package org.keycloak.social.twitter;

import java.net.URI;
import javax.ws.rs.GET;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.util.IdentityBrokerState;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.vault.VaultStringSecret;
import twitter4j.Twitter;
import twitter4j.TwitterFactory;
import twitter4j.User;
import twitter4j.auth.AccessToken;
import twitter4j.auth.RequestToken;
import twitter4j.conf.ConfigurationBuilder;

/* loaded from: input_file:org/keycloak/social/twitter/TwitterIdentityProvider.class */
public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2IdentityProviderConfig> implements SocialIdentityProvider<OAuth2IdentityProviderConfig>, ExchangeTokenToIdentityProviderToken {
    String TWITTER_TOKEN_TYPE;
    protected static final Logger logger = Logger.getLogger(TwitterIdentityProvider.class);
    private static final String TWITTER_TOKEN = "twitter_token";
    private static final String TWITTER_TOKENSECRET = "twitter_tokenSecret";

    /* loaded from: input_file:org/keycloak/social/twitter/TwitterIdentityProvider$Endpoint.class */
    protected class Endpoint {
        protected RealmModel realm;
        protected IdentityProvider.AuthenticationCallback callback;
        protected EventBuilder event;

        @Context
        protected KeycloakSession session;

        @Context
        protected ClientConnection clientConnection;

        @Context
        protected HttpHeaders headers;

        public Endpoint(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
            this.realm = realmModel;
            this.callback = authenticationCallback;
            this.event = eventBuilder;
        }

        @GET
        public Response authResponse(@QueryParam("state") String str, @QueryParam("denied") String str2, @QueryParam("oauth_verifier") String str3) {
            IdentityBrokerState encoded = IdentityBrokerState.encoded(str);
            String clientId = encoded.getClientId();
            String tabId = encoded.getTabId();
            if (clientId == null || tabId == null) {
                TwitterIdentityProvider.logger.errorf("Invalid state parameter: %s", str);
                sendErrorEvent();
                return ErrorPage.error(this.session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST, new Object[0]);
            }
            AuthenticationSessionModel clientSession = ClientSessionCode.getClientSession(str, tabId, this.session, this.realm, this.realm.getClientByClientId(clientId), this.event, (Class<AuthenticationSessionModel>) AuthenticationSessionModel.class);
            if (str2 != null) {
                return this.callback.cancelled();
            }
            try {
                VaultStringSecret stringSecret = this.session.vault().getStringSecret(((OAuth2IdentityProviderConfig) TwitterIdentityProvider.this.getConfig()).getClientSecret());
                try {
                    Twitter twitterFactory = new TwitterFactory(new ConfigurationBuilder().setIncludeEmailEnabled(true).build()).getInstance();
                    twitterFactory.setOAuthConsumer(((OAuth2IdentityProviderConfig) TwitterIdentityProvider.this.getConfig()).getClientId(), (String) stringSecret.get().orElse(((OAuth2IdentityProviderConfig) TwitterIdentityProvider.this.getConfig()).getClientSecret()));
                    AccessToken oAuthAccessToken = twitterFactory.getOAuthAccessToken(new RequestToken(clientSession.getAuthNote(TwitterIdentityProvider.TWITTER_TOKEN), clientSession.getAuthNote(TwitterIdentityProvider.TWITTER_TOKENSECRET)), str3);
                    User verifyCredentials = twitterFactory.verifyCredentials();
                    BrokeredIdentityContext brokeredIdentityContext = new BrokeredIdentityContext(Long.toString(verifyCredentials.getId()));
                    brokeredIdentityContext.setIdp(TwitterIdentityProvider.this);
                    brokeredIdentityContext.setUsername(verifyCredentials.getScreenName());
                    brokeredIdentityContext.setEmail(verifyCredentials.getEmail());
                    brokeredIdentityContext.setName(verifyCredentials.getName());
                    StringBuilder sb = new StringBuilder();
                    sb.append("{");
                    sb.append("\"oauth_token\":").append("\"").append(oAuthAccessToken.getToken()).append("\"").append(",");
                    sb.append("\"oauth_token_secret\":").append("\"").append(oAuthAccessToken.getTokenSecret()).append("\"").append(",");
                    sb.append("\"screen_name\":").append("\"").append(oAuthAccessToken.getScreenName()).append("\"").append(",");
                    sb.append("\"user_id\":").append("\"").append(oAuthAccessToken.getUserId()).append("\"");
                    sb.append("}");
                    String sb2 = sb.toString();
                    if (((OAuth2IdentityProviderConfig) TwitterIdentityProvider.this.getConfig()).isStoreToken()) {
                        brokeredIdentityContext.setToken(sb2);
                    }
                    brokeredIdentityContext.getContextData().put("FEDERATED_ACCESS_TOKEN", sb2);
                    brokeredIdentityContext.setIdpConfig(TwitterIdentityProvider.this.getConfig());
                    brokeredIdentityContext.setAuthenticationSession(clientSession);
                    Response authenticated = this.callback.authenticated(brokeredIdentityContext);
                    if (stringSecret != null) {
                        stringSecret.close();
                    }
                    return authenticated;
                } finally {
                }
            } catch (WebApplicationException e) {
                sendErrorEvent();
                return e.getResponse();
            } catch (Exception e2) {
                TwitterIdentityProvider.logger.error("Couldn't get user profile from twitter.", e2);
                sendErrorEvent();
                return ErrorPage.error(this.session, clientSession, Response.Status.BAD_GATEWAY, Messages.UNEXPECTED_ERROR_HANDLING_RESPONSE, new Object[0]);
            }
        }

        private void sendErrorEvent() {
            this.event.event(EventType.LOGIN);
            this.event.error("twitter_login_failed");
        }
    }

    public TwitterIdentityProvider(KeycloakSession keycloakSession, OAuth2IdentityProviderConfig oAuth2IdentityProviderConfig) {
        super(keycloakSession, oAuth2IdentityProviderConfig);
        this.TWITTER_TOKEN_TYPE = TwitterIdentityProviderFactory.PROVIDER_ID;
    }

    public Object callback(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
        return new Endpoint(realmModel, authenticationCallback, eventBuilder);
    }

    public Response performLogin(AuthenticationRequest authenticationRequest) {
        try {
            VaultStringSecret stringSecret = this.session.vault().getStringSecret(((OAuth2IdentityProviderConfig) getConfig()).getClientSecret());
            try {
                Twitter twitterFactory = new TwitterFactory().getInstance();
                twitterFactory.setOAuthConsumer(((OAuth2IdentityProviderConfig) getConfig()).getClientId(), (String) stringSecret.get().orElse(((OAuth2IdentityProviderConfig) getConfig()).getClientSecret()));
                RequestToken oAuthRequestToken = twitterFactory.getOAuthRequestToken(new URI(authenticationRequest.getRedirectUri() + "?state=" + authenticationRequest.getState().getEncoded()).toString());
                AuthenticationSessionModel authenticationSession = authenticationRequest.getAuthenticationSession();
                authenticationSession.setAuthNote(TWITTER_TOKEN, oAuthRequestToken.getToken());
                authenticationSession.setAuthNote(TWITTER_TOKENSECRET, oAuthRequestToken.getTokenSecret());
                Response build = Response.seeOther(URI.create(oAuthRequestToken.getAuthenticationURL())).build();
                if (stringSecret != null) {
                    stringSecret.close();
                }
                return build;
            } finally {
            }
        } catch (Exception e) {
            throw new IdentityBrokerException("Could send authentication request to twitter.", e);
        }
    }

    public Response exchangeFromToken(UriInfo uriInfo, EventBuilder eventBuilder, ClientModel clientModel, UserSessionModel userSessionModel, UserModel userModel, MultivaluedMap<String, String> multivaluedMap) {
        String str = (String) multivaluedMap.getFirst("requested_token_type");
        if (str != null && !str.equals(this.TWITTER_TOKEN_TYPE)) {
            return exchangeUnsupportedRequiredType();
        }
        if (((OAuth2IdentityProviderConfig) getConfig()).isStoreToken()) {
            return exchangeStoredToken(uriInfo, clientModel, userSessionModel, userModel);
        }
        String note = userSessionModel.getNote("identity_provider");
        return (note == null || !note.equals(((OAuth2IdentityProviderConfig) getConfig()).getAlias())) ? exchangeNotLinkedNoStore(uriInfo, clientModel, userSessionModel, userModel) : exchangeSessionToken(uriInfo, clientModel, userSessionModel, userModel);
    }

    protected Response exchangeStoredToken(UriInfo uriInfo, ClientModel clientModel, UserSessionModel userSessionModel, UserModel userModel) {
        FederatedIdentityModel federatedIdentity = this.session.users().getFederatedIdentity(clientModel.getRealm(), userModel, ((OAuth2IdentityProviderConfig) getConfig()).getAlias());
        if (federatedIdentity == null || federatedIdentity.getToken() == null) {
            return exchangeNotLinked(uriInfo, clientModel, userSessionModel, userModel);
        }
        String token = federatedIdentity.getToken();
        if (token == null) {
            federatedIdentity.setToken((String) null);
            this.session.users().updateFederatedIdentity(clientModel.getRealm(), userModel, federatedIdentity);
            return exchangeTokenExpired(uriInfo, clientModel, userSessionModel, userModel);
        }
        AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
        accessTokenResponse.setToken(token);
        accessTokenResponse.setIdToken((String) null);
        accessTokenResponse.setRefreshToken((String) null);
        accessTokenResponse.setRefreshExpiresIn(0L);
        accessTokenResponse.getOtherClaims().clear();
        accessTokenResponse.getOtherClaims().put("issued_token_type", this.TWITTER_TOKEN_TYPE);
        accessTokenResponse.getOtherClaims().put("account-link-url", getLinkingUrl(uriInfo, clientModel, userSessionModel));
        return Response.ok(accessTokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    protected Response exchangeSessionToken(UriInfo uriInfo, ClientModel clientModel, UserSessionModel userSessionModel, UserModel userModel) {
        String note = userSessionModel.getNote("FEDERATED_ACCESS_TOKEN");
        if (note == null) {
            return exchangeTokenExpired(uriInfo, clientModel, userSessionModel, userModel);
        }
        AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
        accessTokenResponse.setToken(note);
        accessTokenResponse.setIdToken((String) null);
        accessTokenResponse.setRefreshToken((String) null);
        accessTokenResponse.setRefreshExpiresIn(0L);
        accessTokenResponse.getOtherClaims().clear();
        accessTokenResponse.getOtherClaims().put("issued_token_type", this.TWITTER_TOKEN_TYPE);
        accessTokenResponse.getOtherClaims().put("account-link-url", getLinkingUrl(uriInfo, clientModel, userSessionModel));
        return Response.ok(accessTokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    public Response retrieveToken(KeycloakSession keycloakSession, FederatedIdentityModel federatedIdentityModel) {
        return Response.ok(federatedIdentityModel.getToken()).type(org.keycloak.utils.MediaType.APPLICATION_JSON).build();
    }

    public void authenticationFinished(AuthenticationSessionModel authenticationSessionModel, BrokeredIdentityContext brokeredIdentityContext) {
        authenticationSessionModel.setUserSessionNote("FEDERATED_ACCESS_TOKEN", (String) brokeredIdentityContext.getContextData().get("FEDERATED_ACCESS_TOKEN"));
    }
}
