package com.zimbra.cs.account.oauth;

import com.zimbra.common.util.Log;
import com.zimbra.common.util.StringUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZimbraAuthToken;
import com.zimbra.cs.account.oauth.utils.OAuthServiceProvider;
import com.zimbra.cs.servlet.ZimbraServlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;

/* loaded from: input_file:com/zimbra/cs/account/oauth/OAuthAccessTokenServlet.class */
public class OAuthAccessTokenServlet extends ZimbraServlet {
    private static final Log LOG = ZimbraLog.oauth;
    private static final long serialVersionUID = 4514844700722250184L;

    @Override // com.zimbra.cs.servlet.ZimbraServlet
    public void init() throws ServletException {
        super.init();
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        LOG.debug("Access Token Handler doGet requested!");
        processRequest(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        LOG.debug("Access Token Handler doPost requested!");
        processRequest(httpServletRequest, httpServletResponse);
    }

    public void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        try {
            String header = httpServletRequest.getHeader("X-Zimbra-Orig-Url");
            OAuthMessage message = StringUtil.isNullOrEmpty(header) ? OAuthServlet.getMessage(httpServletRequest, (String) null) : OAuthServlet.getMessage(httpServletRequest, header);
            OAuthAccessor accessor = OAuthServiceProvider.getAccessor(message);
            OAuthServiceProvider.VALIDATOR.validateAccTokenMessage(message, accessor);
            if (!Boolean.TRUE.equals(accessor.getProperty("authorized"))) {
                OAuthProblemException oAuthProblemException = new OAuthProblemException("permission_denied");
                LOG.debug("permission_denied");
                throw oAuthProblemException;
            }
            Account accountById = Provisioning.getInstance().getAccountById(ZimbraAuthToken.getAuthToken((String) accessor.getProperty("ZM_AUTH_TOKEN")).getAccountId());
            OAuthServiceProvider.generateAccessToken(accessor);
            accountById.addForeignPrincipal("oAuthAccessToken:" + accessor.accessToken);
            accountById.addOAuthAccessor(accessor.accessToken + "::" + new OAuthAccessorSerializer().serialize(accessor));
            httpServletResponse.setContentType("text/plain");
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            OAuth.formEncode(OAuth.newList(new String[]{"oauth_token", accessor.accessToken, "oauth_token_secret", accessor.tokenSecret}), outputStream);
            outputStream.close();
        } catch (Exception e) {
            LOG.debug("AccessTokenHandler exception", e);
            OAuthServiceProvider.handleException(e, httpServletRequest, httpServletResponse, true);
        }
    }
}
