package org.apache.shindig.gadgets.oauth2.handler;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.shindig.auth.AnonymousSecurityToken;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpFetcher;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.oauth2.OAuth2Accessor;
import org.apache.shindig.gadgets.oauth2.OAuth2Error;
import org.apache.shindig.gadgets.oauth2.OAuth2Message;
import org.apache.shindig.gadgets.oauth2.OAuth2Utils;
import org.apache.shindig.gadgets.oauth2.logger.FilteredLogger;

/* loaded from: input_file:WEB-INF/lib/shindig-gadgets-2.5.2.jar:org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.class */
public class CodeAuthorizationResponseHandler implements AuthorizationEndpointResponseHandler {
    private static final String LOG_CLASS = CodeAuthorizationResponseHandler.class.getName();
    private static final FilteredLogger LOG = FilteredLogger.getFilteredLogger(LOG_CLASS);
    private final List<ClientAuthenticationHandler> clientAuthenticationHandlers;
    private final HttpFetcher fetcher;
    private final Provider<OAuth2Message> oauth2MessageProvider;
    private final List<TokenEndpointResponseHandler> tokenEndpointResponseHandlers;

    @Inject
    public CodeAuthorizationResponseHandler(Provider<OAuth2Message> provider, List<ClientAuthenticationHandler> list, List<TokenEndpointResponseHandler> list2, HttpFetcher httpFetcher) {
        this.oauth2MessageProvider = provider;
        this.clientAuthenticationHandlers = list;
        this.tokenEndpointResponseHandlers = list2;
        this.fetcher = httpFetcher;
        if (LOG.isLoggable()) {
            LOG.log("this.oauth2MessageProvider = {0}", this.oauth2MessageProvider);
            LOG.log("this.clientAuthenticationHandlers = {0}", this.clientAuthenticationHandlers);
            LOG.log("this.tokenEndpointResponseHandlers = {0}", this.tokenEndpointResponseHandlers);
            LOG.log("this.fetcher = {0}", this.fetcher);
        }
    }

    private static String getAuthorizationBody(OAuth2Accessor oAuth2Accessor, String str) throws UnsupportedEncodingException {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            if (str != null) {
                LOG.entering(LOG_CLASS, "getAuthorizationBody", "non-null authorizationCode");
            } else {
                LOG.entering(LOG_CLASS, "getAuthorizationBody", (Object[]) null);
            }
        }
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(5);
        newHashMapWithExpectedSize.put(OAuth2Message.GRANT_TYPE, OAuth2Message.AUTHORIZATION_CODE);
        if (str != null) {
            newHashMapWithExpectedSize.put(OAuth2Message.AUTHORIZATION, str);
        }
        newHashMapWithExpectedSize.put(OAuth2Message.REDIRECT_URI, oAuth2Accessor.getRedirectUri());
        String clientId = oAuth2Accessor.getClientId();
        String str2 = new String(oAuth2Accessor.getClientSecret(), "UTF-8");
        newHashMapWithExpectedSize.put(OAuth2Message.CLIENT_ID, clientId);
        newHashMapWithExpectedSize.put(OAuth2Message.CLIENT_SECRET, str2);
        for (Map.Entry<String, String> entry : oAuth2Accessor.getAdditionalRequestParams().entrySet()) {
            newHashMapWithExpectedSize.put(entry.getKey(), entry.getValue());
        }
        String buildUrl = OAuth2Utils.buildUrl("", newHashMapWithExpectedSize, null);
        char charAt = buildUrl.charAt(0);
        if (charAt == '?' || charAt == '&') {
            buildUrl = buildUrl.substring(1);
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "getAuthorizationBody");
        }
        return buildUrl;
    }

    private static String getCompleteTokenUrl(String str) {
        return OAuth2Utils.buildUrl(str, null, null);
    }

    @Override // org.apache.shindig.gadgets.oauth2.handler.AuthorizationEndpointResponseHandler
    public OAuth2HandlerError handleRequest(OAuth2Accessor oAuth2Accessor, HttpServletRequest httpServletRequest) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            FilteredLogger filteredLogger = LOG;
            String str = LOG_CLASS;
            Object[] objArr = new Object[2];
            objArr[0] = oAuth2Accessor;
            objArr[1] = Boolean.valueOf(httpServletRequest != null);
            filteredLogger.entering(str, "handleRequest", objArr);
        }
        OAuth2HandlerError oAuth2HandlerError = null;
        if (oAuth2Accessor == null) {
            oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "accessor is null", null);
        } else if (httpServletRequest == null) {
            oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "request is null", null);
        } else if (!oAuth2Accessor.isValid() || oAuth2Accessor.isErrorResponse() || !oAuth2Accessor.isRedirecting()) {
            oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "accessor is invalid", null);
        } else if (!oAuth2Accessor.getGrantType().equalsIgnoreCase(OAuth2Message.AUTHORIZATION)) {
            oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "grant_type is not code", null);
        }
        if (oAuth2HandlerError == null) {
            try {
                OAuth2Message oAuth2Message = this.oauth2MessageProvider.get();
                oAuth2Message.parseRequest(httpServletRequest);
                oAuth2HandlerError = oAuth2Message.getError() != null ? new OAuth2HandlerError(oAuth2Message.getError(), "error parsing authorization response", null, oAuth2Message.getErrorUri(), oAuth2Message.getErrorDescription()) : setAuthorizationCode(oAuth2Message.getAuthorization(), oAuth2Accessor);
            } catch (Exception e) {
                if (LOG.isLoggable()) {
                    LOG.log("Exception exchanging authorization code for access_token", (Throwable) e);
                }
                oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "Exception exchanging authorization code for access_token", e);
            }
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "handleRequest", oAuth2HandlerError);
        }
        return oAuth2HandlerError;
    }

    @Override // org.apache.shindig.gadgets.oauth2.handler.AuthorizationEndpointResponseHandler
    public OAuth2HandlerError handleResponse(OAuth2Accessor oAuth2Accessor, HttpResponse httpResponse) {
        return new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "doesn't handle responses", null);
    }

    @Override // org.apache.shindig.gadgets.oauth2.handler.AuthorizationEndpointResponseHandler
    public boolean handlesRequest(OAuth2Accessor oAuth2Accessor, HttpServletRequest httpServletRequest) {
        return oAuth2Accessor != null && httpServletRequest != null && oAuth2Accessor.isValid() && !oAuth2Accessor.isErrorResponse() && oAuth2Accessor.isRedirecting() && oAuth2Accessor.getGrantType().equalsIgnoreCase(OAuth2Message.AUTHORIZATION);
    }

    @Override // org.apache.shindig.gadgets.oauth2.handler.AuthorizationEndpointResponseHandler
    public boolean handlesResponse(OAuth2Accessor oAuth2Accessor, HttpResponse httpResponse) {
        return false;
    }

    private OAuth2HandlerError setAuthorizationCode(String str, OAuth2Accessor oAuth2Accessor) {
        OAuth2HandlerError addOAuth2Authentication;
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            if (str != null) {
                LOG.entering(LOG_CLASS, "setAuthorizationCode", new Object[]{"non-null authorizationCode", oAuth2Accessor});
            } else {
                LOG.entering(LOG_CLASS, "setAuthorizationCode", new Object[]{null, oAuth2Accessor});
            }
        }
        HttpRequest httpRequest = new HttpRequest(Uri.parse(getCompleteTokenUrl(oAuth2Accessor.getTokenUrl())));
        httpRequest.setMethod("POST");
        httpRequest.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
        httpRequest.setSecurityToken(new AnonymousSecurityToken("", 0L, oAuth2Accessor.getGadgetUri()));
        OAuth2HandlerError oAuth2HandlerError = OAuth2Utils.isUriAllowed(httpRequest.getUri(), oAuth2Accessor.getAllowedDomains()) ? null : new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "Exception exchanging authorization code for access_token - domain not allowed", null);
        if (oAuth2HandlerError == null) {
            for (ClientAuthenticationHandler clientAuthenticationHandler : this.clientAuthenticationHandlers) {
                if (clientAuthenticationHandler.geClientAuthenticationType().equalsIgnoreCase(oAuth2Accessor.getClientAuthenticationType()) && (addOAuth2Authentication = clientAuthenticationHandler.addOAuth2Authentication(httpRequest, oAuth2Accessor)) != null) {
                    oAuth2HandlerError = addOAuth2Authentication;
                }
            }
        }
        if (oAuth2HandlerError == null) {
            try {
                httpRequest.setPostBody(getAuthorizationBody(oAuth2Accessor, str).getBytes("UTF-8"));
            } catch (UnsupportedEncodingException e) {
                if (LOG.isLoggable()) {
                    LOG.log("UnsupportedEncodingException getting authorization body", (Throwable) e);
                }
                oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "error getting authorization body", e);
            }
            HttpResponse httpResponse = null;
            try {
                httpResponse = this.fetcher.fetch(httpRequest);
            } catch (GadgetException e2) {
                if (LOG.isLoggable()) {
                    LOG.log("error exchanging code for access_token", (Throwable) e2);
                }
                oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "error exchanging code for access_token", e2);
            }
            if (oAuth2HandlerError == null && httpResponse != null) {
                if (httpResponse.getHttpStatusCode() != 200) {
                    OAuth2Message oAuth2Message = this.oauth2MessageProvider.get();
                    oAuth2Message.parseJSON(httpResponse.getResponseAsString());
                    if (oAuth2Message.getError() != null) {
                        oAuth2HandlerError = new OAuth2HandlerError(oAuth2Message.getError(), "error exchanging code for access_token", null, oAuth2Message.getErrorUri(), oAuth2Message.getErrorDescription());
                    }
                }
                if (oAuth2HandlerError == null) {
                    for (TokenEndpointResponseHandler tokenEndpointResponseHandler : this.tokenEndpointResponseHandlers) {
                        if (tokenEndpointResponseHandler.handlesResponse(oAuth2Accessor, httpResponse)) {
                            oAuth2HandlerError = tokenEndpointResponseHandler.handleResponse(oAuth2Accessor, httpResponse);
                            if (oAuth2HandlerError != null) {
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "setAuthorizationCode", oAuth2HandlerError);
        }
        return oAuth2HandlerError;
    }
}
