package com.bornium.security.oauth2openid.server.endpoints;

import com.bornium.http.Exchange;
import com.bornium.http.Method;
import com.bornium.http.Response;
import com.bornium.http.ResponseBuilder;
import com.bornium.http.util.BodyUtil;
import com.bornium.http.util.UriUtil;
import com.bornium.security.oauth2openid.Constants;
import com.bornium.security.oauth2openid.providers.Session;
import com.bornium.security.oauth2openid.server.ServerServices;
import com.bornium.security.oauth2openid.token.CombinedTokenManager;
import com.bornium.security.oauth2openid.token.Token;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.google.common.base.Charsets;
import com.google.common.io.CharStreams;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/oauth2-openid-1.2.0.jar:com/bornium/security/oauth2openid/server/endpoints/VerificationEndpoint.class */
public class VerificationEndpoint extends Endpoint {
    public VerificationEndpoint(ServerServices serverServices) {
        super(serverServices, Constants.ENDPOINT_VERIFICATION);
    }

    @Override // com.bornium.security.oauth2openid.server.endpoints.Endpoint
    public void invokeOn(Exchange exchange) throws Exception {
        Session session = this.serverServices.getProvidedServices().getSessionProvider().getSession(exchange);
        CombinedTokenManager tokenManager = this.serverServices.getTokenManager();
        if (exchange.getRequest().getMethod() == Method.GET) {
            String str = getParams(exchange).get(Constants.PARAMETER_USER_CODE);
            if (requireLogin(exchange, session, str)) {
                return;
            }
            if (str == null) {
                str = session.getValue(Constants.PARAMETER_USER_CODE);
                if (str != null) {
                    session.removeValue(Constants.PARAMETER_USER_CODE);
                }
            }
            if (str != null) {
                exchange.setResponse(redirectToSelf(prepareJsStateParameter(str, null, null)));
                return;
            } else {
                exchange.setResponse(sendUsercodepage());
                return;
            }
        }
        Map<String, String> bodyToParams = BodyUtil.bodyToParams(exchange.getRequest().getBody());
        String str2 = bodyToParams.get(Constants.PARAMETER_USER_CODE);
        if (str2 != null) {
            str2 = UriUtil.decode(str2);
        }
        if (requireLogin(exchange, session, str2)) {
            return;
        }
        Token token = tokenManager.getUserCodes().getToken(str2);
        if (token == null) {
            exchange.setResponse(redirectToSelf(prepareJsStateParameter(str2, null, Constants.ERROR_INVALID_REQUEST)));
            return;
        }
        if (token.isExpired()) {
            exchange.setResponse(redirectToSelf(prepareJsStateParameter(str2, null, Constants.ERROR_INVALID_GRANT)));
            return;
        }
        if (token.isManuallyRevoked()) {
            exchange.setResponse(redirectToSelf(prepareJsStateParameter(str2, null, Constants.ERROR_INVALID_GRANT)));
            return;
        }
        if (token.getUsages() > 0) {
            exchange.setResponse(redirectToSelf(prepareJsStateParameter(str2, null, Constants.ERROR_INVALID_GRANT)));
            return;
        }
        String str3 = bodyToParams.get(Constants.LOGIN_CONSENT);
        if (str3 == null || !str3.equals("yes")) {
            if (str3 != null) {
                token.revokeCascade();
            }
            HashMap<String, String> prepareJsStateParameter = prepareJsStateParameter(session);
            if (str2 != null) {
                prepareJsStateParameter.put(Constants.PARAMETER_USER_CODE, str2);
            }
            exchange.setResponse(redirectToSelf(prepareJsStateParameter));
            return;
        }
        String str4 = bodyToParams.get("scope");
        if (str4 != null) {
            str4 = UriUtil.decode(str4);
        }
        if (str4 == null || !token.getScope().equals(str4)) {
            exchange.setResponse(redirectToSelf(prepareJsStateParameter(str2, token.getScope(), null)));
            return;
        }
        Token token2 = tokenManager.getDeviceCodes().getToken("pre:" + token.getUsername());
        tokenManager.addTokenToManager(tokenManager.getDeviceCodes(), tokenManager.createDeviceTokenWithDefaultDuration(token2.getValue().replaceFirst("^pre:", ""), session.getValue("username"), token2.getClientId(), str4));
        token.incrementUsage();
        token2.incrementUsage();
        exchange.setResponse(sendSuccesspage());
        session.removeValue(Constants.PARAMETER_USER_CODE);
    }

    private boolean requireLogin(Exchange exchange, Session session, String str) throws Exception {
        if (isLoggedIn(exchange)) {
            return false;
        }
        session.putValue(Constants.PARAMETER_USER_CODE, str == null ? "" : str);
        exchange.setResponse(redirectToLogin(prepareJsStateParameter(session)));
        return true;
    }

    protected HashMap<String, String> prepareJsStateParameter(String str, String str2, String str3) throws Exception {
        HashMap<String, String> hashMap = new HashMap<>();
        if (str != null) {
            hashMap.put(Constants.PARAMETER_USER_CODE, str);
        }
        if (str2 != null) {
            hashMap.put("scope", str2);
        }
        if (str3 != null) {
            hashMap.put(Constants.PARAMETER_ERROR, str3);
        }
        hashMap.put(Constants.CONTEXT_PATH, this.serverServices.getProvidedServices().getContextPath());
        return hashMap;
    }

    private Response sendUsercodepage() throws IOException {
        return new ResponseBuilder().statuscode(200).header("Content-Type", "text/html").body(loadUsercodepage()).build();
    }

    private Response sendSuccesspage() throws IOException {
        return new ResponseBuilder().statuscode(200).header("Content-Type", "text/html").body(loadSuccesspage()).build();
    }

    private String loadUsercodepage() throws IOException {
        return loadPage("usercode.html");
    }

    private String loadSuccesspage() throws IOException {
        return loadPage("success.html");
    }

    private String loadPage(String str) throws IOException {
        return CharStreams.toString(new InputStreamReader(getClass().getResourceAsStream("/static/deviceverification/" + str), Charsets.UTF_8));
    }

    protected Response redirectToSelf(Map<String, String> map) throws UnsupportedEncodingException, JsonProcessingException {
        return redirectToUrl(this.serverServices.getProvidedServices().getContextPath() + Constants.ENDPOINT_VERIFICATION + "#params=" + prepareJSParams(map), null);
    }

    @Override // com.bornium.security.oauth2openid.server.endpoints.Endpoint
    public String getScope(Exchange exchange) throws Exception {
        return null;
    }
}
