package de.adorsys.oauth.client.valve;

import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.oauth2.sdk.token.Tokens;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import de.adorsys.oauth.client.protocol.OAuthProtocol;
import de.adorsys.oauth.client.protocol.UserInfoResolver;
import java.io.IOException;
import java.net.URI;
import java.security.Principal;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/oauth/client/valve/OAuthAuthenticator.class */
public class OAuthAuthenticator extends AuthenticatorBase {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthAuthenticator.class);
    private boolean supportGuest;
    private OAuthProtocol oauthProtocol = new OAuthProtocol();
    private UserInfoResolver userInfoResolver = new UserInfoResolver();
    private boolean supportAuthCode = true;
    private boolean supportHttpSession = false;

    protected boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        if (request.getUserPrincipal() != null) {
            return true;
        }
        URI extractURI = this.oauthProtocol.extractURI(request);
        LOG.debug("Request " + extractURI);
        AccessToken resolveAccessToken = this.oauthProtocol.resolveAccessToken(request);
        if (resolveAccessToken == null && this.supportGuest) {
            request.setUserPrincipal(this.context.getRealm().authenticate("guest", "NONE"));
            return true;
        }
        if (authenticate(resolveAccessToken, request, httpServletResponse, null, null)) {
            return true;
        }
        if (!isAuthCodeRequest(request)) {
            httpServletResponse.setStatus(401);
            return false;
        }
        AccessTokenResponse runAuthorizationCodeFlow = this.oauthProtocol.runAuthorizationCodeFlow(extractURI);
        if (runAuthorizationCodeFlow != null && runAuthorizationCodeFlow.getTokens() != null) {
            Tokens tokens = runAuthorizationCodeFlow.getTokens();
            if (authenticate(tokens.getAccessToken(), request, httpServletResponse, tokens.getRefreshToken(), runAuthorizationCodeFlow.getCustomParameters().get("login_session"))) {
                return true;
            }
        }
        this.oauthProtocol.doAuthorizationRequest(httpServletResponse, extractURI);
        return false;
    }

    protected boolean isAuthCodeRequest(Request request) {
        return this.supportAuthCode;
    }

    private boolean authenticate(AccessToken accessToken, Request request, HttpServletResponse httpServletResponse, RefreshToken refreshToken, Object obj) {
        if (accessToken == null) {
            return false;
        }
        LOG.debug("authenticate with accessToken {}", accessToken);
        UserInfo resolve = this.userInfoResolver.resolve(accessToken);
        if (resolve == null) {
            LOG.trace("no userInfo available for {}", accessToken.getValue());
            return false;
        }
        request.setAttribute(UserInfo.class.getName(), resolve);
        Principal authenticate = this.context.getRealm().authenticate(resolve.getSubject().getValue(), accessToken.getValue());
        if (this.supportHttpSession) {
            HttpSession session = request.getSessionInternal().getSession();
            session.setAttribute("access_token", accessToken.getValue());
            if (refreshToken != null) {
                session.setAttribute("refresh_token", refreshToken.getValue());
            }
            if (obj != null) {
                session.setAttribute("login_session", obj);
            }
        }
        request.setUserPrincipal(authenticate);
        httpServletResponse.setHeader("Authorization", accessToken.toAuthorizationHeader());
        register(request, httpServletResponse, authenticate, "OAUTH", resolve.getSubject().getValue(), accessToken.getValue());
        return true;
    }

    public void start() throws LifecycleException {
        this.oauthProtocol.initialize();
        this.userInfoResolver.initialize(System.getProperties());
        super.start();
        LOG.info("OAuthAuthenticator initialized {} {}", this.oauthProtocol, this.userInfoResolver);
    }

    public void setAuthEndpoint(String str) {
        this.oauthProtocol.setAuthEndpoint(str);
    }

    public void setTokenEndpoint(String str) {
        this.oauthProtocol.setTokenEndpoint(str);
    }

    public void setUserInfoEndpoint(String str) {
        this.userInfoResolver.setUserInfoEndpoint(str);
    }

    public void setClientSecret(String str) {
        this.oauthProtocol.setClientSecretValue(str);
    }

    public void setClientId(String str) {
        this.oauthProtocol.setClientId(str);
    }

    public void setSupportHttpSession(boolean z) {
        this.supportHttpSession = z;
    }

    public void setSupportAuthCode(boolean z) {
        this.supportAuthCode = z;
    }

    public void setSupportGuest(boolean z) {
        this.supportGuest = z;
    }
}
