package com.predic8.membrane.core.interceptor.oauth2client.rf;

import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.session.Session;
import com.predic8.membrane.core.interceptor.session.SessionManager;
import com.predic8.membrane.core.util.URLParamUtil;
import java.math.BigInteger;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Optional;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/predic8/membrane/core/interceptor/oauth2client/rf/StateManager.class */
public class StateManager {
    private static final String SESSION_PARAMETER_STATE = "state";
    private static final Logger log = LoggerFactory.getLogger(StateManager.class);
    private static final SecureRandom sr = new SecureRandom();
    private final String securityToken;
    private final String verifierId;

    public StateManager(PKCEVerifier pKCEVerifier) {
        this.securityToken = generateNewState();
        this.verifierId = pKCEVerifier.getId();
    }

    public StateManager(String str) {
        this.securityToken = getValueFromState(str, "security_token");
        this.verifierId = getValueFromState(str, "verifierId");
    }

    @NotNull
    public static String generateNewState() {
        return new BigInteger(130, sr).toString(32);
    }

    private static String getValueFromState(String str, String str2) {
        if (str == null) {
            throw new RuntimeException("State is null, No " + str2 + ".");
        }
        return URLParamUtil.parseQueryString(URLDecoder.decode(str, StandardCharsets.UTF_8), URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR).get(str2);
    }

    public static void verifyCsrfToken(Session session, StateManager stateManager) throws OAuth2Exception {
        if (matchesCsrfToken(stateManager, session.get("state"))) {
            if (!session.get("state").equals(stateManager.getSecurityToken())) {
                log.warn("Replacing saved state '{}' with '{}'", session.get("state"), stateManager.getSecurityToken());
            }
            session.put("state", stateManager.getSecurityToken());
        } else {
            if (session.isNew()) {
                throw new OAuth2Exception(OAuth2CallbackRequestHandler.MEMBRANE_MISSING_SESSION, OAuth2CallbackRequestHandler.MEMBRANE_MISSING_SESSION_DESCRIPTION, Response.badRequest().body(OAuth2CallbackRequestHandler.MEMBRANE_MISSING_SESSION_DESCRIPTION).build());
            }
            if (!hasState(session)) {
                throw new OAuth2Exception(OAuth2CallbackRequestHandler.MEMBRANE_CSRF_TOKEN_MISSING_IN_SESSION, OAuth2CallbackRequestHandler.MEMBRANE_CSRF_TOKEN_MISSING_IN_SESSION_DESCRIPTION, Response.badRequest().body(OAuth2CallbackRequestHandler.MEMBRANE_CSRF_TOKEN_MISSING_IN_SESSION_DESCRIPTION).build());
            }
            log.warn("Token from Session: '{}', Token from URI: '{}'", session.get("state"), stateManager.getSecurityToken());
            throw new OAuth2Exception(OAuth2CallbackRequestHandler.MEMBRANE_CSRF_TOKEN_MISMATCH, OAuth2CallbackRequestHandler.MEMBRANE_CSRF_TOKEN_MISMATCH_DESCRIPTION, Response.badRequest().body(OAuth2CallbackRequestHandler.MEMBRANE_CSRF_TOKEN_MISMATCH_DESCRIPTION).build());
        }
    }

    private static boolean matchesCsrfToken(StateManager stateManager, Object obj) {
        return Optional.ofNullable(obj).filter(obj2 -> {
            return hasExactlyOneMatchingToken(stateManager, obj2);
        }).isPresent();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasExactlyOneMatchingToken(StateManager stateManager, Object obj) {
        return Arrays.stream(obj.toString().split(SessionManager.SESSION_VALUE_SEPARATOR)).filter(str -> {
            return str.equals(stateManager.getSecurityToken());
        }).count() == 1;
    }

    public static boolean hasState(Session session) {
        return session.get().containsKey("state");
    }

    public String buildStateParameter(Exchange exchange) {
        return "&state=security_token%3D" + this.securityToken + "%26url%3D" + OAuth2Util.urlencode(exchange.getRequestURI()) + "%26verifierId%3D" + this.verifierId;
    }

    public void saveToSession(Session session) {
        String str = this.securityToken;
        if (session.get().containsKey("state")) {
            str = String.valueOf(session.get("state")) + "," + str;
        }
        session.put("state", str);
    }

    public String getSecurityToken() {
        return this.securityToken;
    }

    public Optional<String> getVerifierId() {
        return Optional.ofNullable(this.verifierId);
    }

    public String toString() {
        return "StateManager{securityToken='" + this.securityToken + "', verifierId='" + this.verifierId + "'}";
    }
}
