package io.apicurio.studio.fe.servlet.filters;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;
import com.mashape.unirest.http.exceptions.UnirestException;
import io.apicurio.studio.fe.servlet.beans.AccessTokenRequest;
import io.apicurio.studio.fe.servlet.beans.AccessTokenResponse;
import io.apicurio.studio.fe.servlet.config.RequestAttributeKeys;
import io.apicurio.studio.shared.beans.User;
import java.io.IOException;
import java.io.InputStream;
import java.security.SecureRandom;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.MediaType;
import org.apache.commons.io.IOUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:_bootstrap/apicurio-studio-ui.war:WEB-INF/lib/apicurio-studio-fe-servlet-0.2.15.Final.jar:io/apicurio/studio/fe/servlet/filters/GitHubAuthenticationFilter.class
 */
/* loaded from: input_file:m2repo/io/apicurio/apicurio-studio-fe-servlet/0.2.15.Final/apicurio-studio-fe-servlet-0.2.15.Final.jar:io/apicurio/studio/fe/servlet/filters/GitHubAuthenticationFilter.class */
public class GitHubAuthenticationFilter implements Filter {
    private static SecureRandom random = new SecureRandom();
    private static ObjectMapper jacksonObjectMapper = new ObjectMapper();
    private static String AUTH_URL;
    private static String ACCESS_TOKEN_URL;
    private static String REDIRECT_KEY;
    private static String STATE_KEY;
    private String clientId;
    private String clientSecret;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.clientId = lookupClientId();
        this.clientSecret = lookupClientSecret();
        if (this.clientId == null || this.clientSecret == null) {
            throw new ServletException("Missing clientId or clientSecret for GitHub OAuth authentication.  Please configure both of these as system properties or environment variables:  apicurio.github.auth.clientId|GITHUB_AUTH_CLIENT_ID and apicurio.github.auth.clientSecret|GITHUB_AUTH_CLIENT_SECRET");
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        if (httpServletRequest.getServletPath().endsWith("/callback")) {
            String parameter = httpServletRequest.getParameter("code");
            String str = (String) session.getAttribute(STATE_KEY);
            AccessTokenRequest accessTokenRequest = new AccessTokenRequest();
            accessTokenRequest.setClient_id(this.clientId);
            accessTokenRequest.setClient_secret(this.clientSecret);
            accessTokenRequest.setCode(parameter);
            accessTokenRequest.setState(str);
            try {
                AccessTokenResponse accessTokenResponse = (AccessTokenResponse) Unirest.post(ACCESS_TOKEN_URL).header("Content-Type", "application/json").header("Accept", "application/json").body(accessTokenRequest).asObject(AccessTokenResponse.class).getBody();
                session.setAttribute(RequestAttributeKeys.AUTH_KEY, accessTokenResponse);
                session.setAttribute(RequestAttributeKeys.USER_KEY, authenticateUser(accessTokenResponse.getAccess_token()));
                httpServletResponse.sendRedirect((String) session.getAttribute(REDIRECT_KEY));
                return;
            } catch (UnirestException e) {
                throw new ServletException(e);
            }
        }
        if (httpServletRequest.getServletPath().endsWith("/logout")) {
            session.removeAttribute(RequestAttributeKeys.AUTH_KEY);
            session.removeAttribute(RequestAttributeKeys.USER_KEY);
            String createLogoutPage = createLogoutPage();
            httpServletResponse.setContentType(MediaType.TEXT_HTML);
            httpServletResponse.setContentLength(createLogoutPage.length());
            httpServletResponse.getWriter().print(createLogoutPage);
            httpServletResponse.getWriter().flush();
            return;
        }
        if (((AccessTokenResponse) session.getAttribute(RequestAttributeKeys.AUTH_KEY)) != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && !queryString.isEmpty()) {
            requestURL.append("?").append(queryString);
        }
        session.setAttribute(REDIRECT_KEY, requestURL.toString());
        String valueOf = String.valueOf(random.nextInt());
        session.setAttribute(STATE_KEY, valueOf);
        String createLoginPage = createLoginPage(AUTH_URL + this.clientId + "&state=" + valueOf);
        httpServletResponse.setContentType(MediaType.TEXT_HTML);
        httpServletResponse.setContentLength(createLoginPage.length());
        httpServletResponse.getWriter().print(createLoginPage);
        httpServletResponse.getWriter().flush();
    }

    private String createLoginPage(String str) throws ServletException {
        try {
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("login.html");
            Throwable th = null;
            try {
                try {
                    String replaceAll = IOUtils.toString(resourceAsStream).replaceAll("XXX", str);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return replaceAll;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new ServletException(e);
        }
    }

    private String createLogoutPage() throws ServletException {
        try {
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("logout.html");
            Throwable th = null;
            try {
                String iOUtils = IOUtils.toString(resourceAsStream);
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                return iOUtils;
            } finally {
            }
        } catch (IOException e) {
            throw new ServletException(e);
        }
    }

    private String lookupClientId() {
        String property = System.getProperty("apicurio.github.auth.clientId", null);
        if (property == null) {
            property = System.getenv("GITHUB_AUTH_CLIENT_ID");
        }
        return property;
    }

    private String lookupClientSecret() {
        String property = System.getProperty("apicurio.github.auth.clientSecret", null);
        if (property == null) {
            property = System.getenv("GITHUB_AUTH_CLIENT_SECRET");
        }
        return property;
    }

    private static User authenticateUser(String str) {
        try {
            HttpResponse<String> asString = Unirest.get("https://api.github.com/user").header("Accept", "application/json").header("Authorization", "Bearer " + str).asString();
            if (asString.getStatus() != 200) {
                return null;
            }
            return (User) jacksonObjectMapper.readerFor(User.class).readValue(asString.getBody());
        } catch (Exception e) {
            return null;
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    static {
        jacksonObjectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        Unirest.setObjectMapper(new com.mashape.unirest.http.ObjectMapper() { // from class: io.apicurio.studio.fe.servlet.filters.GitHubAuthenticationFilter.1
            @Override // com.mashape.unirest.http.ObjectMapper
            public <T> T readValue(String str, Class<T> cls) {
                try {
                    return (T) GitHubAuthenticationFilter.jacksonObjectMapper.readValue(str, cls);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }

            @Override // com.mashape.unirest.http.ObjectMapper
            public String writeValue(Object obj) {
                try {
                    return GitHubAuthenticationFilter.jacksonObjectMapper.writeValueAsString(obj);
                } catch (JsonProcessingException e) {
                    throw new RuntimeException(e);
                }
            }
        });
        AUTH_URL = "https://github.com/login/oauth/authorize?scope=user:email+repo+read:org&client_id=";
        ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token";
        REDIRECT_KEY = "GitHubAuthenticationFilter.redirectTo";
        STATE_KEY = "GitHubAuthenticationFilter.state";
    }
}
