package com.atlassian.oauth2.client.lib.web;

import aQute.bnd.osgi.Constants;
import com.atlassian.oauth2.client.api.ClientConfiguration;
import com.atlassian.oauth2.client.api.storage.config.ProviderType;
import com.atlassian.oauth2.client.lib.flow.FlowRequestData;
import com.atlassian.oauth2.client.lib.flow.FlowRequestErrorImpl;
import com.atlassian.oauth2.client.lib.flow.ServletFlowRequestService;
import com.atlassian.oauth2.client.lib.token.InternalTokenService;
import com.atlassian.oauth2.client.properties.SystemProperty;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.AuthorizationResponse;
import com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.openid.connect.sdk.Prompt;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/oauth2-client-plugin-3.0.11.jar:com/atlassian/oauth2/client/lib/web/AuthorizationCodeFlowServlet.class */
public class AuthorizationCodeFlowServlet extends HttpServlet {
    private static final long serialVersionUID = -3739803064653415056L;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthorizationCodeFlowServlet.class);
    private final ServletFlowRequestService servletFlowRequestService;
    private final InternalTokenService tokenService;
    private final AuthorizationCodeFlowUrlsProvider authorizationCodeFlowUrlsProvider;

    public AuthorizationCodeFlowServlet(ServletFlowRequestService servletFlowRequestService, InternalTokenService internalTokenService, AuthorizationCodeFlowUrlsProvider authorizationCodeFlowUrlsProvider) {
        this.servletFlowRequestService = servletFlowRequestService;
        this.tokenService = internalTokenService;
        this.authorizationCodeFlowUrlsProvider = authorizationCodeFlowUrlsProvider;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("startFlow");
        if (Strings.isNullOrEmpty(parameter)) {
            exchangeAuthorizationCode(httpServletRequest, httpServletResponse);
        } else {
            startFlow(httpServletRequest, httpServletResponse, parameter);
        }
    }

    private void exchangeAuthorizationCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        FlowRequestData tryFetchFlowRequestData;
        AuthorizationResponse parseResponse = parseResponse(httpServletRequest);
        if (parseResponse == null || (tryFetchFlowRequestData = tryFetchFlowRequestData(httpServletRequest, parseResponse)) == null) {
            sendRedirectToBaseUrl(httpServletResponse);
        } else {
            handleAuthorizationResponse(httpServletRequest, parseResponse, tryFetchFlowRequestData);
            httpServletResponse.sendRedirect(tryFetchFlowRequestData.getClientRedirectUrl());
        }
    }

    private void handleAuthorizationResponse(HttpServletRequest httpServletRequest, AuthorizationResponse authorizationResponse, FlowRequestData flowRequestData) {
        try {
            if (authorizationResponse.indicatesSuccess()) {
                AuthorizationSuccessResponse successResponse = authorizationResponse.toSuccessResponse();
                this.authorizationCodeFlowUrlsProvider.validateRedirectUri(flowRequestData.getClientConfiguration(), httpServletRequest);
                logger.debug("Exchanging an authorization code for tokens for a client with an ID [{}]", flowRequestData.getClientConfiguration().getClientId());
                this.servletFlowRequestService.updateFlowRequest(httpServletRequest.getSession(false), flowRequestData, this.tokenService.getAccessTokenFromAuthorizationCode(flowRequestData.getClientConfiguration(), successResponse.getAuthorizationCode().getValue()));
            } else {
                this.servletFlowRequestService.updateFlowRequest(httpServletRequest.getSession(false), flowRequestData, new FlowRequestErrorImpl("Error when fetching authorization response: " + authorizationResponse.toErrorResponse().getErrorObject().toJSONObject().toString()));
            }
        } catch (Exception e) {
            this.servletFlowRequestService.updateFlowRequest(httpServletRequest.getSession(false), flowRequestData, new FlowRequestErrorImpl(e.getMessage()));
        }
    }

    private AuthorizationResponse parseResponse(HttpServletRequest httpServletRequest) {
        try {
            return AuthorizationResponse.parse(URI.create(httpServletRequest.getRequestURL().toString()), (Map<String, List<String>>) Maps.transformValues(httpServletRequest.getParameterMap(), (v0) -> {
                return ImmutableList.copyOf(v0);
            }));
        } catch (ParseException e) {
            logger.warn("Parsing authorization response failed", (Throwable) e);
            return null;
        }
    }

    private FlowRequestData tryFetchFlowRequestData(HttpServletRequest httpServletRequest, AuthorizationResponse authorizationResponse) {
        String stateFromResponse = getStateFromResponse(authorizationResponse);
        if (SystemProperty.DISABLE_CLIENT_STATE_VALIDATION.getValue().booleanValue() && stateFromResponse == null) {
            logger.warn("Can't complete OAuth 2.0 authorization code flow - no state returned by authorization server");
            return null;
        }
        try {
            FlowRequestData fetchFlowRequestDataByState = this.servletFlowRequestService.fetchFlowRequestDataByState(httpServletRequest.getSession(false), stateFromResponse);
            if (verifyFlowState(stateFromResponse, fetchFlowRequestDataByState.getState())) {
                return fetchFlowRequestDataByState;
            }
            return null;
        } catch (Exception e) {
            logger.warn("Can't complete OAuth 2.0 authorization code flow - unknown state returned by authorization server");
            return null;
        }
    }

    private void startFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        try {
            logger.debug("Starting new OAuth 2.0 authorization code flow with a flow id [{}]", str);
            FlowRequestData fetchFlowRequestDataById = this.servletFlowRequestService.fetchFlowRequestDataById(httpServletRequest.getSession(false), str);
            try {
                ClientConfiguration clientConfiguration = fetchFlowRequestDataById.getClientConfiguration();
                AuthorizationRequest.Builder endpointURI = new AuthorizationRequest.Builder(new ResponseType(ResponseType.Value.CODE), new ClientID(clientConfiguration.getClientId())).scope(Scope.parse(clientConfiguration.getScopes())).state(new State(fetchFlowRequestDataById.getState())).redirectionURI(this.authorizationCodeFlowUrlsProvider.getRedirectUri(clientConfiguration)).endpointURI(URI.create(clientConfiguration.getAuthorizationEndpoint()));
                Prompt prompt = new Prompt(Prompt.Type.SELECT_ACCOUNT);
                Scope parse = Scope.parse(clientConfiguration.getScopes());
                if (clientConfiguration.getProviderType() == ProviderType.MICROSOFT) {
                    parse.add("offline_access");
                } else if (clientConfiguration.getProviderType() == ProviderType.GOOGLE) {
                    endpointURI.customParameter("access_type", Constants.GESTALT_OFFLINE);
                    prompt.add(Prompt.Type.CONSENT);
                }
                AuthorizationRequest build = endpointURI.scope(parse).prompt(prompt).build();
                logger.debug("Sending a redirect to the URI to ask for a consent for an application - [{}]", build.toURI().toString());
                httpServletResponse.sendRedirect(build.toURI().toString());
            } catch (RuntimeException e) {
                this.servletFlowRequestService.updateFlowRequest(httpServletRequest.getSession(false), fetchFlowRequestDataById, new FlowRequestErrorImpl(e.getMessage()));
                httpServletResponse.sendRedirect(fetchFlowRequestDataById.getClientRedirectUrl());
            }
        } catch (Exception e2) {
            logger.warn("Can't initiate OAuth 2.0 authorization code flow - no data available for the given flow ID");
            sendRedirectToBaseUrl(httpServletResponse);
        }
    }

    private void sendRedirectToBaseUrl(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(this.authorizationCodeFlowUrlsProvider.getProductBaseUrl().toString());
    }

    private String getStateFromResponse(AuthorizationResponse authorizationResponse) {
        return (String) Optional.ofNullable(authorizationResponse.getState()).map((v0) -> {
            return v0.getValue();
        }).orElse(null);
    }

    private boolean verifyFlowState(String str, String str2) {
        if (SystemProperty.DISABLE_CLIENT_STATE_VALIDATION.getValue().booleanValue()) {
            return true;
        }
        if (str == null || str2 == null) {
            return false;
        }
        return str.equals(str2);
    }
}
