package com.zimbra.cs.service;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.StringUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZimbraAuthToken;
import com.zimbra.cs.account.oauth.OAuthAccessorSerializer;
import com.zimbra.cs.account.oauth.utils.OAuthServiceProvider;
import com.zimbra.soap.SoapServlet;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;

/* loaded from: input_file:com/zimbra/cs/service/ZimbraAuthProviderForOAuth.class */
public class ZimbraAuthProviderForOAuth extends AuthProvider {
    public static final String ZIMBRA_OAUTH_PROVIDER = "sampleoauth";

    public ZimbraAuthProviderForOAuth() {
        this(ZIMBRA_OAUTH_PROVIDER);
    }

    protected ZimbraAuthProviderForOAuth(String str) {
        super(str);
    }

    @Override // com.zimbra.cs.service.AuthProvider
    protected AuthToken authToken(HttpServletRequest httpServletRequest, boolean z) throws AuthProviderException, AuthTokenException {
        OAuthMessage message;
        ZimbraLog.extensions.debug("authToken(HttpServletRequest req, boolean isAdminReq) is requested.");
        if (z) {
            ZimbraLog.extensions.debug("isAdminReq:true");
            return null;
        }
        String header = httpServletRequest.getHeader("X-Zimbra-Orig-Url");
        if (StringUtil.isNullOrEmpty(header)) {
            ZimbraLog.extensions.debug("request.getRequestURL(): " + ((Object) httpServletRequest.getRequestURL()));
            message = OAuthServlet.getMessage(httpServletRequest, (String) null);
        } else {
            ZimbraLog.extensions.debug("X-Zimbra-Orig-Url: " + header);
            message = OAuthServlet.getMessage(httpServletRequest, header);
        }
        try {
            String token = message.getToken();
            if (token == null) {
                ZimbraLog.extensions.debug("no need for further oauth processing");
                throw AuthProviderException.NO_AUTH_DATA();
            }
            try {
                Account accountByForeignPrincipal = Provisioning.getInstance().getAccountByForeignPrincipal("oAuthAccessToken:" + token);
                if (accountByForeignPrincipal == null) {
                    throw AuthProviderException.FAILURE("Could not identify account corresponding to the OAuth request");
                }
                OAuthAccessor oAuthAccessor = null;
                String[] oAuthAccessor2 = accountByForeignPrincipal.getOAuthAccessor();
                int length = oAuthAccessor2.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str = oAuthAccessor2[i];
                    if (str.startsWith(token)) {
                        try {
                            oAuthAccessor = new OAuthAccessorSerializer().m166deserialize((Object) str.substring(token.length() + 2));
                            break;
                        } catch (ServiceException e) {
                            throw AuthProviderException.FAILURE("Error in deserializing OAuth accessor");
                        }
                    }
                    i++;
                }
                if (oAuthAccessor == null) {
                    throw new AuthTokenException("invalid OAuth token");
                }
                try {
                    OAuthServiceProvider.VALIDATOR.validateMessage(message, oAuthAccessor);
                    return AuthProvider.getAuthToken(accountByForeignPrincipal);
                } catch (Exception e2) {
                    ZimbraLog.extensions.debug("Exception in validating OAuth token", e2);
                    throw new AuthTokenException("Exception in validating OAuth token", e2);
                } catch (OAuthProblemException e3) {
                    for (Map.Entry entry : e3.getParameters().entrySet()) {
                        ZimbraLog.extensions.debug(((String) entry.getKey()) + ":" + entry.getValue());
                    }
                    ZimbraLog.extensions.debug("Exception in validating OAuth token", e3);
                    throw new AuthTokenException("Exception in validating OAuth token", e3);
                }
            } catch (ServiceException e4) {
                ZimbraLog.extensions.warn("Error in getting account using OAuth access token", e4);
                throw AuthProviderException.FAILURE(e4.getMessage());
            }
        } catch (IOException e5) {
            ZimbraLog.extensions.debug("Error in getting OAuth token from request", e5);
            throw AuthProviderException.FAILURE(e5.getMessage());
        }
    }

    @Override // com.zimbra.cs.service.AuthProvider
    protected AuthToken authToken(Element element, Map map) throws AuthProviderException, AuthTokenException {
        return authToken((HttpServletRequest) map.get(SoapServlet.SERVLET_REQUEST), false);
    }

    @Override // com.zimbra.cs.service.AuthProvider
    protected AuthToken authToken(String str) throws AuthProviderException, AuthTokenException {
        return genAuthToken(str);
    }

    private AuthToken genAuthToken(String str) throws AuthProviderException, AuthTokenException {
        if (StringUtil.isNullOrEmpty(str)) {
            throw AuthProviderException.NO_AUTH_DATA();
        }
        return ZimbraAuthToken.getAuthToken(str);
    }
}
