package com.appiancorp.oauth.inbound.authserver;

import com.appiancorp.core.expr.portable.cdt.HttpMethod;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.oauth.inbound.authserver.clients.pm.ProcessMiningFrontEndClientConfig;
import com.appiancorp.oauth.inbound.authserver.tokens.TokenFamilyManager;
import com.appiancorp.oauth.inbound.monitor.OAuthAuthCodeAuditEvent;
import com.appiancorp.oauth.inbound.monitor.OAuthAuthCodeAuditLogger;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.http.ServletUtils;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.HttpRequestHandler;

/* loaded from: input_file:com/appiancorp/oauth/inbound/authserver/OAuthAuthCodeRequestHandler.class */
public class OAuthAuthCodeRequestHandler implements HttpRequestHandler {
    public static final Logger LOG = LoggerFactory.getLogger(OAuthAuthCodeRequestHandler.class);
    private final FeatureToggleClient featureToggleClient;
    private final List<AuthCodeRequestClientHandler> authCodeRequestClientHandlers;
    private final TokenFamilyManager tokenFamilyManager;
    private final ProcessMiningFrontEndClientConfig frontEndClientConfig;
    private final OAuthAuthCodeAuditLogger oAuthAuthCodeAuditLogger;

    public OAuthAuthCodeRequestHandler(FeatureToggleClient featureToggleClient, List<AuthCodeRequestClientHandler> list, TokenFamilyManager tokenFamilyManager, ProcessMiningFrontEndClientConfig processMiningFrontEndClientConfig, OAuthAuthCodeAuditLogger oAuthAuthCodeAuditLogger) {
        this.featureToggleClient = featureToggleClient;
        this.authCodeRequestClientHandlers = list;
        this.tokenFamilyManager = tokenFamilyManager;
        this.frontEndClientConfig = processMiningFrontEndClientConfig;
        this.oAuthAuthCodeAuditLogger = oAuthAuthCodeAuditLogger;
    }

    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!this.featureToggleClient.isFeatureEnabled("ae.iam.common-auth-for-process-mining")) {
            httpServletResponse.sendError(HttpStatus.FORBIDDEN.value());
            LOG.warn("The OAuth authorize endpoint is disabled since {} feature toggle is off.", "ae.iam.common-auth-for-process-mining");
            this.oAuthAuthCodeAuditLogger.log(OAuthAuthCodeAuditEvent.AUTH_CODE_GENERATION_FAILED, httpServletRequest.getRemoteAddr());
            return;
        }
        if (!this.frontEndClientConfig.isCustomerOptedIntoUnifiedMining()) {
            LOG.warn("Customer is not opted into unified mining.");
            httpServletResponse.sendError(HttpStatus.FORBIDDEN.value());
            this.oAuthAuthCodeAuditLogger.log(OAuthAuthCodeAuditEvent.AUTH_CODE_GENERATION_FAILED, httpServletRequest.getRemoteAddr());
            return;
        }
        if (!HttpMethod.GET.toString().equals(httpServletRequest.getMethod())) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value());
            LOG.warn("The OAuth authorize endpoint only accepts GET requests, received: {}", httpServletRequest.getMethod());
            this.oAuthAuthCodeAuditLogger.log(OAuthAuthCodeAuditEvent.AUTH_CODE_GENERATION_FAILED, httpServletRequest.getRemoteAddr());
            return;
        }
        try {
            AuthorizationRequest parse = AuthorizationRequest.parse(ServletUtils.createHTTPRequest(httpServletRequest));
            String value = parse.getClientID().getValue();
            Optional<AuthCodeRequestClientHandler> findFirst = this.authCodeRequestClientHandlers.stream().filter(authCodeRequestClientHandler -> {
                return authCodeRequestClientHandler.supportsClient(value);
            }).findFirst();
            if (!findFirst.isPresent()) {
                AuthzServerUtils.sendAuthzRequestErrorWithoutRedirect(httpServletResponse, LOG, "Client id {} was not configured for auth code grant flow.", value);
                this.oAuthAuthCodeAuditLogger.log(OAuthAuthCodeAuditEvent.AUTH_CODE_GENERATION_FAILED, httpServletRequest.getRemoteAddr());
                return;
            }
            Optional<GrantedAuthorization> authorize = findFirst.get().authorize(parse, httpServletResponse);
            if (!authorize.isPresent()) {
                LOG.debug("Handler for client {} was not able to grant authorization.", value);
                this.oAuthAuthCodeAuditLogger.log(OAuthAuthCodeAuditEvent.AUTH_CODE_GENERATION_FAILED, httpServletRequest.getRemoteAddr());
                return;
            }
            GrantedAuthorization grantedAuthorization = authorize.get();
            Optional redirectURI = grantedAuthorization.getRedirectURI();
            String str = null;
            URI uri = null;
            if (redirectURI.isPresent()) {
                uri = (URI) redirectURI.get();
                str = uri.toString();
            }
            String userUuid = grantedAuthorization.getUserUuid();
            try {
                String createAuthCode = this.tokenFamilyManager.createAuthCode(grantedAuthorization);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Generated auth code {} (hash) for user uuid {} and client {}.", new Object[]{AuthzServerUtils.getAuthCodeHash(createAuthCode), userUuid, value});
                }
                httpServletResponse.sendRedirect(new AuthorizationSuccessResponse(uri, new AuthorizationCode(createAuthCode), (AccessToken) null, parse.getState(), parse.getResponseMode()).toURI().toString());
                this.oAuthAuthCodeAuditLogger.log(userUuid, OAuthAuthCodeAuditEvent.AUTH_CODE_RETURNED, str, httpServletRequest.getRemoteAddr());
            } catch (Exception e) {
                LOG.error("Unexpected error attempting to generate auth code for user uuid {} and client {}", new Object[]{userUuid, value, e});
                httpServletResponse.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value());
                this.oAuthAuthCodeAuditLogger.log(userUuid, OAuthAuthCodeAuditEvent.AUTH_CODE_GENERATION_FAILED, str, httpServletRequest.getRemoteAddr());
            }
        } catch (ParseException e2) {
            AuthzServerUtils.sendAuthzRequestErrorWithoutRedirect(httpServletResponse, LOG, "Error parsing authorization request.", e2);
            this.oAuthAuthCodeAuditLogger.log(OAuthAuthCodeAuditEvent.AUTH_CODE_GENERATION_FAILED, httpServletRequest.getRemoteAddr());
        }
    }
}
