package com.adobe.granite.oauth.server.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.keystore.KeyStoreService;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Constants;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Helper;
import java.util.List;
import java.util.Map;
import javax.jcr.Session;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.oltu.commons.encodedtoken.TokenDecoder;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.ModificationType;
import org.apache.sling.servlets.post.SlingPostProcessor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component
@Deprecated
@Service({SlingPostProcessor.class})
@Properties({@Property(name = "service.description", value = {"OAuthClientPostProcessor (DEPRECATED)"})})
/* loaded from: input_file:com/adobe/granite/oauth/server/impl/OAuthClientPostProcessor.class */
public class OAuthClientPostProcessor implements SlingPostProcessor {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private static final String REP_USER_MANAGEMENT = "rep:userManagement";

    @Reference
    private CryptoSupport cryptoSupport;

    @Reference
    KeyStoreService keyStoreService;

    @Reference
    ResourceResolverFactory resourceResolverFactory;

    public void process(SlingHttpServletRequest slingHttpServletRequest, List<Modification> list) throws Exception {
        if (list.size() > 0) {
            Modification modification = list.get(0);
            ModificationType type = modification.getType();
            if (type == ModificationType.CREATE || type == ModificationType.DELETE) {
                Resource resource = slingHttpServletRequest.getResource();
                if (!resource.getPath().startsWith("/home")) {
                    this.logger.debug("this resource is not meant to be process by the OAuthClientPostProcessor");
                    return;
                }
                if (!resource.getPath().endsWith(OAuthServletContext.CONTEXT_PATH) && !OAuth2Constants.OAUTH_CLIENTS.equals(resource.getResourceType()) && !OAuth2Constants.OAUTH_CLIENT.equals(resource.getResourceType())) {
                    this.logger.debug("this resource is not meant to be process by the OAuthClientPostProcessor");
                    return;
                }
                if (type != ModificationType.CREATE || !resource.getPath().endsWith(OAuthServletContext.CONTEXT_PATH) || !OAuth2Constants.OAUTH_CLIENTS.equals(resource.getResourceType())) {
                    if (type == ModificationType.DELETE && OAuth2Constants.OAUTH_CLIENT.equals(resource.getResourceType())) {
                        OAuth2Helper.deleteUser((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), getClientIdFromPath(modification.getSource()));
                        return;
                    }
                    return;
                }
                String clientIdFromPath = getClientIdFromPath(modification.getSource());
                Resource child = resource.getChild(clientIdFromPath);
                if (child == null || !OAuth2Constants.OAUTH_CLIENT.equals(child.getResourceType()) || clientIdFromPath == null) {
                    return;
                }
                String parameter = slingHttpServletRequest.getParameter(OAuth2Constants.OAUTH_CLIENT_HMAC);
                if (parameter == null) {
                    throw new IllegalArgumentException("Missing required clientId hmac parameter");
                }
                if (!parameter.equals(TokenDecoder.base64Encode(this.cryptoSupport.hmac_sha256(clientIdFromPath.getBytes())))) {
                    throw new IllegalArgumentException("Possibly forged clientId hmac parameter");
                }
                ResourceResolver resourceResolver = null;
                try {
                    resourceResolver = this.resourceResolverFactory.getServiceResourceResolver((Map) null);
                    Session session = (Session) resourceResolver.adaptTo(Session.class);
                    User createUser = OAuth2Helper.createUser(session, clientIdFromPath, getIntermediatePath(clientIdFromPath));
                    this.keyStoreService.createKeyStore(resourceResolver, clientIdFromPath, "notasecret".toCharArray());
                    this.keyStoreService.addKeyStoreKeyPair(resourceResolver, clientIdFromPath, this.cryptoSupport.createKeyPair("RSA"), clientIdFromPath);
                    AccessControlUtils.addAccessControlEntry(session, createUser.getPath(), slingHttpServletRequest.getUserPrincipal(), new String[]{"{http://www.jcp.org/jcr/1.0}read", REP_USER_MANAGEMENT}, true);
                    session.save();
                    if (resourceResolver == null || !resourceResolver.isLive()) {
                        return;
                    }
                    resourceResolver.close();
                } catch (Throwable th) {
                    if (resourceResolver != null && resourceResolver.isLive()) {
                        resourceResolver.close();
                    }
                    throw th;
                }
            }
        }
    }

    private String getClientIdFromPath(String str) {
        if (str == null || str.length() == 0 || str.indexOf(47) == -1) {
            return null;
        }
        return str.substring(str.lastIndexOf("/") + 1);
    }

    private String getIntermediatePath(String str) {
        return "oauth/" + str.substring(0, 4);
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }

    protected void bindKeyStoreService(KeyStoreService keyStoreService) {
        this.keyStoreService = keyStoreService;
    }

    protected void unbindKeyStoreService(KeyStoreService keyStoreService) {
        if (this.keyStoreService == keyStoreService) {
            this.keyStoreService = null;
        }
    }

    protected void bindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resourceResolverFactory = resourceResolverFactory;
    }

    protected void unbindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resourceResolverFactory == resourceResolverFactory) {
            this.resourceResolverFactory = null;
        }
    }
}
