package com.predic8.membrane.core.interceptor.oauth2;

import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Interceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.AccountBlocker;
import com.predic8.membrane.core.interceptor.authentication.session.CleanupThread;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.authentication.session.UserDataProvider;
import com.predic8.membrane.core.interceptor.oauth2.processors.AuthEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.CertsEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.DefaultEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.EmptyEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.FaviconEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.InvalidMethodProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.LoginDialogEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.OAuth2Processors;
import com.predic8.membrane.core.interceptor.oauth2.processors.RevocationEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.TokenEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.UserinfoEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.processors.WellknownEndpointProcessor;
import com.predic8.membrane.core.interceptor.oauth2.tokengenerators.BearerTokenGenerator;
import com.predic8.membrane.core.interceptor.oauth2.tokengenerators.JwtGenerator;
import com.predic8.membrane.core.interceptor.oauth2.tokengenerators.TokenGenerator;
import java.util.HashSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

@MCElement(name = "oauth2authserver")
/* loaded from: input_file:lib/service-proxy-core-4.6.2.jar:com/predic8/membrane/core/interceptor/oauth2/OAuth2AuthorizationServerInterceptor.class */
public class OAuth2AuthorizationServerInterceptor extends AbstractInterceptor {
    private static Logger log = LoggerFactory.getLogger(OAuth2AuthorizationServerInterceptor.class.getName());
    private String issuer;
    private String location;
    private String message;
    private String consentFile;
    private boolean exposeUserCredentialsToSession;
    private Router router;
    private UserDataProvider userDataProvider;
    private AccountBlocker accountBlocker;
    private ClientList clientList;
    private ClaimList claimList;
    private OAuth2Statistics statistics;
    private JwtGenerator jwtGenerator;
    private String path = "/login/";
    private boolean loginViewDisabled = false;
    private SessionManager sessionManager = new SessionManager();
    private TokenGenerator tokenGenerator = new BearerTokenGenerator();
    private TokenGenerator refreshTokenGenerator = new BearerTokenGenerator();
    private OAuth2Processors processors = new OAuth2Processors();
    private HashSet<String> supportedAuthorizationGrants = new HashSet<>();
    private SessionFinder sessionFinder = new SessionFinder();
    private WellknownFile wellknownFile = new WellknownFile();
    private ConsentPageFile consentPageFile = new ConsentPageFile();

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public void init(Router router) throws Exception {
        this.name = "OAuth 2 Authorization Server";
        setFlow(Interceptor.Flow.Set.REQUEST_RESPONSE);
        setRouter(router);
        addSupportedAuthorizationGrants();
        getWellknownFile().init(router, this);
        getConsentPageFile().init(router, getConsentFile());
        if (this.userDataProvider == null) {
            throw new Exception("No userDataProvider configured. - Cannot work without one.");
        }
        if (getClientList() == null) {
            throw new Exception("No clientList configured. - Cannot work without one.");
        }
        if (getClaimList() == null) {
            throw new Exception("No scopeList configured. - Cannot work without one");
        }
        if (getLocation() == null) {
            log.warn("===========================================================================================");
            log.warn("IMPORTANT: No location configured - Authorization code and implicit flows are not available");
            log.warn("===========================================================================================");
            this.loginViewDisabled = true;
        }
        if (getConsentFile() == null && !isLoginViewDisabled()) {
            log.warn("==============================================================================================");
            log.warn("IMPORTANT: No consentFile configured - Authorization code and implicit flows are not available");
            log.warn("==============================================================================================");
            this.loginViewDisabled = true;
        }
        if (getPath() == null) {
            throw new Exception("No path configured. - Cannot work without one");
        }
        this.userDataProvider.init(router);
        getClientList().init(router);
        getClaimList().init(router);
        this.jwtGenerator = new JwtGenerator();
        this.sessionManager.init(router);
        this.statistics = new OAuth2Statistics();
        addDefaultProcessors();
        new CleanupThread(this.sessionManager, this.accountBlocker).start();
    }

    private void addDefaultProcessors() {
        getProcessors().add(new InvalidMethodProcessor(this)).add(new FaviconEndpointProcessor(this)).add(new AuthEndpointProcessor(this)).add(new TokenEndpointProcessor(this)).add(new UserinfoEndpointProcessor(this)).add(new RevocationEndpointProcessor(this)).add(new LoginDialogEndpointProcessor(this)).add(new WellknownEndpointProcessor(this)).add(new CertsEndpointProcessor(this)).add(new EmptyEndpointProcessor(this)).add(new DefaultEndpointProcessor(this));
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        Outcome runProcessors = getProcessors().runProcessors(exchange);
        if (runProcessors != Outcome.CONTINUE) {
            this.sessionManager.postProcess(exchange);
        }
        return runProcessors;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleResponse(Exchange exchange) throws Exception {
        this.sessionManager.postProcess(exchange);
        return super.handleResponse(exchange);
    }

    public UserDataProvider getUserDataProvider() {
        return this.userDataProvider;
    }

    @MCChildElement(order = 1)
    @Required
    public void setUserDataProvider(UserDataProvider userDataProvider) {
        this.userDataProvider = userDataProvider;
    }

    public SessionManager getSessionManager() {
        return this.sessionManager;
    }

    @MCChildElement(order = 2)
    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    public String getLocation() {
        return this.location;
    }

    @MCAttribute
    public void setLocation(String str) {
        this.location = str;
    }

    public String getPath() {
        return this.path;
    }

    @MCAttribute
    public void setPath(String str) {
        this.path = str;
    }

    public String getMessage() {
        return this.message;
    }

    @MCAttribute
    public void setMessage(String str) {
        this.message = str;
    }

    public AccountBlocker getAccountBlocker() {
        return this.accountBlocker;
    }

    @MCChildElement(order = 3)
    public void setAccountBlocker(AccountBlocker accountBlocker) {
        this.accountBlocker = accountBlocker;
    }

    public boolean isExposeUserCredentialsToSession() {
        return this.exposeUserCredentialsToSession;
    }

    @MCAttribute
    public void setExposeUserCredentialsToSession(boolean z) {
        this.exposeUserCredentialsToSession = z;
    }

    public ClientList getClientList() {
        return this.clientList;
    }

    @MCChildElement(order = 4)
    @Required
    public void setClientList(ClientList clientList) {
        this.clientList = clientList;
    }

    public TokenGenerator getTokenGenerator() {
        return this.tokenGenerator;
    }

    @MCChildElement(order = 5)
    public void setTokenGenerator(TokenGenerator tokenGenerator) {
        this.tokenGenerator = tokenGenerator;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Router getRouter() {
        return this.router;
    }

    public void setRouter(Router router) {
        this.router = router;
    }

    public HashSet<String> getSupportedAuthorizationGrants() {
        return this.supportedAuthorizationGrants;
    }

    public void setSupportedAuthorizationGrants(HashSet<String> hashSet) {
        this.supportedAuthorizationGrants = hashSet;
    }

    public OAuth2Processors getProcessors() {
        return this.processors;
    }

    public void setProcessors(OAuth2Processors oAuth2Processors) {
        this.processors = oAuth2Processors;
    }

    public SessionFinder getSessionFinder() {
        return this.sessionFinder;
    }

    public void setSessionFinder(SessionFinder sessionFinder) {
        this.sessionFinder = sessionFinder;
    }

    public JwtGenerator getJwtGenerator() {
        return this.jwtGenerator;
    }

    public String getIssuer() {
        return this.issuer;
    }

    @Required
    @MCAttribute
    public void setIssuer(String str) {
        this.issuer = str;
    }

    public ClaimList getClaimList() {
        return this.claimList;
    }

    @MCChildElement(order = 6)
    @Required
    public void setClaimList(ClaimList claimList) {
        this.claimList = claimList;
    }

    public WellknownFile getWellknownFile() {
        return this.wellknownFile;
    }

    public void setWellknownFile(WellknownFile wellknownFile) {
        this.wellknownFile = wellknownFile;
    }

    public String getConsentFile() {
        return this.consentFile;
    }

    @MCAttribute
    public void setConsentFile(String str) {
        this.consentFile = str;
    }

    public ConsentPageFile getConsentPageFile() {
        return this.consentPageFile;
    }

    public void setConsentPageFile(ConsentPageFile consentPageFile) {
        this.consentPageFile = consentPageFile;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getShortDescription() {
        return "Authorization server of the oauth2 authentication process.\n" + this.statistics.toString();
    }

    public void addSupportedAuthorizationGrants() {
        getSupportedAuthorizationGrants().add(ParamNames.CODE);
        getSupportedAuthorizationGrants().add("token");
        getSupportedAuthorizationGrants().add("id_token token");
    }

    public OAuth2Statistics getStatistics() {
        return this.statistics;
    }

    public void setStatistics(OAuth2Statistics oAuth2Statistics) {
        this.statistics = oAuth2Statistics;
    }

    public TokenGenerator getRefreshTokenGenerator() {
        return this.refreshTokenGenerator;
    }

    public void setRefreshTokenGenerator(TokenGenerator tokenGenerator) {
        this.refreshTokenGenerator = tokenGenerator;
    }

    public boolean isLoginViewDisabled() {
        return this.loginViewDisabled;
    }

    public void setLoginViewDisabled(boolean z) {
        this.loginViewDisabled = z;
    }
}
