package com.bornium.security.oauth2openid.server.endpoints;

import com.bornium.http.Exchange;
import com.bornium.http.Response;
import com.bornium.http.ResponseBuilder;
import com.bornium.http.util.BodyUtil;
import com.bornium.security.oauth2openid.Constants;
import com.bornium.security.oauth2openid.providers.Session;
import com.bornium.security.oauth2openid.server.ServerServices;
import com.google.common.base.Charsets;
import com.google.common.io.CharStreams;
import java.io.IOException;
import java.io.InputStreamReader;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:lib/oauth2-openid-1.0.1.jar:com/bornium/security/oauth2openid/server/endpoints/LoginEndpoint.class */
public class LoginEndpoint extends Endpoint {
    public LoginEndpoint(ServerServices serverServices) {
        super(serverServices, Constants.ENDPOINT_LOGIN, Constants.ENDPOINT_CONSENT);
    }

    @Override // com.bornium.security.oauth2openid.server.endpoints.Endpoint
    public void invokeOn(Exchange exchange) throws Exception {
        if (exchange.getRequest().getUri().getPath().endsWith(Constants.ENDPOINT_LOGIN)) {
            if (wasRedirectFromError(exchange) || !hasSentLoginData(exchange)) {
                exchange.setResponse(sendLoginpage());
                return;
            } else {
                checkLogin(exchange);
                return;
            }
        }
        if (exchange.getRequest().getUri().getPath().endsWith(Constants.ENDPOINT_CONSENT)) {
            if (wasRedirectFromError(exchange) || !hasSentConsent(exchange)) {
                exchange.setResponse(sendConsentpage());
            } else {
                checkConsent(exchange);
            }
        }
    }

    private void checkConsent(Exchange exchange) throws Exception {
        Map<String, String> bodyToParams = BodyUtil.bodyToParams(exchange.getRequest().getBody());
        Session session = this.serverServices.getProvidedServices().getSessionProvider().getSession(exchange);
        if (!bodyToParams.containsKey(Constants.LOGIN_CONSENT) || bodyToParams.get(Constants.LOGIN_CONSENT).equals("no")) {
            exchange.setResponse(redirectToCallbackWithError(session.getValue("redirect_uri"), Constants.ERROR_ACCESS_DENIED, session.getValue("state"), setToResponseModeOrUseDefault(exchange, session)));
            return;
        }
        if (bodyToParams.get(Constants.SESSION_LOGIN_STATE) == null || !bodyToParams.get(Constants.SESSION_LOGIN_STATE).equals(session.getValue(Constants.SESSION_LOGIN_STATE))) {
            session.putValue(Constants.SESSION_REDIRECT_FROM_ERROR, "yes");
            exchange.setResponse(redirectToLogin(possibleCSRFError(session)));
        } else {
            session.putValue(Constants.SESSION_CONSENT_GIVEN, "yes");
            exchange.setResponse(redirectToAfterLoginEndpoint());
        }
    }

    private Response redirectToAfterLoginEndpoint() {
        return new ResponseBuilder().redirectTempWithGet(this.serverServices.getProvidedServices().getContextPath() + Constants.ENDPOINT_AFTER_LOGIN).build();
    }

    private void checkLogin(Exchange exchange) throws Exception {
        Map<String, String> bodyToParams = BodyUtil.bodyToParams(exchange.getRequest().getBody());
        if (!bodyToParams.containsKey("username") && !bodyToParams.containsKey("password")) {
            Session session = this.serverServices.getProvidedServices().getSessionProvider().getSession(exchange);
            session.putValue(Constants.SESSION_REDIRECT_FROM_ERROR, "yes");
            exchange.setResponse(redirectToLogin(couldNotVerifyUserError(session)));
            return;
        }
        String str = bodyToParams.get("username");
        if (!this.serverServices.getProvidedServices().getUserDataProvider().verifyUser(str, bodyToParams.get("password"))) {
            this.serverServices.getProvidedServices().getUserDataProvider().badLogin(str);
            Session session2 = this.serverServices.getProvidedServices().getSessionProvider().getSession(exchange);
            session2.putValue(Constants.SESSION_REDIRECT_FROM_ERROR, "yes");
            exchange.setResponse(redirectToLogin(couldNotVerifyUserError(session2)));
            return;
        }
        Session session3 = this.serverServices.getProvidedServices().getSessionProvider().getSession(exchange);
        if (bodyToParams.get(Constants.SESSION_LOGIN_STATE) == null || !bodyToParams.get(Constants.SESSION_LOGIN_STATE).equals(session3.getValue(Constants.SESSION_LOGIN_STATE))) {
            this.serverServices.getProvidedServices().getUserDataProvider().badLogin(str);
            session3.putValue(Constants.SESSION_REDIRECT_FROM_ERROR, "yes");
            exchange.setResponse(redirectToLogin(possibleCSRFError(session3)));
        } else {
            session3.putValue("username", str);
            session3.putValue(Constants.SESSION_LOGGED_IN, "yes");
            session3.putValue("auth_time", String.valueOf(Instant.now().getEpochSecond()));
            exchange.setResponse(redirectToConsent(getConsentPageParams(session3)));
        }
    }

    private Map<String, String> possibleCSRFError(Session session) throws Exception {
        HashMap hashMap = new HashMap(prepareJsStateParameter(session));
        hashMap.put(Constants.PARAMETER_ERROR, Constants.ERROR_POSSIBLE_CSRF);
        return hashMap;
    }

    private boolean wasRedirectFromError(Exchange exchange) throws Exception {
        Session session = this.serverServices.getProvidedServices().getSessionProvider().getSession(exchange);
        String value = session.getValue(Constants.SESSION_REDIRECT_FROM_ERROR);
        if (value == null || !value.equals("yes")) {
            return false;
        }
        session.removeValue(Constants.SESSION_REDIRECT_FROM_ERROR);
        return true;
    }

    private Map<String, String> couldNotVerifyUserError(Session session) throws Exception {
        HashMap hashMap = new HashMap(prepareJsStateParameter(session));
        hashMap.put(Constants.PARAMETER_ERROR, Constants.ERROR_COULD_NOT_VALIDATE_USER);
        return hashMap;
    }

    private Map<String, String> getConsentPageParams(Session session) throws Exception {
        HashMap hashMap = new HashMap(prepareJsStateParameter(session));
        hashMap.put("scope", session.getValue("scope"));
        return hashMap;
    }

    private Response sendLoginpage() throws IOException {
        return new ResponseBuilder().statuscode(200).body(loadLoginpage()).build();
    }

    private Response sendConsentpage() throws IOException {
        return new ResponseBuilder().statuscode(200).body(loadConsentpage()).build();
    }

    @Override // com.bornium.security.oauth2openid.server.endpoints.Endpoint
    public String getScope(Exchange exchange) throws Exception {
        return null;
    }

    private boolean hasSentLoginData(Exchange exchange) {
        return exchange.getRequest().getBody().contains("username") && exchange.getRequest().getBody().contains("password");
    }

    private boolean hasSentConsent(Exchange exchange) {
        return exchange.getRequest().getBody().contains(Constants.LOGIN_CONSENT);
    }

    private String loadLoginpage() throws IOException {
        return loadPage("login.html");
    }

    private String loadConsentpage() throws IOException {
        return loadPage("consent.html");
    }

    private String loadPage(String str) throws IOException {
        return CharStreams.toString(new InputStreamReader(getClass().getResourceAsStream("/static/logindialog/" + str), Charsets.UTF_8));
    }
}
