package com.adobe.granite.auth.oauth.impl.helper;

import com.day.crx.security.token.TokenCookie;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.settings.SlingSettingsService;
import org.scribe.utils.OAuthEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/auth/oauth/impl/helper/RequestHelper.class */
public final class RequestHelper {
    public static final String PARAM_CONFIG_ID = "configid";
    public static final String PARAM_PROVIDER = "provider";
    private static final String REPO_DESC_ID = "crx.repository.systemid";
    private static final String REPO_DESC_CLUSTER_ID = "crx.cluster.id";
    private static final String COOKIE_CONFIG_ID = "oauth-configid";
    private static final String COOKIE_AUTH_CONFIG_ID = "oauth-authid";
    public static final String ATTRIBUTE_REDIRECT = "oauth-redirect";
    private static final Logger log = LoggerFactory.getLogger(RequestHelper.class);

    private RequestHelper() {
    }

    public static String getRepositoryId(SlingRepository slingRepository, SlingSettingsService slingSettingsService) {
        String descriptor = slingRepository.getDescriptor(REPO_DESC_CLUSTER_ID);
        if (descriptor == null) {
            descriptor = slingRepository.getDescriptor(REPO_DESC_ID);
            if (descriptor == null) {
                descriptor = slingSettingsService.getSlingId();
                if (descriptor == null) {
                    descriptor = UUID.randomUUID().toString();
                    log.error("RequestHelper: Failure to acquire unique ID for this token authenticator. Using random UUID {}", descriptor);
                }
            }
        }
        return descriptor;
    }

    public static String getConfigId(HttpServletRequest httpServletRequest) {
        return TokenCookie.getCookie(httpServletRequest, COOKIE_CONFIG_ID);
    }

    public static String getAuthenticatedConfigId(HttpServletRequest httpServletRequest) {
        return TokenCookie.getCookie(httpServletRequest, COOKIE_AUTH_CONFIG_ID);
    }

    public static void storeConfigId(String str, int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        TokenCookie.setCookie(httpServletResponse, COOKIE_CONFIG_ID, str, i, "/", (String) null, true, httpServletRequest.isSecure());
    }

    public static void storeAuthenticatedConfigId(String str, int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        TokenCookie.setCookie(httpServletResponse, COOKIE_AUTH_CONFIG_ID, str, i, "/", (String) null, true, httpServletRequest.isSecure());
    }

    public static void removeConfigId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        storeConfigId("", 0, httpServletRequest, httpServletResponse);
    }

    public static void removeAuthenticatedConfigId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        storeAuthenticatedConfigId("", 0, httpServletRequest, httpServletResponse);
    }

    public static void handleRedirectAfterAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = (String) httpServletRequest.getAttribute(ATTRIBUTE_REDIRECT);
        if (str != null && !isRedirectValid(str)) {
            log.debug("Redirect target '{}' is invalid; checking request URI", str);
            str = null;
        }
        if (str == null) {
            str = httpServletRequest.getParameter(OAuthHelper.PARAM_STATE);
            if (str != null) {
                str = OAuthEncoder.decode(str);
                if (!isRedirectValid(str)) {
                    log.debug("Redirect target '{}' is invalid; checking request URI", str);
                    str = null;
                }
            }
        }
        if (str == null) {
            str = OAuthHelper.getOriginalRequestUri(httpServletRequest.getRequestURI());
            if (str.length() == 0) {
                str = "/";
            } else if (!isRedirectValid(str)) {
                log.debug("Request URI '{}' is invalid, redirecting to '/'", str);
                str = "/";
            }
        }
        try {
            log.debug("Redirecting to '{}' after successful authentication", str);
            httpServletResponse.sendRedirect(str);
        } catch (IOException e) {
            log.error("Failed to send redirect to: " + str, e);
        }
    }

    public static boolean isInitialCall(HttpServletRequest httpServletRequest, boolean z) {
        return (isInitialLogin(httpServletRequest) || (!z && isInitialConnect(httpServletRequest))) && httpServletRequest.getParameter(PARAM_CONFIG_ID) != null;
    }

    public static boolean isAuthzCode(HttpServletRequest httpServletRequest, boolean z) {
        return hasAuthzCode(httpServletRequest) && (isAuthzLogin(httpServletRequest) || (!z && isAuthzConnect(httpServletRequest)));
    }

    private static boolean isInitialLogin(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().endsWith(OAuthHelper.REDIRECT_SUFFIX_AUTHENTICATE);
    }

    private static boolean isInitialConnect(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().endsWith(OAuthHelper.REDIRECT_SUFFIX_CONNECT);
    }

    public static boolean isAuthzLogin(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().endsWith(OAuthHelper.CALLBACK_SUFFIX_AUTHENTICATE);
    }

    private static boolean isAuthzConnect(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().endsWith(OAuthHelper.CALLBACK_SUFFIX_CONNECT);
    }

    public static boolean hasAuthzCode(HttpServletRequest httpServletRequest) {
        return "GET".equals(httpServletRequest.getMethod()) && !(httpServletRequest.getParameter("code") == null && httpServletRequest.getParameter("oauth_verifier") == null);
    }

    public static boolean isRedirectValid(String str) {
        if (str == null || str.length() == 0) {
            log.warn("isRedirectValid: Redirect target must not be empty or null");
            return false;
        }
        if (str.contains("://")) {
            log.warn("isRedirectValid: Redirect target '{}' must not be an URL", str);
            return false;
        }
        if (!str.startsWith("/")) {
            log.warn("isRedirectValid: Redirect target '{}' must be an absolute path", str);
            return false;
        }
        if (!str.contains("//") && !str.contains("/../") && !str.contains("/./") && !str.endsWith("/.") && !str.endsWith("/..")) {
            return true;
        }
        log.warn("isRedirectValid: Redirect target '{}' is not normalized", str);
        return false;
    }

    public static String getURLWithoutAuthCode(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURI());
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            sb.append("?");
            int indexOf = queryString.indexOf("code=");
            if (indexOf >= 0) {
                int length = indexOf + "code=".length();
                if (indexOf >= 1 && queryString.charAt(indexOf - 1) == '&') {
                    indexOf--;
                }
                sb.append((CharSequence) queryString, 0, indexOf);
                int indexOf2 = queryString.indexOf(38, length);
                if (indexOf2 >= 0) {
                    sb.append(queryString.substring(indexOf2));
                }
            } else {
                sb.append(queryString);
            }
        }
        return sb.toString();
    }
}
