package com.liferay.sharepoint.rest.repository.internal.document.library.repository.authorization.capability;

import com.liferay.document.library.repository.authorization.capability.AuthorizationCapability;
import com.liferay.document.library.repository.authorization.capability.AuthorizationException;
import com.liferay.document.library.repository.authorization.oauth2.OAuth2AuthorizationException;
import com.liferay.document.library.repository.authorization.oauth2.Token;
import com.liferay.document.library.repository.authorization.oauth2.TokenStore;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.sharepoint.rest.repository.internal.configuration.SharepointRepositoryConfiguration;
import com.liferay.sharepoint.rest.repository.internal.document.library.repository.authorization.oauth2.SharepointRepositoryRequestState;
import com.liferay.sharepoint.rest.repository.internal.document.library.repository.authorization.oauth2.SharepointRepositoryTokenBroker;
import java.io.IOException;
import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/liferay/sharepoint/rest/repository/internal/document/library/repository/authorization/capability/SharepointRepositoryAuthorizationCapability.class */
public class SharepointRepositoryAuthorizationCapability implements AuthorizationCapability {
    private final SharepointRepositoryTokenBroker _sharepointOAuth2AuthorizationServer;
    private final SharepointRepositoryConfiguration _sharepointRepositoryOAuth2Configuration;
    private final TokenStore _tokenStore;

    public SharepointRepositoryAuthorizationCapability(TokenStore tokenStore, SharepointRepositoryConfiguration sharepointRepositoryConfiguration, SharepointRepositoryTokenBroker sharepointRepositoryTokenBroker) {
        this._tokenStore = tokenStore;
        this._sharepointRepositoryOAuth2Configuration = sharepointRepositoryConfiguration;
        this._sharepointOAuth2AuthorizationServer = sharepointRepositoryTokenBroker;
    }

    public void authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, PortalException {
        _authorize(PortalUtil.getOriginalServletRequest(httpServletRequest), httpServletResponse);
    }

    public void authorize(PortletRequest portletRequest, PortletResponse portletResponse) throws IOException, PortalException {
        authorize(PortalUtil.getHttpServletRequest(portletRequest), PortalUtil.getHttpServletResponse(portletResponse));
    }

    public boolean hasCustomRedirectFlow(PortletRequest portletRequest, PortletResponse portletResponse) throws IOException, PortalException {
        Token token;
        if (_hasAuthorizationGrant(PortalUtil.getHttpServletRequest(portletRequest)) || (token = this._tokenStore.get(this._sharepointRepositoryOAuth2Configuration.name(), PortalUtil.getUserId(PortalUtil.getHttpServletRequest(portletRequest)))) == null) {
            return true;
        }
        return token.isExpired() && !Validator.isNotNull(token.getRefreshToken());
    }

    private void _authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, PortalException {
        _validateRequest(httpServletRequest);
        if (_hasAuthorizationGrant(httpServletRequest)) {
            _requestAccessToken(httpServletRequest, httpServletResponse);
            return;
        }
        Token token = this._tokenStore.get(this._sharepointRepositoryOAuth2Configuration.name(), PortalUtil.getUserId(httpServletRequest));
        if (token == null) {
            _requestAuthorizationGrant(httpServletRequest, httpServletResponse);
        } else if (token.isExpired()) {
            if (Validator.isNotNull(token.getRefreshToken())) {
                _refreshAccessToken(token, httpServletRequest);
            } else {
                _requestAccessToken(httpServletRequest, httpServletResponse);
            }
        }
    }

    private String _getGrantURL(HttpServletRequest httpServletRequest, String str) {
        return HttpUtil.addParameter(HttpUtil.addParameter(HttpUtil.addParameter(HttpUtil.addParameter(HttpUtil.addParameter(this._sharepointRepositoryOAuth2Configuration.authorizationGrantEndpoint(), "client_id", this._sharepointRepositoryOAuth2Configuration.clientId()), "redirect_uri", _getRedirectURI(httpServletRequest)), "response_type", "code"), "scope", this._sharepointRepositoryOAuth2Configuration.scope()), "state", str);
    }

    private String _getRedirectURI(HttpServletRequest httpServletRequest) {
        return PortalUtil.getAbsoluteURL(httpServletRequest, PortalUtil.getPathMain() + "/document_library/sharepoint/oauth2");
    }

    private boolean _hasAuthorizationGrant(HttpServletRequest httpServletRequest) {
        return !Validator.isNull(ParamUtil.getString(httpServletRequest, "code"));
    }

    private void _refreshAccessToken(Token token, HttpServletRequest httpServletRequest) throws IOException, PortalException {
        long userId = PortalUtil.getUserId(httpServletRequest);
        try {
            this._tokenStore.save(this._sharepointRepositoryOAuth2Configuration.name(), userId, this._sharepointOAuth2AuthorizationServer.refreshAccessToken(token));
        } catch (AuthorizationException e) {
            this._tokenStore.delete(this._sharepointRepositoryOAuth2Configuration.name(), userId);
            throw e;
        }
    }

    private void _requestAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, PortalException {
        SharepointRepositoryRequestState sharepointRepositoryRequestState = SharepointRepositoryRequestState.get(httpServletRequest);
        sharepointRepositoryRequestState.validate(ParamUtil.getString(httpServletRequest, "state"));
        this._tokenStore.save(this._sharepointRepositoryOAuth2Configuration.name(), PortalUtil.getUserId(httpServletRequest), this._sharepointOAuth2AuthorizationServer.requestAccessToken(ParamUtil.getString(httpServletRequest, "code"), _getRedirectURI(httpServletRequest)));
        sharepointRepositoryRequestState.restore(httpServletRequest, httpServletResponse);
    }

    private void _requestAuthorizationGrant(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String randomString = StringUtil.randomString(5);
        SharepointRepositoryRequestState.save(httpServletRequest, randomString);
        httpServletResponse.sendRedirect(_getGrantURL(httpServletRequest, randomString));
    }

    private void _validateRequest(HttpServletRequest httpServletRequest) throws AuthorizationException {
        String string = ParamUtil.getString(httpServletRequest, "error");
        if (Validator.isNotNull(string)) {
            String string2 = ParamUtil.getString(httpServletRequest, "error_description");
            if (Validator.isNull(string2)) {
                string2 = string;
            }
            throw OAuth2AuthorizationException.getErrorException(string, string2);
        }
    }
}
