package org.sharextras.webscripts;

import java.io.IOException;
import java.nio.charset.Charset;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.springframework.extensions.config.RemoteConfigElement;
import org.springframework.extensions.surf.ServletUtil;
import org.springframework.extensions.surf.exception.CredentialVaultProviderException;
import org.springframework.extensions.surf.support.ThreadLocalRequestContext;
import org.springframework.extensions.surf.util.URLDecoder;
import org.springframework.extensions.webscripts.AbstractWebScript;
import org.springframework.extensions.webscripts.Format;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.WebScriptResponse;
import org.springframework.extensions.webscripts.connector.ConnectorService;
import org.springframework.extensions.webscripts.connector.CredentialVault;
import org.springframework.extensions.webscripts.connector.Credentials;

/* loaded from: input_file:org/sharextras/webscripts/OAuth2Return.class */
public class OAuth2Return extends AbstractWebScript {
    private static final String PARAM_CODE = "code";
    private static final String PARAM_REDIRECT_PAGE = "rp";
    private static final String PARAM_STATE = "state";
    private static final String PH_ENDPOINT_ID = "endpoint";
    private static final String PROP_ACCESS_TOKEN_URL = "access-token-url";
    private static final String PROP_CLIENT_ID = "client-id";
    private static final String PROP_CLIENT_SECRET = "client-secret";
    public static final String VAULT_PROVIDER_ID = "oAuth2CredentialVaultProvider";
    private static Log logger = LogFactory.getLog(OAuth2Return.class);
    private ConnectorService connectorService;

    public void execute(WebScriptRequest webScriptRequest, WebScriptResponse webScriptResponse) throws IOException {
        String parameter = webScriptRequest.getParameter(PARAM_CODE);
        String str = (String) webScriptRequest.getServiceMatch().getTemplateVars().get(PH_ENDPOINT_ID);
        if (logger.isDebugEnabled()) {
            logger.debug("Received OAuth return code " + parameter);
        }
        if (parameter == null || parameter.length() == 0) {
            throw new WebScriptException(400, "No OAuth return code was found");
        }
        if (str == null) {
            throw new WebScriptException(400, "No endpoint ID was specified");
        }
        RemoteConfigElement.EndpointDescriptor endpointDescriptor = getConnectorService().getRemoteConfig().getEndpointDescriptor(str);
        if (endpointDescriptor == null) {
            throw new WebScriptException(404, "Endpoint " + str + " could not be found");
        }
        String connectorId = endpointDescriptor.getConnectorId();
        if (connectorId == null) {
            throw new WebScriptException(400, "Connector name cannot be null");
        }
        String stringProperty = endpointDescriptor.getStringProperty(PROP_ACCESS_TOKEN_URL);
        String stringProperty2 = endpointDescriptor.getStringProperty(PROP_CLIENT_ID);
        String stringProperty3 = endpointDescriptor.getStringProperty(PROP_CLIENT_SECRET);
        RemoteConfigElement.ConnectorDescriptor connectorDescriptor = getConnectorService().getRemoteConfig().getConnectorDescriptor(connectorId);
        if (connectorDescriptor != null) {
            if (stringProperty == null) {
                stringProperty = connectorDescriptor.getStringProperty(PROP_ACCESS_TOKEN_URL);
            }
            if (stringProperty2 == null) {
                stringProperty2 = connectorDescriptor.getStringProperty(PROP_CLIENT_ID);
            }
            if (stringProperty3 == null) {
                stringProperty3 = connectorDescriptor.getStringProperty(PROP_CLIENT_SECRET);
            }
        }
        try {
            CredentialVault credentialVault = this.connectorService.getCredentialVault(ServletUtil.getSession(), ThreadLocalRequestContext.getRequestContext().getUser().getId(), VAULT_PROVIDER_ID);
            String str2 = null;
            String str3 = "";
            JSONObject requestAccessToken = requestAccessToken(stringProperty, stringProperty2, stringProperty3, parameter, webScriptRequest);
            logger.debug("Token data returned");
            try {
                if (requestAccessToken.has("access_token")) {
                    logger.debug("access_token: " + requestAccessToken.getString("access_token"));
                    str2 = requestAccessToken.getString("access_token");
                }
                if (requestAccessToken.has("instance_url")) {
                    logger.debug("instance_url: " + requestAccessToken.getString("instance_url"));
                }
                if (requestAccessToken.has("refresh_token")) {
                    logger.debug("refresh_token: " + requestAccessToken.getString("refresh_token"));
                    str3 = requestAccessToken.getString("refresh_token");
                }
                if (str2 == null) {
                    throw new WebScriptException("No access token was found but this is required");
                }
                Credentials retrieve = credentialVault.retrieve(str);
                if (retrieve == null) {
                    retrieve = credentialVault.newCredentials(str);
                }
                retrieve.setProperty("accessToken", str2);
                retrieve.setProperty("refreshToken", str3);
                credentialVault.save();
                executeRedirect(webScriptRequest, webScriptResponse);
            } catch (JSONException e) {
                throw new WebScriptException("Error parsing access token response", e);
            }
        } catch (CredentialVaultProviderException e2) {
            throw new WebScriptException("Unable to obtain credential vault for OAuth credentials", e2);
        }
    }

    private JSONObject requestAccessToken(String str, String str2, String str3, String str4, WebScriptRequest webScriptRequest) throws HttpException, IOException {
        if (str == null) {
            throw new IllegalArgumentException("Parameter 'access-token-url' must be provided on connector");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Parameter 'client-id' must be provided on connector");
        }
        if (str3 == null) {
            throw new IllegalArgumentException("Parameter 'client-secret' must be provided on connector");
        }
        HttpClient httpClient = new HttpClient();
        PostMethod postMethod = new PostMethod(str);
        if (logger.isDebugEnabled()) {
            logger.debug("Sending OAuth return code " + str4 + " to " + str);
        }
        String url = webScriptRequest.getURL();
        if (url.indexOf(63) != -1) {
            url = url.substring(0, url.indexOf(63));
        }
        postMethod.addParameter(PARAM_CODE, str4);
        postMethod.addParameter("grant_type", "authorization_code");
        postMethod.addParameter("redirect_uri", webScriptRequest.getServerPath() + url);
        if (str2 != null) {
            postMethod.addParameter("client_id", str2);
        }
        if (str3 != null) {
            postMethod.addParameter("client_secret", str3);
        }
        postMethod.addRequestHeader("Accept", Format.JSON.mimetype());
        int executeMethod = httpClient.executeMethod(postMethod);
        String str5 = new String(postMethod.getResponseBody(), Charset.forName("UTF-8"));
        if (logger.isDebugEnabled()) {
            logger.debug("Received token response " + str5);
        }
        try {
            JSONObject jSONObject = new JSONObject(new JSONTokener(str5));
            if (executeMethod == 200) {
                return jSONObject;
            }
            String string = jSONObject.getString("error_description");
            jSONObject.getString("error");
            throw new WebScriptException(executeMethod, "A problem occurred while requesting the access token" + (string != null ? " - " + string : ""));
        } catch (JSONException e) {
            throw new WebScriptException("A problem occurred parsing the JSON response from the provider");
        }
    }

    private void executeRedirect(WebScriptRequest webScriptRequest, WebScriptResponse webScriptResponse) {
        String str = null;
        String parameter = webScriptRequest.getParameter(PARAM_STATE);
        if (webScriptRequest.getParameter("rp") != null) {
            str = webScriptRequest.getParameter("rp").indexOf(47) == 0 ? webScriptRequest.getParameter("rp") : "/" + webScriptRequest.getParameter("rp");
        } else if (parameter != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Found state: " + parameter);
            }
            String str2 = null;
            for (String str3 : parameter.split("&")) {
                String[] split = str3.split("=");
                if (split.length == 2 && "rp".equals(URLDecoder.decode(split[0]))) {
                    str2 = URLDecoder.decode(split[1]);
                }
            }
            if (str2 != null) {
                str = str2.indexOf(47) == 0 ? str2 : "/" + str2;
            }
        }
        String str4 = webScriptRequest.getServerPath() + webScriptRequest.getContextPath() + (str != null ? str : "");
        if (logger.isDebugEnabled()) {
            logger.debug("Redirecting user to URL " + str4);
        }
        webScriptResponse.addHeader("Location", str4);
        webScriptResponse.setStatus(302);
    }

    public ConnectorService getConnectorService() {
        return this.connectorService;
    }

    public void setConnectorService(ConnectorService connectorService) {
        this.connectorService = connectorService;
    }
}
