().equals(parameter) && !z) {
                httpServletResponse.sendError(401, "Verifier is not correct");
                return;
            }
            OAuthToken createAccessTokenFromRequestToken = oAuthTokenStore.createAccessTokenFromRequestToken(requestToken);
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType(APPLICATION_X_WWW_FORM_URLENCODED);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("oauth_token", createAccessTokenFromRequestToken.getToken());
            linkedHashMap.put("oauth_token_secret", createAccessTokenFromRequestToken.getTokenSecret());
            httpServletResponse.getWriter().write(URIUtils.getURIQuery(linkedHashMap));
        } catch (OAuthException | IOException | URISyntaxException e) {
            httpServletResponse.sendError(((Integer) OAuth.Problems.TO_HTTP_CODE.get("signature_invalid")).intValue(), "Cannot validate signature");
        }
    }
}
