package org.apache.cxf.rs.security.oauth2.client;

import java.io.IOException;
import java.net.URI;
import java.util.List;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.FormUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;

@Priority(1001)
@PreMatching
/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.class */
public class ClientCodeRequestFilter implements ContainerRequestFilter {

    @Context
    private MessageContext mc;
    private String scopes;
    private String relRedirectUri;
    private String startUri;
    private String authorizationServiceUri;
    private OAuthClientUtils.Consumer consumer;
    private ClientCodeStateManager clientStateManager;
    private ClientTokenContextManager clientTokenContextManager;
    private WebClient accessTokenService;

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        ClientTokenContext clientTokenContext;
        SecurityContext securityContext = containerRequestContext.getSecurityContext();
        if (securityContext == null || securityContext.getUserPrincipal() == null) {
            throw ExceptionUtils.toNotAuthorizedException(null, null);
        }
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (!uriInfo.getPath().endsWith(this.startUri)) {
            if (uriInfo.getPath().endsWith(this.relRedirectUri)) {
                processCodeResponse(containerRequestContext, securityContext, uriInfo);
            }
        } else if (this.clientTokenContextManager == null || (clientTokenContext = this.clientTokenContextManager.getClientTokenContext(this.mc)) == null) {
            containerRequestContext.abortWith(createCodeResponse(containerRequestContext, securityContext, uriInfo));
        } else {
            setClientCodeRequest(clientTokenContext);
            containerRequestContext.setRequestUri(URI.create(this.relRedirectUri));
        }
    }

    private Response createCodeResponse(ContainerRequestContext containerRequestContext, SecurityContext securityContext, UriInfo uriInfo) {
        return Response.seeOther(OAuthClientUtils.getAuthorizationURI(this.authorizationServiceUri, this.consumer.getKey(), getAbsoluteRedirectUri(uriInfo).toString(), createRequestState(containerRequestContext, securityContext, uriInfo), this.scopes)).build();
    }

    private URI getAbsoluteRedirectUri(UriInfo uriInfo) {
        return uriInfo.getBaseUriBuilder().path(this.relRedirectUri).build(new Object[0]);
    }

    protected void processCodeResponse(ContainerRequestContext containerRequestContext, SecurityContext securityContext, UriInfo uriInfo) {
        MultivaluedMap<String, String> queryParameters = uriInfo.getQueryParameters();
        ClientAccessToken accessToken = OAuthClientUtils.getAccessToken(this.accessTokenService, this.consumer, new AuthorizationCodeGrant(queryParameters.getFirst("code"), getAbsoluteRedirectUri(uriInfo)));
        MultivaluedMap<String, String> multivaluedMap = null;
        String first = queryParameters.getFirst(OAuthConstants.STATE);
        if (this.clientStateManager != null) {
            multivaluedMap = this.clientStateManager.toState(this.mc, first);
        }
        ClientTokenContext createTokenContext = createTokenContext(accessToken);
        createTokenContext.setToken(accessToken);
        createTokenContext.setState(multivaluedMap);
        if (this.clientTokenContextManager != null) {
            this.clientTokenContextManager.setClientTokenContext(this.mc, createTokenContext);
        }
        setClientCodeRequest(createTokenContext);
    }

    protected ClientTokenContext createTokenContext(ClientAccessToken clientAccessToken) {
        return new ClientTokenContext();
    }

    private void setClientCodeRequest(ClientTokenContext clientTokenContext) {
        JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, clientTokenContext);
    }

    private String createRequestState(ContainerRequestContext containerRequestContext, SecurityContext securityContext, UriInfo uriInfo) {
        if (this.clientStateManager == null) {
            return null;
        }
        MetadataMap metadataMap = new MetadataMap();
        metadataMap.putAll(uriInfo.getQueryParameters(false));
        if (MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(containerRequestContext.getMediaType())) {
            FormUtils.populateMapFromString(metadataMap, JAXRSUtils.getCurrentMessage(), FormUtils.readBody(containerRequestContext.getEntityStream(), "UTF-8"), "UTF-8", false);
        }
        return this.clientStateManager.toString(this.mc, metadataMap);
    }

    public void setScopeList(List<String> list) {
        StringBuilder sb = new StringBuilder();
        for (String str : list) {
            if (sb.length() > 0) {
                sb.append(" ");
            }
            sb.append(str);
        }
        setScopeString(sb.toString());
    }

    public void setScopeString(String str) {
        this.scopes = str;
    }

    public void setStartUri(String str) {
        this.startUri = str;
    }

    public void setAuthorizationServiceUri(String str) {
        this.authorizationServiceUri = str;
    }

    public void setRelativeRedirectUri(String str) {
        this.relRedirectUri = str;
    }

    public void setAccessTokenService(WebClient webClient) {
        this.accessTokenService = webClient;
    }

    public void setClientStateManager(ClientCodeStateManager clientCodeStateManager) {
        this.clientStateManager = clientCodeStateManager;
    }

    public void setClientTokenContextManager(ClientTokenContextManager clientTokenContextManager) {
        this.clientTokenContextManager = clientTokenContextManager;
    }

    public OAuthClientUtils.Consumer getConsumer() {
        return this.consumer;
    }

    public void setConsumer(OAuthClientUtils.Consumer consumer) {
        this.consumer = consumer;
    }
}
