package net.bingosoft.oss.ssoclient.servlet;

import java.io.IOException;
import java.util.UUID;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.bingosoft.oss.ssoclient.SSOClient;
import net.bingosoft.oss.ssoclient.internal.Strings;
import net.bingosoft.oss.ssoclient.internal.Urls;
import net.bingosoft.oss.ssoclient.model.AccessToken;
import net.bingosoft.oss.ssoclient.model.Authentication;

/* loaded from: input_file:net/bingosoft/oss/ssoclient/servlet/AbstractLoginServlet.class */
public abstract class AbstractLoginServlet extends HttpServlet {
    protected static final String ID_TOKEN_PARAM = "id_token";
    protected static final String AUTHZ_CODE_PARAM = "code";
    private SSOClient client;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.client = getClient(servletConfig);
        super.init(servletConfig);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (isRedirectedFromSSO(httpServletRequest)) {
            gotoLocalLogin(httpServletRequest, httpServletResponse);
        } else {
            redirectToSSOLogin(httpServletRequest, httpServletResponse);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    protected void redirectToSSOLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(buildLoginUrl(httpServletRequest, httpServletResponse, buildRedirectUri(httpServletRequest, httpServletResponse)));
    }

    protected void gotoLocalLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (!checkOauth2LoginState(httpServletRequest, httpServletResponse)) {
            httpServletResponse.sendError(400, "state has been change!");
            return;
        }
        localLogin(httpServletRequest, httpServletResponse, this.client.verifyIdToken(httpServletRequest.getParameter(ID_TOKEN_PARAM)), this.client.obtainAccessTokenByCode(httpServletRequest.getParameter(AUTHZ_CODE_PARAM)));
        String parameter = httpServletRequest.getParameter("return_url");
        if (Strings.isEmpty(parameter)) {
            parameter = Urls.getServerBaseUrl(httpServletRequest) + getContextPathOfReverseProxy(httpServletRequest);
            if (parameter.endsWith("//")) {
                parameter.substring(0, parameter.length() - 1);
            }
        }
        httpServletResponse.sendRedirect(parameter);
    }

    protected boolean checkOauth2LoginState(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return Strings.equals((String) httpServletRequest.getSession().getAttribute("oauth2_login_state"), httpServletRequest.getParameter("state"));
    }

    protected String setOauth2LoginState(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String replace = UUID.randomUUID().toString().replace("-", "");
        httpServletRequest.getSession().setAttribute("oauth2_login_state", replace);
        return Urls.appendQueryString(str, "state", replace);
    }

    protected String buildLoginUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String appendQueryString = Urls.appendQueryString(Urls.appendQueryString(Urls.appendQueryString(this.client.getConfig().getAuthorizationEndpointUrl(), "response_type", "code id_token"), "client_id", this.client.getConfig().getClientId()), "redirect_uri", str);
        if (!Strings.isEmpty(this.client.getConfig().getLogoutUri())) {
            appendQueryString = Urls.appendQueryString(appendQueryString, "logout_uri", this.client.getConfig().getLogoutUri());
        }
        if (!Strings.isEmpty(httpServletRequest.getParameter("login_token"))) {
            appendQueryString = Urls.appendQueryString(appendQueryString, "login_token", httpServletRequest.getParameter("login_token"));
        }
        return setOauth2LoginState(httpServletRequest, httpServletResponse, appendQueryString);
    }

    protected String buildRedirectUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = Urls.getServerBaseUrl(httpServletRequest) + getContextPathOfReverseProxy(httpServletRequest) + parseRequestUriWithoutContextPath(httpServletRequest);
        String queryString = httpServletRequest.getQueryString();
        if (Strings.isEmpty(queryString)) {
            if (this.client.getConfig().getDefaultReturnUrl() != null && !this.client.getConfig().getDefaultReturnUrl().isEmpty()) {
                str = Urls.appendQueryString(str, "return_url", this.client.getConfig().getDefaultReturnUrl());
            }
            return str;
        }
        String str2 = str + "?" + queryString;
        if (!Urls.parseQueryString(str2).containsKey("return_url") && this.client.getConfig().getDefaultReturnUrl() != null && !this.client.getConfig().getDefaultReturnUrl().isEmpty()) {
            str2 = Urls.appendQueryString(str2, "return_url", this.client.getConfig().getDefaultReturnUrl());
        }
        return str2;
    }

    protected String parseRequestUriWithoutContextPath(HttpServletRequest httpServletRequest) {
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        return substring.startsWith("/") ? substring : "/" + substring;
    }

    protected String getContextPathOfReverseProxy(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContextPath();
    }

    protected boolean isRedirectedFromSSO(HttpServletRequest httpServletRequest) {
        return (Strings.isEmpty(httpServletRequest.getParameter(ID_TOKEN_PARAM)) || Strings.isEmpty(httpServletRequest.getParameter(AUTHZ_CODE_PARAM))) ? false : true;
    }

    protected abstract SSOClient getClient(ServletConfig servletConfig) throws ServletException;

    protected abstract void localLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication, AccessToken accessToken) throws ServletException, IOException;
}
