package org.sharextras.webscripts.connector;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.context.ApplicationContext;
import org.springframework.extensions.config.RemoteConfigElement;
import org.springframework.extensions.surf.exception.ConnectorServiceException;
import org.springframework.extensions.surf.exception.CredentialVaultProviderException;
import org.springframework.extensions.surf.util.FakeHttpServletResponse;
import org.springframework.extensions.webscripts.Format;
import org.springframework.extensions.webscripts.connector.ConnectorContext;
import org.springframework.extensions.webscripts.connector.ConnectorService;
import org.springframework.extensions.webscripts.connector.Credentials;
import org.springframework.extensions.webscripts.connector.HttpConnector;
import org.springframework.extensions.webscripts.connector.RemoteClient;
import org.springframework.extensions.webscripts.connector.Response;
import org.springframework.extensions.webscripts.json.JSONWriter;

/* loaded from: input_file:org/sharextras/webscripts/connector/HttpOAuth2Connector.class */
public class HttpOAuth2Connector extends HttpConnector {
    public static final String HEADER_AUTHORIZATION = "Authorization";
    public static final String AUTH_METHOD_OAUTH = "OAuth";
    public static final String AUTH_METHOD_BEARER = "Bearer";
    private static final String VAULT_PROVIDER_ID = "oAuth2CredentialVaultProvider";
    private static final String USER_ID = "_alf_USER_ID";
    public static final String PARAM_AUTH_METHOD = "auth-method";
    public static final String PARAM_TOKEN_ENDPOINT = "token-source";
    private static Log logger = LogFactory.getLog(HttpOAuth2Connector.class);
    private ApplicationContext applicationContext;

    public HttpOAuth2Connector(RemoteConfigElement.ConnectorDescriptor connectorDescriptor, String str) {
        super(connectorDescriptor, str);
    }

    public void setApplicationContext(ApplicationContext applicationContext) {
        super.setApplicationContext(applicationContext);
        this.applicationContext = applicationContext;
    }

    private String getAuthenticationMethod() {
        String descriptorProperty = getDescriptorProperty(PARAM_AUTH_METHOD, (RemoteConfigElement.EndpointDescriptor) null);
        return descriptorProperty != null ? descriptorProperty : "OAuth";
    }

    protected boolean hasAccessToken() {
        return (getConnectorSession() == null || getConnectorSession().getParameter("accessToken") == null) ? false : true;
    }

    protected boolean hasRefreshToken() {
        return (getConnectorSession() == null || getConnectorSession().getParameter("refreshToken") == null) ? false : true;
    }

    protected String getAccessToken() {
        if (getConnectorSession() != null) {
            return getConnectorSession().getParameter("accessToken");
        }
        return null;
    }

    protected String getRefreshToken() {
        if (getConnectorSession() != null) {
            return getConnectorSession().getParameter("refreshToken");
        }
        return null;
    }

    public Response call(String str, ConnectorContext connectorContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String string;
        String endpointId = getEndpointId(str, httpServletRequest);
        FakeHttpServletResponse fakeHttpServletResponse = new FakeHttpServletResponse(httpServletResponse);
        Response response = null;
        boolean z = false;
        boolean z2 = false;
        connectorContext.setCommitResponseOnAuthenticationError(false);
        try {
            if (!hasAccessToken()) {
                logger.debug("No tokens found. Loading from tokenstore.");
                loadTokens(endpointId, httpServletRequest);
                z = true;
            }
            if (hasAccessToken()) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Loading resource " + str + " - first attempt");
                }
                fakeHttpServletResponse.reset();
                response = callInternal(str, connectorContext, httpServletRequest, fakeHttpServletResponse);
                if (logger.isDebugEnabled()) {
                    logger.debug("Response status " + response.getStatus().getCode() + " " + response.getStatus().getCodeName());
                }
                if (!z && (response.getStatus().getCode() == 401 || response.getStatus().getCode() == 403)) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Checking for updated access token");
                    }
                    String accessToken = getAccessToken();
                    loadTokens(endpointId, httpServletRequest);
                    if (!hasAccessToken()) {
                        writeError(fakeHttpServletResponse, 401, "NO_TOKEN", "No access token is present", null);
                    } else if (getAccessToken().equals(accessToken)) {
                        logger.debug("No updated token found");
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Token has been updated, retrying request for " + str);
                        }
                        fakeHttpServletResponse.reset();
                        response = callInternal(str, connectorContext, httpServletRequest, fakeHttpServletResponse);
                        if (logger.isDebugEnabled()) {
                            logger.debug("Response status " + response.getStatus().getCode() + " " + response.getStatus().getCodeName());
                        }
                    }
                }
            } else {
                writeError(fakeHttpServletResponse, 401, "NO_TOKEN", "No access token is present", null);
            }
            if (response != null && response.getStatus() != null && response.getStatus().getCode() == 401 && hasRefreshToken()) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Trying to refresh access token - using refresh token " + getRefreshToken());
                }
                try {
                    String accessToken2 = getAccessToken();
                    String refreshToken = getRefreshToken();
                    JSONObject doRefresh = doRefresh(endpointId);
                    String string2 = doRefresh.getString("access_token");
                    if (logger.isDebugEnabled()) {
                        logger.debug("Parsed access token: " + string2);
                    }
                    if (string2 == null || string2.equals(accessToken2)) {
                        logger.debug("No token returned or token not updated");
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Got new access token " + string2 + " - retrying request for " + str);
                        }
                        this.connectorSession.setParameter("accessToken", string2);
                        z2 = true;
                        fakeHttpServletResponse.reset();
                        response = callInternal(str, connectorContext, httpServletRequest, fakeHttpServletResponse);
                    }
                    if (doRefresh.has("refresh_token") && (string = doRefresh.getString("refresh_token")) != null && !string.equals(refreshToken)) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Got new refresh token " + string);
                        }
                        this.connectorSession.setParameter("refreshToken", string);
                        z2 = true;
                    }
                } catch (JSONException e) {
                    writeError(fakeHttpServletResponse, 500, "ERR_MISSING_ACCESS_TOKEN", "Unable to retrieve access token from provider response", e);
                } catch (TokenRefreshException e2) {
                    writeError(fakeHttpServletResponse, 500, "ERR_REFRESH_TOKEN", "Unable to refresh token", e2);
                }
                if (z2) {
                    saveTokens(endpointId, httpServletRequest);
                }
            }
            copyResponseContent(response, fakeHttpServletResponse, httpServletResponse, true);
        } catch (CredentialVaultProviderException e3) {
            writeError(httpServletResponse, 500, "ERR_CREDENTIALSTORE", "Unable to load credential store", e3);
        } catch (ConnectorServiceException e4) {
            writeError(httpServletResponse, 500, "ERR_FETCH_CREDENTIALS", "Unable to retrieve OAuth credentials from credential vault", e4);
        } catch (IOException e5) {
            writeError(httpServletResponse, 500, "ERR_COPY_RESPONSE", "Error encountered copying outputstream", e5);
        }
        return response;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response callInternal(String str, ConnectorContext connectorContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return super.call(str, connectorContext, httpServletRequest, httpServletResponse);
        } catch (Throwable th) {
            writeError(httpServletResponse, 500, "ERR_CALLOUT", "Encountered error when attempting to reload", th);
            return null;
        }
    }

    private String getUserId(HttpSession httpSession) {
        return (String) httpSession.getAttribute(USER_ID);
    }

    private OAuth2CredentialVault getCredentialVault(String str, HttpServletRequest httpServletRequest, boolean z) throws CredentialVaultProviderException, ConnectorServiceException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            logger.error("Session should not be null!");
            return null;
        }
        String userId = getUserId(session);
        ConnectorService connectorService = getConnectorService();
        OAuth2CredentialVault credentialVault = connectorService.getCredentialVault(session, userId, "oAuth2CredentialVaultProvider");
        if (z) {
            credentialVault.load(str, connectorService.getConnector("alfresco", userId, session));
        }
        return credentialVault;
    }

    protected void loadTokens(String str, HttpServletRequest httpServletRequest) throws CredentialVaultProviderException, ConnectorServiceException {
        logger.debug("Loading OAuth tokens for endpoint " + str);
        Credentials retrieve = getCredentialVault(str, httpServletRequest, true).retrieve(str);
        if (retrieve == null || retrieve.getProperty("accessToken") == null) {
            return;
        }
        this.connectorSession.setParameter("accessToken", retrieve.getProperty("accessToken").toString());
        if (retrieve.getProperty("refreshToken") != null) {
            this.connectorSession.setParameter("refreshToken", retrieve.getProperty("refreshToken").toString());
        }
    }

    protected void saveTokens(String str, HttpServletRequest httpServletRequest) throws CredentialVaultProviderException, ConnectorServiceException {
        logger.debug("Saving OAuth tokens for endpoint " + str);
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            String userId = getUserId(session);
            ConnectorService connectorService = getConnectorService();
            OAuth2CredentialVault credentialVault = getCredentialVault(str, httpServletRequest, true);
            Credentials retrieve = credentialVault.retrieve(str);
            if (retrieve != null) {
                retrieve.setProperty("accessToken", this.connectorSession.getParameter("accessToken"));
                retrieve.setProperty("refreshToken", this.connectorSession.getParameter("refreshToken"));
                credentialVault.save(connectorService.getConnector("alfresco", userId, session));
            }
        }
    }

    private void copyResponseContent(Response response, FakeHttpServletResponse fakeHttpServletResponse, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        byte[] contentAsByteArray = fakeHttpServletResponse.getContentAsByteArray();
        fakeHttpServletResponse.flushBuffer();
        if (response != null) {
            if (logger.isTraceEnabled()) {
                logger.trace("Setting status " + response.getStatus().getCode());
                logger.trace("Setting encoding " + fakeHttpServletResponse.getCharacterEncoding());
            }
            httpServletResponse.setStatus(response.getStatus().getCode());
            for (Map.Entry entry : response.getStatus().getHeaders().entrySet()) {
                httpServletResponse.setHeader((String) entry.getKey(), (String) entry.getValue());
                if (logger.isTraceEnabled()) {
                    logger.trace("Add header " + ((String) entry.getKey()) + ": " + ((String) entry.getValue()));
                }
            }
        } else {
            httpServletResponse.setStatus(fakeHttpServletResponse.getStatus());
            for (Object obj : fakeHttpServletResponse.getHeaderNames()) {
                httpServletResponse.setHeader((String) obj, (String) fakeHttpServletResponse.getHeader((String) obj));
                if (logger.isTraceEnabled()) {
                    logger.trace("Add header " + ((String) obj) + ": " + ((String) fakeHttpServletResponse.getHeader((String) obj)));
                }
            }
        }
        httpServletResponse.setCharacterEncoding(fakeHttpServletResponse.getCharacterEncoding());
        if (logger.isTraceEnabled()) {
            logger.trace("Add bytes " + contentAsByteArray.length);
        }
        httpServletResponse.getOutputStream().write(contentAsByteArray);
        if (z) {
            httpServletResponse.flushBuffer();
        }
    }

    private void writeError(HttpServletResponse httpServletResponse, int i, String str, String str2, Throwable th) {
        httpServletResponse.setStatus(i);
        httpServletResponse.setContentType(Format.JSON.mimetype());
        try {
            JSONWriter jSONWriter = new JSONWriter(httpServletResponse.getWriter());
            jSONWriter.startObject();
            jSONWriter.startValue("error").startObject();
            jSONWriter.writeValue("id", str);
            jSONWriter.writeValue("message", str2);
            if (th != null) {
                jSONWriter.startValue("exception").startObject();
                jSONWriter.writeValue("message", th.getMessage());
                StringWriter stringWriter = new StringWriter();
                th.printStackTrace(new PrintWriter(stringWriter));
                jSONWriter.writeValue("stackTrace", stringWriter.toString());
                jSONWriter.endObject();
            }
            jSONWriter.endObject();
            jSONWriter.endObject();
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    protected void applyRequestAuthentication(RemoteClient remoteClient, ConnectorContext connectorContext) {
        String str = null;
        if (getConnectorSession() != null) {
            str = getConnectorSession().getParameter("accessToken");
        }
        if (str != null) {
            String str2 = getAuthenticationMethod() + " " + str;
            if (logger.isDebugEnabled()) {
                logger.debug("Adding Authorization header " + str2);
            }
            HashMap hashMap = new HashMap(1);
            hashMap.put("Authorization", str2);
            remoteClient.setRequestProperties(hashMap);
        }
    }

    protected JSONObject doRefresh(String str) throws TokenRefreshException {
        String refreshToken = getRefreshToken();
        RemoteConfigElement.EndpointDescriptor endpointDescriptor = getEndpointDescriptor(str);
        String descriptorProperty = getDescriptorProperty("client-id", endpointDescriptor);
        String descriptorProperty2 = getDescriptorProperty("client-secret", endpointDescriptor);
        String descriptorProperty3 = getDescriptorProperty("access-token-url", endpointDescriptor);
        HttpClient httpClient = new HttpClient();
        PostMethod postMethod = new PostMethod(descriptorProperty3);
        postMethod.addParameter("grant_type", "refresh_token");
        postMethod.addParameter("refresh_token", refreshToken);
        postMethod.addParameter("client_id", descriptorProperty);
        postMethod.addParameter("client_secret", descriptorProperty2);
        postMethod.addRequestHeader("Accept", Format.JSON.mimetype());
        try {
            int executeMethod = httpClient.executeMethod(postMethod);
            String str2 = new String(postMethod.getResponseBody(), Charset.forName("UTF-8"));
            if (executeMethod == 200) {
                try {
                    return new JSONObject(str2);
                } catch (JSONException e) {
                    throw new TokenRefreshException("Unable to retrieve access token from provider response", e);
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Token refresh failed, received response code: " + executeMethod);
            }
            logger.debug("Received response " + str2);
            throw new TokenRefreshException("Token refresh failed, received response code: " + executeMethod);
        } catch (HttpException e2) {
            throw new TokenRefreshException("Error when refreshing tokens", e2);
        } catch (IOException e3) {
            throw new TokenRefreshException("Error when refreshing tokens", e3);
        }
    }

    protected RemoteConfigElement.EndpointDescriptor getEndpointDescriptor(String str) {
        return getConnectorService().getRemoteConfig().getEndpointDescriptor(str);
    }

    protected String getDescriptorProperty(String str, RemoteConfigElement.EndpointDescriptor endpointDescriptor) {
        String str2 = null;
        if (endpointDescriptor != null) {
            str2 = endpointDescriptor.getStringProperty(str);
        }
        if (str2 == null) {
            str2 = this.descriptor.getStringProperty(str);
        }
        return str2;
    }

    protected String getDescriptorProperty(String str, String str2) {
        return getDescriptorProperty(str, getEndpointDescriptor(str2));
    }

    public String getEndpointId() {
        return this.descriptor.getStringProperty(PARAM_TOKEN_ENDPOINT);
    }

    private String getEndpointId(String str, HttpServletRequest httpServletRequest) {
        String substring = str.indexOf(63) > -1 ? str.substring(0, str.indexOf(63)) : str;
        String endpointId = getEndpointId();
        if (endpointId == null) {
            String substring2 = httpServletRequest.getPathInfo().substring(0, httpServletRequest.getPathInfo().length() - substring.length());
            endpointId = substring2.substring(substring2.lastIndexOf(47) + 1);
        }
        return endpointId;
    }

    private ConnectorService getConnectorService() {
        return (ConnectorService) this.applicationContext.getBean("connector.service");
    }
}
