package eu.dnetlib.openaire.usermanagement;

import com.google.gson.Gson;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.log4j.Logger;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;

/* loaded from: input_file:WEB-INF/classes/eu/dnetlib/openaire/usermanagement/PersonalTokenServlet.class */
public class PersonalTokenServlet extends HttpServlet {

    @Value("${oidc.secret}")
    private String secret;

    @Value("${oidc.id}")
    private String id;

    @Value("${oidc.issuer}")
    private String issuer;

    @Autowired
    private StaticClientConfigurationService staticClientConfigurationService;
    private Logger logger = Logger.getLogger(PersonalTokenServlet.class);

    @Override // javax.servlet.GenericServlet, javax.servlet.Servlet
    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, servletConfig.getServletContext());
    }

    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setContentType("text/html");
        OIDCAuthenticationToken oIDCAuthenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
        StringBuilder append = new StringBuilder().append(oIDCAuthenticationToken.getUserInfo().getGivenName().charAt(0));
        append.append(oIDCAuthenticationToken.getUserInfo().getFamilyName().charAt(0));
        httpServletRequest.getSession().setAttribute("name", append.toString());
        httpServletRequest.getSession().setAttribute("accessToken", oIDCAuthenticationToken.getAccessTokenValue());
        httpServletRequest.getSession().setAttribute(OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN, oIDCAuthenticationToken.getRefreshTokenValue());
        httpServletRequest.getRequestDispatcher("./personal.jsp").include(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.http.HttpServlet
    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        OIDCAuthenticationToken oIDCAuthenticationToken = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
        oIDCAuthenticationToken.getRefreshTokenValue();
        try {
            deleteOldRefreshTokens(getOldRefreshTokens(oIDCAuthenticationToken.getRefreshTokenValue(), oIDCAuthenticationToken.getAccessTokenValue()), oIDCAuthenticationToken.getAccessTokenValue());
        } catch (IOException e) {
            this.logger.error("Error deleting old refresh tokens.", e);
        }
        httpServletRequest.getSession().setAttribute("showRefreshToken", true);
        httpServletResponse.sendRedirect("./personalToken");
    }

    private void deleteOldRefreshTokens(List<String> list, String str) throws IOException {
        CloseableHttpClient createDefault = HttpClients.createDefault();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            HttpDelete httpDelete = new HttpDelete(this.issuer + "/api/tokens/refresh/" + it.next());
            httpDelete.setHeader("Authorization", "Bearer " + str);
            CloseableHttpResponse execute = createDefault.execute((HttpUriRequest) httpDelete);
            if (execute.getStatusLine().getStatusCode() != 200) {
                this.logger.warn("Could not delete old refresh tokens." + execute.getStatusLine().getStatusCode());
            }
        }
    }

    private List<String> getOldRefreshTokens(String str, String str2) throws IOException {
        HttpGet httpGet = new HttpGet(this.issuer + "/api/tokens/refresh");
        httpGet.setHeader("Authorization", "Bearer " + str2);
        ArrayList arrayList = null;
        for (RefreshToken refreshToken : (RefreshToken[]) new Gson().fromJson(IOUtils.toString(HttpClients.createDefault().execute((HttpUriRequest) httpGet).getEntity().getContent(), StandardCharsets.UTF_8.name()), RefreshToken[].class)) {
            if (arrayList == null) {
                arrayList = new ArrayList();
            }
            if (!refreshToken.getValue().equals(str)) {
                arrayList.add(refreshToken.getId() + "");
            }
        }
        return arrayList;
    }
}
