package com.adobe.granite.oauth.server.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.oauth.jwt.JwsBuilderFactory;
import com.adobe.granite.oauth.server.OAuth2ResourceServer;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Constants;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Helper;
import java.io.IOException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(metatype = false)
@Deprecated
@Service({Servlet.class})
@Properties({@Property(name = "service.description", value = {"OAuth2AuthorizationCodeIssuer (DEPRECATED)"}), @Property(name = "sling.servlet.paths", value = {"/libs/granite/oauth/authorize"})})
/* loaded from: input_file:com/adobe/granite/oauth/server/impl/OAuth2AuthorizationCodeIssuer.class */
public class OAuth2AuthorizationCodeIssuer extends SlingAllMethodsServlet {

    @Reference
    private JwsBuilderFactory jwsBuilderFactory;
    private static final long serialVersionUID = -6280552132723613511L;
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Reference
    private SlingRepository repository;

    @Reference
    private OAuth2ResourceServer oAuth2ResourceServer;

    @Reference
    private CryptoSupport cryptoSupport;

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        Session session = null;
        try {
            try {
                try {
                    String parameter = slingHttpServletRequest.getParameter("accept");
                    String replace = slingHttpServletRequest.getParameter("redirect_uri").replace(":__", "://");
                    if (parameter == null) {
                        OAuthProblemException error = OAuthProblemException.error("access_denied", "Access denied");
                        error.setRedirectUri(replace);
                        throw error;
                    }
                    String parameter2 = slingHttpServletRequest.getParameter(OAuth2Constants.SCOPE);
                    Session loginService = this.repository.loginService((String) null, (String) null);
                    OAuth2Helper.validateScopes(this.oAuth2ResourceServer, OAuth2Helper.getScopesSet(parameter2), false);
                    String parameter3 = slingHttpServletRequest.getParameter("client_id");
                    OAuth2Helper.validateAuthorizationEndpointInput(loginService, this.cryptoSupport, parameter3, replace);
                    if (!OAuth2Helper.checkPrivileges(this.repository, this.oAuth2ResourceServer, OAuth2Helper.getUser(loginService, slingHttpServletRequest.getRemoteUser()), OAuth2Helper.getScopesSet(parameter2))) {
                        this.logger.info("User {} doesn't have priveleges to grant scope {}", slingHttpServletRequest.getRemoteUser(), parameter2);
                        OAuthProblemException error2 = OAuthProblemException.error("invalid_scope", "User can't grant scope");
                        error2.setRedirectUri(replace);
                        throw error2;
                    }
                    OAuth2GraniteIssuer expiresIn = new OAuth2GraniteIssuer(this.jwsBuilderFactory.getInstance("HS256")).setScope(parameter2).setAudience(parameter3).setSubject(slingHttpServletRequest.getRemoteUser()).setExpiresIn("600");
                    expiresIn.setCustomClaimsSetField(OAuth2Constants.CONTENT_TYPE, OAuth2Constants.CONTENT_TYPE_AUTHORIZATION_CODE);
                    slingHttpServletResponse.sendRedirect(OAuthASResponse.authorizationResponse(slingHttpServletRequest, 302).location(replace).setCode(expiresIn.authorizationCode()).buildQueryMessage().getLocationUri());
                    if (loginService != null) {
                        loginService.logout();
                    }
                } catch (OAuthSystemException e) {
                    OAuth2Helper.handleOAuthSystemException(e, slingHttpServletResponse);
                    if (0 != 0) {
                        session.logout();
                    }
                }
            } catch (OAuthProblemException e2) {
                this.logger.error("doPost: OAuth Problem Exception in the Authorization Endpoint", e2);
                try {
                    if (e2.getRedirectUri() == null) {
                        slingHttpServletResponse.sendError(e2.getResponseStatus(), e2.getError());
                    } else {
                        slingHttpServletResponse.sendRedirect(OAuthASResponse.errorResponse(302).error(e2).location(e2.getRedirectUri()).buildQueryMessage().getLocationUri());
                    }
                } catch (OAuthSystemException e3) {
                    OAuth2Helper.handleOAuthSystemException(e3, slingHttpServletResponse);
                }
                if (0 != 0) {
                    session.logout();
                }
            } catch (RepositoryException e4) {
                OAuth2Helper.handleOAuthSystemException(new OAuthSystemException("failed while accessing repository"), slingHttpServletResponse);
                if (0 != 0) {
                    session.logout();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                session.logout();
            }
            throw th;
        }
    }

    protected void bindJwsBuilderFactory(JwsBuilderFactory jwsBuilderFactory) {
        this.jwsBuilderFactory = jwsBuilderFactory;
    }

    protected void unbindJwsBuilderFactory(JwsBuilderFactory jwsBuilderFactory) {
        if (this.jwsBuilderFactory == jwsBuilderFactory) {
            this.jwsBuilderFactory = null;
        }
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindOAuth2ResourceServer(OAuth2ResourceServer oAuth2ResourceServer) {
        this.oAuth2ResourceServer = oAuth2ResourceServer;
    }

    protected void unbindOAuth2ResourceServer(OAuth2ResourceServer oAuth2ResourceServer) {
        if (this.oAuth2ResourceServer == oAuth2ResourceServer) {
            this.oAuth2ResourceServer = null;
        }
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }
}
