package com.zimbra.cs.account.oauth.utils;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZimbraAuthToken;
import com.zimbra.cs.account.oauth.OAuthTokenCache;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: input_file:com/zimbra/cs/account/oauth/utils/OAuthServiceProvider.class */
public class OAuthServiceProvider {
    public static final OAuthRevAValidator VALIDATOR = new OAuthRevAValidator();

    public static synchronized OAuthConsumer getConsumer(OAuthMessage oAuthMessage) throws IOException, OAuthProblemException {
        return getConsumer(oAuthMessage.getConsumerKey());
    }

    public static synchronized OAuthConsumer getConsumer(String str) throws IOException, OAuthProblemException {
        try {
            String[] multiAttr = Provisioning.getInstance().getConfig().getMultiAttr("zimbraOAuthConsumerCredentials");
            OAuthConsumer oAuthConsumer = null;
            int length = multiAttr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String[] split = multiAttr[i].split(":");
                if (split.length < 2 || !split[0].equals(str)) {
                    i++;
                } else {
                    oAuthConsumer = new OAuthConsumer((String) null, str, split[1], (net.oauth.OAuthServiceProvider) null);
                    oAuthConsumer.setProperty("key", str);
                    oAuthConsumer.setProperty("app_name", split.length > 2 ? split[2] : "");
                }
            }
            if (oAuthConsumer == null) {
                throw new OAuthProblemException("token_rejected");
            }
            return oAuthConsumer;
        } catch (ServiceException e) {
            throw new OAuthProblemException("token_rejected");
        }
    }

    public static synchronized OAuthAccessor getAccessor(OAuthMessage oAuthMessage) throws IOException, OAuthProblemException, ServiceException {
        String token = oAuthMessage.getToken();
        OAuthAccessor oAuthAccessor = OAuthTokenCache.get(token, OAuthTokenCache.REQUEST_TOKEN_TYPE);
        if (oAuthAccessor == null) {
            oAuthAccessor = OAuthTokenCache.get(token, "access_token");
        }
        if (oAuthAccessor == null) {
            throw new OAuthProblemException("token_expired");
        }
        return oAuthAccessor;
    }

    public static synchronized void setAccountPropertiesForAccessor(Account account, OAuthAccessor oAuthAccessor) throws UnsupportedEncodingException {
        oAuthAccessor.setProperty("ZM_ACC_DISPLAYNAME", account.getAttr("displayName") == null ? "" : URLEncoder.encode(account.getAttr("displayName"), "UTF-8"));
        oAuthAccessor.setProperty("ZM_ACC_CN", account.getName() == null ? "" : URLEncoder.encode(account.getName(), "UTF-8"));
        oAuthAccessor.setProperty("ZM_ACC_GIVENNAME", account.getAttr("givenName") == null ? "" : URLEncoder.encode(account.getAttr("givenName"), "UTF-8"));
        oAuthAccessor.setProperty("ZM_ACC_SN", account.getAttr("sn") == null ? "" : URLEncoder.encode(account.getAttr("sn"), "UTF-8"));
        oAuthAccessor.setProperty("ZM_ACC_EMAIL", account.getMail() == null ? "" : URLEncoder.encode(account.getMail(), "UTF-8"));
    }

    public static synchronized void markAsAuthorized(OAuthAccessor oAuthAccessor, String str, String str2) throws OAuthException {
        oAuthAccessor.setProperty("user", str);
        oAuthAccessor.setProperty("authorized", Boolean.TRUE);
        oAuthAccessor.setProperty("ZM_AUTH_TOKEN", str2);
        try {
            setAccountPropertiesForAccessor(ZimbraAuthToken.getAuthToken(str2).getAccount(), oAuthAccessor);
            oAuthAccessor.consumer.setProperty("approved_on", Long.toString(System.currentTimeMillis()));
        } catch (AuthTokenException | UnsupportedEncodingException | ServiceException e) {
            throw new OAuthException(e);
        }
    }

    public static synchronized void generateRequestToken(OAuthAccessor oAuthAccessor) throws OAuthException, ServiceException {
        String str = (String) oAuthAccessor.consumer.getProperty("key");
        String sha256Hex = DigestUtils.sha256Hex(str + System.nanoTime());
        String sha256Hex2 = DigestUtils.sha256Hex(str + System.nanoTime() + sha256Hex);
        oAuthAccessor.requestToken = sha256Hex;
        oAuthAccessor.tokenSecret = sha256Hex2;
        oAuthAccessor.accessToken = null;
        OAuthTokenCache.put(oAuthAccessor, OAuthTokenCache.REQUEST_TOKEN_TYPE);
    }

    public static synchronized void generateAccessToken(OAuthAccessor oAuthAccessor) throws OAuthException, ServiceException {
        oAuthAccessor.accessToken = DigestUtils.sha256Hex(((String) oAuthAccessor.consumer.getProperty("key")) + System.nanoTime());
    }

    public static void handleException(Exception exc, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        OAuthServlet.handleException(httpServletResponse, exc, (httpServletRequest.isSecure() ? "https://" : "http://") + httpServletRequest.getLocalName(), z);
    }

    public static synchronized void generateVerifier(OAuthAccessor oAuthAccessor) throws OAuthException, ServiceException {
        String sha256Hex = DigestUtils.sha256Hex(((String) oAuthAccessor.consumer.getProperty("key")) + System.nanoTime() + oAuthAccessor.requestToken);
        ZimbraLog.oauth.debug("generated verifier:" + sha256Hex);
        oAuthAccessor.setProperty("oauth_verifier", sha256Hex);
        OAuthTokenCache.put(oAuthAccessor, OAuthTokenCache.REQUEST_TOKEN_TYPE);
    }
}
