package io.jenkins.plugins.tuleap_oauth.checks;

import com.google.inject.Inject;
import io.jenkins.plugins.tuleap_oauth.TuleapSecurityRealm;
import io.jenkins.plugins.tuleap_oauth.helper.PluginHelper;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:WEB-INF/lib/tuleap-oauth.jar:io/jenkins/plugins/tuleap_oauth/checks/AuthorizationCodeCheckerImpl.class */
public class AuthorizationCodeCheckerImpl implements AuthorizationCodeChecker {
    private static final Logger LOGGER = Logger.getLogger(AuthorizationCodeCheckerImpl.class.getName());
    private final PluginHelper pluginHelper;

    @Inject
    public AuthorizationCodeCheckerImpl(PluginHelper pluginHelper) {
        this.pluginHelper = pluginHelper;
    }

    @Override // io.jenkins.plugins.tuleap_oauth.checks.AuthorizationCodeChecker
    public boolean checkAuthorizationCode(StaplerRequest staplerRequest) {
        String str = (String) staplerRequest.getSession().getAttribute(TuleapSecurityRealm.JENKINS_REDIRECT_URI_ATTRIBUTE);
        if (StringUtils.isBlank(str)) {
            LOGGER.log(Level.WARNING, "no redirect saved from user's session");
            return false;
        }
        if (!str.equals(this.pluginHelper.getJenkinsInstance().getRootUrl() + "securityRealm/finishLogin")) {
            LOGGER.log(Level.WARNING, "the expected URI changed during redirection");
            return false;
        }
        if (StringUtils.isBlank(staplerRequest.getParameter("code"))) {
            LOGGER.log(Level.WARNING, "no code returned");
            return false;
        }
        String parameter = staplerRequest.getParameter(TuleapSecurityRealm.STATE_SESSION_ATTRIBUTE);
        String str2 = (String) staplerRequest.getSession().getAttribute(TuleapSecurityRealm.STATE_SESSION_ATTRIBUTE);
        if (StringUtils.isBlank(parameter)) {
            LOGGER.log(Level.WARNING, "no state returned");
            return false;
        }
        if (StringUtils.isBlank(str2)) {
            LOGGER.log(Level.WARNING, "no state saved from user's session");
            return false;
        }
        if (!MessageDigest.isEqual(parameter.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8))) {
            LOGGER.log(Level.WARNING, "expected state and provided state does not match");
            return false;
        }
        if (!StringUtils.isBlank((String) staplerRequest.getSession().getAttribute(TuleapSecurityRealm.CODE_VERIFIER_SESSION_ATTRIBUTE))) {
            return true;
        }
        LOGGER.log(Level.WARNING, "no code verifier saved from user's session");
        return false;
    }
}
