package org.apache.shindig.social.sample.oauth;

import com.google.inject.Inject;
import com.google.inject.name.Named;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URISyntaxException;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.apache.http.protocol.HTTP;
import org.apache.shindig.common.servlet.HttpUtil;
import org.apache.shindig.common.servlet.InjectedServlet;
import org.apache.shindig.social.opensocial.oauth.OAuthDataStore;
import org.apache.shindig.social.opensocial.oauth.OAuthEntry;
import org.apache.xerces.impl.xs.SchemaSymbols;

/* loaded from: input_file:WEB-INF/lib/shindig-social-api-3.0.0-beta3.jar:org/apache/shindig/social/sample/oauth/SampleOAuthServlet.class */
public class SampleOAuthServlet extends InjectedServlet {
    private OAuthValidator validator;
    private OAuthDataStore dataStore;
    private String oauthAuthorizeAction;

    @Inject
    public void setValidator(OAuthValidator oAuthValidator) {
        this.validator = oAuthValidator;
    }

    @Inject
    public void setDataStore(OAuthDataStore oAuthDataStore) {
        this.dataStore = oAuthDataStore;
    }

    @Inject
    void setAuthorizeAction(@Named("shindig.oauth.authorize-action") String str) {
        this.oauthAuthorizeAction = str;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpUtil.setNoCache(httpServletResponse);
        String pathInfo = httpServletRequest.getPathInfo();
        try {
            if (pathInfo.endsWith("requestToken")) {
                createRequestToken(httpServletRequest, httpServletResponse);
            } else if (pathInfo.endsWith("authorize")) {
                authorizeRequestToken(httpServletRequest, httpServletResponse);
            } else if (pathInfo.endsWith("accessToken")) {
                createAccessToken(httpServletRequest, httpServletResponse);
            } else {
                httpServletResponse.sendError(404, "unknown Url");
            }
        } catch (URISyntaxException e) {
            handleException(e, httpServletRequest, httpServletResponse, true);
        } catch (OAuthException e2) {
            handleException(e2, httpServletRequest, httpServletResponse, true);
        }
    }

    private void createRequestToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OAuthException, URISyntaxException {
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
        String consumerKey = message.getConsumerKey();
        if (consumerKey == null) {
            OAuthProblemException oAuthProblemException = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
            oAuthProblemException.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
            throw oAuthProblemException;
        }
        OAuthConsumer consumer = this.dataStore.getConsumer(consumerKey);
        if (consumer == null) {
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }
        this.validator.validateMessage(message, new OAuthAccessor(consumer));
        String parameter = message.getParameter(OAuth.OAUTH_CALLBACK);
        if (parameter == null) {
            parameter = consumer.callbackURL;
        }
        if (parameter == null) {
            parameter = "oob";
        }
        OAuthEntry generateRequestToken = this.dataStore.generateRequestToken(consumerKey, message.getParameter(OAuth.OAUTH_VERSION), parameter);
        List<OAuth.Parameter> newList = OAuth.newList(OAuth.OAUTH_TOKEN, generateRequestToken.getToken(), OAuth.OAUTH_TOKEN_SECRET, generateRequestToken.getTokenSecret());
        if (parameter != null) {
            newList.add(new OAuth.Parameter(OAuth.OAUTH_CALLBACK_CONFIRMED, SchemaSymbols.ATTVAL_TRUE));
        }
        sendResponse(httpServletResponse, newList);
    }

    private void authorizeRequestToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
        if (message.getToken() == null) {
            httpServletResponse.sendError(400, "Authentication token not found");
            return;
        }
        OAuthEntry entry = this.dataStore.getEntry(message.getToken());
        if (entry == null) {
            httpServletResponse.sendError(404, "OAuth Entry not found");
            return;
        }
        OAuthConsumer consumer = this.dataStore.getConsumer(entry.getConsumerKey());
        if (consumer == null) {
            httpServletResponse.sendError(404, "consumer for entry not found");
            return;
        }
        if (entry.getType() == OAuthEntry.Type.DISABLED) {
            httpServletResponse.sendError(403, "This token is disabled, please reinitate login");
            return;
        }
        String callbackUrl = entry.getCallbackUrl();
        if (!entry.isAuthorized()) {
            if (this.oauthAuthorizeAction.startsWith("http")) {
                return;
            }
            httpServletRequest.setAttribute("OAUTH_DATASTORE", this.dataStore);
            httpServletRequest.setAttribute("OAUTH_ENTRY", entry);
            httpServletRequest.setAttribute("CALLBACK", callbackUrl);
            httpServletRequest.setAttribute("TOKEN", entry.getToken());
            httpServletRequest.setAttribute("CONSUMER", consumer);
            httpServletRequest.getRequestDispatcher(this.oauthAuthorizeAction).forward(httpServletRequest, httpServletResponse);
            return;
        }
        if (callbackUrl != null && !"oob".equals(callbackUrl)) {
            String addParameters = OAuth.addParameters(OAuth.addParameters(callbackUrl, OAuth.OAUTH_TOKEN, entry.getToken()), "user_id", entry.getUserId());
            if (entry.getCallbackToken() != null) {
                addParameters = OAuth.addParameters(addParameters, OAuth.OAUTH_VERIFIER, entry.getCallbackToken());
            }
            httpServletResponse.setStatus(302);
            httpServletResponse.setHeader("Location", addParameters);
            return;
        }
        httpServletResponse.setContentType(HTTP.PLAIN_TEXT_TYPE);
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write("Token successfully authorized.\n");
        if (entry.getCallbackToken() != null) {
            writer.write("Please enter code " + entry.getCallbackToken() + " at the consumer.");
        }
    }

    private void createAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
        OAuthEntry validatedEntry = getValidatedEntry(message);
        if (validatedEntry == null) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        if (validatedEntry.getCallbackToken() != null) {
            if (!validatedEntry.getCallbackToken().equals(message.getParameter(OAuth.OAUTH_VERIFIER))) {
                this.dataStore.disableToken(validatedEntry);
                httpServletResponse.sendError(403, "This token is not authorized");
                return;
            }
        } else if (!validatedEntry.isAuthorized()) {
            this.dataStore.disableToken(validatedEntry);
            httpServletResponse.sendError(403, "This token is not authorized");
            return;
        }
        OAuthEntry convertToAccessToken = this.dataStore.convertToAccessToken(validatedEntry);
        sendResponse(httpServletResponse, OAuth.newList(OAuth.OAUTH_TOKEN, convertToAccessToken.getToken(), OAuth.OAUTH_TOKEN_SECRET, convertToAccessToken.getTokenSecret(), "user_id", validatedEntry.getUserId()));
    }

    private OAuthEntry getValidatedEntry(OAuthMessage oAuthMessage) throws IOException, ServletException, OAuthException, URISyntaxException {
        OAuthEntry entry = this.dataStore.getEntry(oAuthMessage.getToken());
        if (entry == null) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        if (entry.getType() != OAuthEntry.Type.REQUEST) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_USED);
        }
        if (entry.isExpired()) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
        }
        if (oAuthMessage.getConsumerKey() == null) {
            OAuthProblemException oAuthProblemException = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
            oAuthProblemException.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
            throw oAuthProblemException;
        }
        String consumerKey = entry.getConsumerKey();
        if (!consumerKey.equals(oAuthMessage.getConsumerKey())) {
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);
        }
        OAuthConsumer consumer = this.dataStore.getConsumer(consumerKey);
        if (consumer == null) {
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }
        OAuthAccessor oAuthAccessor = new OAuthAccessor(consumer);
        oAuthAccessor.requestToken = entry.getToken();
        oAuthAccessor.tokenSecret = entry.getTokenSecret();
        this.validator.validateMessage(oAuthMessage, oAuthAccessor);
        return entry;
    }

    private void sendResponse(HttpServletResponse httpServletResponse, List<OAuth.Parameter> list) throws IOException {
        httpServletResponse.setContentType(HTTP.PLAIN_TEXT_TYPE);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        OAuth.formEncode(list, outputStream);
        outputStream.close();
    }

    private static void handleException(Exception exc, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        String str = httpServletRequest.isSecure() ? "https://" : "http://";
        OAuthServlet.handleException(httpServletResponse, exc, httpServletRequest.getHeader("Host") != null ? str + httpServletRequest.getHeader("Host") : str + httpServletRequest.getLocalName(), z);
    }
}
