package com.ibm.sbt.opensocial.domino.servlets;

import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.name.Named;
import com.ibm.sbt.opensocial.domino.oauth.DominoOAuth2Accessor;
import com.ibm.sbt.opensocial.domino.oauth.DominoOAuth2CallbackState;
import com.ibm.sbt.opensocial.domino.oauth.DominoOAuth2TokenStore;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.servlet.HttpUtil;
import org.apache.shindig.common.servlet.InjectedServlet;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.oauth2.OAuth2Accessor;
import org.apache.shindig.gadgets.oauth2.OAuth2Error;
import org.apache.shindig.gadgets.oauth2.OAuth2Message;
import org.apache.shindig.gadgets.oauth2.handler.AuthorizationEndpointResponseHandler;
import org.apache.shindig.gadgets.oauth2.handler.OAuth2HandlerError;

/* loaded from: input_file:com/ibm/sbt/opensocial/domino/servlets/DominoOAuth2CallbackServlet.class */
public class DominoOAuth2CallbackServlet extends InjectedServlet {
    private static final long serialVersionUID = -190882288947178518L;
    private static final String CLASS = DominoOAuth2CallbackServlet.class.getName();
    private transient List<AuthorizationEndpointResponseHandler> authorizationEndpointResponseHandlers;
    private transient DominoOAuth2TokenStore store;
    private transient Provider<OAuth2Message> oauth2MessageProvider;
    private transient BlobCrypter stateCrypter;
    private transient boolean sendTraceToClient = false;
    private Logger log;
    private static final String RESP_BODY = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<html>\n<head>\n<title>Close this window</title>\n</head>\n<body>\n<script type='text/javascript'>\ntry {\n  window.opener.gadgets.io.oauthReceivedCallbackUrl_ = document.location.href;\n} catch (e) {\n}\nwindow.close();\n</script>\nClose this window.\n</body>\n</html>\n";
    private static final String RESP_ERROR_BODY = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<html>\n<head>\n<title>OAuth2 Error</title>\n</head>\n<body>\n<p>error = %s</p><p>error description = %s</p><p>error uri = %s</p>Close this window.\n</body>\n</html>\n";

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        DominoOAuth2Accessor dominoOAuth2Accessor = null;
        OAuth2Message oAuth2Message = (OAuth2Message) this.oauth2MessageProvider.get();
        oAuth2Message.parseRequest(httpServletRequest);
        if (isOAuthMsgValid(oAuth2Message, httpServletResponse)) {
            try {
                dominoOAuth2Accessor = this.store.getOAuth2Accessor(new DominoOAuth2CallbackState(this.stateCrypter, oAuth2Message.getState()));
            } catch (GadgetException e) {
                this.log.logp(Level.WARNING, CLASS, "doGet", "Error getting accessor from store.", e);
            }
            if (dominoOAuth2Accessor == null) {
                sendError(OAuth2Error.CALLBACK_PROBLEM, "OAuth2CallbackServlet accessor is null", "OAuth2CallbackServlet accessor is null", "", null, httpServletResponse, null, this.sendTraceToClient);
                return;
            }
            try {
                if (!isAccessorValid(dominoOAuth2Accessor, httpServletResponse)) {
                    dominoOAuth2Accessor.invalidate();
                    try {
                        this.store.removeOAuth2Accessor(dominoOAuth2Accessor);
                        return;
                    } catch (GadgetException e2) {
                        this.log.logp(Level.WARNING, CLASS, "doGet", "Error removing invalid accessor.", e2);
                        return;
                    }
                }
                try {
                    boolean z = false;
                    Iterator<AuthorizationEndpointResponseHandler> it = this.authorizationEndpointResponseHandlers.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        AuthorizationEndpointResponseHandler next = it.next();
                        if (next.handlesRequest(dominoOAuth2Accessor, httpServletRequest)) {
                            OAuth2HandlerError handleRequest = next.handleRequest(dominoOAuth2Accessor, httpServletRequest);
                            if (handleRequest != null) {
                                sendError(handleRequest.getError(), handleRequest.getContextMessage(), handleRequest.getDescription(), handleRequest.getUri(), dominoOAuth2Accessor, httpServletResponse, handleRequest.getCause(), this.sendTraceToClient);
                                try {
                                    if (dominoOAuth2Accessor.isErrorResponse()) {
                                        this.store.storeOAuth2Accessor(dominoOAuth2Accessor);
                                        return;
                                    } else {
                                        dominoOAuth2Accessor.invalidate();
                                        this.store.removeOAuth2Accessor(dominoOAuth2Accessor);
                                        return;
                                    }
                                } catch (GadgetException e3) {
                                    this.log.logp(Level.WARNING, CLASS, "doGet", "Error storing/removing accessor.", e3);
                                    throw new IOException(e3);
                                }
                            }
                            z = true;
                        }
                    }
                    if (!z) {
                        sendError(OAuth2Error.NO_RESPONSE_HANDLER, "OAuth2Callback servlet couldn't find a AuthorizationEndpointResponseHandler", "", "", dominoOAuth2Accessor, httpServletResponse, null, this.sendTraceToClient);
                        try {
                            if (dominoOAuth2Accessor.isErrorResponse()) {
                                this.store.storeOAuth2Accessor(dominoOAuth2Accessor);
                                return;
                            } else {
                                dominoOAuth2Accessor.invalidate();
                                this.store.removeOAuth2Accessor(dominoOAuth2Accessor);
                                return;
                            }
                        } catch (GadgetException e4) {
                            this.log.logp(Level.WARNING, CLASS, "doGet", "Error storing/removing accessor.", e4);
                            throw new IOException(e4);
                        }
                    }
                    HttpUtil.setNoCache(httpServletResponse);
                    httpServletResponse.setContentType("text/html; charset=UTF-8");
                    httpServletResponse.getWriter().write(RESP_BODY);
                    try {
                        if (dominoOAuth2Accessor.isErrorResponse()) {
                            this.store.storeOAuth2Accessor(dominoOAuth2Accessor);
                        } else {
                            dominoOAuth2Accessor.invalidate();
                            this.store.removeOAuth2Accessor(dominoOAuth2Accessor);
                        }
                    } catch (GadgetException e5) {
                        this.log.logp(Level.WARNING, CLASS, "doGet", "Error storing/removing accessor.", e5);
                        throw new IOException(e5);
                    }
                } catch (Exception e6) {
                    sendError(OAuth2Error.CALLBACK_PROBLEM, "Exception occurred processing redirect.", "", "", dominoOAuth2Accessor, httpServletResponse, e6, this.sendTraceToClient);
                    throw new IOException(e6);
                }
            } catch (Throwable th) {
                try {
                    if (dominoOAuth2Accessor.isErrorResponse()) {
                        this.store.storeOAuth2Accessor(dominoOAuth2Accessor);
                    } else {
                        dominoOAuth2Accessor.invalidate();
                        this.store.removeOAuth2Accessor(dominoOAuth2Accessor);
                    }
                    throw th;
                } catch (GadgetException e7) {
                    this.log.logp(Level.WARNING, CLASS, "doGet", "Error storing/removing accessor.", e7);
                    throw new IOException(e7);
                }
            }
        }
    }

    protected boolean isOAuthMsgValid(OAuth2Message oAuth2Message, HttpServletResponse httpServletResponse) throws IOException {
        boolean z = true;
        OAuth2Error error = oAuth2Message.getError();
        if (error != null) {
            sendError(error, "encRequestStateKey is null", oAuth2Message.getErrorDescription(), oAuth2Message.getErrorUri(), null, httpServletResponse, null, this.sendTraceToClient);
            z = false;
        }
        if (oAuth2Message.getState() == null) {
            sendError(OAuth2Error.CALLBACK_PROBLEM, "OAuth2CallbackServlet requestStateKey is null.", "", "", null, httpServletResponse, null, this.sendTraceToClient);
            z = false;
        }
        return z;
    }

    protected boolean isAccessorValid(DominoOAuth2Accessor dominoOAuth2Accessor, HttpServletResponse httpServletResponse) throws IOException {
        if (!dominoOAuth2Accessor.isValid()) {
            sendError(OAuth2Error.CALLBACK_PROBLEM, "OAuth2CallbackServlet accessor is invalid " + dominoOAuth2Accessor, dominoOAuth2Accessor.getErrorContextMessage(), dominoOAuth2Accessor.getErrorUri(), dominoOAuth2Accessor, httpServletResponse, dominoOAuth2Accessor.getErrorException(), this.sendTraceToClient);
            return false;
        }
        if (dominoOAuth2Accessor.isErrorResponse()) {
            sendError(OAuth2Error.CALLBACK_PROBLEM, "OAuth2CallbackServlet accessor isErrorResponse " + dominoOAuth2Accessor, dominoOAuth2Accessor.getErrorContextMessage(), dominoOAuth2Accessor.getErrorUri(), dominoOAuth2Accessor, httpServletResponse, dominoOAuth2Accessor.getErrorException(), this.sendTraceToClient);
            return false;
        }
        if (dominoOAuth2Accessor.isRedirecting()) {
            return true;
        }
        sendError(OAuth2Error.CALLBACK_PROBLEM, "OAuth2CallbackServlet accessor is not valid, isn't redirecting.", "", "", dominoOAuth2Accessor, httpServletResponse, null, this.sendTraceToClient);
        return false;
    }

    protected void sendError(OAuth2Error oAuth2Error, String str, String str2, String str3, OAuth2Accessor oAuth2Accessor, HttpServletResponse httpServletResponse, Throwable th, boolean z) throws IOException {
        this.log.logp(Level.WARNING, CLASS, "sendError", String.valueOf(CLASS) + " , callback error " + oAuth2Error + " -  " + str + " , " + str2 + " - " + str3);
        if (th != null && this.log.isLoggable(Level.FINEST)) {
            this.log.logp(Level.FINE, CLASS, "sendError", "callback exception", th);
        }
        HttpUtil.setNoCache(httpServletResponse);
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        if (oAuth2Accessor == null) {
            httpServletResponse.getWriter().write(z ? String.format(RESP_ERROR_BODY, oAuth2Error.getErrorCode(), oAuth2Error.getErrorDescription(new Object[]{str2}), str3) : String.format(RESP_ERROR_BODY, oAuth2Error.getErrorCode(), "", ""));
        } else {
            oAuth2Accessor.setErrorResponse(th, oAuth2Error, String.valueOf(str) + " , " + str2, str3);
            httpServletResponse.getWriter().write(RESP_BODY);
        }
    }

    @Inject
    public void setAuthorizationResponseHandlers(List<AuthorizationEndpointResponseHandler> list) {
        this.authorizationEndpointResponseHandlers = list;
    }

    @Inject
    public void setLogger(Logger logger) {
        this.log = logger;
    }

    @Inject
    public void sendTraceToClient(@Named("shindig.oauth2.send-trace-to-client") boolean z) {
        this.sendTraceToClient = z;
    }

    @Inject
    public void setOAuth2Store(DominoOAuth2TokenStore dominoOAuth2TokenStore) {
        this.store = dominoOAuth2TokenStore;
    }

    @Inject
    public void setOAuth2MessageProvider(Provider<OAuth2Message> provider) {
        this.oauth2MessageProvider = provider;
    }

    @Inject
    public void setStateCrypter(@Named("shindig.oauth2.state-crypter") BlobCrypter blobCrypter) {
        this.stateCrypter = blobCrypter;
    }
}
