package com.venky.swf.controller;

import com.venky.core.util.ObjectUtil;
import com.venky.swf.controller.annotations.RequireLogin;
import com.venky.swf.db.Database;
import com.venky.swf.db.Transaction;
import com.venky.swf.db.model.User;
import com.venky.swf.db.model.UserEmail;
import com.venky.swf.path.Path;
import com.venky.swf.routing.Config;
import com.venky.swf.sql.Expression;
import com.venky.swf.sql.Operator;
import com.venky.swf.sql.Select;
import com.venky.swf.views.HtmlView;
import com.venky.swf.views.RedirectorView;
import com.venky.swf.views.View;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.TreeSet;
import java.util.logging.Level;
import org.apache.oltu.oauth2.client.HttpClient;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthAuthzResponse;
import org.apache.oltu.oauth2.client.response.OAuthClientResponse;
import org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory;
import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.oltu.oauth2.common.OAuthProviderType;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;

/* loaded from: input_file:com/venky/swf/controller/OidController.class */
public class OidController extends Controller {
    private static Map<String, OIDProvider> oidproviderMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/venky/swf/controller/OidController$OIDProvider.class */
    public static class OIDProvider {
        boolean redirectUrlSupportsParams;
        boolean resourceUrlNeedsHeaders;
        GrantType grantType;
        String openIdProvider;
        OAuthProviderType providerType;
        String clientId;
        String clientSecret;
        String iss;
        Class<? extends OAuthAccessTokenResponse> tokenResponseClass;
        String resourceUrl;
        String redirectUrl;
        String scope;

        public String getRedirectUrl(String str) {
            return !str.equals("LINKEDIN") ? Config.instance().getServerBaseUrl() + "/oid/verify?SELECTED_OPEN_ID=" + str : Config.instance().getServerBaseUrl() + "/oid/linkedin";
        }

        public OIDProvider(String str, OAuthProviderType oAuthProviderType, String str2, Class<? extends OAuthAccessTokenResponse> cls, String str3, String str4, GrantType grantType, boolean z, boolean z2) {
            this.iss = str2;
            this.tokenResponseClass = cls;
            this.resourceUrl = str3;
            this.openIdProvider = str;
            this.providerType = oAuthProviderType;
            this.clientId = Config.instance().getClientId(str);
            this.clientSecret = Config.instance().getClientSecret(str);
            this.redirectUrl = getRedirectUrl(str);
            this.scope = str4;
            this.grantType = grantType;
            this.resourceUrlNeedsHeaders = z;
            this.redirectUrlSupportsParams = z2;
        }

        public OAuthClientRequest createRequest(String str) {
            String str2;
            try {
                String str3 = this.redirectUrl;
                if (ObjectUtil.isVoid(str)) {
                    str2 = "";
                } else {
                    str2 = (this.redirectUrlSupportsParams ? "&_redirect_to=" : "/") + str;
                }
                return OAuthClientRequest.authorizationProvider(this.providerType).setClientId(this.clientId).setResponseType("code").setScope(this.scope).setRedirectURI(str3 + str2).buildQueryMessage();
            } catch (OAuthSystemException e) {
                throw new RuntimeException((Throwable) e);
            }
        }

        public String authorize(String str, String str2) {
            String str3;
            try {
                String str4 = this.redirectUrl;
                if (ObjectUtil.isVoid(str2)) {
                    str3 = "";
                } else {
                    str3 = (this.redirectUrlSupportsParams ? "&_redirect_to=" : "/") + str2;
                }
                OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenProvider(this.providerType).setGrantType(this.grantType).setClientId(this.clientId).setClientSecret(this.clientSecret).setRedirectURI(str4 + str3).setCode(str).setScope(this.scope).buildBodyMessage();
                OAuthClient oAuthClient = new OAuthClient(new OidHttpClient());
                OAuthAccessTokenResponse accessToken = oAuthClient.accessToken(buildBodyMessage, this.tokenResponseClass);
                if (ObjectUtil.isVoid(this.resourceUrl)) {
                    return extractEmail(accessToken);
                }
                OAuthBearerClientRequest accessToken2 = new OAuthBearerClientRequest(this.resourceUrl).setAccessToken(accessToken.getAccessToken());
                return extractEmail((OAuthResourceResponse) oAuthClient.resource(!this.resourceUrlNeedsHeaders ? accessToken2.buildQueryMessage() : accessToken2.buildHeaderMessage(), "GET", OAuthResourceResponse.class));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        public String extractEmail(OAuthResourceResponse oAuthResourceResponse) throws Exception {
            JSONObject jSONObject = (JSONObject) new JSONParser().parse(oAuthResourceResponse.getBody());
            String str = (String) jSONObject.get("email");
            if (ObjectUtil.isVoid(str)) {
                str = (String) ((JSONObject) ((JSONObject) ((JSONArray) jSONObject.get("elements")).get(0)).get("handle~")).get("emailAddress");
            }
            return str;
        }

        public String extractEmail(OAuthAccessTokenResponse oAuthAccessTokenResponse) throws Exception {
            if (oAuthAccessTokenResponse instanceof OAuthJSONAccessTokenResponse) {
                StringTokenizer stringTokenizer = new StringTokenizer(oAuthAccessTokenResponse.getParam("id_token"), ".");
                String str = new String(Base64.getDecoder().decode(stringTokenizer.nextToken()));
                String str2 = new String(Base64.getDecoder().decode(stringTokenizer.nextToken()));
                JSONObject jSONObject = (JSONObject) new JSONParser().parse(str2);
                String str3 = (String) jSONObject.get("email");
                String[] strArr = {this.iss, "http://" + this.iss, "https://" + this.iss};
                if (jSONObject.get("aud").equals(this.clientId) && Arrays.asList(strArr).contains(jSONObject.get("iss"))) {
                    return str3;
                }
            }
            throw new RuntimeException("OAuth Failed");
        }
    }

    /* loaded from: input_file:com/venky/swf/controller/OidController$OidHttpClient.class */
    public static class OidHttpClient implements HttpClient {
        public <T extends OAuthClientResponse> T execute(OAuthClientRequest oAuthClientRequest, Map<String, String> map, String str, Class<T> cls) throws OAuthSystemException, OAuthProblemException {
            InputStream inputStream = null;
            Map<String, List<String>> hashMap = new HashMap();
            try {
                URLConnection openConnection = new URL(oAuthClientRequest.getLocationUri()).openConnection();
                openConnection.setConnectTimeout(5000);
                openConnection.setReadTimeout(5000);
                int i = -1;
                if (openConnection instanceof HttpURLConnection) {
                    HttpURLConnection httpURLConnection = (HttpURLConnection) openConnection;
                    if (map != null && !map.isEmpty()) {
                        for (Map.Entry<String, String> entry : map.entrySet()) {
                            httpURLConnection.addRequestProperty(entry.getKey(), entry.getValue());
                        }
                    }
                    if (oAuthClientRequest.getHeaders() != null) {
                        for (Map.Entry entry2 : oAuthClientRequest.getHeaders().entrySet()) {
                            httpURLConnection.addRequestProperty((String) entry2.getKey(), (String) entry2.getValue());
                        }
                    }
                    if (OAuthUtils.isEmpty(str)) {
                        httpURLConnection.setRequestMethod("GET");
                    } else {
                        httpURLConnection.setRequestMethod(str);
                        setRequestBody(oAuthClientRequest, str, httpURLConnection);
                    }
                    httpURLConnection.connect();
                    i = httpURLConnection.getResponseCode();
                    InputStream errorStream = (i == 400 || i == 401) ? httpURLConnection.getErrorStream() : httpURLConnection.getInputStream();
                    hashMap = httpURLConnection.getHeaderFields();
                    inputStream = errorStream;
                }
                return (T) OAuthClientResponseFactory.createCustomResponse(inputStream, openConnection.getContentType(), i, hashMap, cls);
            } catch (IOException e) {
                throw new OAuthSystemException(e);
            }
        }

        private void setRequestBody(OAuthClientRequest oAuthClientRequest, String str, HttpURLConnection httpURLConnection) throws IOException {
            String body = oAuthClientRequest.getBody();
            if (OAuthUtils.isEmpty(body)) {
                return;
            }
            if ("POST".equals(str) || "PUT".equals(str)) {
                httpURLConnection.setDoOutput(true);
                PrintWriter printWriter = new PrintWriter(httpURLConnection.getOutputStream());
                printWriter.print(body);
                printWriter.flush();
                printWriter.close();
            }
        }

        public void shutdown() {
        }
    }

    public OidController(Path path) {
        super(path);
    }

    @Override // com.venky.swf.controller.Controller
    protected View authenticate() {
        String parameter = getPath().getRequest().getParameter("SELECTED_OPEN_ID");
        if (ObjectUtil.isVoid(parameter)) {
            HtmlView createLoginView = createLoginView(false);
            createLoginView.setStatus(HtmlView.StatusType.ERROR, "Open id provider not specified");
            return createLoginView;
        }
        try {
            OAuthClientRequest createRequest = oidproviderMap.get(parameter).createRequest(getPath().getRequest().getParameter("_redirect_to"));
            RedirectorView redirectorView = new RedirectorView(getPath());
            redirectorView.setRedirectUrl(createRequest.getLocationUri());
            return redirectorView;
        } catch (Exception e) {
            return createLoginView(HtmlView.StatusType.ERROR, e.getMessage());
        }
    }

    @RequireLogin(false)
    public View linkedin() throws OAuthProblemException, OAuthSystemException, ParseException {
        return linkedin("");
    }

    @RequireLogin(false)
    public View linkedin(String str) throws OAuthProblemException, OAuthSystemException, ParseException {
        return verify("LINKEDIN", str);
    }

    @RequireLogin(false)
    public View verify() throws OAuthProblemException, OAuthSystemException, ParseException {
        return verify(getPath().getRequest().getParameter("SELECTED_OPEN_ID"), getPath().getRequest().getParameter("_redirect_to"));
    }

    private View verify(String str, String str2) throws OAuthProblemException, OAuthSystemException, ParseException {
        try {
            String authorize = oidproviderMap.get(str).authorize(OAuthAuthzResponse.oauthCodeAuthzResponse(getPath().getRequest()).getCode(), str2);
            User user = null;
            Select from = new Select(new String[0]).from(new Class[]{UserEmail.class});
            from.where(new Expression(from.getPool(), "email", Operator.EQ, new String[]{authorize}));
            List execute = from.execute(UserEmail.class);
            if (execute.size() > 0) {
                TreeSet treeSet = new TreeSet();
                Iterator it = execute.iterator();
                while (it.hasNext()) {
                    treeSet.add(Long.valueOf(((UserEmail) it.next()).getUserId()));
                }
                if (treeSet.size() > 1) {
                    return createLoginView(HtmlView.StatusType.ERROR, "Multiple users associated with same email id");
                }
                user = (User) Database.getTable(User.class).get(((Long) treeSet.first()).longValue());
            }
            if (user == null) {
                Transaction createTransaction = Database.getInstance().getTransactionManager().createTransaction();
                user = (User) Database.getTable(User.class).newRecord();
                user.setName(authorize);
                user.setPassword((String) null);
                user.save();
                if (user.getUserEmails().isEmpty()) {
                    UserEmail newRecord = Database.getTable(UserEmail.class).newRecord();
                    newRecord.setUserId(user.getId());
                    newRecord.setEmail(authorize);
                    newRecord.save();
                }
                createTransaction.commit();
            }
            getPath().createUserSession(user, false);
            return redirectSuccess(str2);
        } catch (Exception e) {
            this.cat.log(Level.WARNING, e.getMessage(), e);
            return createLoginView(HtmlView.StatusType.ERROR, e.getMessage());
        }
    }

    protected RedirectorView redirectSuccess(String str) {
        return new RedirectorView(getPath(), "", loginSuccessful(str));
    }

    static {
        oidproviderMap.put("GOOGLE", new OIDProvider("GOOGLE", OAuthProviderType.GOOGLE, "accounts.google.com", OAuthJSONAccessTokenResponse.class, "", "email", GrantType.AUTHORIZATION_CODE, false, true));
        oidproviderMap.put("FACEBOOK", new OIDProvider("FACEBOOK", OAuthProviderType.FACEBOOK, "", OAuthJSONAccessTokenResponse.class, "https://graph.facebook.com/me?fields=email,name", "email", GrantType.AUTHORIZATION_CODE, false, true));
        oidproviderMap.put("LINKEDIN", new OIDProvider("LINKEDIN", OAuthProviderType.LINKEDIN, "", OAuthJSONAccessTokenResponse.class, "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))", "r_emailaddress", GrantType.AUTHORIZATION_CODE, true, false));
    }
}
