package org.apache.shindig.gadgets.oauth;

import com.google.inject.Inject;
import com.google.inject.name.Named;
import org.apache.commons.lang.StringUtils;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypterException;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.process.ProcessingException;
import org.apache.shindig.gadgets.process.Processor;
import org.apache.shindig.gadgets.servlet.OAuthCallbackServlet;
import org.apache.shindig.gadgets.uri.OAuthUriManager;

/* loaded from: input_file:WEB-INF/lib/shindig-gadgets-2.0.2.jar:org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.class */
public class GadgetOAuthCallbackGenerator implements OAuthCallbackGenerator {
    private final Processor processor;
    private final LockedDomainService lockedDomainService;
    private final OAuthUriManager oauthUriManager;
    private final BlobCrypter stateCrypter;

    @Inject
    public GadgetOAuthCallbackGenerator(Processor processor, LockedDomainService lockedDomainService, OAuthUriManager oAuthUriManager, @Named("shindig.oauth.state-crypter") BlobCrypter blobCrypter) {
        this.processor = processor;
        this.lockedDomainService = lockedDomainService;
        this.oauthUriManager = oAuthUriManager;
        this.stateCrypter = blobCrypter;
    }

    @Override // org.apache.shindig.gadgets.oauth.OAuthCallbackGenerator
    public String generateCallback(OAuthFetcherConfig oAuthFetcherConfig, String str, HttpRequest httpRequest, OAuthResponseParams oAuthResponseParams) throws OAuthRequestException {
        String gadgetDomainCallback = getGadgetDomainCallback(httpRequest.getSecurityToken(), checkGadgetCanRender(httpRequest.getSecurityToken(), httpRequest.getOAuthArguments(), oAuthResponseParams));
        if (gadgetDomainCallback == null) {
            return null;
        }
        return generateCallbackForProvider(oAuthResponseParams, str, gadgetDomainCallback);
    }

    private Uri checkGadgetCanRender(SecurityToken securityToken, OAuthArguments oAuthArguments, OAuthResponseParams oAuthResponseParams) throws OAuthRequestException {
        try {
            Gadget process = this.processor.process(new OAuthGadgetContext(securityToken, oAuthArguments));
            Uri parse = Uri.parse(securityToken.getActiveUrl());
            if (this.lockedDomainService.gadgetCanRender(parse.getAuthority(), process, securityToken.getContainer())) {
                return parse;
            }
            throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Gadget should not be using URL " + parse);
        } catch (ProcessingException e) {
            throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Unable to check if gadget is using locked-domain", e);
        }
    }

    private String getGadgetDomainCallback(SecurityToken securityToken, Uri uri) {
        Uri makeOAuthCallbackUri = this.oauthUriManager.makeOAuthCallbackUri(securityToken.getContainer(), uri.getAuthority());
        if (makeOAuthCallbackUri == null) {
            return null;
        }
        if (StringUtils.isEmpty(makeOAuthCallbackUri.getScheme())) {
            makeOAuthCallbackUri = new UriBuilder(makeOAuthCallbackUri).setScheme(uri.getScheme()).toUri();
        }
        return makeOAuthCallbackUri.toString();
    }

    private String generateCallbackForProvider(OAuthResponseParams oAuthResponseParams, String str, String str2) throws OAuthRequestException {
        OAuthCallbackState oAuthCallbackState = new OAuthCallbackState(this.stateCrypter);
        oAuthCallbackState.setRealCallbackUrl(str2);
        UriBuilder parse = UriBuilder.parse(str);
        try {
            parse.addQueryParameter(OAuthCallbackServlet.CALLBACK_STATE_PARAM, oAuthCallbackState.getEncryptedState());
            return parse.toString();
        } catch (BlobCrypterException e) {
            throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Failure generating callback URL", e);
        }
    }
}
