package org.restlet.ext.openid;

import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.Restlet;
import org.restlet.data.Cookie;
import org.restlet.data.CookieSetting;
import org.restlet.data.Status;
import org.restlet.security.Authenticator;
import org.restlet.security.User;
import org.restlet.security.Verifier;

/* loaded from: input_file:org/restlet/ext/openid/RedirectAuthenticator.class */
public class RedirectAuthenticator extends Authenticator {
    public static final String DEFAULT_IDENTIFIER_COOKIE = "session_id";
    public static final String DEFAULT_ORIGINAL_REF_COOKIE = "original_ref";
    public static final String ORIGINAL_REF_ATTRIBUTE = "origRef";
    private Restlet forbiddenResource;
    private final String identifierCookie;
    private final String origRefCookie;
    private final Verifier verifier;

    public static void clearIdentifierCookie(String str, Request request, Response response) {
        Cookie first = request.getCookies().getFirst(str);
        CookieSetting first2 = response.getCookieSettings().getFirst(str);
        if (first2 == null && first != null) {
            first2 = new CookieSetting(str, (String) null);
            response.getCookieSettings().add(first2);
        }
        if (first2 != null) {
            first2.setMaxAge(0);
        }
    }

    public static void clearIdentiiferCookie(Request request, Response response) {
        clearIdentifierCookie(DEFAULT_IDENTIFIER_COOKIE, request, response);
    }

    public RedirectAuthenticator(Context context, Verifier verifier, Restlet restlet) {
        super(context);
        this.forbiddenResource = restlet;
        this.verifier = verifier;
        this.origRefCookie = DEFAULT_ORIGINAL_REF_COOKIE;
        this.identifierCookie = DEFAULT_IDENTIFIER_COOKIE;
    }

    public RedirectAuthenticator(Context context, Verifier verifier, String str, String str2, Restlet restlet) {
        super(context);
        this.forbiddenResource = restlet;
        this.verifier = verifier;
        this.identifierCookie = str != null ? str : DEFAULT_IDENTIFIER_COOKIE;
        this.origRefCookie = str2 != null ? str2 : DEFAULT_ORIGINAL_REF_COOKIE;
    }

    protected boolean authenticate(Request request, Response response) {
        String firstValue;
        request.getClientInfo().getUser();
        String firstValue2 = request.getCookies().getFirstValue(this.identifierCookie);
        if (firstValue2 != null) {
            request.getClientInfo().setUser(new User(firstValue2));
            return true;
        }
        if (request.getCookies().getFirstValue(this.origRefCookie) == null) {
            firstValue = request.getResourceRef().toString();
            response.getCookieSettings().add(this.origRefCookie, request.getResourceRef().toString());
        } else {
            firstValue = request.getCookies().getFirstValue(this.origRefCookie);
        }
        int verify = this.verifier.verify(request, response);
        getLogger().fine("VERIFIED: " + verify);
        if (verify == 4) {
            response.getCookieSettings().removeAll(this.identifierCookie);
            response.getCookieSettings().add(this.identifierCookie, request.getClientInfo().getUser().getIdentifier());
            handleUser(request.getClientInfo().getUser());
            request.getCookies().removeAll(this.origRefCookie);
            response.getCookieSettings().removeAll(this.origRefCookie);
            if (firstValue == null) {
                return true;
            }
            response.redirectPermanent(firstValue);
            return true;
        }
        response.getCookieSettings().removeAll(this.identifierCookie);
        if (verify != 5 && verify != -1) {
            return false;
        }
        String firstValue3 = response.getCookieSettings().getFirstValue(this.origRefCookie);
        if (firstValue3 == null) {
            firstValue3 = request.getCookies().getFirstValue(this.origRefCookie);
        }
        forbid(firstValue3, request, response);
        return false;
    }

    public void forbid(String str, Request request, Response response) {
        if (this.forbiddenResource == null) {
            response.setStatus(Status.CLIENT_ERROR_FORBIDDEN);
        } else {
            getLogger().fine("sending to error resource");
            this.forbiddenResource.handle(request, response);
        }
    }

    protected void handleUser(User user) {
        getLogger().info("Handle User: " + user.getIdentifier() + " " + user.getEmail());
    }

    protected int unauthenticated(Request request, Response response) {
        return super.unauthenticated(request, response);
    }

    protected int authenticated(Request request, Response response) {
        int authenticated = super.authenticated(request, response);
        if (response == null || !response.getStatus().isRedirection()) {
            return authenticated;
        }
        return 2;
    }
}
