package net.trajano.openidconnect.provider.ejb;

import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.ext.Providers;
import net.trajano.openidconnect.auth.AuthenticationRequest;
import net.trajano.openidconnect.auth.AuthenticationResponse;
import net.trajano.openidconnect.auth.ResponseMode;
import net.trajano.openidconnect.auth.ResponseType;
import net.trajano.openidconnect.core.OpenIdConnectKey;
import net.trajano.openidconnect.provider.internal.AuthenticationResponseConverter;
import net.trajano.openidconnect.provider.internal.CacheConstants;
import net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider;
import net.trajano.openidconnect.provider.spi.Authenticator;
import net.trajano.openidconnect.provider.spi.ClientManager;
import net.trajano.openidconnect.provider.spi.Consent;
import net.trajano.openidconnect.provider.spi.KeyProvider;
import net.trajano.openidconnect.provider.spi.TokenProvider;
import net.trajano.openidconnect.token.IdTokenResponse;
import net.trajano.openidconnect.token.TokenResponse;

@Stateless
/* loaded from: input_file:WEB-INF/lib/openid-connect-provider-1.0.1.jar:net/trajano/openidconnect/provider/ejb/DefaultAuthenticationResponseProvider.class */
public class DefaultAuthenticationResponseProvider implements AuthenticationResponseProvider {
    private KeyProvider keyProvider;
    private TokenProvider tokenProvider;

    @EJB
    private Authenticator authenticator;

    @EJB
    private ClientManager clientManager;

    @Context
    Providers providers;

    @Override // net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider
    public AuthenticationResponse buildAuthenticationResponse(AuthenticationRequest authenticationRequest, HttpServletRequest httpServletRequest, String str) throws IOException, GeneralSecurityException {
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        String createNewToken = this.tokenProvider.createNewToken(str, UriBuilder.fromUri(URI.create(httpServletRequest.getRequestURL().toString())).scheme("https").replacePath(httpServletRequest.getContextPath()).replaceQuery((String) null).fragment((String) null).build(new Object[0]), authenticationRequest);
        if (authenticationRequest.getState() != null) {
            authenticationResponse.setState(authenticationRequest.getState());
        }
        IdTokenResponse byCode = this.tokenProvider.getByCode(createNewToken, authenticationRequest.isImplicitFlow());
        if (authenticationRequest.containsResponseType(ResponseType.id_token)) {
            authenticationResponse.setEncodedIdToken(byCode.getEncodedIdToken());
        }
        if (authenticationRequest.containsResponseType(ResponseType.token)) {
            authenticationResponse.setAccessToken(TokenResponse.BEARER, byCode.getAccessToken());
        }
        if (authenticationRequest.containsResponseType(ResponseType.code)) {
            authenticationResponse.setCode(createNewToken);
        }
        authenticationResponse.setRedirectUri(authenticationRequest.getRedirectUri());
        authenticationResponse.setResponseMode(authenticationRequest.getResponseMode());
        return authenticationResponse;
    }

    @Override // net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider
    public Response buildResponse(String str, HttpServletRequest httpServletRequest, String str2) {
        try {
            return buildResponse(new AuthenticationRequest(str, this.keyProvider.getPrivateJwks()), httpServletRequest, str2);
        } catch (IOException | GeneralSecurityException e) {
            throw new WebApplicationException(e);
        }
    }

    @Override // net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider
    public Response buildResponse(AuthenticationRequest authenticationRequest, HttpServletRequest httpServletRequest, String str, boolean z) {
        try {
            AuthenticationResponse buildAuthenticationResponse = buildAuthenticationResponse(authenticationRequest, httpServletRequest, str);
            AuthenticationResponseConverter authenticationResponseConverter = new AuthenticationResponseConverter(buildAuthenticationResponse.getRedirectUri(), buildAuthenticationResponse);
            return buildAuthenticationResponse.getResponseMode() == ResponseMode.query ? Response.temporaryRedirect(authenticationResponseConverter.toQueryUri()).build() : buildAuthenticationResponse.getResponseMode() == ResponseMode.form_post ? Response.ok(authenticationResponseConverter.toFormPost()).type(MediaType.TEXT_HTML_TYPE).cacheControl(CacheConstants.NO_CACHE).build() : Response.temporaryRedirect(authenticationResponseConverter.toFragmentUri()).build();
        } catch (IOException | GeneralSecurityException e) {
            throw new WebApplicationException(e);
        }
    }

    @Override // net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider
    public Response buildResponse(AuthenticationRequest authenticationRequest, HttpServletRequest httpServletRequest, String str) {
        return buildResponse(authenticationRequest, httpServletRequest, str, false);
    }

    @Override // net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider
    public void doCallback(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        doConsentCallback(httpServletRequest, httpServletResponse, str, false);
    }

    private URI getConsentRequestUri(String str, AuthenticationRequest authenticationRequest, HttpServletRequest httpServletRequest, String str2) throws IOException, GeneralSecurityException {
        if (this.tokenProvider.getByConsent(new Consent(this.authenticator.getSubject(httpServletRequest), authenticationRequest.getClientId(), authenticationRequest.getScopes())) != null) {
            return null;
        }
        return this.authenticator.consent(authenticationRequest, str, httpServletRequest, UriBuilder.fromUri(httpServletRequest.getRequestURL().toString()).replacePath(httpServletRequest.getContextPath()));
    }

    @EJB
    public void setKeyProvider(KeyProvider keyProvider) {
        this.keyProvider = keyProvider;
    }

    @EJB
    public void setTokenProvider(TokenProvider tokenProvider) {
        this.tokenProvider = tokenProvider;
    }

    @Override // net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider
    public Response buildResponse(String str, HttpServletRequest httpServletRequest, String str2, boolean z) {
        return null;
    }

    @Override // net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider
    public void doConsentCallback(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws IOException, ServletException {
        URI consentRequestUri;
        String parameter = httpServletRequest.getParameter(OpenIdConnectKey.REQUEST);
        try {
            AuthenticationRequest authenticationRequest = new AuthenticationRequest(parameter, this.keyProvider.getPrivateJwks());
            if (!z && (consentRequestUri = getConsentRequestUri(parameter, authenticationRequest, httpServletRequest, str)) != null) {
                httpServletResponse.sendRedirect(consentRequestUri.toASCIIString());
                return;
            }
            AuthenticationResponse buildAuthenticationResponse = buildAuthenticationResponse(authenticationRequest, httpServletRequest, str);
            AuthenticationResponseConverter authenticationResponseConverter = new AuthenticationResponseConverter(buildAuthenticationResponse.getRedirectUri(), buildAuthenticationResponse);
            if (buildAuthenticationResponse.getResponseMode() == ResponseMode.query) {
                httpServletResponse.sendRedirect(authenticationResponseConverter.toQueryUri().toASCIIString());
            } else if (buildAuthenticationResponse.getResponseMode() == ResponseMode.form_post) {
                String formPost = authenticationResponseConverter.toFormPost();
                httpServletResponse.setContentLength(formPost.length());
                httpServletResponse.getWriter().print(formPost);
            } else {
                httpServletResponse.sendRedirect(authenticationResponseConverter.toFragmentUri().toASCIIString());
            }
        } catch (GeneralSecurityException e) {
            throw new ServletException(e);
        }
    }
}
