package org.eclipse.lyo.server.oauth.webapp.services;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.util.List;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;
import org.apache.wink.common.RestConstants;
import org.apache.wink.json4j.JSON;
import org.apache.wink.json4j.JSONException;
import org.apache.wink.json4j.JSONObject;
import org.eclipse.lyo.server.oauth.core.Application;
import org.eclipse.lyo.server.oauth.core.AuthenticationException;
import org.eclipse.lyo.server.oauth.core.OAuthConfiguration;
import org.eclipse.lyo.server.oauth.core.OAuthRequest;
import org.eclipse.lyo.server.oauth.core.consumer.ConsumerStoreException;
import org.eclipse.lyo.server.oauth.core.consumer.LyoOAuthConsumer;
import org.eclipse.lyo.server.oauth.core.token.TokenStrategy;

@Path("/oauth")
/* loaded from: input_file:WEB-INF/classes/org/eclipse/lyo/server/oauth/webapp/services/OAuthService.class */
public class OAuthService {

    @Context
    protected HttpServletRequest httpRequest;

    @Context
    protected HttpServletResponse httpResponse;

    @GET
    @Path("/requestToken")
    public Response doGetRequestToken() throws IOException, ServletException {
        return doPostRequestToken();
    }

    @POST
    @Path("/requestToken")
    public Response doPostRequestToken() throws IOException, ServletException {
        try {
            OAuthRequest validateRequest = validateRequest();
            OAuthConfiguration.getInstance().getTokenStrategy().generateRequestToken(validateRequest);
            boolean confirmCallback = confirmCallback(validateRequest);
            OAuthAccessor accessor = validateRequest.getAccessor();
            return respondWithToken(accessor.requestToken, accessor.tokenSecret, confirmCallback);
        } catch (OAuthException e) {
            return respondWithOAuthProblem(e);
        }
    }

    protected boolean confirmCallback(OAuthRequest oAuthRequest) throws OAuthException {
        boolean z = OAuthConfiguration.getInstance().getTokenStrategy().getCallback(this.httpRequest, oAuthRequest.getAccessor().requestToken) != null;
        if (z) {
            oAuthRequest.getConsumer().setOAuthVersion(LyoOAuthConsumer.OAuthVersion.OAUTH_1_0A);
        } else {
            if (!OAuthConfiguration.getInstance().isV1_0Allowed()) {
                throw new OAuthProblemException(OAuth.Problems.OAUTH_PARAMETERS_ABSENT);
            }
            oAuthRequest.getConsumer().setOAuthVersion(LyoOAuthConsumer.OAuthVersion.OAUTH_1_0);
        }
        return z;
    }

    @GET
    @Path("/authorize")
    public Response authorize() throws ServletException, IOException {
        try {
            OAuthMessage message = OAuthServlet.getMessage(this.httpRequest, null);
            OAuthConfiguration oAuthConfiguration = OAuthConfiguration.getInstance();
            LyoOAuthConsumer consumer = OAuthConfiguration.getInstance().getConsumerStore().getConsumer(oAuthConfiguration.getTokenStrategy().validateRequestToken(this.httpRequest, message));
            this.httpRequest.setAttribute("requestToken", message.getToken());
            this.httpRequest.setAttribute("consumerName", consumer.getName());
            this.httpRequest.setAttribute(RestConstants.REST_PARAM_JSON_CALLBACK, getCallbackURL(message, consumer));
            this.httpRequest.setAttribute("callbackConfirmed", new Boolean(consumer.getOAuthVersion() == LyoOAuthConsumer.OAuthVersion.OAUTH_1_0A));
            this.httpRequest.setAttribute("applicationName", oAuthConfiguration.getApplication().getName());
            this.httpResponse.setHeader("Cache-Control", HTTPConstants.NO_CACHE);
            if (oAuthConfiguration.getApplication().isAuthenticated(this.httpRequest)) {
                this.httpRequest.getRequestDispatcher("/oauth/authorize.jsp").forward(this.httpRequest, this.httpResponse);
                return null;
            }
            this.httpRequest.getRequestDispatcher("/oauth/login.jsp").forward(this.httpRequest, this.httpResponse);
            return null;
        } catch (OAuthException e) {
            return respondWithOAuthProblem(e);
        }
    }

    private String getCallbackURL(OAuthMessage oAuthMessage, LyoOAuthConsumer lyoOAuthConsumer) throws IOException, OAuthException {
        String str = null;
        switch (lyoOAuthConsumer.getOAuthVersion()) {
            case OAUTH_1_0:
                if (!OAuthConfiguration.getInstance().isV1_0Allowed()) {
                    throw new OAuthProblemException(OAuth.Problems.VERSION_REJECTED);
                }
                str = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
                break;
            case OAUTH_1_0A:
                str = OAuthConfiguration.getInstance().getTokenStrategy().getCallback(this.httpRequest, oAuthMessage.getToken());
                break;
        }
        if (str == null) {
            return null;
        }
        UriBuilder queryParam = UriBuilder.fromUri(str).queryParam(OAuth.OAUTH_TOKEN, oAuthMessage.getToken());
        if (lyoOAuthConsumer.getOAuthVersion() == LyoOAuthConsumer.OAuthVersion.OAUTH_1_0A) {
            queryParam.queryParam(OAuth.OAUTH_VERIFIER, OAuthConfiguration.getInstance().getTokenStrategy().generateVerificationCode(this.httpRequest, oAuthMessage.getToken()));
        }
        return queryParam.build(new Object[0]).toString();
    }

    @POST
    @Path("/login")
    public Response login(@FormParam("id") String str, @FormParam("password") String str2, @FormParam("requestToken") String str3) {
        CSRFPrevent.check(this.httpRequest);
        try {
            OAuthConfiguration.getInstance().getApplication().login(this.httpRequest, str, str2);
            try {
                OAuthConfiguration.getInstance().getTokenStrategy().markRequestTokenAuthorized(this.httpRequest, str3);
                return Response.noContent().build();
            } catch (OAuthException e) {
                return Response.status(Response.Status.CONFLICT).entity("Request token invalid.").type(MediaType.TEXT_PLAIN).build();
            }
        } catch (OAuthException e2) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        } catch (AuthenticationException e3) {
            String message = e3.getMessage();
            if (message == null || "".equals(message)) {
                message = "Incorrect username or password.";
            }
            return Response.status(Response.Status.CONFLICT).entity(message).type(MediaType.TEXT_PLAIN).build();
        }
    }

    @POST
    @Path("/internal/approveToken")
    public Response authorize(@FormParam("requestToken") String str) {
        CSRFPrevent.check(this.httpRequest);
        try {
            return !OAuthConfiguration.getInstance().getApplication().isAuthenticated(this.httpRequest) ? Response.status(Response.Status.FORBIDDEN).build() : authorizeToken(str);
        } catch (OAuthProblemException e) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        }
    }

    private Response authorizeToken(String str) {
        try {
            OAuthConfiguration.getInstance().getTokenStrategy().markRequestTokenAuthorized(this.httpRequest, str);
            return Response.noContent().build();
        } catch (OAuthException e) {
            return Response.status(Response.Status.CONFLICT).entity("Request token invalid.").type(MediaType.TEXT_PLAIN).build();
        }
    }

    @GET
    @Path("/accessToken")
    public Response doGetAccessToken() throws IOException, ServletException {
        return doPostAccessToken();
    }

    @POST
    @Path("/accessToken")
    public Response doPostAccessToken() throws IOException, ServletException {
        try {
            OAuthRequest validateRequest = validateRequest();
            OAuthConfiguration oAuthConfiguration = OAuthConfiguration.getInstance();
            TokenStrategy tokenStrategy = oAuthConfiguration.getTokenStrategy();
            tokenStrategy.validateRequestToken(this.httpRequest, validateRequest.getMessage());
            if (!oAuthConfiguration.isV1_0Allowed() || validateRequest.getConsumer().getOAuthVersion() == LyoOAuthConsumer.OAuthVersion.OAUTH_1_0A) {
                tokenStrategy.validateVerificationCode(validateRequest);
            }
            tokenStrategy.generateAccessToken(validateRequest);
            OAuthAccessor accessor = validateRequest.getAccessor();
            return respondWithToken(accessor.accessToken, accessor.tokenSecret);
        } catch (OAuthException e) {
            return respondWithOAuthProblem(e);
        }
    }

    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @Path("/requestKey")
    public Response provisionalKey() throws NullPointerException, IOException {
        try {
            JSONObject jSONObject = (JSONObject) JSON.parse((InputStream) this.httpRequest.getInputStream());
            String str = null;
            if (jSONObject.has("name") && jSONObject.get("name") != null) {
                str = jSONObject.getString("name");
            }
            if (str == null || str.trim().equals("")) {
                str = getRemoteHost();
            }
            String string = jSONObject.getString("secret");
            boolean z = false;
            if (jSONObject.has("trusted")) {
                z = "true".equals(jSONObject.getString("trusted"));
            }
            String uuid = UUID.randomUUID().toString();
            LyoOAuthConsumer lyoOAuthConsumer = new LyoOAuthConsumer(uuid, string);
            lyoOAuthConsumer.setName(str);
            lyoOAuthConsumer.setProvisional(true);
            lyoOAuthConsumer.setTrusted(z);
            OAuthConfiguration.getInstance().getConsumerStore().addConsumer(lyoOAuthConsumer);
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("key", (Object) uuid);
            return Response.ok(jSONObject2.write()).header("Cache-Control", HTTPConstants.NO_CACHE).build();
        } catch (JSONException e) {
            e.printStackTrace();
            return Response.status(Response.Status.BAD_REQUEST).build();
        } catch (ConsumerStoreException e2) {
            e2.printStackTrace();
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).type(MediaType.TEXT_PLAIN).entity(e2.getMessage()).build();
        }
    }

    @GET
    @Produces({MediaType.TEXT_HTML})
    @Path("/approveKey")
    public Response showApproveKeyPage(@QueryParam("key") String str) throws ServletException, IOException {
        if (str == null || "".equals(str)) {
            return showConsumerKeyManagementPage();
        }
        try {
            Application application = OAuthConfiguration.getInstance().getApplication();
            this.httpRequest.setAttribute("applicationName", application.getName());
            if (!application.isAdminSession(this.httpRequest)) {
                return showAdminLogin();
            }
            LyoOAuthConsumer consumer = OAuthConfiguration.getInstance().getConsumerStore().getConsumer(str);
            if (consumer == null) {
                return Response.status(Response.Status.BAD_REQUEST).build();
            }
            this.httpResponse.setHeader("Cache-Control", HTTPConstants.NO_CACHE);
            this.httpRequest.setAttribute("consumerName", consumer.getName());
            this.httpRequest.setAttribute("consumerKey", consumer.consumerKey);
            this.httpRequest.setAttribute("trusted", Boolean.valueOf(consumer.isTrusted()));
            this.httpRequest.getRequestDispatcher(consumer.isProvisional() ? "/oauth/approveKey.jsp" : "/oauth/keyAlreadyApproved.jsp").forward(this.httpRequest, this.httpResponse);
            return null;
        } catch (OAuthProblemException e) {
            return respondWithOAuthProblem(e);
        } catch (ConsumerStoreException e2) {
            e2.printStackTrace();
            return Response.status(Response.Status.CONFLICT).type(MediaType.TEXT_PLAIN).entity(e2.getMessage()).build();
        }
    }

    @GET
    @Path("/admin")
    public Response showConsumerKeyManagementPage() throws ServletException, IOException {
        try {
            Application application = OAuthConfiguration.getInstance().getApplication();
            this.httpRequest.setAttribute("applicationName", application.getName());
            if (!application.isAdminSession(this.httpRequest)) {
                return showAdminLogin();
            }
            this.httpResponse.setHeader("Cache-Control", HTTPConstants.NO_CACHE);
            this.httpRequest.getRequestDispatcher("/oauth/manage.jsp").forward(this.httpRequest, this.httpResponse);
            return null;
        } catch (OAuthException e) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        }
    }

    @POST
    @Path("/adminLogin")
    public Response login(@FormParam("id") String str, @FormParam("password") String str2) {
        CSRFPrevent.check(this.httpRequest);
        try {
            Application application = OAuthConfiguration.getInstance().getApplication();
            application.login(this.httpRequest, str, str2);
            return application.isAdminSession(this.httpRequest) ? Response.noContent().build() : Response.status(Response.Status.CONFLICT).entity("The user '" + str + "' is not an administrator.").type(MediaType.TEXT_PLAIN).build();
        } catch (OAuthException e) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        } catch (AuthenticationException e2) {
            String message = e2.getMessage();
            if (message == null || "".equals(message)) {
                message = "Incorrect username or password.";
            }
            return Response.status(Response.Status.CONFLICT).entity(message).type(MediaType.TEXT_PLAIN).build();
        }
    }

    protected OAuthRequest validateRequest() throws OAuthException, IOException {
        OAuthRequest oAuthRequest = new OAuthRequest(this.httpRequest);
        try {
            OAuthConfiguration.getInstance().getValidator().validateMessage(oAuthRequest.getMessage(), oAuthRequest.getAccessor());
            return oAuthRequest;
        } catch (URISyntaxException e) {
            throw new WebApplicationException(e, Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    protected Response respondWithToken(String str, String str2) throws IOException {
        return respondWithToken(str, str2, false);
    }

    protected Response respondWithToken(String str, String str2, boolean z) throws IOException {
        List<OAuth.Parameter> newList = OAuth.newList(OAuth.OAUTH_TOKEN, str, OAuth.OAUTH_TOKEN_SECRET, str2);
        if (z) {
            newList.add(new OAuth.Parameter(OAuth.OAUTH_CALLBACK_CONFIRMED, "true"));
        }
        return Response.ok(OAuth.formEncode(newList)).type("application/x-www-form-urlencoded").header("Cache-Control", HTTPConstants.NO_CACHE).build();
    }

    protected Response respondWithOAuthProblem(OAuthException oAuthException) throws IOException, ServletException {
        try {
            OAuthServlet.handleException(this.httpResponse, oAuthException, OAuthConfiguration.getInstance().getApplication().getRealm(this.httpRequest));
            return Response.status(Response.Status.UNAUTHORIZED).build();
        } catch (OAuthProblemException e) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        }
    }

    private String getRemoteHost() {
        try {
            return InetAddress.getByName(this.httpRequest.getRemoteHost()).getCanonicalHostName();
        } catch (Exception e) {
            return this.httpRequest.getRemoteHost();
        }
    }

    private Response showAdminLogin() throws ServletException, IOException {
        this.httpResponse.setHeader("Cache-Control", HTTPConstants.NO_CACHE);
        StringBuffer requestURL = this.httpRequest.getRequestURL();
        String queryString = this.httpRequest.getQueryString();
        if (queryString != null) {
            requestURL.append('?');
            requestURL.append(queryString);
        }
        this.httpRequest.setAttribute(RestConstants.REST_PARAM_JSON_CALLBACK, requestURL.toString());
        this.httpRequest.getRequestDispatcher("/oauth/adminLogin.jsp").forward(this.httpRequest, this.httpResponse);
        return null;
    }
}
