package com.openexchange.ajax.requesthandler.oauth;

import com.openexchange.ajax.SessionUtility;
import com.openexchange.ajax.requesthandler.AJAXActionService;
import com.openexchange.ajax.requesthandler.AJAXActionServiceFactory;
import com.openexchange.ajax.requesthandler.AJAXRequestData;
import com.openexchange.ajax.requesthandler.AJAXRequestDataTools;
import com.openexchange.ajax.requesthandler.Dispatcher;
import com.openexchange.ajax.requesthandler.DispatcherServlet;
import com.openexchange.exception.OXException;
import com.openexchange.groupware.container.Appointment;
import com.openexchange.groupware.container.CalendarObject;
import com.openexchange.oauth.provider.exceptions.OAuthInsufficientScopeException;
import com.openexchange.oauth.provider.exceptions.OAuthInvalidRequestException;
import com.openexchange.oauth.provider.exceptions.OAuthInvalidTokenException;
import com.openexchange.oauth.provider.resourceserver.OAuthAccess;
import com.openexchange.oauth.provider.resourceserver.OAuthResourceService;
import com.openexchange.oauth.provider.resourceserver.annotations.OAuthAction;
import com.openexchange.oauth.provider.resourceserver.annotations.OAuthModule;
import com.openexchange.osgi.Tools;
import com.openexchange.server.ServiceLookup;
import com.openexchange.session.Reply;
import com.openexchange.session.Session;
import com.openexchange.session.SessionResult;
import com.openexchange.tools.servlet.AjaxExceptionCodes;
import com.openexchange.tools.servlet.http.Authorization;
import com.openexchange.tools.session.ServerSession;
import com.openexchange.tools.session.ServerSessionAdapter;
import java.io.IOException;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/ajax/requesthandler/oauth/OAuthDispatcherServlet.class */
public class OAuthDispatcherServlet extends DispatcherServlet {
    private static final long serialVersionUID = 2930109046898745937L;
    private static final Logger LOG = LoggerFactory.getLogger(OAuthDispatcherServlet.class);
    private final ServiceLookup services;

    public OAuthDispatcherServlet(ServiceLookup serviceLookup, String str) {
        super(str);
        this.services = serviceLookup;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.ajax.requesthandler.DispatcherServlet, com.openexchange.ajax.SessionServlet
    public SessionResult<ServerSession> initializeSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException {
        ServerSession sessionObject = SessionUtility.getSessionObject(httpServletRequest, false);
        if (sessionObject != null) {
            return new SessionResult<>(Reply.CONTINUE, ServerSessionAdapter.valueOf(sessionObject));
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            throw new OAuthInvalidTokenException(OAuthInvalidTokenException.Reason.TOKEN_MISSING);
        }
        String extractAuthScheme = Authorization.extractAuthScheme(header);
        if (extractAuthScheme == null || !extractAuthScheme.equalsIgnoreCase(OAuthConstants.BEARER_SCHEME) || header.length() <= OAuthConstants.BEARER_SCHEME.length() + 1) {
            throw new OAuthInvalidTokenException(OAuthInvalidTokenException.Reason.INVALID_AUTH_SCHEME);
        }
        OAuthAccess checkAccessToken = ((OAuthResourceService) Tools.requireService(OAuthResourceService.class, this.services)).checkAccessToken(header.substring(OAuthConstants.BEARER_SCHEME.length() + 1), httpServletRequest);
        Session session = checkAccessToken.getSession();
        SessionUtility.rememberSession(httpServletRequest, ServerSessionAdapter.valueOf(session));
        httpServletRequest.setAttribute(OAuthConstants.PARAM_OAUTH_ACCESS, checkAccessToken);
        return new SessionResult<>(Reply.CONTINUE, ServerSessionAdapter.valueOf(session));
    }

    @Override // com.openexchange.ajax.requesthandler.DispatcherServlet
    protected AJAXRequestData initializeRequestData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws OXException, IOException {
        Dispatcher dispatcher = DISPATCHER.get();
        AJAXRequestDataTools ajaxRequestDataTools = getAjaxRequestDataTools();
        String module = ajaxRequestDataTools.getModule(this.prefix + "oauth/modules/", httpServletRequest);
        String action = ajaxRequestDataTools.getAction(httpServletRequest);
        ServerSession sessionObject = SessionUtility.getSessionObject(httpServletRequest, false);
        if (sessionObject == null) {
            LOG.warn("Session was not contained in servlet request attributes!", new Exception());
            throw new OAuthInvalidTokenException(OAuthInvalidTokenException.Reason.TOKEN_MISSING);
        }
        OAuthAccess oAuthAccess = (OAuthAccess) httpServletRequest.getAttribute(OAuthConstants.PARAM_OAUTH_ACCESS);
        if (oAuthAccess == null) {
            LOG.warn("OAuthToken was not contained in servlet request attributes!", new Exception());
            throw new OAuthInvalidTokenException(OAuthInvalidTokenException.Reason.TOKEN_MISSING);
        }
        AJAXRequestData parseRequest = ajaxRequestDataTools.parseRequest(httpServletRequest, z, com.openexchange.tools.servlet.http.Tools.isMultipartContent(httpServletRequest), sessionObject, this.prefix, httpServletResponse);
        parseRequest.setModule(module);
        parseRequest.setSession(sessionObject);
        parseRequest.setProperty(OAuthConstants.PARAM_OAUTH_ACCESS, oAuthAccess);
        AJAXActionServiceFactory lookupFactory = dispatcher.lookupFactory(module);
        if (lookupFactory == null || !lookupFactory.getClass().isAnnotationPresent(OAuthModule.class)) {
            throw AjaxExceptionCodes.UNKNOWN_MODULE.create(module);
        }
        AJAXActionService createActionService = lookupFactory.createActionService(action);
        if (createActionService == null || !createActionService.getClass().isAnnotationPresent(OAuthAction.class)) {
            throw AjaxExceptionCodes.UNKNOWN_ACTION_IN_MODULE.create(action, module);
        }
        return parseRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.ajax.requesthandler.DispatcherServlet, com.openexchange.ajax.SessionServlet
    public void handleOXException(OXException oXException, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (oXException instanceof OAuthInvalidTokenException) {
            OAuthInvalidTokenException oAuthInvalidTokenException = (OAuthInvalidTokenException) oXException;
            if (oAuthInvalidTokenException.getReason() == OAuthInvalidTokenException.Reason.TOKEN_MISSING) {
                com.openexchange.tools.servlet.http.Tools.sendEmptyErrorResponse(httpServletResponse, CalendarObject.FULL_TIME, Collections.singletonMap("WWW-Authenticate", OAuthConstants.BEARER_SCHEME));
                return;
            }
            String errorDescription = oAuthInvalidTokenException.getErrorDescription();
            StringBuilder sb = new StringBuilder(OAuthConstants.BEARER_SCHEME);
            sb.append(",error=\"invalid_token\"");
            if (errorDescription != null) {
                sb.append(",error_description=\"").append(errorDescription).append("\"");
            }
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("error", "invalid_token");
                jSONObject.put("error_description", errorDescription);
            } catch (JSONException e) {
                jSONObject = null;
                logException(e);
            }
            if (jSONObject == null) {
                com.openexchange.tools.servlet.http.Tools.sendEmptyErrorResponse(httpServletResponse, CalendarObject.FULL_TIME, Collections.singletonMap("WWW-Authenticate", sb.toString()));
                return;
            } else {
                com.openexchange.tools.servlet.http.Tools.sendErrorResponse(httpServletResponse, CalendarObject.FULL_TIME, Collections.singletonMap("WWW-Authenticate", sb.toString()), jSONObject.toString());
                return;
            }
        }
        if (oXException instanceof OAuthInsufficientScopeException) {
            OAuthInsufficientScopeException oAuthInsufficientScopeException = (OAuthInsufficientScopeException) oXException;
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("error", "insufficient_scope");
                jSONObject2.put("error_description", oAuthInsufficientScopeException.getErrorDescription());
                jSONObject2.put("scope", oAuthInsufficientScopeException.getScope());
            } catch (JSONException e2) {
                jSONObject2 = null;
                logException(e2);
            }
            if (jSONObject2 == null) {
                com.openexchange.tools.servlet.http.Tools.sendEmptyErrorResponse(httpServletResponse, 403);
                return;
            } else {
                com.openexchange.tools.servlet.http.Tools.sendErrorResponse(httpServletResponse, 403, jSONObject2.toString());
                return;
            }
        }
        if (!(oXException instanceof OAuthInvalidRequestException)) {
            super.handleOXException(oXException, httpServletRequest, httpServletResponse);
            return;
        }
        OAuthInvalidRequestException oAuthInvalidRequestException = (OAuthInvalidRequestException) oXException;
        JSONObject jSONObject3 = new JSONObject();
        try {
            jSONObject3.put("error", "invalid_request");
            jSONObject3.put("error_description", oAuthInvalidRequestException.getErrorDescription());
        } catch (JSONException e3) {
            jSONObject3 = null;
            logException(e3);
        }
        if (jSONObject3 == null) {
            com.openexchange.tools.servlet.http.Tools.sendEmptyErrorResponse(httpServletResponse, Appointment.LOCATION);
        } else {
            com.openexchange.tools.servlet.http.Tools.sendErrorResponse(httpServletResponse, Appointment.LOCATION, jSONObject3.toString());
        }
    }
}
