package pl.edu.icm.unity.saml.idp;

import io.imunity.idp.AccessProtocol;
import io.imunity.idp.ApplicationId;
import io.imunity.idp.IdPClientData;
import io.imunity.idp.LastIdPClinetAccessAttributeManagement;
import io.imunity.idp.TrustedIdPClientsManagement;
import java.net.URI;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.JsonUtil;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.engine.api.EndpointManagement;
import pl.edu.icm.unity.engine.api.PreferencesManagement;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.endpoint.EndpointInstance;
import pl.edu.icm.unity.engine.api.files.URIAccessService;
import pl.edu.icm.unity.exceptions.AuthorizationException;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.idp.preferences.SamlPreferences;
import pl.edu.icm.unity.saml.idp.web.SamlIdPWebEndpointFactory;
import pl.edu.icm.unity.types.I18nString;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.webui.idpcommon.URIPresentationHelper;

@Component
/* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLTrustedApplicationManagement.class */
class SAMLTrustedApplicationManagement implements TrustedIdPClientsManagement {
    private final PreferencesManagement preferencesManagement;
    private final EndpointManagement endpointManagement;
    private final MessageSource msg;
    private final URIAccessService uriAccessService;
    private final LastIdPClinetAccessAttributeManagement lastAccessAttributeManagement;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLTrustedApplicationManagement$SAMLIndividualTrustedSPConfiguration.class */
    public static class SAMLIndividualTrustedSPConfiguration {
        public final String id;
        public final I18nString displayedName;
        public final byte[] logo;
        public final ArrayList<String> authorizedRedirectsUri;

        SAMLIndividualTrustedSPConfiguration(MessageSource messageSource, URIAccessService uRIAccessService, SamlProperties samlProperties, String str) {
            String str2 = "acceptedSP." + str + ".";
            if (samlProperties.isSet(str2 + "entity")) {
                this.id = samlProperties.getValue(str2 + "entity");
            } else {
                this.id = samlProperties.getValue(str2 + "dn");
            }
            this.displayedName = samlProperties.getLocalizedStringWithoutFallbackToDefault(messageSource, str2 + "name");
            if (samlProperties.isSet(str2 + "logoURI")) {
                this.logo = uRIAccessService.readURI(URI.create(samlProperties.getValue(str2 + "logoURI"))).getContents();
            } else {
                this.logo = null;
            }
            this.authorizedRedirectsUri = new ArrayList<>();
            if (samlProperties.isSet(str2 + "returnURL")) {
                this.authorizedRedirectsUri.add(samlProperties.getValue(str2 + "returnURL"));
            }
            samlProperties.getListOfValues(str2 + "returnURLs.").forEach(str3 -> {
                this.authorizedRedirectsUri.add(str3);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLTrustedApplicationManagement$SAMLServiceConfiguration.class */
    public static class SAMLServiceConfiguration {
        public final List<SAMLIndividualTrustedSPConfiguration> individualTrustedSPs;

        public SAMLServiceConfiguration(SamlProperties samlProperties, MessageSource messageSource, URIAccessService uRIAccessService) {
            Set structuredListKeys = samlProperties.getStructuredListKeys(SamlIdpProperties.ALLOWED_SP_PREFIX);
            this.individualTrustedSPs = new ArrayList();
            structuredListKeys.forEach(str -> {
                this.individualTrustedSPs.add(new SAMLIndividualTrustedSPConfiguration(messageSource, uRIAccessService, samlProperties, str.substring(SamlIdpProperties.ALLOWED_SP_PREFIX.length(), str.length() - 1)));
            });
        }
    }

    SAMLTrustedApplicationManagement(@Qualifier("insecure") PreferencesManagement preferencesManagement, @Qualifier("insecure") EndpointManagement endpointManagement, MessageSource messageSource, URIAccessService uRIAccessService, LastIdPClinetAccessAttributeManagement lastIdPClinetAccessAttributeManagement) {
        this.preferencesManagement = preferencesManagement;
        this.endpointManagement = endpointManagement;
        this.msg = messageSource;
        this.uriAccessService = uRIAccessService;
        this.lastAccessAttributeManagement = lastIdPClinetAccessAttributeManagement;
    }

    public List<IdPClientData> getIdpClientsData() throws EngineException {
        List<SAMLServiceConfiguration> services = getServices();
        SamlPreferences preferences = getPreferences();
        ArrayList arrayList = new ArrayList();
        Iterator<SAMLServiceConfiguration> it = services.iterator();
        while (it.hasNext()) {
            for (SAMLIndividualTrustedSPConfiguration sAMLIndividualTrustedSPConfiguration : it.next().individualTrustedSPs) {
                if (preferences.getKeys().contains(sAMLIndividualTrustedSPConfiguration.id)) {
                    arrayList.add(IdPClientData.builder().withApplicationId(new ApplicationId(sAMLIndividualTrustedSPConfiguration.id)).withApplicationName(getApplicationName(sAMLIndividualTrustedSPConfiguration)).withLogo(Optional.ofNullable(sAMLIndividualTrustedSPConfiguration.logo)).withApplicationDomain(Optional.of(URIPresentationHelper.getHumanReadableDomain(sAMLIndividualTrustedSPConfiguration.authorizedRedirectsUri.get(0)))).withAccessStatus(preferences.getSPSettings(sAMLIndividualTrustedSPConfiguration.id).isDefaultAccept() ? IdPClientData.AccessStatus.allowWithoutAsking : IdPClientData.AccessStatus.disallowWithoutAsking).withAccessGrantTime(Optional.ofNullable(!preferences.getSPSettings(sAMLIndividualTrustedSPConfiguration.id).isDefaultAccept() ? null : preferences.getSPSettings(sAMLIndividualTrustedSPConfiguration.id).getTimestamp())).withLastAccessTime(Optional.ofNullable(getLastAccessByClient().get(new LastIdPClinetAccessAttributeManagement.LastIdPClientAccessKey(AccessProtocol.SAML, sAMLIndividualTrustedSPConfiguration.id)))).withAccessProtocol(AccessProtocol.SAML).build());
                }
            }
        }
        return arrayList;
    }

    public synchronized void unblockAccess(ApplicationId applicationId) throws EngineException {
        clearPreferences(applicationId.id);
    }

    public synchronized void revokeAccess(ApplicationId applicationId) throws EngineException {
        clearPreferences(applicationId.id);
    }

    private String getApplicationName(SAMLIndividualTrustedSPConfiguration sAMLIndividualTrustedSPConfiguration) {
        return (sAMLIndividualTrustedSPConfiguration.displayedName == null || sAMLIndividualTrustedSPConfiguration.displayedName.getValue(this.msg) == null) ? sAMLIndividualTrustedSPConfiguration.id : sAMLIndividualTrustedSPConfiguration.displayedName.getValue(this.msg);
    }

    private void clearPreferences(String str) throws EngineException {
        SamlPreferences preferences = getPreferences();
        preferences.removeSPSettings(str);
        SamlPreferences.savePreferences(this.preferencesManagement, preferences);
    }

    public AccessProtocol getSupportedProtocol() {
        return AccessProtocol.SAML;
    }

    private List<SAMLServiceConfiguration> getServices() throws AuthorizationException {
        ArrayList arrayList = new ArrayList();
        Iterator it = ((List) this.endpointManagement.getDeployedEndpointInstances().stream().filter(endpointInstance -> {
            return endpointInstance.getEndpointDescription().getEndpoint().getTypeId().equals(SamlIdPWebEndpointFactory.TYPE.getName());
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            arrayList.add(new SAMLServiceConfiguration(((EndpointInstance) it.next()).getVirtualConfiguration(), this.msg, this.uriAccessService));
        }
        return arrayList;
    }

    private SamlPreferences getPreferences() throws EngineException {
        String preference = this.preferencesManagement.getPreference(new EntityParam(Long.valueOf(InvocationContext.getCurrent().getLoginSession().getEntityId())), SamlPreferences.ID);
        SamlPreferences samlPreferences = new SamlPreferences();
        if (preference != null) {
            samlPreferences.setSerializedConfiguration(JsonUtil.parse(preference));
        }
        return samlPreferences;
    }

    private Map<LastIdPClinetAccessAttributeManagement.LastIdPClientAccessKey, Instant> getLastAccessByClient() throws EngineException {
        return this.lastAccessAttributeManagement.getLastAccessByClient();
    }
}
