package fr.in2p3.lavoisier.authenticator.OAuth2;

import fr.in2p3.lavoisier.authenticator.action.RedirectAction;
import fr.in2p3.lavoisier.interfaces.authenticator.Action;
import fr.in2p3.lavoisier.interfaces.authenticator.Authenticator;
import fr.in2p3.lavoisier.interfaces.authenticator.SessionLogout;
import fr.in2p3.lavoisier.interfaces.authenticator.SessionStorable;
import fr.in2p3.lavoisier.interfaces.authenticator.impl.DefaultPrincipal;
import fr.in2p3.lavoisier.interfaces.usage.Configuration;
import fr.in2p3.lavoisier.interfaces.usage.Parameter;
import java.io.IOException;
import java.net.URI;
import java.security.Principal;
import javax.security.auth.login.LoginException;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.GitHubTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.glassfish.grizzly.http.Cookie;
import org.glassfish.grizzly.http.server.Response;

/* loaded from: input_file:fr/in2p3/lavoisier/authenticator/OAuth2/OAuth2Authenticator.class */
public class OAuth2Authenticator extends Authenticator<OAuth2ResponsibilityHandler, OAuth2AuthenticatorInput, JWTAuthenticatedUser> implements SessionStorable, SessionLogout {
    public static final Parameter<String> P_AUTHZ_LOCATION = Parameter.string("authz_location", "The URL of the OAuth2 Authorization URL");
    public static final Parameter<String> P_TOKEN_LOCATION = Parameter.string("token_location", "The URL of the OAuth2 Token URL");
    public static final Parameter<String> P_SCOPE = Parameter.string("scope", "The set of permissions requested");
    public static final Parameter<String> P_CLIENT_ID = Parameter.string("client_id", "The Client ID (or App ID)");
    public static final Parameter<String> P_CLIENT_SECRET = Parameter.string("client_secret", "The Client secret (or App secret)");
    private String m_authzLocation;
    private String m_tokenLocation;
    private String m_scope;
    private String m_clientId;
    private String m_clientSecret;

    public OAuth2Authenticator() {
        super(OAuth2ResponsibilityHandler.class, OAuth2AuthenticatorInput.class, JWTAuthenticatedUser.class);
    }

    public String getDescription() {
        return "This adaptor authenticates user with OAuth2";
    }

    public Parameter[] getUsage() {
        return new Parameter[]{P_AUTHZ_LOCATION, P_TOKEN_LOCATION, P_SCOPE, P_CLIENT_ID, P_CLIENT_SECRET};
    }

    public void init(String str, Configuration configuration) throws Exception {
        this.m_authzLocation = (String) P_AUTHZ_LOCATION.getValue(configuration);
        this.m_tokenLocation = (String) P_TOKEN_LOCATION.getValue(configuration);
        this.m_scope = (String) P_SCOPE.getValue(configuration);
        this.m_clientId = (String) P_CLIENT_ID.getValue(configuration);
        this.m_clientSecret = (String) P_CLIENT_SECRET.getValue(configuration);
    }

    public Action getPreAction(OAuth2AuthenticatorInput oAuth2AuthenticatorInput) throws LoginException {
        if (oAuth2AuthenticatorInput.getState() == null) {
            return null;
        }
        try {
            return new RedirectAction(OAuthClientRequest.authorizationLocation(this.m_authzLocation).setResponseType("code").setClientId(this.m_clientId).setRedirectURI(oAuth2AuthenticatorInput.getServiceURL().toString()).setState(oAuth2AuthenticatorInput.getState()).setScope(this.m_scope).buildQueryMessage().getLocationUri());
        } catch (OAuthSystemException e) {
            throw new LoginException("Malformed URL: " + e.getMessage());
        }
    }

    public Principal getPrincipal(OAuth2AuthenticatorInput oAuth2AuthenticatorInput) throws LoginException {
        OAuthAccessTokenResponse accessToken;
        String code = oAuth2AuthenticatorInput.getCode();
        URI serviceURL = oAuth2AuthenticatorInput.getServiceURL();
        if (code.equals("null")) {
            throw new LoginException("Not authorized to access resources");
        }
        try {
            OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(this.m_tokenLocation).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(this.m_clientId).setClientSecret(this.m_clientSecret).setRedirectURI(serviceURL.toString()).setCode(code).buildBodyMessage();
            buildBodyMessage.addHeader("Accept", "application/json");
            OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
            try {
                try {
                    if (this.m_tokenLocation.startsWith("https://graph.facebook.com")) {
                        accessToken = oAuthClient.accessToken(buildBodyMessage, GitHubTokenResponse.class);
                    } else {
                        if (buildBodyMessage.getBody().contains("%25")) {
                            buildBodyMessage.setBody(buildBodyMessage.getBody().replace("%25", "%"));
                        }
                        accessToken = oAuthClient.accessToken(buildBodyMessage);
                    }
                    DefaultPrincipal defaultPrincipal = new DefaultPrincipal(accessToken.getAccessToken());
                    oAuthClient.shutdown();
                    return defaultPrincipal;
                } catch (OAuthProblemException e) {
                    throw new LoginException("not authorized" + e.getMessage() + "\n" + e.toString());
                } catch (OAuthSystemException e2) {
                    throw new LoginException("not authorized" + e2.getMessage());
                }
            } catch (Throwable th) {
                oAuthClient.shutdown();
                throw th;
            }
        } catch (OAuthSystemException e3) {
            throw new LoginException("not authorized" + e3.getMessage());
        }
    }

    public void logout(Response response) throws IOException {
        Cookie cookie = new Cookie("JSESSIONID", "");
        cookie.setPath("/");
        cookie.setMaxAge(0);
        response.addCookie(cookie);
        response.getWriter().write("<html><body>Click here if you also want to logout from <a href='" + this.m_authzLocation.replace("openid-connect/auth", "openid-connect/logout") + "'>your account</a> (this will log you out of all applications using this account)</body></html>");
    }
}
