package org.apache.sling.auth.oauth_client.impl;

import com.nimbusds.oauth2.sdk.id.Identifier;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.auth.oauth_client.ClientConnection;
import org.apache.sling.commons.crypto.CryptoService;
import org.apache.sling.servlets.annotations.SlingServletPaths;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Servlet.class}, property = {"sling.auth.requirements=/system/sling/oauth/entry-point"})
@SlingServletPaths({OAuthEntryPointServlet.PATH})
/* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/OAuthEntryPointServlet.class */
public class OAuthEntryPointServlet extends SlingAllMethodsServlet {
    private static final long serialVersionUID = 1;
    public static final String PATH = "/system/sling/oauth/entry-point";
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final Map<String, ClientConnection> connections;
    private final CryptoService cryptoService;

    @Activate
    public OAuthEntryPointServlet(@Reference(policyOption = ReferencePolicyOption.GREEDY) List<ClientConnection> list, @Reference CryptoService cryptoService) {
        this.connections = (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.name();
        }, Function.identity()));
        this.cryptoService = cryptoService;
    }

    protected void doGet(@NotNull SlingHttpServletRequest slingHttpServletRequest, @NotNull SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        try {
            String parameter = slingHttpServletRequest.getParameter("c");
            if (parameter == null) {
                this.logger.debug("Missing mandatory request parameter 'c'");
                slingHttpServletResponse.sendError(400);
                return;
            }
            ClientConnection clientConnection = this.connections.get(parameter);
            if (clientConnection == null) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Client requested unknown connection '{}'; known: '{}'", parameter, this.connections.keySet());
                }
                slingHttpServletResponse.sendError(400);
            } else {
                RedirectTarget authenticationRequestUri = getAuthenticationRequestUri(clientConnection, slingHttpServletRequest, URI.create(OAuthCallbackServlet.getCallbackUri(slingHttpServletRequest)));
                slingHttpServletResponse.addCookie(authenticationRequestUri.cookie());
                slingHttpServletResponse.sendRedirect(authenticationRequestUri.uri().toString());
            }
        } catch (Exception e) {
            throw new OAuthEntryPointException("Internal error", e);
        }
    }

    @NotNull
    private RedirectTarget getAuthenticationRequestUri(@NotNull ClientConnection clientConnection, @NotNull SlingHttpServletRequest slingHttpServletRequest, @NotNull URI uri) {
        return RedirectHelper.buildRedirectTarget(new String[]{PATH}, uri, ResolvedOAuthConnection.resolve(clientConnection), new OAuthCookieValue(new Identifier().getValue(), clientConnection.name(), slingHttpServletRequest.getParameter("redirect")), this.cryptoService);
    }
}
