package org.codelibs.fess.sso.oic;

import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.Base64;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.core.net.UuidUtil;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.FessLoginAssist;
import org.codelibs.fess.app.web.base.login.OpenIdConnectCredential;
import org.codelibs.fess.crawler.Constants;
import org.codelibs.fess.mylasta.action.FessUserBean;
import org.codelibs.fess.sso.SsoAuthenticator;
import org.codelibs.fess.sso.SsoResponseType;
import org.codelibs.fess.util.ComponentUtil;
import org.dbflute.optional.OptionalEntity;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.response.ActionResponse;
import org.lastaflute.web.response.HtmlResponse;
import org.lastaflute.web.util.LaRequestUtil;

/* loaded from: input_file:org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.class */
public class OpenIdConnectAuthenticator implements SsoAuthenticator {
    private static final Logger logger = LogManager.getLogger(OpenIdConnectAuthenticator.class);
    protected static final String OIC_AUTH_SERVER_URL = "oic.auth.server.url";
    protected static final String OIC_CLIENT_ID = "oic.client.id";
    protected static final String OIC_SCOPE = "oic.scope";
    protected static final String OIC_REDIRECT_URL = "oic.redirect.url";
    protected static final String OIC_TOKEN_SERVER_URL = "oic.token.server.url";
    protected static final String OIC_CLIENT_SECRET = "oic.client.secret";
    protected static final String OIC_STATE = "OIC_STATE";
    protected final HttpTransport httpTransport = new NetHttpTransport();
    protected final JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();

    @PostConstruct
    public void init() {
        if (logger.isDebugEnabled()) {
            logger.debug("Initialize {}", getClass().getSimpleName());
        }
        ComponentUtil.getSsoManager().register(this);
    }

    @Override // org.codelibs.fess.sso.SsoAuthenticator
    public LoginCredential getLoginCredential() {
        return (LoginCredential) LaRequestUtil.getOptionalRequest().map(httpServletRequest -> {
            if (logger.isDebugEnabled()) {
                logger.debug("Logging in with OpenID Connect Authenticator");
            }
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                String str = (String) session.getAttribute(OIC_STATE);
                if (StringUtil.isNotBlank(str)) {
                    session.removeAttribute(OIC_STATE);
                    String parameter = httpServletRequest.getParameter("code");
                    String parameter2 = httpServletRequest.getParameter("state");
                    if (logger.isDebugEnabled()) {
                        logger.debug("code: {}, state(request): {}, state(session): {}", parameter, parameter2, str);
                    }
                    if (str.equals(parameter2) && StringUtil.isNotBlank(parameter)) {
                        return processCallback(httpServletRequest, parameter);
                    }
                    return null;
                }
            }
            return new ActionResponseCredential(() -> {
                return HtmlResponse.fromRedirectPathAsIs(getAuthUrl(httpServletRequest));
            });
        }).orElse((Object) null);
    }

    protected String getAuthUrl(HttpServletRequest httpServletRequest) {
        String create = UuidUtil.create();
        httpServletRequest.getSession().setAttribute(OIC_STATE, create);
        return new AuthorizationCodeRequestUrl(getOicAuthServerUrl(), getOicClientId()).setScopes(Arrays.asList(getOicScope())).setResponseTypes(Arrays.asList("code")).setRedirectUri(getOicRedirectUrl()).setState(create).build();
    }

    protected LoginCredential processCallback(HttpServletRequest httpServletRequest, String str) {
        try {
            TokenResponse tokenUrl = getTokenUrl(str);
            String[] split = ((String) tokenUrl.get("id_token")).split("\\.");
            String str2 = new String(Base64.decodeBase64(split[0]), Constants.UTF_8_CHARSET);
            String str3 = new String(Base64.decodeBase64(split[1]), Constants.UTF_8_CHARSET);
            String str4 = new String(Base64.decodeBase64(split[2]), Constants.UTF_8_CHARSET);
            if (logger.isDebugEnabled()) {
                logger.debug("jwtHeader: {}", str2);
                logger.debug("jwtClaim: {}", str3);
                logger.debug("jwtSigniture: {}", str4);
            }
            HashMap hashMap = new HashMap();
            hashMap.put("accesstoken", tokenUrl.getAccessToken());
            hashMap.put("refreshtoken", tokenUrl.getRefreshToken() == null ? "null" : tokenUrl.getRefreshToken());
            hashMap.put("tokentype", tokenUrl.getTokenType());
            hashMap.put("expire", tokenUrl.getExpiresInSeconds());
            hashMap.put("jwtheader", str2);
            hashMap.put("jwtclaim", str3);
            hashMap.put("jwtsign", str4);
            if (logger.isDebugEnabled()) {
                logger.debug("attribute: {}", hashMap);
            }
            parseJwtClaim(str3, hashMap);
            return new OpenIdConnectCredential(hashMap);
        } catch (IOException e) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Failed to process callbacked request.", e);
            return null;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x0135, code lost:
    
        switch(r11) {
            case 0: goto L41;
            case 1: goto L42;
            case 2: goto L43;
            case 3: goto L44;
            case 4: goto L45;
            case 5: goto L46;
            case 6: goto L47;
            case 7: goto L48;
            case 8: goto L49;
            case 9: goto L50;
            default: goto L77;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x016c, code lost:
    
        r7.put("iss", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x017d, code lost:
    
        r7.put("sub", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x018e, code lost:
    
        r7.put("azp", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x019f, code lost:
    
        r7.put("email", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x01b0, code lost:
    
        r7.put("at_hash", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x01c1, code lost:
    
        r7.put("email_verified", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x01d2, code lost:
    
        r7.put("aud", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x01e3, code lost:
    
        r7.put("iat", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:58:0x01f4, code lost:
    
        r7.put("exp", r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:60:0x0205, code lost:
    
        r0 = new java.util.ArrayList();
     */
    /* JADX WARN: Code restructure failed: missing block: B:62:0x0215, code lost:
    
        if (r0.nextToken() == com.google.api.client.json.JsonToken.END_ARRAY) goto L88;
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x0218, code lost:
    
        r0.add(r0.getText());
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x0233, code lost:
    
        if (org.codelibs.fess.sso.oic.OpenIdConnectAuthenticator.logger.isDebugEnabled() == false) goto L57;
     */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x0236, code lost:
    
        org.codelibs.fess.sso.oic.OpenIdConnectAuthenticator.logger.debug("groups: {}", r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x0243, code lost:
    
        r7.put("groups", r0.toArray(new java.lang.String[r0.size()]));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void parseJwtClaim(java.lang.String r6, java.util.Map<java.lang.String, java.lang.Object> r7) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 649
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.codelibs.fess.sso.oic.OpenIdConnectAuthenticator.parseJwtClaim(java.lang.String, java.util.Map):void");
    }

    protected TokenResponse getTokenUrl(String str) throws IOException {
        return new AuthorizationCodeTokenRequest(this.httpTransport, this.jsonFactory, new GenericUrl(getOicTokenServerUrl()), str).setGrantType("authorization_code").setRedirectUri(getOicRedirectUrl()).set("client_id", getOicClientId()).set("client_secret", getOicClientSecret()).execute();
    }

    protected String getOicClientSecret() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_CLIENT_SECRET, org.codelibs.fess.Constants.DEFAULT_IGNORE_FAILURE_TYPE);
    }

    protected String getOicTokenServerUrl() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_TOKEN_SERVER_URL, "https://accounts.google.com/o/oauth2/token");
    }

    protected String getOicRedirectUrl() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_REDIRECT_URL, "http://localhost:8080/sso/");
    }

    protected String getOicScope() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_SCOPE, org.codelibs.fess.Constants.DEFAULT_IGNORE_FAILURE_TYPE);
    }

    protected String getOicClientId() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_CLIENT_ID, org.codelibs.fess.Constants.DEFAULT_IGNORE_FAILURE_TYPE);
    }

    protected String getOicAuthServerUrl() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_AUTH_SERVER_URL, "https://accounts.google.com/o/oauth2/auth");
    }

    @Override // org.codelibs.fess.sso.SsoAuthenticator
    public void resolveCredential(FessLoginAssist.LoginCredentialResolver loginCredentialResolver) {
        loginCredentialResolver.resolve(OpenIdConnectCredential.class, openIdConnectCredential -> {
            return OptionalEntity.of(openIdConnectCredential.getUser());
        });
    }

    @Override // org.codelibs.fess.sso.SsoAuthenticator
    public ActionResponse getResponse(SsoResponseType ssoResponseType) {
        return null;
    }

    @Override // org.codelibs.fess.sso.SsoAuthenticator
    public String logout(FessUserBean fessUserBean) {
        return null;
    }
}
