package edu.cornell.mannlib.orcidclient.auth;

import edu.cornell.mannlib.orcidclient.OrcidClientException;
import edu.cornell.mannlib.orcidclient.actions.ApiAction;
import edu.cornell.mannlib.orcidclient.auth.AuthorizationStatus;
import edu.cornell.mannlib.orcidclient.context.OrcidClientContext;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.fluent.Form;
import org.apache.http.client.fluent.Request;
import org.apache.http.client.utils.URIBuilder;

/* loaded from: input_file:edu/cornell/mannlib/orcidclient/auth/AuthorizationManager.class */
public class AuthorizationManager {
    private static final Log log = LogFactory.getLog(AuthorizationManager.class);
    private final OrcidClientContext context;
    private final HttpServletRequest req;
    private final AuthorizationCache cache;

    public AuthorizationManager(OrcidClientContext orcidClientContext, HttpServletRequest httpServletRequest) {
        this.context = orcidClientContext;
        this.req = httpServletRequest;
        this.cache = AuthorizationCache.getCache(httpServletRequest);
    }

    public String seekAuthorization(ApiAction apiAction, String str) throws OrcidClientException {
        return seekAuthorization(apiAction, str, str);
    }

    public String seekAuthorization(ApiAction apiAction, String str, String str2) throws OrcidClientException {
        log.debug("seekAuthorization: action=" + apiAction + ", successUrl=" + str + ", failureUrl=" + str2);
        try {
            URI build = new URIBuilder(this.context.getAuthCodeRequestUrl()).addParameter("client_id", this.context.getSetting(OrcidClientContext.Setting.CLIENT_ID)).addParameter("scope", apiAction.getScope()).addParameter("response_type", "code").addParameter("redirect_uri", this.context.getCallbackUrl()).addParameter("state", this.cache.store(AuthorizationStatus.create(apiAction, str, str2)).getId()).build();
            log.debug("fullUri=" + build);
            return build.toString();
        } catch (URISyntaxException e) {
            throw new OrcidClientException("Failed to build the authorization URL for " + apiAction, e);
        }
    }

    public AuthorizationStatus processAuthorizationResponse() throws OrcidClientException {
        AuthorizationStatus existingAuthStatus = getExistingAuthStatus();
        if (!existingAuthStatus.isSeekingAuthorization()) {
            return recordInvalidState(existingAuthStatus);
        }
        if (isError()) {
            return recordError(existingAuthStatus);
        }
        if (!isCodePresent()) {
            return recordNoCode(existingAuthStatus);
        }
        recordCode(existingAuthStatus);
        return getAccessTokenFromAuthCode(existingAuthStatus);
    }

    private AuthorizationStatus getExistingAuthStatus() throws OrcidClientException {
        String parameter = this.req.getParameter("state");
        if (parameter == null || parameter.isEmpty()) {
            throw new OrcidClientException("Request did not contain a 'state' parameter");
        }
        AuthorizationStatus authorizationStatus = getAuthorizationStatus(parameter);
        if (authorizationStatus.isNone()) {
            throw new OrcidClientException("Not seeking authorization for this action: " + authorizationStatus);
        }
        return authorizationStatus;
    }

    private AuthorizationStatus recordInvalidState(AuthorizationStatus authorizationStatus) {
        return authorizationStatus.setFailure(AuthorizationStatus.ErrorCode.INVALID_STATE, authorizationStatus.getState(), AuthorizationStatus.State.SEEKING_AUTHORIZATION);
    }

    private boolean isError() {
        return this.req.getParameter("error") != null;
    }

    private AuthorizationStatus recordError(AuthorizationStatus authorizationStatus) {
        return authorizationStatus.setFailure(this.req.getParameter("error"), this.req.getParameter("error_description"));
    }

    private boolean isCodePresent() {
        String parameter = this.req.getParameter("code");
        return (parameter == null || parameter.isEmpty()) ? false : true;
    }

    private AuthorizationStatus recordCode(AuthorizationStatus authorizationStatus) {
        return authorizationStatus.setSeekingAccessToken(this.req.getParameter("code"));
    }

    private AuthorizationStatus recordNoCode(AuthorizationStatus authorizationStatus) {
        return authorizationStatus.setFailure(AuthorizationStatus.ErrorCode.NO_AUTH_CODE, new Object[0]);
    }

    private AuthorizationStatus getAccessTokenFromAuthCode(AuthorizationStatus authorizationStatus) throws AccessTokenFormatException, OrcidClientException {
        try {
            String asString = Request.Post(this.context.getAccessTokenRequestUrl()).addHeader("Accept", "application/json").bodyForm(Form.form().add("client_id", this.context.getSetting(OrcidClientContext.Setting.CLIENT_ID)).add("client_secret", this.context.getSetting(OrcidClientContext.Setting.CLIENT_SECRET)).add("grant_type", "authorization_code").add("code", authorizationStatus.getAuthorizationCode()).add("redirect_uri", this.context.getCallbackUrl()).build()).execute().returnContent().asString();
            log.debug("Json response: '" + asString + "'");
            return authorizationStatus.setSuccess(new AccessToken(asString));
        } catch (IOException e) {
            return authorizationStatus.setFailure("Request for access token failed.", e);
        }
    }

    public AuthorizationStatus getAuthorizationStatus(ApiAction apiAction) {
        return this.cache.getStatus(apiAction);
    }

    public AuthorizationStatus getAuthorizationStatus(String str) {
        return this.cache.getStatus(str);
    }

    public void clearStatus(ApiAction apiAction) {
        this.cache.clearStatus(apiAction);
    }
}
