package org.apache.shindig.gadgets.oauth2;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import org.apache.shindig.auth.AnonymousSecurityToken;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpFetcher;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
import org.apache.shindig.gadgets.oauth2.handler.AuthorizationEndpointResponseHandler;
import org.apache.shindig.gadgets.oauth2.handler.ClientAuthenticationHandler;
import org.apache.shindig.gadgets.oauth2.handler.GrantRequestHandler;
import org.apache.shindig.gadgets.oauth2.handler.OAuth2HandlerError;
import org.apache.shindig.gadgets.oauth2.handler.ResourceRequestHandler;
import org.apache.shindig.gadgets.oauth2.handler.TokenEndpointResponseHandler;
import org.apache.shindig.gadgets.oauth2.logger.FilteredLogger;
import org.apache.shindig.gadgets.rewrite.image.BasicImageRewriter;

/* loaded from: input_file:org/apache/shindig/gadgets/oauth2/BasicOAuth2Request.class */
public class BasicOAuth2Request implements OAuth2Request {
    private static final String LOG_CLASS = BasicOAuth2Request.class.getName();
    private static final FilteredLogger LOG = FilteredLogger.getFilteredLogger(LOG_CLASS);
    private static final short MAX_ATTEMPTS = 3;
    private OAuth2Accessor internalAccessor;
    private OAuth2Arguments arguments;
    private final List<AuthorizationEndpointResponseHandler> authorizationEndpointResponseHandlers;
    private final List<ClientAuthenticationHandler> clientAuthenticationHandlers;
    private final HttpFetcher fetcher;
    private final OAuth2FetcherConfig fetcherConfig;
    private final List<GrantRequestHandler> grantRequestHandlers;
    private HttpRequest realRequest;
    private final List<ResourceRequestHandler> resourceRequestHandlers;
    private OAuth2ResponseParams responseParams;
    private SecurityToken securityToken;
    private final OAuth2Store store;
    private final List<TokenEndpointResponseHandler> tokenEndpointResponseHandlers;
    private final boolean sendTraceToClient;
    private final OAuth2RequestParameterGenerator requestParameterGenerator;
    private short attemptCounter = 0;

    @Inject
    public BasicOAuth2Request(OAuth2FetcherConfig oAuth2FetcherConfig, HttpFetcher httpFetcher, List<AuthorizationEndpointResponseHandler> list, List<ClientAuthenticationHandler> list2, List<GrantRequestHandler> list3, List<ResourceRequestHandler> list4, List<TokenEndpointResponseHandler> list5, boolean z, OAuth2RequestParameterGenerator oAuth2RequestParameterGenerator) {
        this.fetcherConfig = oAuth2FetcherConfig;
        if (this.fetcherConfig != null) {
            this.store = this.fetcherConfig.getOAuth2Store();
        } else {
            this.store = null;
        }
        this.fetcher = httpFetcher;
        this.authorizationEndpointResponseHandlers = list;
        this.clientAuthenticationHandlers = list2;
        this.grantRequestHandlers = list3;
        this.resourceRequestHandlers = list4;
        this.tokenEndpointResponseHandlers = list5;
        this.sendTraceToClient = z;
        this.requestParameterGenerator = oAuth2RequestParameterGenerator;
        if (LOG.isLoggable()) {
            LOG.log("this.fetcherConfig = {0}", this.fetcherConfig);
            LOG.log("this.store = {0}", this.store);
            LOG.log("this.fetcher = {0}", this.fetcher);
            LOG.log("this.authorizationEndpointResponseHandlers = {0}", this.authorizationEndpointResponseHandlers);
            LOG.log("this.clientAuthenticationHandlers = {0}", this.clientAuthenticationHandlers);
            LOG.log("this.grantRequestHandlers = {0}", this.grantRequestHandlers);
            LOG.log("this.resourceRequestHandlers = {0}", this.resourceRequestHandlers);
            LOG.log("this.tokenEndpointResponseHandlers = {0}", this.tokenEndpointResponseHandlers);
            LOG.log("this.sendTraceToClient = {0}", Boolean.valueOf(this.sendTraceToClient));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0197  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0370  */
    @Override // org.apache.shindig.gadgets.oauth2.OAuth2Request
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.apache.shindig.gadgets.http.HttpResponse fetch(org.apache.shindig.gadgets.http.HttpRequest r8) {
        /*
            Method dump skipped, instructions count: 896
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.shindig.gadgets.oauth2.BasicOAuth2Request.fetch(org.apache.shindig.gadgets.http.HttpRequest):org.apache.shindig.gadgets.http.HttpResponse");
    }

    private HttpResponseBuilder attemptFetch(OAuth2Accessor oAuth2Accessor) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "attemptFetch", new Object[]{oAuth2Accessor});
            LOG.log("BasicOAuth2Request.haveAccessToken(accessor) = {0}", Boolean.valueOf(haveAccessToken(oAuth2Accessor) == null));
            LOG.log("BasicOAuth2Request.haveRefreshToken(accessor) = {0}", Boolean.valueOf(haveRefreshToken(oAuth2Accessor) == null));
        }
        if (this.attemptCounter > MAX_ATTEMPTS) {
            if (isLoggable) {
                LOG.log("MAX_ATTEMPTS exceeded {0}", Short.valueOf(this.attemptCounter));
                String str = "";
                for (StackTraceElement stackTraceElement : Thread.currentThread().getStackTrace()) {
                    str = str + stackTraceElement.toString() + "\n";
                }
                LOG.log("MAX_ATTEMPTS stack = {0}", str);
            }
            return fetchData(oAuth2Accessor, true);
        }
        this.attemptCounter = (short) (this.attemptCounter + 1);
        if (isLoggable) {
            LOG.log("attempt number {0}", Short.valueOf(this.attemptCounter));
        }
        HttpResponseBuilder httpResponseBuilder = null;
        if (oAuth2Accessor.isErrorResponse()) {
            return getErrorResponseBuilder(oAuth2Accessor.getErrorException(), oAuth2Accessor.getError(), oAuth2Accessor.getErrorContextMessage(), oAuth2Accessor.getErrorUri(), oAuth2Accessor.getErrorContextMessage());
        }
        if (haveAccessToken(oAuth2Accessor) != null) {
            httpResponseBuilder = fetchData(oAuth2Accessor, this.attemptCounter > MAX_ATTEMPTS);
        } else if (haveRefreshToken(oAuth2Accessor) != null) {
            if (checkCanRefresh()) {
                boolean z = false;
                String intern = getAccessorKey(oAuth2Accessor).intern();
                if (isLoggable) {
                    LOG.log("about to synchronize on {0}", intern);
                }
                synchronized (intern) {
                    OAuth2Accessor accessorInternal = getAccessorInternal();
                    if (isLoggable) {
                        LOG.log("acc = {0}", accessorInternal);
                        LOG.log("BasicOAuth2Request.haveAccessToken(acc) = {0}", Boolean.valueOf(haveAccessToken(accessorInternal) == null));
                        LOG.log("BasicOAuth2Request.haveRefreshToken(acc) = {0}", Boolean.valueOf(haveRefreshToken(accessorInternal) == null));
                    }
                    if (haveAccessToken(accessorInternal) != null) {
                        if (isLoggable) {
                            LOG.log("found an access token from another refresh", new Object[0]);
                        }
                        z = true;
                    } else {
                        OAuth2HandlerError refreshToken = refreshToken(oAuth2Accessor);
                        if (refreshToken == null) {
                            z = true;
                            if (isLoggable) {
                                LOG.log("no refresh errors reported", new Object[0]);
                            }
                        } else {
                            if (isLoggable) {
                                LOG.log("refresh errors reported", new Object[0]);
                            }
                            httpResponseBuilder = getErrorResponseBuilder(refreshToken.getCause(), refreshToken.getError(), refreshToken.getContextMessage(), refreshToken.getUri(), refreshToken.getDescription());
                        }
                    }
                }
                if (z) {
                    if (isLoggable) {
                        LOG.log("going to re-attempt with a clean accesor", new Object[0]);
                    }
                    this.store.removeOAuth2Accessor(this.internalAccessor);
                    this.internalAccessor = null;
                    httpResponseBuilder = attemptFetch(getAccessor());
                }
            } else {
                oAuth2Accessor.setAccessToken(null);
                oAuth2Accessor.setRefreshToken(null);
                httpResponseBuilder = attemptFetch(oAuth2Accessor);
            }
        } else if (!oAuth2Accessor.isRedirecting() && checkCanAuthorize(oAuth2Accessor)) {
            String authorize = authorize(oAuth2Accessor);
            if (authorize != null) {
                this.responseParams.setAuthorizationUrl(authorize);
                oAuth2Accessor.setRedirecting(true);
            } else {
                httpResponseBuilder = attemptFetch(oAuth2Accessor);
            }
        }
        if (httpResponseBuilder == null) {
            if (oAuth2Accessor.isRedirecting()) {
                httpResponseBuilder = new HttpResponseBuilder().setHttpStatusCode(HttpResponse.SC_OK).setStrictNoCache();
            } else {
                oAuth2Accessor.setAccessToken(null);
                httpResponseBuilder = attemptFetch(oAuth2Accessor);
            }
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "attemptFetch", httpResponseBuilder);
        }
        return httpResponseBuilder;
    }

    private String authorize(OAuth2Accessor oAuth2Accessor) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "authorize", oAuth2Accessor);
        }
        String str = null;
        String grantType = oAuth2Accessor.getGrantType();
        GrantRequestHandler grantRequestHandler = null;
        Iterator<GrantRequestHandler> it = this.grantRequestHandlers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            GrantRequestHandler next = it.next();
            if (next.getGrantType().equalsIgnoreCase(grantType)) {
                grantRequestHandler = next;
                break;
            }
        }
        if (grantRequestHandler == null) {
            oAuth2Accessor.setErrorResponse(null, OAuth2Error.AUTHENTICATION_PROBLEM, "no grantRequestHandler found for " + grantType, "");
        } else {
            String str2 = null;
            try {
                str2 = grantRequestHandler.getCompleteUrl(oAuth2Accessor);
            } catch (OAuth2RequestException e) {
                if (isLoggable) {
                    LOG.log("error getting complete url", (Throwable) e);
                }
            }
            if (grantRequestHandler.isRedirectRequired()) {
                str = str2;
            } else {
                OAuth2HandlerError authorize = authorize(oAuth2Accessor, grantRequestHandler, str2);
                if (authorize != null) {
                    oAuth2Accessor.setErrorResponse(authorize.getCause(), OAuth2Error.AUTHENTICATION_PROBLEM, authorize.getContextMessage() + " , " + authorize.getDescription(), authorize.getUri());
                }
            }
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "authorize", str);
        }
        return str;
    }

    private OAuth2HandlerError authorize(OAuth2Accessor oAuth2Accessor, GrantRequestHandler grantRequestHandler, String str) {
        HttpRequest httpRequest;
        HttpResponse httpResponse;
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "authorize", new Object[]{oAuth2Accessor, grantRequestHandler, str});
        }
        OAuth2HandlerError oAuth2HandlerError = null;
        try {
            httpRequest = grantRequestHandler.getAuthorizationRequest(oAuth2Accessor, str);
        } catch (OAuth2RequestException e) {
            httpRequest = null;
            oAuth2HandlerError = new OAuth2HandlerError(e.getError(), e.getErrorText(), e);
        }
        if (isLoggable) {
            LOG.log("authorizationRequest = {0}", httpRequest);
        }
        if (httpRequest != null) {
            try {
                httpResponse = this.fetcher.fetch(httpRequest);
            } catch (GadgetException e2) {
                if (isLoggable) {
                    LOG.log("authorize()", (Throwable) e2);
                }
                httpResponse = null;
                oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.AUTHORIZE_PROBLEM, "exception thrown fetching authorization", e2);
            }
            if (isLoggable) {
                LOG.log("authorizationResponse = {0}", httpResponse);
            }
            if (httpResponse != null) {
                if (grantRequestHandler.isAuthorizationEndpointResponse()) {
                    for (AuthorizationEndpointResponseHandler authorizationEndpointResponseHandler : this.authorizationEndpointResponseHandlers) {
                        if (authorizationEndpointResponseHandler.handlesResponse(oAuth2Accessor, httpResponse)) {
                            if (isLoggable) {
                                LOG.log("using AuthorizationEndpointResponseHandler = {0}", authorizationEndpointResponseHandler);
                            }
                            oAuth2HandlerError = authorizationEndpointResponseHandler.handleResponse(oAuth2Accessor, httpResponse);
                            if (oAuth2HandlerError != null) {
                                break;
                            }
                        }
                    }
                }
                if (oAuth2HandlerError == null && grantRequestHandler.isTokenEndpointResponse()) {
                    for (TokenEndpointResponseHandler tokenEndpointResponseHandler : this.tokenEndpointResponseHandlers) {
                        if (tokenEndpointResponseHandler.handlesResponse(oAuth2Accessor, httpResponse)) {
                            if (isLoggable) {
                                LOG.log("using TokenEndpointResponseHandler = {0}", tokenEndpointResponseHandler);
                            }
                            oAuth2HandlerError = tokenEndpointResponseHandler.handleResponse(oAuth2Accessor, httpResponse);
                            if (oAuth2HandlerError != null) {
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "authorize", oAuth2HandlerError);
        }
        return oAuth2HandlerError;
    }

    private static String buildRefreshTokenUrl(OAuth2Accessor oAuth2Accessor) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "buildRefreshTokenUrl", oAuth2Accessor);
        }
        String str = null;
        String tokenUrl = oAuth2Accessor.getTokenUrl();
        if (tokenUrl != null) {
            str = getCompleteRefreshUrl(tokenUrl);
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "buildRefreshTokenUrl", str);
        }
        return str;
    }

    private boolean checkCanAuthorize(OAuth2Accessor oAuth2Accessor) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "checkCanAuthorize", oAuth2Accessor);
        }
        boolean z = true;
        if (LOG.isLoggable()) {
            LOG.log("securityToken = {0}", this.securityToken);
        }
        String ownerId = this.securityToken.getOwnerId();
        String viewerId = this.securityToken.getViewerId();
        if (LOG.isLoggable()) {
            LOG.log("pageOwner = {0}", ownerId);
            LOG.log("pageViewer = {0}", viewerId);
        }
        if (ownerId == null || viewerId == null) {
            oAuth2Accessor.setErrorResponse(null, OAuth2Error.AUTHORIZE_PROBLEM, "pageOwner or pageViewer is null", "");
            z = false;
        } else if (!this.fetcherConfig.isViewerAccessTokensEnabled() && !ownerId.equals(viewerId)) {
            oAuth2Accessor.setErrorResponse(null, OAuth2Error.AUTHORIZE_PROBLEM, "pageViewer is not pageOwner", "");
            z = false;
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "checkCanAuthorize", Boolean.valueOf(z));
        }
        return z;
    }

    private static boolean checkCanRefresh() {
        return true;
    }

    private HttpResponseBuilder fetchData(OAuth2Accessor oAuth2Accessor, boolean z) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "fetchData", oAuth2Accessor);
        }
        HttpResponseBuilder httpResponseBuilder = null;
        try {
            HttpResponse fetchFromServer = fetchFromServer(oAuth2Accessor, this.realRequest, z);
            if (fetchFromServer != null) {
                httpResponseBuilder = new HttpResponseBuilder(fetchFromServer);
                if (fetchFromServer.getHttpStatusCode() != 200 && this.sendTraceToClient) {
                    this.responseParams.addRequestTrace(this.realRequest, fetchFromServer);
                }
            }
        } catch (OAuth2RequestException e) {
            httpResponseBuilder = getErrorResponseBuilder(e, e.getError(), e.getErrorText(), e.getErrorUri(), e.getErrorDescription());
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "fetchData", httpResponseBuilder);
        }
        return httpResponseBuilder;
    }

    private HttpResponse fetchFromServer(OAuth2Accessor oAuth2Accessor, HttpRequest httpRequest, boolean z) throws OAuth2RequestException {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "fetchFromServer", new Object[]{oAuth2Accessor, "only log request once", Boolean.valueOf(z)});
        }
        long currentTimeMillis = System.currentTimeMillis();
        OAuth2Token accessToken = oAuth2Accessor.getAccessToken();
        if (accessToken != null) {
            long expiresAt = accessToken.getExpiresAt();
            if (expiresAt != 0 && currentTimeMillis >= expiresAt) {
                if (LOG.isLoggable()) {
                    LOG.log("accessToken has expired at {0}", Long.valueOf(expiresAt));
                }
                try {
                    this.store.removeToken(accessToken);
                    accessToken = null;
                    oAuth2Accessor.setAccessToken(null);
                    if (!z) {
                        return null;
                    }
                } catch (GadgetException e) {
                    throw new OAuth2RequestException(OAuth2Error.MISSING_SERVER_RESPONSE, "error removing access_token", null);
                }
            }
        }
        OAuth2Token refreshToken = oAuth2Accessor.getRefreshToken();
        if (refreshToken != null) {
            long expiresAt2 = refreshToken.getExpiresAt();
            if (expiresAt2 != 0 && currentTimeMillis >= expiresAt2) {
                if (LOG.isLoggable()) {
                    LOG.log("refreshToken has expired at {0}", Long.valueOf(expiresAt2));
                }
                try {
                    this.store.removeToken(refreshToken);
                    refreshToken = null;
                    oAuth2Accessor.setRefreshToken(null);
                    if (!z) {
                        return null;
                    }
                } catch (GadgetException e2) {
                    throw new OAuth2RequestException(OAuth2Error.MISSING_SERVER_RESPONSE, "error removing refresh_token", null);
                }
            }
        }
        if (LOG.isLoggable()) {
            LOG.log("accessToken = {0}", accessToken);
            LOG.log("refreshToken = {0}", refreshToken);
        }
        if (accessToken != null) {
            if (isUriAllowed(httpRequest.getUri(), oAuth2Accessor.getAllowedDomains())) {
                String tokenType = accessToken.getTokenType();
                if (tokenType == null || tokenType.length() == 0) {
                    tokenType = "Bearer";
                }
                for (ResourceRequestHandler resourceRequestHandler : this.resourceRequestHandlers) {
                    if (tokenType.equalsIgnoreCase(resourceRequestHandler.getTokenType())) {
                        resourceRequestHandler.addOAuth2Params(oAuth2Accessor, httpRequest);
                    }
                }
            } else {
                LOG.log(Level.WARNING, "Gadget {0} attempted to send OAuth2 Token to an unauthorized domain: {1}.", new Object[]{oAuth2Accessor.getGadgetUri(), httpRequest.getUri()});
            }
        }
        try {
            HttpResponse fetch = this.fetcher.fetch(httpRequest);
            if (fetch == null) {
                throw new OAuth2RequestException(OAuth2Error.MISSING_SERVER_RESPONSE, "response is null", null);
            }
            int httpStatusCode = fetch.getHttpStatusCode();
            if (isLoggable) {
                LOG.log("responseCode = {0}", Integer.valueOf(httpStatusCode));
            }
            if (httpStatusCode == 401) {
                if (accessToken != null) {
                    try {
                        this.store.removeToken(accessToken);
                        oAuth2Accessor.setAccessToken(null);
                    } catch (GadgetException e3) {
                        throw new OAuth2RequestException(OAuth2Error.MISSING_SERVER_RESPONSE, "error removing access_token", null);
                    }
                }
                if (!z) {
                    fetch = null;
                }
            }
            if (isLoggable) {
                LOG.exiting(LOG_CLASS, "fetchFromServer", fetch);
            }
            return fetch;
        } catch (GadgetException e4) {
            throw new OAuth2RequestException(OAuth2Error.MISSING_SERVER_RESPONSE, "GadgetException fetchFromServer", e4);
        }
    }

    private OAuth2Accessor getAccessorInternal() {
        GadgetOAuth2TokenStore tokenStore;
        OAuth2Accessor oAuth2Accessor = null;
        if (this.fetcherConfig != null && (tokenStore = this.fetcherConfig.getTokenStore()) != null) {
            oAuth2Accessor = tokenStore.getOAuth2Accessor(this.securityToken, this.arguments, this.realRequest.getGadget());
        }
        return oAuth2Accessor;
    }

    private OAuth2Accessor getAccessor() {
        if (this.internalAccessor == null || !this.internalAccessor.isValid()) {
            this.internalAccessor = getAccessorInternal();
        }
        return this.internalAccessor;
    }

    private static String getCompleteRefreshUrl(String str) {
        return OAuth2Utils.buildUrl(str, null, null);
    }

    private HttpResponseBuilder getErrorResponseBuilder(Throwable th, OAuth2Error oAuth2Error, String str) {
        return getErrorResponseBuilder(th, oAuth2Error, str);
    }

    private HttpResponseBuilder getErrorResponseBuilder(Throwable th, OAuth2Error oAuth2Error, String str, String str2, String str3) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "getErrorResponseBuilder", new Object[]{th, oAuth2Error, str, str2, str3});
        }
        HttpResponseBuilder strictNoCache = new HttpResponseBuilder().setHttpStatusCode(HttpResponse.SC_FORBIDDEN).setStrictNoCache();
        if (th != null && this.sendTraceToClient) {
            StringWriter stringWriter = new StringWriter();
            th.printStackTrace(new PrintWriter(stringWriter));
            this.responseParams.addDebug(stringWriter.toString());
        }
        if (this.sendTraceToClient) {
            this.responseParams.addToResponse(strictNoCache, oAuth2Error.getErrorCode(), oAuth2Error.getErrorDescription(str) + " , " + str3, str2, oAuth2Error.getErrorExplanation());
        } else {
            this.responseParams.addToResponse(strictNoCache, oAuth2Error.getErrorCode(), "", "", oAuth2Error.getErrorExplanation());
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "getErrorResponseBuilder", strictNoCache);
        }
        return strictNoCache;
    }

    private static String getRefreshBody(OAuth2Accessor oAuth2Accessor) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "getRefreshBody", oAuth2Accessor);
        }
        String str = "";
        try {
            HashMap newHashMap = Maps.newHashMap();
            newHashMap.put(OAuth2Message.GRANT_TYPE, OAuth2Message.REFRESH_TOKEN);
            newHashMap.put(OAuth2Message.REFRESH_TOKEN, new String(oAuth2Accessor.getRefreshToken().getSecret(), "UTF-8"));
            if (oAuth2Accessor.getScope() != null && oAuth2Accessor.getScope().length() > 0) {
                newHashMap.put(OAuth2Message.SCOPE, oAuth2Accessor.getScope());
            }
            String clientId = oAuth2Accessor.getClientId();
            byte[] clientSecret = oAuth2Accessor.getClientSecret();
            newHashMap.put(OAuth2Message.CLIENT_ID, clientId);
            newHashMap.put(OAuth2Message.CLIENT_SECRET, new String(clientSecret, "UTF-8"));
            str = OAuth2Utils.buildUrl(str, newHashMap, null);
            char charAt = str.charAt(0);
            if (charAt == '?' || charAt == '&') {
                str = str.substring(1);
            }
            if (isLoggable) {
                LOG.exiting(LOG_CLASS, "getRefreshBody", str);
            }
        } catch (UnsupportedEncodingException e) {
            if (isLoggable) {
                LOG.log("error generating refresh body", (Throwable) e);
                str = null;
            }
        }
        return str;
    }

    private HttpResponse processResponse(OAuth2Accessor oAuth2Accessor, HttpResponseBuilder httpResponseBuilder) {
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            FilteredLogger filteredLogger = LOG;
            String str = LOG_CLASS;
            Object[] objArr = new Object[2];
            objArr[0] = oAuth2Accessor;
            objArr[1] = Boolean.valueOf(httpResponseBuilder == null);
            filteredLogger.entering(str, "processResponse", objArr);
        }
        if (oAuth2Accessor.isErrorResponse() || httpResponseBuilder == null) {
            return sendErrorResponse(oAuth2Accessor.getErrorException(), oAuth2Accessor.getError(), oAuth2Accessor.getErrorContextMessage(), oAuth2Accessor.getErrorUri(), "");
        }
        if (this.responseParams.getAuthorizationUrl() != null) {
            httpResponseBuilder.setMetadata("oauthApprovalUrl", this.responseParams.getAuthorizationUrl());
            oAuth2Accessor.setRedirecting(true);
        } else {
            oAuth2Accessor.setRedirecting(false);
        }
        HttpResponse create = httpResponseBuilder.create();
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "processResponse", "response logged in fetch()");
        }
        return create;
    }

    private OAuth2HandlerError refreshToken(OAuth2Accessor oAuth2Accessor) {
        OAuth2HandlerError handleResponse;
        boolean isLoggable = LOG.isLoggable();
        if (isLoggable) {
            LOG.entering(LOG_CLASS, "refreshToken", new Object[]{oAuth2Accessor});
        }
        OAuth2HandlerError oAuth2HandlerError = null;
        String buildRefreshTokenUrl = buildRefreshTokenUrl(oAuth2Accessor);
        if (isLoggable) {
            LOG.log("refershTokenUrl = {0}", buildRefreshTokenUrl);
        }
        if (buildRefreshTokenUrl != null) {
            HttpResponse httpResponse = null;
            HttpRequest httpRequest = new HttpRequest(Uri.parse(buildRefreshTokenUrl));
            httpRequest.setSecurityToken(new AnonymousSecurityToken("", 0L, oAuth2Accessor.getGadgetUri()));
            httpRequest.setMethod("POST");
            httpRequest.setHeader(BasicImageRewriter.CONTENT_TYPE, "application/x-www-form-urlencoded; charset=utf-8");
            for (ClientAuthenticationHandler clientAuthenticationHandler : this.clientAuthenticationHandlers) {
                if (clientAuthenticationHandler.geClientAuthenticationType().equalsIgnoreCase(oAuth2Accessor.getClientAuthenticationType())) {
                    clientAuthenticationHandler.addOAuth2Authentication(httpRequest, oAuth2Accessor);
                }
            }
            try {
                httpRequest.setPostBody(getRefreshBody(oAuth2Accessor).getBytes("UTF-8"));
            } catch (Exception e) {
                if (isLoggable) {
                    LOG.log("refreshToken()", (Throwable) e);
                }
                oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "error generating refresh body", e);
            }
            if (!isUriAllowed(httpRequest.getUri(), oAuth2Accessor.getAllowedDomains())) {
                oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "error fetching refresh token - domain not allowed", null);
            }
            if (oAuth2HandlerError == null) {
                try {
                    httpResponse = this.fetcher.fetch(httpRequest);
                } catch (GadgetException e2) {
                    if (isLoggable) {
                        LOG.log("refreshToken()", (Throwable) e2);
                    }
                    oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "error fetching refresh token", e2);
                }
                if (isLoggable) {
                    LOG.log("response = {0}", httpResponse);
                }
                if (httpResponse == null) {
                    oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "response is null", null);
                }
                if (oAuth2HandlerError == null) {
                    int httpStatusCode = httpResponse.getHttpStatusCode();
                    if (httpStatusCode == 401 || httpStatusCode == 400) {
                        try {
                            this.store.removeToken(oAuth2Accessor.getRefreshToken());
                        } catch (GadgetException e3) {
                            new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "failed to remove refresh token", e3);
                        }
                        oAuth2Accessor.setRefreshToken(null);
                        if (!isLoggable) {
                            return null;
                        }
                        LOG.log(Level.FINEST, "received {0} from provider, removed refresh token.  response = {1}", new Object[]{Integer.valueOf(httpStatusCode), httpResponse.getResponseAsString()});
                        return null;
                    }
                    if (httpStatusCode != 200) {
                        oAuth2HandlerError = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "bad response from server : " + httpStatusCode, null, "", httpResponse.getResponseAsString());
                    }
                    if (oAuth2HandlerError == null) {
                        for (TokenEndpointResponseHandler tokenEndpointResponseHandler : this.tokenEndpointResponseHandlers) {
                            if (tokenEndpointResponseHandler.handlesResponse(oAuth2Accessor, httpResponse) && (handleResponse = tokenEndpointResponseHandler.handleResponse(oAuth2Accessor, httpResponse)) != null) {
                                try {
                                    this.store.removeToken(oAuth2Accessor.getRefreshToken());
                                } catch (GadgetException e4) {
                                    new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, handleResponse.getContextMessage(), e4, handleResponse.getUri(), handleResponse.getDescription());
                                }
                                oAuth2Accessor.setRefreshToken(null);
                                return handleResponse;
                            }
                        }
                    }
                }
            }
        }
        if (isLoggable) {
            LOG.exiting(LOG_CLASS, "refreshToken", oAuth2HandlerError);
        }
        return oAuth2HandlerError;
    }

    private HttpResponse sendErrorResponse(Throwable th, OAuth2Error oAuth2Error, String str) {
        return getErrorResponseBuilder(th, oAuth2Error, str).create();
    }

    private HttpResponse sendErrorResponse(Throwable th, OAuth2Error oAuth2Error, String str, String str2, String str3) {
        return getErrorResponseBuilder(th, oAuth2Error, str, str2, str3).create();
    }

    private static OAuth2Token haveAccessToken(OAuth2Accessor oAuth2Accessor) {
        OAuth2Token accessToken = oAuth2Accessor.getAccessToken();
        if (accessToken != null && !validateAccessToken(accessToken)) {
            accessToken = null;
        }
        return accessToken;
    }

    private static OAuth2Token haveRefreshToken(OAuth2Accessor oAuth2Accessor) {
        OAuth2Token refreshToken = oAuth2Accessor.getRefreshToken();
        if (refreshToken != null && !validateRefreshToken(refreshToken)) {
            refreshToken = null;
        }
        return refreshToken;
    }

    private static boolean isUriAllowed(Uri uri, String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return true;
        }
        String authority = uri.getAuthority();
        int indexOf = authority.indexOf(58);
        if (indexOf != -1) {
            authority = authority.substring(0, indexOf);
        }
        for (String str : strArr) {
            if (str != null) {
                String trim = str.trim();
                if ((trim.startsWith(".") && authority.endsWith(trim)) || trim.equals(authority)) {
                    return true;
                }
            }
        }
        return false;
    }

    private static boolean validateAccessToken(OAuth2Token oAuth2Token) {
        return oAuth2Token != null;
    }

    private static boolean validateRefreshToken(OAuth2Token oAuth2Token) {
        return oAuth2Token != null;
    }

    private static String getAccessorKey(OAuth2Accessor oAuth2Accessor) {
        if (oAuth2Accessor != null) {
            return "accessor:" + oAuth2Accessor.getGadgetUri() + ':' + oAuth2Accessor.getServiceName() + ':' + oAuth2Accessor.getUser() + ':' + oAuth2Accessor.getScope();
        }
        return null;
    }
}
