package org.apache.sling.auth.xing.oauth.impl;

import com.google.gson.FieldNamingPolicy;
import com.google.gson.GsonBuilder;
import java.io.IOException;
import java.util.Dictionary;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
import org.apache.sling.auth.xing.api.XingUser;
import org.apache.sling.auth.xing.api.users.Users;
import org.apache.sling.auth.xing.oauth.XingOauth;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.service.component.ComponentContext;
import org.scribe.builder.ServiceBuilder;
import org.scribe.builder.api.XingApi;
import org.scribe.model.OAuthConstants;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Token;
import org.scribe.model.Verb;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(label = "Apache Sling Authentication XING OAuth “Authentication Handler”", description = "Authentication Handler for Sling Authentication XING OAuth", immediate = true, metatype = true)
@Properties({@Property(name = "service.vendor", value = {XingOauth.SERVICE_VENDOR}), @Property(name = "service.description", value = {"Authentication Handler for Sling Authentication XING OAuth"}), @Property(name = "service.ranking", intValue = {0}, propertyPrivate = false), @Property(name = "path", value = {"/"}, unbounded = PropertyUnbounded.ARRAY), @Property(name = "authtype", value = {XingOauth.AUTH_TYPE}, propertyPrivate = true)})
/* loaded from: input_file:org/apache/sling/auth/xing/oauth/impl/XingOauthAuthenticationHandler.class */
public class XingOauthAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
    private OAuthService oAuthService;
    private String consumerKey;
    private String consumerSecret;
    private String callbackUrl;
    private String usersMeUrl;
    private static final String DEFAULT_USERS_ME_URL = "https://api.xing.com/v1/users/me.json";

    @Property({""})
    private static final String CONSUMER_KEY_PARAMETER = "org.apache.sling.auth.xing.oauth.impl.XingOauthAuthenticationHandler.consumerKey";

    @Property({""})
    private static final String CONSUMER_SECRET_PARAMETER = "org.apache.sling.auth.xing.oauth.impl.XingOauthAuthenticationHandler.consumerSecret";

    @Property({""})
    private static final String CALLBACK_URL_PARAMETER = "org.apache.sling.auth.xing.oauth.impl.XingOauthAuthenticationHandler.callbackUrl";

    @Property({DEFAULT_USERS_ME_URL})
    private static final String USERS_ME_URL_PARAMETER = "org.apache.sling.auth.xing.oauth.impl.XingOauthAuthenticationHandler.usersMeUrl";
    public static final String USER_SESSION_ATTRIBUTE_NAME = "xing-user";
    private final Logger logger = LoggerFactory.getLogger(XingOauthAuthenticationHandler.class);

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.logger.debug("activate");
        configure(componentContext);
    }

    @Modified
    protected void modified(ComponentContext componentContext) {
        this.logger.debug("modified");
        configure(componentContext);
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.logger.debug("deactivate");
    }

    protected synchronized void configure(ComponentContext componentContext) {
        Dictionary properties = componentContext.getProperties();
        this.consumerKey = PropertiesUtil.toString(properties.get(CONSUMER_KEY_PARAMETER), "").trim();
        this.consumerSecret = PropertiesUtil.toString(properties.get(CONSUMER_SECRET_PARAMETER), "").trim();
        this.callbackUrl = PropertiesUtil.toString(properties.get(CALLBACK_URL_PARAMETER), "").trim();
        this.usersMeUrl = PropertiesUtil.toString(properties.get(USERS_ME_URL_PARAMETER), DEFAULT_USERS_ME_URL).trim();
        if (StringUtils.isEmpty(this.consumerKey)) {
            this.logger.warn("configured consumer key is empty");
        }
        if (StringUtils.isEmpty(this.consumerSecret)) {
            this.logger.warn("configured consumer secret is empty");
        }
        if (StringUtils.isEmpty(this.callbackUrl)) {
            this.logger.warn("configured callback URL is empty");
        }
        if (StringUtils.isEmpty(this.usersMeUrl)) {
            this.logger.warn("configured users me URL is empty");
        }
        if (StringUtils.isEmpty(this.consumerKey) || StringUtils.isEmpty(this.consumerSecret) || StringUtils.isEmpty(this.callbackUrl)) {
            this.oAuthService = null;
        } else {
            this.oAuthService = new ServiceBuilder().provider(XingApi.class).apiKey(this.consumerKey).apiSecret(this.consumerSecret).callback(this.callbackUrl).build();
        }
        this.logger.info("configured with consumer key '{}', callback url '{}' and users me url '{}'", new Object[]{this.consumerKey, this.callbackUrl, this.usersMeUrl});
    }

    public AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("extract credentials");
        if (this.oAuthService == null) {
            this.logger.error("OAuthService is null, check configuration");
            return null;
        }
        try {
            HttpSession session = httpServletRequest.getSession(true);
            Token token = (Token) session.getAttribute(OAuthConstants.ACCESS_TOKEN);
            XingUser xingUser = (XingUser) session.getAttribute("xing-user");
            if (token == null) {
                Token token2 = (Token) session.getAttribute(OAuthConstants.TOKEN);
                String parameter = httpServletRequest.getParameter(OAuthConstants.VERIFIER);
                if (token2 == null || parameter == null) {
                    return null;
                }
                token = this.oAuthService.getAccessToken(token2, new Verifier(parameter));
                this.logger.debug("access token: {}", token);
                session.setAttribute(OAuthConstants.ACCESS_TOKEN, token);
            }
            if (xingUser == null) {
                xingUser = fetchUser(token);
                this.logger.debug("xing user: {}", xingUser);
                session.setAttribute("xing-user", xingUser);
            }
            AuthenticationInfo authenticationInfo = new AuthenticationInfo(XingOauth.AUTH_TYPE, xingUser.getId());
            authenticationInfo.put(XingOauth.AUTHENTICATION_CREDENTIALS_ACCESS_TOKEN_KEY, token);
            authenticationInfo.put("xing-user", xingUser);
            return authenticationInfo;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            removeAuthFromSession(httpServletRequest);
            return null;
        }
    }

    public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        this.logger.debug("request credentials");
        if (this.oAuthService == null) {
            this.logger.error("OAuthService is null, check configuration");
            return false;
        }
        try {
            Token requestToken = this.oAuthService.getRequestToken();
            this.logger.debug("received request token: '{}'", requestToken);
            httpServletRequest.getSession(true).setAttribute(OAuthConstants.TOKEN, requestToken);
            String authorizationUrl = this.oAuthService.getAuthorizationUrl(requestToken);
            this.logger.debug("redirecting to auth url: '{}'", authorizationUrl);
            httpServletResponse.sendRedirect(authorizationUrl);
            return true;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            return false;
        }
    }

    public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        this.logger.debug("drop credentials");
        removeAuthFromSession(httpServletRequest);
    }

    protected XingUser fetchUser(Token token) throws Exception {
        OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, this.usersMeUrl);
        this.oAuthService.signRequest(token, oAuthRequest);
        return (XingUser) ((Users) new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create().fromJson(oAuthRequest.send().getBody(), Users.class)).getUsers().get(0);
    }

    protected void removeAuthFromSession(HttpServletRequest httpServletRequest) {
        try {
            HttpSession session = httpServletRequest.getSession();
            session.removeAttribute(OAuthConstants.TOKEN);
            session.removeAttribute(OAuthConstants.ACCESS_TOKEN);
            session.removeAttribute("xing-user");
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
    }
}
