package org.wso2.carbon.identity.oauth.ui;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.owasp.encoder.Encode;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.stub.OAuthServiceAuthenticationException;
import org.wso2.carbon.identity.oauth.stub.types.Parameters;
import org.wso2.carbon.identity.oauth.ui.client.OAuthServiceClient;
import org.wso2.carbon.identity.oauth.ui.internal.OAuthUIServiceComponentHolder;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/ui/OAuthServlet.class */
public class OAuthServlet extends HttpServlet {
    private static final long serialVersionUID = -7309826651165509449L;
    private static final Log log = LogFactory.getLog(OAuthServlet.class);

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String pathInfo = httpServletRequest.getPathInfo();
        Parameters populateOauthConsumerData = populateOauthConsumerData(httpServletRequest);
        try {
            OAuthServiceClient oAuthServiceClient = new OAuthServiceClient(CarbonUIUtil.getServerURL(OAuthUIServiceComponentHolder.getInstance().getServerConfigurationService()), OAuthUIServiceComponentHolder.getInstance().getConfigurationContextService().getServerConfigContext());
            if (pathInfo.indexOf("/request-token") > -1) {
                PrintWriter writer = httpServletResponse.getWriter();
                Parameters oauthRequestToken = oAuthServiceClient.getOauthRequestToken(populateOauthConsumerData);
                writer.write("oauth_token=" + Encode.forUriComponent(oauthRequestToken.getOauthToken()) + "&oauth_token_secret=" + Encode.forUriComponent(oauthRequestToken.getOauthTokenSecret()) + "&oauth_callback_confirmed=" + Encode.forUriComponent("true"));
                writer.close();
                httpServletResponse.setStatus(200);
            } else if (pathInfo.indexOf("/authorize-token") > -1) {
                String parameter = httpServletRequest.getParameter("oauth_user_name");
                String parameter2 = httpServletRequest.getParameter("oauth_user_password");
                String str = (String) httpServletRequest.getSession().getAttribute("oauth_req_token");
                if (parameter == null || parameter2 == null || str == null) {
                    Parameters scope = oAuthServiceClient.getScope(populateOauthConsumerData.getOauthToken());
                    httpServletRequest.getSession().setAttribute("oauth_req_token", populateOauthConsumerData.getOauthToken());
                    httpServletRequest.getSession().setAttribute("oauth_scope", scope.getScope());
                    httpServletRequest.getSession().setAttribute("oauth_app_name", scope.getAppName());
                    httpServletResponse.sendRedirect(IdentityUtil.getServerURL("/carbon/oauth/oauth-login.jsp", true));
                }
            } else if (pathInfo.indexOf("/access-token") > -1) {
                PrintWriter writer2 = httpServletResponse.getWriter();
                Parameters accessToken = oAuthServiceClient.getAccessToken(populateOauthConsumerData);
                writer2.write("oauth_token=" + Encode.forUriComponent(accessToken.getOauthToken()) + "&oauth_token_secret=" + Encode.forUriComponent(accessToken.getOauthTokenSecret()));
                writer2.close();
                httpServletResponse.setStatus(200);
            }
        } catch (Exception e) {
            log.error(e);
            httpServletResponse.setStatus(400);
        } catch (OAuthServiceAuthenticationException e2) {
            log.debug(e2);
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"WSO2 IS\"");
        }
    }

    private Parameters populateOauthConsumerData(HttpServletRequest httpServletRequest) {
        String str = ",";
        boolean z = false;
        String header = httpServletRequest.getHeader("Authorization");
        Parameters parameters = new Parameters();
        if (header == null) {
            z = true;
            header = httpServletRequest.getQueryString();
            str = "&";
        }
        StringBuilder sb = new StringBuilder();
        if (header != null) {
            if (header.startsWith("OAuth ") || header.startsWith("oauth ")) {
                header = header.substring(header.indexOf("o"));
            }
            String[] split = header.split(str);
            if (split != null && split.length > 0) {
                for (String str2 : split) {
                    String[] split2 = str2.split("=");
                    if (split2 != null && split2.length > 0) {
                        if ("oauth_consumer_key".equals(split2[0].trim())) {
                            parameters.setOauthConsumerKey(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_nonce".equals(split2[0].trim())) {
                            parameters.setOauthNonce(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_signature".equals(split2[0].trim())) {
                            parameters.setOauthSignature(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_signature_method".equals(split2[0].trim())) {
                            parameters.setOauthSignatureMethod(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_timestamp".equals(split2[0].trim())) {
                            parameters.setOauthTimeStamp(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_callback".equals(split2[0].trim())) {
                            parameters.setOauthCallback(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("scope".equals(split2[0].trim())) {
                            parameters.setScope(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("xoauth_displayname".equals(split2[0].trim())) {
                            parameters.setDisplayName(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_token".equals(split2[0].trim())) {
                            parameters.setOauthToken(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_verifier".equals(split2[0].trim())) {
                            parameters.setOauthTokenVerifier(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_token_secret".equals(split2[0].trim())) {
                            parameters.setOauthTokenSecret(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else if ("oauth_version".equals(split2[0].trim())) {
                            parameters.setVersion(removeLeadingAndTrailingQuatation(split2[1].trim()));
                        } else {
                            sb.append(split2[0].trim() + "=" + removeLeadingAndTrailingQuatation(split2[1].trim()) + "&");
                        }
                    }
                }
            }
        }
        String sb2 = sb.toString();
        if (!z) {
            sb2 = httpServletRequest.getQueryString() + "&";
        }
        String parameter = httpServletRequest.getParameter("scope");
        if (parameter != null) {
            parameters.setScope(parameter);
        }
        parameters.setHttpMethod(httpServletRequest.getMethod());
        if (sb2.length() > 1) {
            parameters.setBaseString(httpServletRequest.getRequestURL().toString() + "?" + sb2.substring(0, sb2.length() - 1));
        } else {
            parameters.setBaseString(httpServletRequest.getRequestURL().toString());
        }
        return parameters;
    }

    private String removeLeadingAndTrailingQuatation(String str) {
        String str2 = str;
        if (str.startsWith("\"") || str.endsWith("\"")) {
            str2 = str.replace("\"", "");
        }
        return URLDecoder.decode(str2).trim();
    }
}
