package io.firebus.adapters.http.auth;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.ECDSAKeyProvider;
import io.firebus.Firebus;
import io.firebus.adapters.http.AuthValidationHandler;
import io.firebus.utils.DataException;
import io.firebus.utils.DataMap;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;

/* loaded from: input_file:io/firebus/adapters/http/auth/AppleValidator.class */
public class AppleValidator extends AuthValidationHandler {
    private Logger logger;
    protected String loginUrl;
    protected String tokenUrl;
    protected String clientId;
    protected String keyId;
    protected String privateKey;
    protected String redirectUrl;

    public AppleValidator(DataMap dataMap, Firebus firebus) {
        super(dataMap, firebus);
        this.logger = Logger.getLogger("io.firebus.adapters.http");
        this.loginUrl = this.handlerConfig.getString("loginurl");
        this.tokenUrl = this.handlerConfig.getString("tokenurl");
        this.clientId = this.handlerConfig.getString("clientid");
        this.keyId = this.handlerConfig.getString("keyid");
        this.privateKey = this.handlerConfig.getString("privatekey");
        this.redirectUrl = this.handlerConfig.getString("redirecturl");
    }

    protected String getClientSecret(String str) {
        String str2 = null;
        try {
            final ECPrivateKey eCPrivateKey = (ECPrivateKey) KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(this.privateKey)));
            str2 = JWT.create().withIssuer("826685XAPC").withIssuedAt(new Date()).withAudience(new String[]{"https://appleid.apple.com"}).withSubject(str).withExpiresAt(new Date(new Date().getTime() + 28800000)).sign(Algorithm.ECDSA256(new ECDSAKeyProvider() { // from class: io.firebus.adapters.http.auth.AppleValidator.1
                /* renamed from: getPublicKeyById, reason: merged with bridge method [inline-methods] */
                public ECPublicKey m2getPublicKeyById(String str3) {
                    return null;
                }

                /* renamed from: getPrivateKey, reason: merged with bridge method [inline-methods] */
                public ECPrivateKey m1getPrivateKey() {
                    return eCPrivateKey;
                }

                public String getPrivateKeyId() {
                    return AppleValidator.this.keyId;
                }
            }));
        } catch (Exception e) {
            this.logger.severe("Error generating the Apple client secret: " + e.getMessage());
        }
        this.logger.info("Apple client secret is : " + str2);
        return str2;
    }

    @Override // io.firebus.adapters.http.HttpHandler
    protected void httpService(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (this.tokenUrl == null || this.clientId == null) {
            httpServletResponse.setStatus(500);
            httpServletResponse.getWriter().println("<html><title>Error</title><body>Authentication configuration missing</body></html>");
            return;
        }
        try {
            ServletInputStream inputStream = httpServletRequest.getInputStream();
            StringBuilder sb = new StringBuilder();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= -1) {
                    break;
                } else {
                    sb.append(new String(bArr, 0, read));
                }
            }
            String[] split = URLDecoder.decode(sb.toString(), StandardCharsets.UTF_8.name()).split("&");
            String str = null;
            String str2 = null;
            for (int i = 0; i < split.length; i++) {
                if (split[i].startsWith("state=")) {
                    str = split[i].substring(6);
                } else if (split[i].startsWith("code=")) {
                    str2 = split[i].substring(5);
                }
            }
            if (str2 != null) {
                String replace = (this.redirectUrl != null ? this.redirectUrl : "${state}").replace("${state}", str != null ? str : "");
                DataMap dataMap = null;
                CloseableHttpClient createDefault = HttpClients.createDefault();
                HttpPost httpPost = new HttpPost(this.tokenUrl);
                ArrayList arrayList = new ArrayList(2);
                arrayList.add(new BasicNameValuePair("code", str2));
                arrayList.add(new BasicNameValuePair("client_id", this.clientId));
                arrayList.add(new BasicNameValuePair("client_secret", getClientSecret(this.clientId)));
                arrayList.add(new BasicNameValuePair("redirect_uri", this.publicHost + this.path));
                arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
                httpPost.setHeader("content-type", "application/x-www-form-urlencoded");
                HttpResponse execute = createDefault.execute(httpPost);
                int statusCode = execute.getStatusLine().getStatusCode();
                HttpEntity entity = execute.getEntity();
                if (entity != null) {
                    try {
                        dataMap = new DataMap(entity.getContent());
                    } catch (DataException e) {
                    }
                }
                if (statusCode < 200 || statusCode >= 400) {
                    if (dataMap != null) {
                        httpServletResponse.setStatus(500);
                        httpServletResponse.getWriter().println("<html><title>Error</title><body>Return code : " + statusCode + "<br>" + dataMap.toString() + "</body></html>");
                    } else {
                        httpServletResponse.setStatus(500);
                        httpServletResponse.getWriter().println("<html><title>Error</title><body>Return code : " + statusCode + "</body></html>");
                    }
                } else if (dataMap != null) {
                    this._securityHandler.enrichAuthResponse(JWT.decode(dataMap.getString("id_token")).getClaim("email").asString(), httpServletResponse);
                    httpServletResponse.setStatus(303);
                    httpServletResponse.setHeader("location", replace);
                    httpServletResponse.getWriter().println("<html><title>Redirect</title><body>Loging in</body></html>");
                } else {
                    httpServletResponse.setStatus(500);
                    httpServletResponse.getWriter().println("<html><title>Error</title><body>Token is empty</body></html>");
                }
            }
        } catch (Exception e2) {
            httpServletResponse.setStatus(500);
            httpServletResponse.getWriter().println("<html><title>Error</title><body>Problem authenticating</body></html>");
        }
    }

    @Override // io.firebus.adapters.http.AuthValidationHandler
    public String getLoginURL(String str) {
        return this.loginUrl + "?client_id=" + this.clientId + "&response_type=code&response_mode=form_post&scope=name%20email&redirect_uri=" + this.publicHost + this.path + "&state=" + this.publicHost + str + "&nonce=123";
    }
}
