package com.liferay.oauth2.provider.rest.internal.endpoint.authorize;

import com.liferay.oauth2.provider.configuration.OAuth2ProviderConfiguration;
import com.liferay.oauth2.provider.model.OAuth2Authorization;
import com.liferay.oauth2.provider.rest.internal.endpoint.constants.OAuth2ProviderRESTEndpointConstants;
import com.liferay.oauth2.provider.rest.internal.endpoint.liferay.LiferayOAuthDataProvider;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.cookies.CookiesManagerUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.SecureRandomUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HashMapDictionaryBuilder;
import com.liferay.portal.kernel.util.MapUtil;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Stream;
import javax.servlet.http.Cookie;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
import org.apache.cxf.rs.security.oauth2.common.OOBAuthorizationResponse;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator;
import org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.oauth2.provider.configuration.OAuth2ProviderConfiguration"}, immediate = true, service = {})
/* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/endpoint/authorize/AuthorizationCodeGrantServiceRegistrator.class */
public class AuthorizationCodeGrantServiceRegistrator {
    private static final Log _log = LogFactoryUtil.getLog(AuthorizationCodeGrantServiceRegistrator.class);

    @Reference
    private LiferayOAuthDataProvider _liferayOAuthDataProvider;
    private ServiceRegistration<Object> _serviceRegistration;

    @Reference
    private SubjectCreator _subjectCreator;

    /* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/endpoint/authorize/AuthorizationCodeGrantServiceRegistrator$LiferayAuthorizationCodeGrantService.class */
    public static class LiferayAuthorizationCodeGrantService extends AuthorizationCodeGrantService {

        @Context
        private UriInfo _uriInfo;

        @Override // org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService
        public ServerAuthorizationCodeGrant getGrantRepresentation(OAuthRedirectionState oAuthRedirectionState, Client client, List<String> list, List<String> list2, UserSubject userSubject, ServerAccessToken serverAccessToken) {
            ServerAuthorizationCodeGrant grantRepresentation = super.getGrantRepresentation(oAuthRedirectionState, client, list, list2, userSubject, serverAccessToken);
            String _getCookieName = AuthorizationCodeGrantServiceRegistrator._getCookieName(client.getClientId());
            String _getRememberDeviceContent = _getRememberDeviceContent(_getCookieName);
            if (_getRememberDeviceContent == null) {
                return grantRepresentation;
            }
            long j = GetterUtil.getLong(userSubject.getId());
            LiferayOAuthDataProvider _getLiferayOAuthDataProvider = _getLiferayOAuthDataProvider();
            OAuth2Authorization oAuth2Authorization = _getLiferayOAuthDataProvider.getOAuth2Authorization(client, _getRememberDeviceContent, j);
            if (oAuth2Authorization == null || !_getRememberDeviceContent.equals(oAuth2Authorization.getRememberDeviceContent())) {
                return grantRepresentation;
            }
            _getLiferayOAuthDataProvider.doRevokeAuthorization(oAuth2Authorization);
            Cookie _getCookie = _getCookie(_getCookieName);
            MessageContext messageContext = getMessageContext();
            CookiesManagerUtil.addCookie(1, _getCookie, messageContext.getHttpServletRequest(), messageContext.getHttpServletResponse());
            grantRepresentation.getExtraProperties().put(OAuth2ProviderRESTEndpointConstants.PROPERTY_KEY_REMEMBER_DEVICE, _getCookie.getValue());
            return grantRepresentation;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
        public boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> multivaluedMap, Client client, UserSubject userSubject, List<String> list, List<OAuthPermission> list2) {
            String _getRememberDeviceContent;
            RefreshToken refreshToken;
            if (MapUtil.getBoolean(client.getProperties(), OAuth2ProviderRESTEndpointConstants.PROPERTY_KEY_CLIENT_TRUSTED_APPLICATION)) {
                return true;
            }
            if (MapUtil.getBoolean(client.getProperties(), OAuth2ProviderRESTEndpointConstants.PROPERTY_KEY_CLIENT_REMEMBER_DEVICE) && (_getRememberDeviceContent = _getRememberDeviceContent(AuthorizationCodeGrantServiceRegistrator._getCookieName(client.getClientId()))) != null) {
                long j = GetterUtil.getLong(userSubject.getId());
                LiferayOAuthDataProvider _getLiferayOAuthDataProvider = _getLiferayOAuthDataProvider();
                OAuth2Authorization oAuth2Authorization = _getLiferayOAuthDataProvider.getOAuth2Authorization(client, _getRememberDeviceContent, j);
                if (oAuth2Authorization == null || !_getRememberDeviceContent.equals(oAuth2Authorization.getRememberDeviceContent()) || (refreshToken = _getLiferayOAuthDataProvider.getRefreshToken(oAuth2Authorization.getRefreshTokenContent())) == null || OAuthUtils.isExpired(Long.valueOf(refreshToken.getIssuedAt()), Long.valueOf(refreshToken.getExpiresIn()))) {
                    return super.canAuthorizationBeSkipped(multivaluedMap, client, userSubject, list, list2);
                }
                return true;
            }
            return super.canAuthorizationBeSkipped(multivaluedMap, client, userSubject, list, list2);
        }

        @Override // org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService
        protected Response deliverOOBResponse(OOBAuthorizationResponse oOBAuthorizationResponse) {
            AuthorizationCodeGrantServiceRegistrator._log.error("The parameter \"redirect_uri\" was not found in the request for client " + oOBAuthorizationResponse.getClientId());
            return Response.status(500).build();
        }

        @Override // org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
        protected Client getClient(String str, MultivaluedMap<String, String> multivaluedMap) {
            try {
                Client validClient = getValidClient(str, multivaluedMap);
                if (validClient != null) {
                    return validClient;
                }
            } catch (OAuthServiceException e) {
                if (AuthorizationCodeGrantServiceRegistrator._log.isDebugEnabled()) {
                    AuthorizationCodeGrantServiceRegistrator._log.debug("Unable to validate remote client", e);
                }
                if (e.getError() != null) {
                    reportInvalidRequestError(e.getError(), (MediaType) null);
                }
            }
            reportInvalidRequestError(new OAuthError(OAuthConstants.INVALID_CLIENT), (MediaType) null);
            return null;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService, org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
        public OAuthRedirectionState recreateRedirectionStateFromParams(MultivaluedMap<String, String> multivaluedMap) {
            OAuthRedirectionState recreateRedirectionStateFromParams = super.recreateRedirectionStateFromParams(multivaluedMap);
            Client client = _getLiferayOAuthDataProvider().getClient(recreateRedirectionStateFromParams.getClientId());
            if (!MapUtil.getBoolean(client.getProperties(), OAuth2ProviderRESTEndpointConstants.PROPERTY_KEY_CLIENT_REMEMBER_DEVICE) || !multivaluedMap.containsKey("_com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet_rememberDevice")) {
                return recreateRedirectionStateFromParams;
            }
            Cookie _getCookie = _getCookie(AuthorizationCodeGrantServiceRegistrator._getCookieName(client.getClientId()));
            MessageContext messageContext = getMessageContext();
            CookiesManagerUtil.addCookie(1, _getCookie, messageContext.getHttpServletRequest(), messageContext.getHttpServletResponse());
            recreateRedirectionStateFromParams.getExtraProperties().put(OAuth2ProviderRESTEndpointConstants.PROPERTY_KEY_REMEMBER_DEVICE, _getCookie.getValue());
            return recreateRedirectionStateFromParams;
        }

        private Cookie _getCookie(String str) {
            Cookie cookie = new Cookie(str, new UUID(SecureRandomUtil.nextLong(), SecureRandomUtil.nextLong()).toString());
            cookie.setPath(this._uriInfo.getBaseUri().getPath());
            return cookie;
        }

        private LiferayOAuthDataProvider _getLiferayOAuthDataProvider() {
            return (LiferayOAuthDataProvider) getDataProvider();
        }

        private String _getRememberDeviceContent(String str) {
            return (String) Stream.of((Object[]) getMessageContext().getHttpServletRequest().getCookies()).filter(cookie -> {
                return Objects.equals(cookie.getName(), str);
            }).map((v0) -> {
                return v0.getValue();
            }).findFirst().orElse(null);
        }
    }

    @Activate
    protected void activate(BundleContext bundleContext, Map<String, Object> map) {
        OAuth2ProviderConfiguration oAuth2ProviderConfiguration = (OAuth2ProviderConfiguration) ConfigurableUtil.createConfigurable(OAuth2ProviderConfiguration.class, map);
        if (oAuth2ProviderConfiguration.allowAuthorizationCodeGrant() || oAuth2ProviderConfiguration.allowAuthorizationCodePKCEGrant()) {
            LiferayAuthorizationCodeGrantService liferayAuthorizationCodeGrantService = new LiferayAuthorizationCodeGrantService();
            liferayAuthorizationCodeGrantService.setCanSupportPublicClients(oAuth2ProviderConfiguration.allowAuthorizationCodePKCEGrant());
            liferayAuthorizationCodeGrantService.setDataProvider(this._liferayOAuthDataProvider);
            liferayAuthorizationCodeGrantService.setSubjectCreator(this._subjectCreator);
            this._serviceRegistration = bundleContext.registerService(Object.class, liferayAuthorizationCodeGrantService, HashMapDictionaryBuilder.put("osgi.jaxrs.application.select", "(osgi.jaxrs.name=Liferay.OAuth2.Application)").put("osgi.jaxrs.name", "Liferay.Authorization.Code.Grant.Service").put("osgi.jaxrs.resource", true).build());
        }
    }

    @Deactivate
    protected void deactivate() {
        if (this._serviceRegistration != null) {
            this._serviceRegistration.unregister();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String _getCookieName(String str) {
        return OAuth2ProviderRESTEndpointConstants.COOKIE_NAME_REMEMBER_DEVICE_PREFIX.concat(str);
    }
}
