package com.adobe.cq.cloudconfig.core.servlet;

import com.adobe.cq.cloudconfig.core.model.TokenRequest;
import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.toggle.api.ToggleRouter;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.PrintWriter;
import java.util.ArrayList;
import javax.servlet.Servlet;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.StatusLine;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.osgi.services.HttpClientBuilderFactory;
import org.apache.http.util.EntityUtils;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingSafeMethodsServlet;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Servlet.class}, property = {"sling.servlet.extensions=json", "sling.servlet.resourceTypes=cq/cloudconfig/oauthservlet", "sling.servlet.methods=GET"})
/* loaded from: input_file:com/adobe/cq/cloudconfig/core/servlet/OAuthServlet.class */
public class OAuthServlet extends SlingSafeMethodsServlet {

    @Reference(policyOption = ReferencePolicyOption.GREEDY)
    private ToggleRouter toggleRouter;

    @Reference
    private CryptoSupport cryptoSupport;
    private static final String CLIENT_ID = "client_id";
    private static final String CLIENT_SECRET = "client_secret";
    private static final String GRANT_TYPE = "grant_type";
    private static final String REDIRECT_URI = "redirect_uri";
    private static final String CODE = "code";
    private static final String REFRESH_TOKEN = "refresh_token";
    private static final String ERROR = "error";
    private static final String ERROR_DESCRIPTION = "error_description";
    private static final String REFRESH_TOKEN_URI = "refresh_token_uri";
    private static final String ACCESS_TOKEN_URI = "access_token_uri";
    private static final String AUTHORIZATION_SCOPE = "authorization_scope";
    private static final String SCOPE = "scope";
    private static final String AUTHORIZATION_CODE = "authorization_code";
    private Logger logger = LoggerFactory.getLogger(OAuthServlet.class);

    @Reference
    private HttpClientBuilderFactory httpClientBuilderFactory;

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) {
        getRequestHandler(slingHttpServletRequest, slingHttpServletResponse);
    }

    private void getRequestHandler(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) {
        JsonObject fetchRefreshToken;
        String parameter = slingHttpServletRequest.getParameter(CLIENT_ID);
        String parameter2 = slingHttpServletRequest.getParameter(CLIENT_SECRET);
        String parameter3 = slingHttpServletRequest.getParameter(CODE);
        String parameter4 = slingHttpServletRequest.getParameter(REDIRECT_URI);
        String parameter5 = slingHttpServletRequest.getParameter(REFRESH_TOKEN_URI);
        String parameter6 = slingHttpServletRequest.getParameter(ACCESS_TOKEN_URI);
        String parameter7 = slingHttpServletRequest.getParameter(GRANT_TYPE);
        String parameter8 = slingHttpServletRequest.getParameter(AUTHORIZATION_SCOPE);
        String parameter9 = slingHttpServletRequest.getParameter(REFRESH_TOKEN);
        TokenRequest tokenRequest = new TokenRequest(parameter, parameter2, parameter3, parameter4, parameter5, parameter7, parameter8, parameter9);
        JsonObject jsonObject = new JsonObject();
        if (this.toggleRouter != null && this.toggleRouter.isEnabled("FT_FORMS-4177") && REFRESH_TOKEN.equals(parameter7)) {
            if (StringUtils.isBlank(parameter) || StringUtils.isBlank(parameter9)) {
                jsonObject.addProperty(ERROR, "Parameters(client_id, refreshToken) should not be empty");
                writeResponse(jsonObject, slingHttpServletResponse);
                return;
            } else {
                tokenRequest.setAccessTokenUri(parameter6);
                fetchRefreshToken = fetchAccessToken(tokenRequest);
            }
        } else {
            if (StringUtils.isBlank(parameter3) || StringUtils.isBlank(parameter5) || StringUtils.isBlank(parameter) || StringUtils.isBlank(parameter4)) {
                jsonObject.addProperty(ERROR, "Parameters(client_id, refreshTokenUri, redirectUri, authorization_code) should not be empty");
                writeResponse(jsonObject, slingHttpServletResponse);
                return;
            }
            fetchRefreshToken = fetchRefreshToken(tokenRequest);
        }
        if (fetchRefreshToken == null) {
            jsonObject.addProperty(ERROR, "error in getting token. Token response returned as null");
            writeResponse(jsonObject, slingHttpServletResponse);
            return;
        }
        String asString = fetchRefreshToken.has(ERROR) ? fetchRefreshToken.get(ERROR).getAsString() : null;
        if (StringUtils.isNotEmpty(asString)) {
            jsonObject.addProperty(ERROR, "error in getting token. " + asString);
            writeResponse(jsonObject, slingHttpServletResponse);
            return;
        }
        String asString2 = fetchRefreshToken.has(REFRESH_TOKEN) ? fetchRefreshToken.get(REFRESH_TOKEN).getAsString() : null;
        if (StringUtils.isNotEmpty(asString2)) {
            jsonObject.addProperty(REFRESH_TOKEN, asString2);
            writeResponse(jsonObject, slingHttpServletResponse);
        } else {
            jsonObject.addProperty(ERROR, "error in getting refreshtoken. Refresh Token recieved null.");
            writeResponse(jsonObject, slingHttpServletResponse);
        }
    }

    private void writeResponse(JsonObject jsonObject, SlingHttpServletResponse slingHttpServletResponse) {
        try {
            slingHttpServletResponse.setContentType("application/json");
            slingHttpServletResponse.setCharacterEncoding("utf-8");
            slingHttpServletResponse.getWriter().write(jsonObject.toString());
        } catch (Exception e) {
            try {
                slingHttpServletResponse.setStatus(500);
                PrintWriter writer = slingHttpServletResponse.getWriter();
                JsonObject jsonObject2 = new JsonObject();
                jsonObject2.addProperty(ERROR, e.getMessage());
                this.logger.error(jsonObject2.toString(), e);
                writer.write(jsonObject2.toString());
            } catch (Exception e2) {
                this.logger.error("Error while writing json object.", e2);
            }
        }
    }

    public JsonObject fetchRefreshToken(TokenRequest tokenRequest) {
        HttpClientBuilder newBuilder = this.httpClientBuilderFactory.newBuilder();
        JsonObject jsonObject = new JsonObject();
        try {
            CloseableHttpClient build = newBuilder.build();
            try {
                HttpPost httpPost = new HttpPost(tokenRequest.getRefreshTokenUri());
                httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair(GRANT_TYPE, tokenRequest.getGrantType()));
                arrayList.add(new BasicNameValuePair(CLIENT_ID, tokenRequest.getClientId()));
                if (StringUtils.isNotEmpty(tokenRequest.getClientSecret())) {
                    arrayList.add(new BasicNameValuePair(CLIENT_SECRET, decryptSecret(tokenRequest.getClientSecret())));
                }
                arrayList.add(new BasicNameValuePair(REDIRECT_URI, tokenRequest.getRedirectUri()));
                arrayList.add(new BasicNameValuePair(CODE, tokenRequest.getAuthorizationCode()));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
                CloseableHttpResponse execute = build.execute(httpPost);
                StatusLine statusLine = execute.getStatusLine();
                int statusCode = statusLine.getStatusCode();
                HttpEntity entity = execute.getEntity();
                if (entity != null) {
                    jsonObject = new JsonParser().parse(EntityUtils.toString(entity)).getAsJsonObject();
                }
                if ((statusCode != 200 && !jsonObject.has(ERROR)) || entity == null) {
                    jsonObject.addProperty(ERROR, Integer.toString(statusCode));
                    jsonObject.addProperty(ERROR_DESCRIPTION, statusLine.getReasonPhrase());
                }
                if (build != null) {
                    build.close();
                }
            } finally {
            }
        } catch (Exception e) {
            this.logger.error("Error while fetching the Refresh Token.", e);
        }
        return jsonObject;
    }

    private JsonObject fetchAccessToken(TokenRequest tokenRequest) {
        HttpClientBuilder newBuilder = this.httpClientBuilderFactory.newBuilder();
        JsonObject jsonObject = new JsonObject();
        try {
            CloseableHttpClient build = newBuilder.build();
            try {
                HttpPost httpPost = new HttpPost(tokenRequest.getAccessTokenUri());
                httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair(GRANT_TYPE, tokenRequest.getGrantType()));
                arrayList.add(new BasicNameValuePair(CLIENT_ID, tokenRequest.getClientId()));
                if (StringUtils.isNotEmpty(tokenRequest.getClientSecret())) {
                    arrayList.add(new BasicNameValuePair(CLIENT_SECRET, decryptSecret(tokenRequest.getClientSecret())));
                }
                arrayList.add(new BasicNameValuePair(SCOPE, tokenRequest.getAuthorizationScope()));
                arrayList.add(new BasicNameValuePair(REFRESH_TOKEN, tokenRequest.getRefreshToken()));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
                CloseableHttpResponse execute = build.execute(httpPost);
                StatusLine statusLine = execute.getStatusLine();
                int statusCode = statusLine.getStatusCode();
                HttpEntity entity = execute.getEntity();
                if (entity != null) {
                    jsonObject = new JsonParser().parse(EntityUtils.toString(entity)).getAsJsonObject();
                }
                if ((statusCode != 200 && !jsonObject.has(ERROR)) || entity == null) {
                    jsonObject.addProperty(ERROR, Integer.toString(statusCode));
                    jsonObject.addProperty(ERROR_DESCRIPTION, statusLine.getReasonPhrase());
                }
                if (build != null) {
                    build.close();
                }
            } finally {
            }
        } catch (Exception e) {
            this.logger.error("Error while fetching the Refresh Token.", e);
        }
        return jsonObject;
    }

    private String decryptSecret(String str) {
        String str2 = str;
        if (this.cryptoSupport != null) {
            try {
                if (this.cryptoSupport.isProtected(str)) {
                    str2 = this.cryptoSupport.unprotect(str);
                }
            } catch (CryptoException e) {
                this.logger.error("Error while decrypting the Client Secret ", e);
            }
        }
        return str2;
    }
}
