package com.adobe.granite.auth.oauth.impl;

import com.adobe.granite.auth.oauth.OAuthManager;
import com.adobe.granite.auth.oauth.Provider;
import com.adobe.granite.auth.oauth.ProviderConfigProperties;
import com.adobe.granite.auth.oauth.impl.helper.OAuthUser;
import com.adobe.granite.auth.oauth.impl.helper.OauthTokenManager;
import com.adobe.granite.auth.oauth.impl.helper.ProviderConfigImpl;
import com.adobe.granite.auth.oauth.impl.helper.RequestHelper;
import com.day.crx.security.token.TokenCookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.auth.core.spi.AbstractAuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.jcr.api.SlingRepository;

/* loaded from: input_file:com/adobe/granite/auth/oauth/impl/AbstractOAuthAuthenticationHandler.class */
abstract class AbstractOAuthAuthenticationHandler extends AbstractAuthenticationHandler {
    private static final String AUTH_TYPE = "OAUTH";
    protected static final String ENCAPSULATED_TOKEN_SCOPE_VALUE = "login";

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationInfo createAuthenticationInfo(String str, String str2, String str3, String str4, OAuthUser oAuthUser) {
        AuthenticationInfo authenticationInfo = new AuthenticationInfo(AUTH_TYPE, str3);
        OAuthCredentials oAuthCredentials = new OAuthCredentials(str3);
        oAuthCredentials.setAttribute("oauth.provider.id", str);
        oAuthCredentials.setAttribute(ProviderConfigProperties.CONFIG_ID, str2);
        oAuthCredentials.setAttribute(":externalId", str4);
        oAuthCredentials.setAttributes(oAuthUser.getProperties());
        authenticationInfo.put("user.jcr.credentials", oAuthCredentials);
        return authenticationInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenCookie.Info getTokenInfo(HttpServletRequest httpServletRequest, String str) {
        TokenCookie.Info tokenInfo = TokenCookie.getTokenInfo(httpServletRequest, str);
        if (tokenInfo.token == null) {
            tokenInfo = TokenCookie.getTokenInfo(httpServletRequest, ENCAPSULATED_TOKEN_SCOPE_VALUE);
        }
        return tokenInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean needsCookieUpdate(TokenCookie.Info info, HttpServletRequest httpServletRequest) {
        return info.token == null && RequestHelper.isAuthzLogin(httpServletRequest);
    }

    protected boolean isEncapsulatedToken(String str) {
        boolean z = false;
        if (str != null && StringUtils.countMatches(str, ".") == 2 && str.startsWith("ey")) {
            z = true;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo, SlingRepository slingRepository, String str) {
        Object attribute;
        Object obj = authenticationInfo.get("user.jcr.credentials");
        if (!(obj instanceof OAuthCredentials) || (attribute = ((OAuthCredentials) obj).getAttribute(".token")) == null) {
            return;
        }
        String obj2 = attribute.toString();
        TokenCookie.Info info = new TokenCookie.Info(obj2, slingRepository.getDefaultWorkspace());
        String str2 = str;
        if (isEncapsulatedToken(obj2)) {
            str2 = ENCAPSULATED_TOKEN_SCOPE_VALUE;
        }
        TokenCookie.update(httpServletRequest, httpServletResponse, str2, info.token, info.workspace, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notifyProvider(AuthenticationInfo authenticationInfo, HttpServletRequest httpServletRequest, OAuthManager oAuthManager) {
        String configId;
        Object obj = authenticationInfo.get("user.jcr.credentials");
        if (!(obj instanceof OAuthCredentials) || (configId = RequestHelper.getConfigId(httpServletRequest)) == null) {
            return;
        }
        Provider provider = oAuthManager.getProvider(configId);
        ResourceResolver resourceResolver = (ResourceResolver) httpServletRequest.getAttribute("org.apache.sling.auth.core.ResourceResolver");
        if (provider == null || resourceResolver == null) {
            return;
        }
        User user = (User) resourceResolver.adaptTo(User.class);
        if (((OAuthCredentials) obj).getAttribute(":userCreation") != null) {
            provider.onUserCreate(user);
        } else {
            provider.onUserUpdate(user);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeAccessToken(AuthenticationInfo authenticationInfo, HttpServletRequest httpServletRequest, ProviderConfigImpl providerConfigImpl) {
        Object obj = authenticationInfo.get("user.jcr.credentials");
        if (obj instanceof OAuthCredentials) {
            OauthTokenManager oAuthTokenManager = providerConfigImpl.getOAuthTokenManager();
            ((OAuthCredentials) obj).setAttribute("access_token", oAuthTokenManager.getEncryptedTokenString(oAuthTokenManager.getToken(providerConfigImpl.getClientId(), httpServletRequest)));
        }
    }
}
