package leap.oauth2.server.endpoint;

import java.util.Locale;
import leap.core.annotation.Inject;
import leap.core.security.Authentication;
import leap.lang.Result;
import leap.lang.Strings;
import leap.lang.http.QueryString;
import leap.lang.http.QueryStringParser;
import leap.lang.intercepting.State;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.lang.net.Urls;
import leap.oauth2.server.OAuth2Errors;
import leap.oauth2.server.OAuth2Params;
import leap.oauth2.server.OAuth2ResponseException;
import leap.oauth2.server.Oauth2MessageKey;
import leap.oauth2.server.QueryOAuth2Params;
import leap.oauth2.server.RequestOAuth2Params;
import leap.oauth2.server.authc.SimpleAuthzAuthentication;
import leap.oauth2.server.client.AuthzClient;
import leap.oauth2.server.endpoint.authorize.ResponseTypeHandler;
import leap.oauth2.server.token.AuthzTokenManager;
import leap.web.App;
import leap.web.Request;
import leap.web.Response;
import leap.web.exception.ResponseException;
import leap.web.route.Routes;
import leap.web.security.SecurityInterceptor;
import leap.web.security.authc.AuthenticationContext;
import leap.web.security.login.LoginContext;
import leap.web.security.user.UserManager;
import leap.web.view.ViewSource;

/* loaded from: input_file:leap/oauth2/server/endpoint/AuthorizationEndpoint.class */
public class AuthorizationEndpoint extends AbstractAuthzEndpoint implements SecurityInterceptor {
    private static final Log log = LogFactory.get(AuthorizationEndpoint.class);
    public static final String CLIENT_ATTRIBUTE = "oauth2.client";
    public static final String STATE_ATTRIBUTE = "oauth2.state";
    public static final String PARAMS_ATTRIBUTE = "oauth2.params";

    @Inject
    protected AuthzTokenManager tokenManager;

    @Inject
    protected ViewSource viewSource;

    @Inject
    protected UserManager um;
    protected String loginUrl;

    public void startEndpoint(App app, Routes routes) throws Throwable {
        if (this.config.isEnabled()) {
            this.sc.interceptors().add(this);
            if (Strings.isEmpty(this.config.getLoginView()) || null == this.viewSource.getView(this.config.getLoginView(), (Locale) null)) {
                return;
            }
            this.loginUrl = "view:" + this.config.getLoginView();
        }
    }

    public State postResolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) throws Throwable {
        if (!request.getPath().equals(this.config.getAuthzEndpointPath())) {
            return State.CONTINUE;
        }
        RequestOAuth2Params requestOAuth2Params = new RequestOAuth2Params(request);
        ResponseTypeHandler responseTypeHandler = getResponseTypeHandler(request, response, requestOAuth2Params);
        if (null == responseTypeHandler) {
            return State.INTERCEPTED;
        }
        Result<AuthzClient> validateRequest = responseTypeHandler.validateRequest(request, response, requestOAuth2Params);
        if (validateRequest.isIntercepted()) {
            return State.INTERCEPTED;
        }
        AuthzClient authzClient = (AuthzClient) validateRequest.get();
        Authentication authentication = authenticationContext.getAuthentication();
        if (null == authentication || !authentication.isAuthenticated()) {
            exposeViewData(request, requestOAuth2Params, authzClient);
            return State.CONTINUE;
        }
        handleAuthenticated(request, response, new SimpleAuthzAuthentication(requestOAuth2Params, authzClient, this.um.getUserDetails(authentication.getUser()), authentication), responseTypeHandler);
        return State.INTERCEPTED;
    }

    public State prePromoteLogin(Request request, Response response, LoginContext loginContext) throws Throwable {
        if (null != this.loginUrl) {
            loginContext.setLoginUrl(this.loginUrl);
        }
        return State.CONTINUE;
    }

    public State preLoginAuthentication(Request request, Response response, LoginContext loginContext) throws Throwable {
        String parameter = request.getParameter(STATE_ATTRIBUTE);
        if (Strings.isEmpty(parameter)) {
            return State.CONTINUE;
        }
        if (null != this.loginUrl) {
            loginContext.setLoginUrl(this.loginUrl);
        }
        String decode = Urls.decode(parameter);
        QueryString parse = QueryStringParser.parse(decode);
        if (parse.isEmpty()) {
            return State.CONTINUE;
        }
        QueryOAuth2Params queryOAuth2Params = new QueryOAuth2Params(parse);
        ResponseTypeHandler responseTypeHandler = getResponseTypeHandler(request, response, queryOAuth2Params);
        if (null == responseTypeHandler) {
            return State.INTERCEPTED;
        }
        Result<AuthzClient> validateRequest = responseTypeHandler.validateRequest(request, response, queryOAuth2Params);
        if (validateRequest.isIntercepted()) {
            return State.INTERCEPTED;
        }
        exposeViewData(request, queryOAuth2Params, (AuthzClient) validateRequest.get(), decode);
        return State.CONTINUE;
    }

    public State onLoginAuthenticationSuccess(Request request, Response response, LoginContext loginContext, Authentication authentication) throws Throwable {
        String parameter = request.getParameter(STATE_ATTRIBUTE);
        if (Strings.isEmpty(parameter)) {
            return State.CONTINUE;
        }
        OAuth2Params oAuth2Params = (OAuth2Params) request.getAttribute(PARAMS_ATTRIBUTE);
        AuthzClient authzClient = (AuthzClient) request.getAttribute(CLIENT_ATTRIBUTE);
        ResponseTypeHandler responseTypeHandler = null;
        if (null != oAuth2Params) {
            responseTypeHandler = getResponseTypeHandler(request, response, oAuth2Params);
        }
        if (null == authzClient || null == oAuth2Params) {
            QueryString parse = QueryStringParser.parse(Urls.decode(parameter));
            if (parse.isEmpty()) {
                return State.CONTINUE;
            }
            oAuth2Params = new QueryOAuth2Params(parse);
            responseTypeHandler = getResponseTypeHandler(request, response, oAuth2Params);
            if (null == responseTypeHandler) {
                return State.INTERCEPTED;
            }
            Result<AuthzClient> validateRequest = responseTypeHandler.validateRequest(request, response, oAuth2Params);
            if (validateRequest.isIntercepted()) {
                return State.INTERCEPTED;
            }
            authzClient = (AuthzClient) validateRequest.get();
        }
        handleAuthenticated(request, response, new SimpleAuthzAuthentication(oAuth2Params, authzClient, this.um.getUserDetails(authentication.getUser()), authentication), responseTypeHandler);
        return State.INTERCEPTED;
    }

    protected ResponseTypeHandler getResponseTypeHandler(Request request, Response response, OAuth2Params oAuth2Params) throws Throwable {
        String responseType = oAuth2Params.getResponseType();
        if (Strings.isEmpty(responseType)) {
            log.debug("error : response_type required");
            request.getValidation().addError(OAuth2Errors.ERROR_INVALID_REQUEST, "response_type required");
            request.forwardToView(this.config.getErrorView());
            return null;
        }
        ResponseTypeHandler responseTypeHandler = (ResponseTypeHandler) this.factory.tryGetBean(ResponseTypeHandler.class, responseType);
        if (null != responseTypeHandler) {
            return responseTypeHandler;
        }
        log.info("error : invalid response type {}", new Object[]{responseType});
        request.getValidation().addError(OAuth2Errors.ERROR_INVALID_REQUEST, "unsupported or invalid response type");
        request.forwardToView(this.config.getErrorView());
        return null;
    }

    protected void handleAuthenticated(Request request, Response response, SimpleAuthzAuthentication simpleAuthzAuthentication, ResponseTypeHandler responseTypeHandler) throws Throwable {
        String redirectUri = simpleAuthzAuthentication.getRedirectUri();
        try {
            responseTypeHandler.handleResponseType(request, response, simpleAuthzAuthentication);
        } catch (OAuth2ResponseException e) {
            OAuth2Errors.redirect(response, redirectUri, OAuth2Errors.oauth2Error(request, e.getStatus(), e.getError(), null, e.getMessage()));
        } catch (ResponseException e2) {
            throw e2;
        } catch (Throwable th) {
            log.error("Internal server error : {}", new Object[]{th.getMessage(), th});
            OAuth2Errors.redirect(response, redirectUri, OAuth2Errors.redirectServerErrorError(request, Oauth2MessageKey.createRandomKey(), th.getMessage()));
        }
    }

    protected void exposeViewData(Request request, OAuth2Params oAuth2Params, AuthzClient authzClient) {
        request.setAttribute(CLIENT_ATTRIBUTE, authzClient);
        request.setAttribute(PARAMS_ATTRIBUTE, oAuth2Params);
        request.setAttribute(STATE_ATTRIBUTE, Urls.encode(request.getQueryString()));
    }

    protected void exposeViewData(Request request, OAuth2Params oAuth2Params, AuthzClient authzClient, String str) {
        request.setAttribute(CLIENT_ATTRIBUTE, authzClient);
        request.setAttribute(PARAMS_ATTRIBUTE, oAuth2Params);
        request.setAttribute(STATE_ATTRIBUTE, Urls.encode(str));
    }
}
