package com.appiancorp.connectedsystems.http.oauth;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.connectedsystems.ConnectedSystem;
import com.appiancorp.connectedsystems.ConnectedSystemExternalSystemService;
import com.appiancorp.connectedsystems.ConnectedSystemService;
import com.appiancorp.connectedsystems.http.audit.OAuthCallbackAuditLogEvent;
import com.appiancorp.connectedsystems.http.functions.ConnectedSystemOAuthRedirectUrlFunction;
import com.appiancorp.core.API;
import com.appiancorp.core.data.Dictionary;
import com.appiancorp.core.data.Variant;
import com.appiancorp.core.expr.portable.Value;
import com.appiancorp.core.expr.portable.string.Strings;
import com.appiancorp.exceptions.ObjectNotFoundException;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.services.spring.ServiceContextProvider;
import com.appiancorp.suiteapi.content.ContentConstants;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/connectedsystems/http/oauth/OAuthAuthzResponseHandler.class */
public class OAuthAuthzResponseHandler {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthAuthzResponseHandler.class);
    private final ConnectedSystemExternalSystemService connectedSystemExternalSystemService;
    private final ConnectedSystemService connectedSystemService;
    private final OAuthConfigurationValidationStore oAuthConfigurationValidationStore;
    private final HttpOAuthTokenRetriever tokenRetriever;
    private final ServiceContextProvider serviceContextProvider;

    public OAuthAuthzResponseHandler(ConnectedSystemService connectedSystemService, OAuthConfigurationValidationStore oAuthConfigurationValidationStore, HttpOAuthTokenRetriever httpOAuthTokenRetriever, ConnectedSystemExternalSystemService connectedSystemExternalSystemService, ServiceContextProvider serviceContextProvider) {
        this.connectedSystemService = connectedSystemService;
        this.oAuthConfigurationValidationStore = oAuthConfigurationValidationStore;
        this.tokenRetriever = httpOAuthTokenRetriever;
        this.connectedSystemExternalSystemService = connectedSystemExternalSystemService;
        this.serviceContextProvider = serviceContextProvider;
    }

    public void handleResponse(String str, String str2, String str3, String str4, String str5, OAuthCallbackAuditLogEvent.AuditBuilder auditBuilder) throws IOException {
        auditBuilder.user(this.serviceContextProvider.get().getName());
        if (Strings.isNullOrEmpty(str)) {
            LOG.warn("State is missing");
            return;
        }
        boolean isTestAuth = OAuthConfigurationValidationStore.isTestAuth(str);
        auditBuilder.test(isTestAuth);
        Optional<OAuthConfiguration> andLogOAuthConfiguration = getAndLogOAuthConfiguration(str, isTestAuth, auditBuilder);
        logOAuthConfig(auditBuilder, andLogOAuthConfiguration);
        if (!andLogOAuthConfiguration.isPresent()) {
            LOG.warn("Unable to find configurations for state value: {}", str);
            ProductMetricsAggregatedDataCollector.recordData("connectedSystems.oauth.callback.failure");
            return;
        }
        OAuthConfiguration oAuthConfiguration = andLogOAuthConfiguration.get();
        if (!Strings.isNullOrEmpty(str3)) {
            LOG.warn("Authorization denied for Auth Code request, {}:{}", str3, str4);
            if (isTestAuth) {
                this.oAuthConfigurationValidationStore.saveTestResponse(str, new OAuthTokenResponse().setError(str3).setErrorDescription(str4).setErrorUri(str5));
            }
            ProductMetricsAggregatedDataCollector.recordData("connectedSystems.oauth.callback.failure");
            return;
        }
        if (Strings.isNullOrEmpty(str2)) {
            LOG.warn("Unexpected error, missing Authorization code");
            if (isTestAuth) {
                this.oAuthConfigurationValidationStore.saveTestResponse(str, new OAuthTokenResponse().setError("no_code"));
            }
            ProductMetricsAggregatedDataCollector.recordData("connectedSystems.oauth.callback.failure");
            return;
        }
        LOG.debug("Received and processing Authorization code for state: {}", str);
        OAuthTokenResponse retrieveToken = this.tokenRetriever.retrieveToken(oAuthConfiguration, str2, ConnectedSystemOAuthRedirectUrlFunction.generateOAuthRedirectUrl());
        storeTokenIfPossible(auditBuilder, oAuthConfiguration, retrieveToken);
        if (isTestAuth) {
            this.oAuthConfigurationValidationStore.saveTestResponse(str, retrieveToken);
        }
    }

    private Optional<OAuthConfiguration> getAndLogOAuthConfiguration(String str, boolean z, OAuthCallbackAuditLogEvent.AuditBuilder auditBuilder) {
        Optional<OAuthConfiguration> oAuthConfigurationFromCS = !z ? getOAuthConfigurationFromCS(str) : getOAuthConfigurationFromTempStore(str);
        logOAuthConfig(auditBuilder, oAuthConfigurationFromCS);
        return oAuthConfigurationFromCS;
    }

    private void logOAuthConfig(OAuthCallbackAuditLogEvent.AuditBuilder auditBuilder, Optional<OAuthConfiguration> optional) {
        optional.ifPresent(oAuthConfiguration -> {
            auditBuilder.connectedSystemUuid(oAuthConfiguration.getCsUuid()).connectedSystemName(oAuthConfiguration.getCsName()).scope(oAuthConfiguration.getScope());
        });
    }

    private void storeTokenIfPossible(OAuthCallbackAuditLogEvent.AuditBuilder auditBuilder, OAuthConfiguration oAuthConfiguration, OAuthTokenResponse oAuthTokenResponse) {
        boolean z = false;
        String accessToken = oAuthTokenResponse.getAccessToken();
        String expiresIn = oAuthTokenResponse.getExpiresIn();
        String error = oAuthTokenResponse.getError();
        String refreshToken = oAuthTokenResponse.getRefreshToken();
        if (Strings.isNullOrEmpty(error)) {
            ProductMetricsAggregatedDataCollector.recordData("connectedSystems.oauth.callback.success");
            if (!Strings.isNullOrEmpty(refreshToken)) {
                ProductMetricsAggregatedDataCollector.recordData("connectedSystems.oauth.callback.refreshToken");
                auditBuilder.refreshToken(true);
            }
            if (oAuthConfiguration.isSaveToken()) {
                try {
                    z = true;
                    this.connectedSystemExternalSystemService.persistToken(oAuthConfiguration.getCsUuid(), accessToken, expiresIn, refreshToken);
                    LOG.debug("Access token persisted successfully");
                } catch (ObjectNotFoundException e) {
                    LOG.warn("Unable to persist access token", e);
                }
            }
        } else {
            ProductMetricsAggregatedDataCollector.recordData("connectedSystems.oauth.callback.failure");
        }
        auditBuilder.success(z).tokenExpiration(expiresIn);
    }

    @SuppressFBWarnings(value = {"CRLF_INJECTION_LOGS"}, justification = "Not feasible to sanitize state passed as an argument")
    private Optional<OAuthConfiguration> getOAuthConfigurationFromTempStore(String str) {
        LOG.debug("Fetching OAuth configurations from a temp store for a state: {}", str);
        Optional<OAuthConfiguration> testConfig = this.oAuthConfigurationValidationStore.getTestConfig(str);
        if (testConfig.isPresent()) {
            String csUuid = testConfig.get().getCsUuid();
            if (!Strings.isNullOrEmpty(csUuid)) {
                Optional<OAuthConfiguration> oAuthConfigurationFromCS = getOAuthConfigurationFromCS(csUuid);
                if (oAuthConfigurationFromCS.isPresent() && oAuthConfigurationFromCS.get().equalsIgnoringSecret(testConfig.get())) {
                    testConfig.get().setSaveToken(true);
                }
            }
        }
        return testConfig;
    }

    @SuppressFBWarnings(value = {"CRLF_INJECTION_LOGS"}, justification = "Not feasible to sanitize uuid passed as an argument")
    private Optional<OAuthConfiguration> getOAuthConfigurationFromCS(String str) {
        LOG.debug("Fetching persisted OAuth configurations from Connected System for: {}", str);
        ConnectedSystem connectedSystem = (ConnectedSystem) SpringSecurityContextHelper.runAsAdmin(() -> {
            return this.connectedSystemService.getVersion(str, ContentConstants.VERSION_CURRENT);
        });
        if (connectedSystem == null) {
            return Optional.empty();
        }
        Dictionary dictionary = (Dictionary) API.typedValueToValue(connectedSystem.getSharedConfigParameters()).getValue();
        String str2 = (String) dictionary.getDevariantValue("authType").getValue();
        Value devariantValue = dictionary.getDevariantValue("isCstOAuth");
        if (!"OAuth 2.0".equals(str2) && Value.FALSE.equals(devariantValue)) {
            return Optional.empty();
        }
        Dictionary dictionary2 = (Dictionary) dictionary.getDevariantValue("authDetails").getValue();
        String valueByKey = getValueByKey("clientId", dictionary2);
        String name = connectedSystem.getName();
        Variant variant = dictionary2.get("clientSecret");
        String valueByKey2 = getValueByKey("tokenUrl", dictionary2);
        String valueByKey3 = getValueByKey("authUrl", dictionary2);
        return Optional.of(new OAuthConfiguration().setCsUuid(str).setCsName(name).setClientId(valueByKey).setClientSecret((String) variant.getValue()).setAuthorizationUrl(valueByKey3).setScope(getValueByKey("scope", dictionary2)).setTokenRequestUrl(valueByKey2).setSaveToken(true));
    }

    private String getValueByKey(String str, Dictionary dictionary) {
        return (String) dictionary.get(str).getValue();
    }
}
