package com.adobe.granite.oauth.server.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.oauth.server.OAuth2ResourceServer;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Constants;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Helper;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component
@Deprecated
@Service({Servlet.class})
@Properties({@Property(name = "service.description", value = {"OAuth2AuthorizationEndpointServlet (DEPRECATED)"}), @Property(name = "osgi.http.whiteboard.servlet.pattern", value = {OAuth2AuthorizationEndpointServlet.DEFAULT_SERVLET_PATH}), @Property(name = "osgi.http.whiteboard.context.select", value = {"(osgi.http.whiteboard.context.name=com.adobe.granite.oauth)"})})
/* loaded from: input_file:com/adobe/granite/oauth/server/impl/OAuth2AuthorizationEndpointServlet.class */
public class OAuth2AuthorizationEndpointServlet extends HttpServlet {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private static final long serialVersionUID = 6693148092624224413L;
    private static final String CONSENT_SCREEN_SERVLET = "/libs/granite/oauth/content/authorization.html";
    protected static final String DEFAULT_SERVLET_PATH = "/authorize";

    @Reference
    private SlingRepository repository;

    @Reference
    private OAuth2ResourceServer oAuth2ResourceServer;

    @Reference
    private CryptoSupport cryptoSupport;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Session session = null;
        try {
            try {
                try {
                    OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(httpServletRequest);
                    session = this.repository.loginService((String) null, (String) null);
                    validateScope(httpServletRequest, oAuthAuthzRequest);
                    OAuth2Helper.validateAuthorizationEndpointInput(session, this.cryptoSupport, oAuthAuthzRequest.getClientId(), oAuthAuthzRequest.getRedirectURI());
                    httpServletResponse.sendRedirect(getConsentScreenURI(httpServletRequest, oAuthAuthzRequest));
                    if (session != null) {
                        session.logout();
                    }
                } catch (OAuthProblemException e) {
                    this.logger.error("doGet: OAuth Problem Exception in the Authorization Endpoint", e);
                    try {
                        if (e.getRedirectUri() == null) {
                            httpServletResponse.sendError(e.getResponseStatus(), e.getError());
                        } else {
                            httpServletResponse.sendRedirect(OAuthASResponse.errorResponse(302).error(e).location(e.getRedirectUri()).buildQueryMessage().getLocationUri());
                        }
                    } catch (OAuthSystemException e2) {
                        OAuth2Helper.handleOAuthSystemException(e2, httpServletResponse);
                    }
                    if (session != null) {
                        session.logout();
                    }
                }
            } catch (OAuthSystemException e3) {
                OAuth2Helper.handleOAuthSystemException(e3, httpServletResponse);
                if (session != null) {
                    session.logout();
                }
            } catch (RepositoryException e4) {
                OAuth2Helper.handleOAuthSystemException(new OAuthSystemException("failed while accessing repository"), httpServletResponse);
                if (session != null) {
                    session.logout();
                }
            }
        } catch (Throwable th) {
            if (session != null) {
                session.logout();
            }
            throw th;
        }
    }

    private void validateScope(HttpServletRequest httpServletRequest, OAuthAuthzRequest oAuthAuthzRequest) throws OAuthProblemException, OAuthSystemException {
        boolean z = false;
        String parameter = httpServletRequest.getParameter(OAuth2Constants.SCOPE);
        if (OAuthUtils.isEmpty(parameter)) {
            throw OAuthUtils.handleMissingParameters(Collections.singleton(OAuth2Constants.SCOPE));
        }
        if (parameter.contains(",")) {
            z = true;
        }
        if (!z) {
            OAuth2Helper.validateScopes(this.oAuth2ResourceServer, oAuthAuthzRequest.getScopes(), false);
            return;
        }
        this.logger.info("the provided scope is not valid");
        OAuthProblemException error = OAuthProblemException.error("invalid_scope", "Invalid scope");
        error.responseStatus(400);
        throw error;
    }

    private String getConsentScreenURI(HttpServletRequest httpServletRequest, OAuthAuthzRequest oAuthAuthzRequest) {
        StringBuilder sb = new StringBuilder(CONSENT_SCREEN_SERVLET);
        sb.append("?").append("client_id").append("=").append(oAuthAuthzRequest.getClientId());
        sb.append("&").append(OAuth2Constants.SCOPE).append("=").append(OAuth2Helper.getScopes((Set<String>) oAuthAuthzRequest.getScopes()));
        sb.append("&").append("redirect_uri").append("=").append(oAuthAuthzRequest.getRedirectURI().replace("://", ":__"));
        String state = oAuthAuthzRequest.getState();
        if (state != null && state.length() > 0) {
            sb.append("&").append("state").append("=").append(state);
        }
        return sb.toString();
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindOAuth2ResourceServer(OAuth2ResourceServer oAuth2ResourceServer) {
        this.oAuth2ResourceServer = oAuth2ResourceServer;
    }

    protected void unbindOAuth2ResourceServer(OAuth2ResourceServer oAuth2ResourceServer) {
        if (this.oAuth2ResourceServer == oAuth2ResourceServer) {
            this.oAuth2ResourceServer = null;
        }
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }
}
