package no.nav.brukerdialog.isso;

import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import no.nav.brukerdialog.filter.DoNotCache;
import no.nav.brukerdialog.security.Constants;
import no.nav.brukerdialog.security.domain.IdTokenAndRefreshToken;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.brukerdialog.security.oidc.IdTokenAndRefreshTokenProvider;
import no.nav.brukerdialog.security.oidc.OidcTokenValidator;
import no.nav.brukerdialog.security.oidc.provider.IssoOidcProvider;
import no.nav.brukerdialog.tools.HostUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("login")
@DoNotCache
/* loaded from: input_file:no/nav/brukerdialog/isso/RelyingPartyCallback.class */
public class RelyingPartyCallback {
    private static final Logger log = LoggerFactory.getLogger(RelyingPartyCallback.class);
    private IdTokenAndRefreshTokenProvider tokenProvider = new IdTokenAndRefreshTokenProvider();
    private OidcTokenValidator oidcTokenValidator = new OidcTokenValidator();
    private IssoOidcProvider oidcProvider = new IssoOidcProvider();

    @GET
    @Produces({"application/json"})
    public Response getLogin(@QueryParam("code") String str, @QueryParam("state") String str2, @Context UriInfo uriInfo, @Context HttpHeaders httpHeaders) {
        if (str == null) {
            log.error("URL parameter 'code' is missing");
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        if (str2 == null) {
            log.error("URL parameter 'state' is missing");
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Cookie cookie = (Cookie) httpHeaders.getCookies().get(str2);
        if (cookie == null || cookie.getValue() == null || cookie.getValue().isEmpty()) {
            log.error("Cookie for redirectionURL is missing or empty");
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        IdTokenAndRefreshToken token = this.tokenProvider.getToken(str, uriInfo.getAbsolutePath().toString());
        OidcCredential idToken = token.getIdToken();
        String refreshToken = token.getRefreshToken();
        if (!this.oidcTokenValidator.validate(idToken.getToken(), this.oidcProvider).isValid()) {
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        boolean z = !Boolean.valueOf(System.getProperty("develop-local", "false")).booleanValue();
        String cookieDomain = HostUtils.cookieDomain(uriInfo);
        NewCookie newCookie = new NewCookie(Constants.ID_TOKEN_COOKIE_NAME, idToken.getToken(), "/", cookieDomain, "", -1, z, true);
        NewCookie newCookie2 = new NewCookie("refresh_token", refreshToken, "/", cookieDomain, "", -1, z, true);
        NewCookie newCookie3 = new NewCookie(str2, "", "/", (String) null, "", 0, z, true);
        Response.ResponseBuilder temporaryRedirect = Response.temporaryRedirect(URI.create(urlDecode(cookie.getValue())));
        temporaryRedirect.cookie(new NewCookie[]{newCookie});
        temporaryRedirect.cookie(new NewCookie[]{newCookie2});
        temporaryRedirect.cookie(new NewCookie[]{newCookie3});
        return temporaryRedirect.build();
    }

    private static String urlDecode(String str) {
        try {
            return URLDecoder.decode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException("Could not URLdecode: " + str);
        }
    }
}
