package mx.com.inftel.shiro.oauth2;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.json.JSONObject;

/* loaded from: input_file:mx/com/inftel/shiro/oauth2/AbstractOAuth2AuthenticatingFilter.class */
public abstract class AbstractOAuth2AuthenticatingFilter extends AuthenticatingFilter {
    public static final int MIN_LEN = 32;
    private AccessDeniedHandler accessDeniedHandler;
    private LoginSuccessHandler loginSuccessHandler;
    private LoginFailureHandler loginFailureHandler;
    private SecureRandom secureRandom = new SecureRandom();
    private int stateLength = 32;
    private String stateAttribute = "STATE_" + random(32);
    private boolean usernamePasswordToken = false;
    private String redirectUri = "";
    private String clientId = "";
    private String clientSecret = "";

    /* loaded from: input_file:mx/com/inftel/shiro/oauth2/AbstractOAuth2AuthenticatingFilter$AccessDeniedHandler.class */
    public interface AccessDeniedHandler {
        boolean onAccessDenied(AbstractOAuth2AuthenticatingFilter abstractOAuth2AuthenticatingFilter, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception;
    }

    /* loaded from: input_file:mx/com/inftel/shiro/oauth2/AbstractOAuth2AuthenticatingFilter$LoginFailureHandler.class */
    public interface LoginFailureHandler {
        boolean onLoginFailure(AbstractOAuth2AuthenticatingFilter abstractOAuth2AuthenticatingFilter, AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse);
    }

    /* loaded from: input_file:mx/com/inftel/shiro/oauth2/AbstractOAuth2AuthenticatingFilter$LoginSuccessHandler.class */
    public interface LoginSuccessHandler {
        boolean onLoginSuccess(AbstractOAuth2AuthenticatingFilter abstractOAuth2AuthenticatingFilter, AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception;
    }

    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    public void setSecureRandom(SecureRandom secureRandom) {
        this.secureRandom = secureRandom == null ? new SecureRandom() : secureRandom;
    }

    public AccessDeniedHandler getAccessDeniedHandler() {
        return this.accessDeniedHandler;
    }

    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        this.accessDeniedHandler = accessDeniedHandler;
    }

    public LoginSuccessHandler getLoginSuccessHandler() {
        return this.loginSuccessHandler;
    }

    public void setLoginSuccessHandler(LoginSuccessHandler loginSuccessHandler) {
        this.loginSuccessHandler = loginSuccessHandler;
    }

    public LoginFailureHandler getLoginFailureHandler() {
        return this.loginFailureHandler;
    }

    public void setLoginFailureHandler(LoginFailureHandler loginFailureHandler) {
        this.loginFailureHandler = loginFailureHandler;
    }

    public int getStateLength() {
        return this.stateLength;
    }

    public void setStateLength(int i) {
        this.stateLength = i < 32 ? 32 : i;
    }

    public String getStateAttribute() {
        return this.stateAttribute;
    }

    public void setStateAttribute(String str) {
        this.stateAttribute = (str == null || str.trim().isEmpty()) ? "STATE_" + random(32) : str;
    }

    public boolean isUsernamePasswordToken() {
        return this.usernamePasswordToken;
    }

    public void setUsernamePasswordToken(boolean z) {
        this.usernamePasswordToken = z;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public void setRedirectUri(String str) {
        this.redirectUri = (str == null || str.trim().isEmpty()) ? "" : str;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = (str == null || str.trim().isEmpty()) ? "" : str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = (str == null || str.trim().isEmpty()) ? "" : str;
    }

    private String random(int i) {
        byte[] bArr = new byte[24];
        StringBuilder sb = new StringBuilder(i + 32);
        while (sb.length() < i) {
            this.secureRandom.nextBytes(bArr);
            sb.append(Base64.encodeToString(bArr).replace("+", "").replace("/", ""));
        }
        sb.setLength(i);
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String encodeURL(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, "UTF-8");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String decodeURL(String str) throws UnsupportedEncodingException {
        return URLDecoder.decode(str, "UTF-8");
    }

    protected StringBuilder getRequestURL(ServletRequest servletRequest, ServletResponse servletResponse) {
        return new StringBuilder(1024).append(((HttpServletRequest) servletRequest).getRequestURL());
    }

    protected boolean getRequestQUERY(ServletRequest servletRequest, ServletResponse servletResponse, StringBuilder sb) throws UnsupportedEncodingException {
        boolean z = false;
        for (Map.Entry entry : ((HttpServletRequest) servletRequest).getParameterMap().entrySet()) {
            String str = (String) entry.getKey();
            for (String str2 : (String[]) entry.getValue()) {
                if (z) {
                    sb.append("&");
                } else {
                    sb.append("?");
                    z = true;
                }
                sb.append(encodeURL(str));
                sb.append("=");
                sb.append(encodeURL(str2));
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String makeStandardAuthorizeURL(ServletRequest servletRequest, ServletResponse servletResponse, String str, String str2) throws Exception {
        String str3 = (String) ((HttpServletRequest) servletRequest).getSession().getAttribute(this.stateAttribute);
        StringBuilder sb = new StringBuilder(1024);
        sb.append(str);
        sb.append("?");
        sb.append(encodeURL("client_id"));
        sb.append("=");
        sb.append(encodeURL(getClientId()));
        sb.append("&");
        sb.append(encodeURL("scope"));
        sb.append("=");
        sb.append(encodeURL(str2));
        sb.append("&");
        sb.append(encodeURL("response_type"));
        sb.append("=");
        sb.append(encodeURL("code"));
        sb.append("&");
        sb.append(encodeURL("redirect_uri"));
        sb.append("=");
        sb.append(encodeURL(this.redirectUri));
        sb.append("&");
        sb.append(encodeURL("state"));
        sb.append("=");
        sb.append(encodeURL(str3));
        return sb.toString();
    }

    protected boolean isLoginRequest(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        return (obj == null || Arrays.binarySearch((String[]) obj, "permissive") < 0) ? isLoginRequest(servletRequest, servletResponse) : getName().equals(((HttpServletRequest) servletRequest).getParameter("oauth2"));
    }

    protected boolean isErrorRequest(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        String parameter = servletRequest.getParameter("error");
        return (parameter == null || parameter.trim().isEmpty()) ? false : true;
    }

    protected boolean isTokenRequest(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        String parameter = servletRequest.getParameter("code");
        String parameter2 = servletRequest.getParameter("state");
        return (parameter == null || parameter.trim().isEmpty() || parameter2 == null || parameter2.trim().isEmpty()) ? false : true;
    }

    protected void clearStateIfNeccesary(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        HttpSession session = ((HttpServletRequest) servletRequest).getSession();
        if (getSubject(servletRequest, servletResponse).isAuthenticated() || !isLoginRequest(servletRequest, servletResponse, obj) || isErrorRequest(servletRequest, servletResponse, obj) || !isTokenRequest(servletRequest, servletResponse, obj)) {
            session.removeAttribute(this.stateAttribute);
        }
    }

    protected String clearAndReturnState(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        HttpSession session = ((HttpServletRequest) servletRequest).getSession();
        String str = (String) session.getAttribute(this.stateAttribute);
        session.removeAttribute(this.stateAttribute);
        return str;
    }

    protected abstract String getAuthorizeURL(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception;

    protected abstract JSONObject getOAuth2Principal(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception;

    protected abstract String getOAuth2Credentials(JSONObject jSONObject) throws Exception;

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        JSONObject oAuth2Principal = getOAuth2Principal(servletRequest, servletResponse);
        String oAuth2Credentials = getOAuth2Credentials(oAuth2Principal);
        return this.usernamePasswordToken ? new UsernamePasswordToken(oAuth2Credentials, getName()) : new OAuth2AuthenticationToken(oAuth2Principal, oAuth2Credentials, getName());
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        return getSubject(servletRequest, servletResponse).isAuthenticated() || (!isLoginRequest(servletRequest, servletResponse, obj) && isPermissive(obj));
    }

    public boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        clearStateIfNeccesary(servletRequest, servletResponse, obj);
        return isAccessAllowed(servletRequest, servletResponse, obj) || onAccessDenied(servletRequest, servletResponse, obj);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = ((HttpServletRequest) servletRequest).getSession();
        String parameter = servletRequest.getParameter("state");
        if (isLoginRequest(servletRequest, servletResponse, obj) && !isErrorRequest(servletRequest, servletResponse, obj)) {
            if (!isTokenRequest(servletRequest, servletResponse, obj)) {
                session.setAttribute(this.stateAttribute, random(this.stateLength));
                httpServletResponse.sendRedirect(getAuthorizeURL(servletRequest, servletResponse));
                return false;
            }
            if (parameter.equals(clearAndReturnState(servletRequest, servletResponse, obj))) {
                return executeLogin(servletRequest, servletResponse) || onAccessDenied(servletRequest, servletResponse);
            }
        }
        return onAccessDenied(servletRequest, servletResponse);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (this.accessDeniedHandler != null) {
            return this.accessDeniedHandler.onAccessDenied(this, servletRequest, servletResponse);
        }
        return false;
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (this.loginSuccessHandler != null) {
            return this.loginSuccessHandler.onLoginSuccess(this, authenticationToken, subject, servletRequest, servletResponse);
        }
        return true;
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        if (this.loginFailureHandler != null) {
            return this.loginFailureHandler.onLoginFailure(this, authenticationToken, authenticationException, servletRequest, servletResponse);
        }
        return false;
    }
}
