package org.restlet.ext.oauth;

import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import org.restlet.data.CookieSetting;
import org.restlet.data.Form;
import org.restlet.data.Reference;
import org.restlet.ext.oauth.internal.AuthSession;
import org.restlet.ext.oauth.internal.Scopes;
import org.restlet.representation.EmptyRepresentation;
import org.restlet.representation.Representation;
import org.restlet.resource.Get;
import org.restlet.resource.Post;
import org.restlet.routing.Redirector;
import org.restlet.security.Role;
import org.restlet.security.User;

/* loaded from: input_file:org/restlet/ext/oauth/AuthorizationServerResource.class */
public class AuthorizationServerResource extends AuthorizationBaseServerResource {
    @Get("html")
    @Post("html")
    public Representation represent() throws OAuthException {
        Form query = getQuery();
        try {
            Client client = getClient(query);
            try {
                AuthSession authSession = getAuthSession(client, getResponseType(query), getRedirectURI(query, client));
                authSession.setRequestedScope(getScope(query));
                if (authSession.getScopeOwner() != null) {
                    return doPostAuthorization(authSession);
                }
                Reference reference = new Reference("." + HttpOAuthHelper.getLoginPage(getContext()));
                reference.addQueryParameter("continue", getRequest().getOriginalRef().toString(true, false));
                redirectTemporary(reference.toString());
                return new EmptyRepresentation();
            } catch (OAuthException e) {
                ungetAuthSession();
                throw e;
            }
        } catch (OAuthException e2) {
            return getErrorPage(HttpOAuthHelper.getErrorPageTemplate(getContext()), e2);
        } catch (Exception e3) {
            return getErrorPage(HttpOAuthHelper.getErrorPageTemplate(getContext()), new OAuthException(OAuthError.server_error, e3.getMessage(), null));
        }
    }

    protected Representation doPostAuthorization(AuthSession authSession) {
        List<Role> grantedRoles;
        Reference reference = new Reference("riap://application" + HttpOAuthHelper.getAuthPage(getContext()));
        getLogger().fine("Name = " + getApplication().getInboundRoot());
        reference.addQueryParameter("client", authSession.getClient().getClientId());
        String[] requestedScope = authSession.getRequestedScope();
        if (requestedScope != null && requestedScope.length > 0) {
            for (String str : requestedScope) {
                reference.addQueryParameter(OAuthServerResource.SCOPE, str);
            }
        }
        AuthenticatedUser findUser = authSession.getClient().findUser(authSession.getScopeOwner());
        if (findUser != null && (grantedRoles = findUser.getGrantedRoles()) != null && grantedRoles.size() > 0) {
            Iterator<Role> it = grantedRoles.iterator();
            while (it.hasNext()) {
                reference.addQueryParameter("grantedScope", Scopes.toScope(it.next()));
            }
        }
        getLogger().fine("Redir = " + reference);
        Redirector redirector = new Redirector(getContext(), reference.toString(), 6);
        getRequest().getAttributes().put(OAuthServerResource.ClientCookieID, authSession.getId());
        redirector.handle(getRequest(), getResponse());
        return getResponseEntity();
    }

    protected ResponseType getResponseType(Form form) throws OAuthException {
        try {
            ResponseType responseType = (ResponseType) Enum.valueOf(ResponseType.class, form.getFirstValue(OAuthServerResource.RESPONSE_TYPE));
            getLogger().fine("Found flow - " + responseType);
            return responseType;
        } catch (IllegalArgumentException e) {
            throw new OAuthException(OAuthError.unsupported_response_type, "Unsupported flow", null);
        } catch (NullPointerException e2) {
            throw new OAuthException(OAuthError.invalid_request, "No response_type parameter found.", null);
        }
    }

    protected String getRedirectURI(Form form, Client client) throws OAuthException {
        String firstValue = form.getFirstValue(OAuthServerResource.REDIR_URI);
        if (firstValue == null || firstValue.isEmpty()) {
            firstValue = client.getRedirectUri();
            if (firstValue == null) {
                throw new OAuthException(OAuthError.invalid_request, "Client MUST include a redirection URI.", null);
            }
        } else if (!firstValue.startsWith(client.getRedirectUri())) {
            throw new OAuthException(OAuthError.invalid_request, "Callback URI does not match.", null);
        }
        return firstValue;
    }

    private AuthSession getAuthSession(Client client, ResponseType responseType, String str) {
        AuthSession authSession = setupSession(getAuthSession(), client, responseType, str);
        User user = getRequest().getClientInfo().getUser();
        if (user != null) {
            authSession.setScopeOwner(user.getIdentifier());
        }
        return authSession;
    }

    private void ungetAuthSession() {
        String firstValue = getCookies().getFirstValue(OAuthServerResource.ClientCookieID);
        if (firstValue == null || firstValue.length() <= 0) {
            return;
        }
        getContext().getAttributes().remove(firstValue);
    }

    protected AuthSession setupSession(AuthSession authSession, Client client, ResponseType responseType, String str) {
        getLogger().fine("Base ref = " + getReference().getParentRef());
        getLogger().fine("OAuth2 session = " + authSession);
        AuthSession authSession2 = authSession;
        if (authSession2 == null) {
            authSession2 = new AuthSession(getContext().getAttributes(), new ScheduledThreadPoolExecutor(5));
            getCookieSettings().add(new CookieSetting(OAuthServerResource.ClientCookieID, authSession2.getId()));
            getLogger().fine("Setting cookie in SetupSession - " + authSession2.getId());
        }
        authSession2.setClient(client);
        authSession2.setAuthFlow(responseType);
        if (!str.equals(client.getRedirectUri())) {
            authSession2.setDynamicCallbackURI(str);
            getLogger().fine("OAuth2 set dynamic callback = " + str);
        }
        String firstValue = getCookies().getFirstValue(OAuthServerResource.STATE);
        if (firstValue != null && !firstValue.isEmpty()) {
            authSession2.setState(firstValue);
        }
        return authSession2;
    }
}
