package pl.edu.icm.unity.saml.sp.web;

import com.vaadin.server.ExternalResource;
import com.vaadin.server.Page;
import com.vaadin.server.Resource;
import com.vaadin.server.Sizeable;
import com.vaadin.server.VaadinRequest;
import com.vaadin.server.VaadinSession;
import com.vaadin.server.WrappedSession;
import com.vaadin.ui.Component;
import com.vaadin.ui.UI;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.remote.SandboxAuthnResultCallback;
import pl.edu.icm.unity.engine.api.files.URIAccessService;
import pl.edu.icm.unity.engine.api.files.URIHelper;
import pl.edu.icm.unity.saml.sp.RemoteAuthnContext;
import pl.edu.icm.unity.saml.sp.SAMLExchange;
import pl.edu.icm.unity.saml.sp.SamlContextManagement;
import pl.edu.icm.unity.types.basic.Entity;
import pl.edu.icm.unity.webui.UrlHelper;
import pl.edu.icm.unity.webui.authn.IdPAuthNComponent;
import pl.edu.icm.unity.webui.authn.IdPAuthNGridComponent;
import pl.edu.icm.unity.webui.authn.VaadinAuthentication;
import pl.edu.icm.unity.webui.common.ConfirmDialog;
import pl.edu.icm.unity.webui.common.FileStreamResource;
import pl.edu.icm.unity.webui.common.Images;
import pl.edu.icm.unity.webui.common.NotificationPopup;

/* loaded from: input_file:pl/edu/icm/unity/saml/sp/web/SAMLRetrievalUI.class */
public class SAMLRetrievalUI implements VaadinAuthentication.VaadinAuthenticationUI {
    private Logger log = Log.getLogger("unity.server.saml", SAMLRetrievalUI.class);
    private MessageSource msg;
    private URIAccessService uriAccessService;
    private SAMLExchange credentialExchange;
    private VaadinAuthentication.AuthenticationCallback callback;
    private SandboxAuthnResultCallback sandboxCallback;
    private String redirectParam;
    private String configKey;
    private String idpKey;
    private IdPVisalSettings configuration;
    private SamlContextManagement samlContextManagement;
    private Set<String> tags;
    private Component main;
    private String authenticatorName;
    private VaadinAuthentication.Context context;
    private IdPAuthNComponent idpComponent;

    public SAMLRetrievalUI(MessageSource messageSource, URIAccessService uRIAccessService, SAMLExchange sAMLExchange, SamlContextManagement samlContextManagement, String str, String str2, String str3, VaadinAuthentication.Context context) {
        this.msg = messageSource;
        this.uriAccessService = uRIAccessService;
        this.credentialExchange = sAMLExchange;
        this.samlContextManagement = samlContextManagement;
        this.idpKey = str;
        this.configKey = str2;
        this.authenticatorName = str3;
        this.configuration = sAMLExchange.getVisualSettings(str2, messageSource.getLocale());
        this.context = context;
        initUI();
    }

    public Component getComponent() {
        return this.main;
    }

    public Component getGridCompatibleComponent() {
        IdPAuthNGridComponent idPAuthNGridComponent = new IdPAuthNGridComponent(getRetrievalClassName(), this.configuration.name);
        idPAuthNGridComponent.addClickListener(clickEvent -> {
            startLogin();
        });
        idPAuthNGridComponent.setWidth(100.0f, Sizeable.Unit.PERCENTAGE);
        return idPAuthNGridComponent;
    }

    private void initUI() {
        this.redirectParam = installRequestHandler();
        this.idpComponent = new IdPAuthNComponent(getRetrievalClassName(), this.configuration.logoURI == null ? Images.empty.getResource() : getImage(), this.context == VaadinAuthentication.Context.LOGIN ? this.msg.getMessage("AuthenticationUI.signInWith", new Object[]{this.configuration.name}) : this.msg.getMessage("AuthenticationUI.signUpWith", new Object[]{this.configuration.name}));
        this.idpComponent.addClickListener(clickEvent -> {
            startLogin();
        });
        this.idpComponent.setWidth(100.0f, Sizeable.Unit.PERCENTAGE);
        this.tags = new HashSet(this.configuration.tags);
        this.tags.remove(this.configuration.name);
        this.main = this.idpComponent;
    }

    private String getRetrievalClassName() {
        return this.authenticatorName + "." + this.idpKey;
    }

    private String installRequestHandler() {
        VaadinSession current = VaadinSession.getCurrent();
        for (VaadinRedirectRequestHandler vaadinRedirectRequestHandler : current.getRequestHandlers()) {
            if (vaadinRedirectRequestHandler instanceof VaadinRedirectRequestHandler) {
                return vaadinRedirectRequestHandler.getTriggeringParam();
            }
        }
        VaadinRedirectRequestHandler vaadinRedirectRequestHandler2 = new VaadinRedirectRequestHandler();
        current.addRequestHandler(vaadinRedirectRequestHandler2);
        return vaadinRedirectRequestHandler2.getTriggeringParam();
    }

    private void breakLogin() {
        WrappedSession session = VaadinSession.getCurrent().getSession();
        RemoteAuthnContext remoteAuthnContext = (RemoteAuthnContext) session.getAttribute(SAMLRetrieval.REMOTE_AUTHN_CONTEXT);
        if (remoteAuthnContext != null) {
            session.removeAttribute(SAMLRetrieval.REMOTE_AUTHN_CONTEXT);
            this.samlContextManagement.removeAuthnContext(remoteAuthnContext.getRelayState());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startLogin() {
        WrappedSession session = VaadinSession.getCurrent().getSession();
        if (((RemoteAuthnContext) session.getAttribute(SAMLRetrieval.REMOTE_AUTHN_CONTEXT)) == null) {
            startFreshLogin(session);
            return;
        }
        ConfirmDialog confirmDialog = new ConfirmDialog(this.msg, this.msg.getMessage("WebSAMLRetrieval.breakLoginInProgressConfirm", new Object[0]), () -> {
            breakLogin();
            startFreshLogin(session);
        });
        confirmDialog.setHTMLContent(true);
        confirmDialog.setSizeEm(35.0f, 20.0f);
        confirmDialog.show();
    }

    private void startFreshLogin(WrappedSession wrappedSession) {
        String currentRelativeURI = UrlHelper.getCurrentRelativeURI();
        try {
            RemoteAuthnContext createSAMLRequest = this.credentialExchange.createSAMLRequest(this.configKey, currentRelativeURI);
            createSAMLRequest.setSandboxCallback(this.sandboxCallback);
            this.log.debug("Starting remote SAML authn, current relative URI is {}", currentRelativeURI);
            this.idpComponent.setEnabled(false);
            this.callback.onStartedAuthentication(VaadinAuthentication.AuthenticationStyle.WITH_EXTERNAL_CANCEL);
            wrappedSession.setAttribute(SAMLRetrieval.REMOTE_AUTHN_CONTEXT, createSAMLRequest);
            this.samlContextManagement.addAuthnContext(createSAMLRequest);
            Page.getCurrent().open(Page.getCurrent().getLocation().getPath() + "?" + this.redirectParam, (String) null);
        } catch (Exception e) {
            NotificationPopup.showError(this.msg, this.msg.getMessage("WebSAMLRetrieval.configurationError", new Object[0]), e);
            this.log.error("Can not create SAML request", e);
            clear();
        }
    }

    private void onSamlAnswer(RemoteAuthnContext remoteAuthnContext) {
        AuthenticationResult result;
        String str = null;
        Throwable th = null;
        try {
            result = this.credentialExchange.verifySAMLResponse(remoteAuthnContext);
        } catch (Exception e) {
            this.log.error("Runtime error during SAML response processing or principal mapping", e);
            result = new AuthenticationResult(AuthenticationResult.Status.deny, (AuthenticatedEntity) null);
        } catch (AuthenticationException e2) {
            th = e2;
            str = NotificationPopup.getHumanMessage(e2, "<br>");
            result = e2.getResult();
        }
        if (remoteAuthnContext.getRegistrationFormForUnknown() != null) {
            this.log.debug("Enabling registration component");
            result.setFormForUnknownPrincipal(remoteAuthnContext.getRegistrationFormForUnknown());
        }
        result.setEnableAssociation(remoteAuthnContext.isEnableAssociation());
        if (result.getStatus() == AuthenticationResult.Status.success) {
            breakLogin();
            this.callback.onCompletedAuthentication(result);
        } else {
            if (result.getStatus() == AuthenticationResult.Status.unknownRemotePrincipal) {
                clear();
                this.callback.onCompletedAuthentication(result);
                return;
            }
            if (th != null) {
                this.log.warn("SAML response verification or processing failed", th);
            } else {
                this.log.warn("SAML response verification or processing failed");
            }
            clear();
            this.callback.onFailedAuthentication(result, this.msg.getMessage("WebSAMLRetrieval.authnFailedError", new Object[0]), str == null ? Optional.empty() : Optional.of(this.msg.getMessage("WebSAMLRetrieval.authnFailedDetailInfo", new Object[]{str})));
        }
    }

    public void setAuthenticationCallback(VaadinAuthentication.AuthenticationCallback authenticationCallback) {
        this.callback = authenticationCallback;
    }

    public void refresh(VaadinRequest vaadinRequest) {
        RemoteAuthnContext remoteAuthnContext = (RemoteAuthnContext) vaadinRequest.getWrappedSession().getAttribute(SAMLRetrieval.REMOTE_AUTHN_CONTEXT);
        if (remoteAuthnContext == null) {
            this.log.trace("Either user refreshes page, or different authN arrived");
        } else if (remoteAuthnContext.getResponse() == null) {
            this.log.debug("Authentication started but SAML response not arrived (user back button)");
        } else {
            onSamlAnswer(remoteAuthnContext);
        }
    }

    public String getLabel() {
        return this.configuration.name;
    }

    public Resource getImage() {
        if (this.configuration.logoURI == null) {
            return null;
        }
        try {
            URI parseURI = URIHelper.parseURI(this.configuration.logoURI);
            return URIHelper.isWebReady(parseURI) ? new ExternalResource(parseURI.toString()) : new FileStreamResource(this.uriAccessService.readImageURI(parseURI, UI.getCurrent().getTheme())).getResource();
        } catch (Exception e) {
            this.log.error("Invalid logo URI " + this.configuration.logoURI, e);
            return null;
        }
    }

    public void clear() {
        breakLogin();
        this.idpComponent.setEnabled(true);
    }

    public void setSandboxAuthnCallback(SandboxAuthnResultCallback sandboxAuthnResultCallback) {
        this.sandboxCallback = sandboxAuthnResultCallback;
    }

    public String getId() {
        return this.idpKey;
    }

    public void presetEntity(Entity entity) {
    }

    public Set<String> getTags() {
        return this.tags;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -522361674:
                if (implMethodName.equals("lambda$getGridCompatibleComponent$d3203346$1")) {
                    z = true;
                    break;
                }
                break;
            case 1075819996:
                if (implMethodName.equals("lambda$initUI$61446b05$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/vaadin/ui/Button$ClickListener") && serializedLambda.getFunctionalInterfaceMethodName().equals("buttonClick") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lcom/vaadin/ui/Button$ClickEvent;)V") && serializedLambda.getImplClass().equals("pl/edu/icm/unity/saml/sp/web/SAMLRetrievalUI") && serializedLambda.getImplMethodSignature().equals("(Lcom/vaadin/ui/Button$ClickEvent;)V")) {
                    SAMLRetrievalUI sAMLRetrievalUI = (SAMLRetrievalUI) serializedLambda.getCapturedArg(0);
                    return clickEvent -> {
                        startLogin();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/vaadin/ui/Button$ClickListener") && serializedLambda.getFunctionalInterfaceMethodName().equals("buttonClick") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lcom/vaadin/ui/Button$ClickEvent;)V") && serializedLambda.getImplClass().equals("pl/edu/icm/unity/saml/sp/web/SAMLRetrievalUI") && serializedLambda.getImplMethodSignature().equals("(Lcom/vaadin/ui/Button$ClickEvent;)V")) {
                    SAMLRetrievalUI sAMLRetrievalUI2 = (SAMLRetrievalUI) serializedLambda.getCapturedArg(0);
                    return clickEvent2 -> {
                        startLogin();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
