package com.softmotions.web.security.tomcat;

import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.ErrorResponse;
import com.nimbusds.oauth2.sdk.GeneralException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.security.Principal;
import java.util.HashMap;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.commons.lang3.StringUtils;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.descriptor.web.LoginConfig;

/* loaded from: input_file:com/softmotions/web/security/tomcat/MyNSUOAuth2Authenticator.class */
public class MyNSUOAuth2Authenticator extends FormAuthenticator {
    private static final Log log = LogFactory.getLog(MyNSUOAuth2Authenticator.class);
    protected String clientId;
    protected String clientSecret;
    protected String authEndpoint;
    protected String tokenEndpoint;
    protected String userinfoEndpoint;

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public String getAuthEndpoint() {
        return this.authEndpoint;
    }

    public void setAuthEndpoint(String str) {
        this.authEndpoint = str;
    }

    public String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    public void setTokenEndpoint(String str) {
        this.tokenEndpoint = str;
    }

    public String getUserinfoEndpoint() {
        return this.userinfoEndpoint;
    }

    public void setUserinfoEndpoint(String str) {
        this.userinfoEndpoint = str;
    }

    public boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        Principal principal = request.getPrincipal();
        if (principal != null) {
            return true;
        }
        if (matchRequest(request)) {
            return matchRequest(request, httpServletResponse, loginConfig);
        }
        if (!(request.getParameter("j_username") != null)) {
            if (StringUtils.isBlank(request.getParameter("code"))) {
                try {
                    saveRequest(request, request.getSessionInternal(true));
                    request.getSession().setAttribute("requestURI", (Object) null);
                    forwardToLoginPage(request, httpServletResponse, loginConfig);
                    return false;
                } catch (IOException e) {
                    return false;
                }
            }
            try {
                principal = doOAuth2Authentication(request, httpServletResponse);
            } catch (GeneralException e2) {
                forwardToErrorPage(request, httpServletResponse, loginConfig);
                return false;
            }
        }
        if (principal == null) {
            forwardToErrorPage(request, httpServletResponse, loginConfig);
            return false;
        }
        Session sessionInternal = request.getSessionInternal(false);
        sessionInternal.setNote("org.apache.catalina.authenticator.PRINCIPAL", principal);
        sessionInternal.setNote("org.apache.catalina.session.USERNAME", principal.getName());
        sessionInternal.setNote("org.apache.catalina.session.PASSWORD", "");
        String savedRequestURL = savedRequestURL(sessionInternal);
        try {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(savedRequestURL != null ? savedRequestURL : "/"));
            return false;
        } catch (IOException e3) {
            return false;
        }
    }

    private Principal doOAuth2Authentication(Request request, HttpServletResponse httpServletResponse) throws IOException, GeneralException {
        request.getSessionInternal(true);
        ErrorResponse parse = TokenResponse.parse(new TokenRequest(URI.create(this.tokenEndpoint), new ClientSecretBasic(new ClientID(this.clientId), new Secret(this.clientSecret)), new AuthorizationCodeGrant(new AuthorizationCode(request.getParameter("code")), URI.create(request.getRequestURL().substring(0, request.getRequestURL().length() - request.getRequestURI().length()) + "/j_security_check"))).toHTTPRequest().send());
        if (parse instanceof TokenErrorResponse) {
            throw new GeneralException(parse.getErrorObject().getDescription());
        }
        if (!(parse instanceof AccessTokenResponse)) {
            throw new RuntimeException("Unexpected response from IP token endpoint");
        }
        AccessTokenResponse accessTokenResponse = (AccessTokenResponse) parse;
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", this.clientId);
        hashMap.put("access_token", accessTokenResponse.getTokens().getAccessToken().getValue());
        HTTPRequest hTTPRequest = new HTTPRequest(HTTPRequest.Method.GET, new URL(this.userinfoEndpoint));
        hTTPRequest.setQuery(URLUtils.serializeParameters(hashMap));
        String str = (String) hTTPRequest.send().getContentAsJSONObject().get("email");
        if (StringUtils.isBlank(str)) {
            throw new RuntimeException("Missing required field in response from userinfo endpoint");
        }
        Realm realm = request.getContext().getRealm();
        if (!(realm instanceof WSUserDatabaseRealm)) {
            realm = new WSUserDatabaseRealm();
            this.context.setRealm(realm);
        }
        return ((WSUserDatabaseRealm) realm).getPrincipal(str);
    }

    private boolean matchRequest(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        Session sessionInternal = request.getSessionInternal(true);
        register(request, httpServletResponse, (Principal) sessionInternal.getNote("org.apache.catalina.authenticator.PRINCIPAL"), "FORM", (String) sessionInternal.getNote("org.apache.catalina.session.USERNAME"), (String) sessionInternal.getNote("org.apache.catalina.session.PASSWORD"));
        if (this.cache) {
            sessionInternal.removeNote("org.apache.catalina.session.USERNAME");
            sessionInternal.removeNote("org.apache.catalina.session.PASSWORD");
        }
        try {
            if (restoreRequest(request, sessionInternal)) {
                return true;
            }
            httpServletResponse.sendError(400);
            return false;
        } catch (IOException e) {
            forwardToErrorPage(request, httpServletResponse, loginConfig);
            return false;
        }
    }
}
