package com.predic8.membrane.core.interceptor.authentication.session;

import com.bornium.security.oauth2openid.Constants;
import com.floreysoft.jmte.Engine;
import com.floreysoft.jmte.ErrorHandler;
import com.floreysoft.jmte.message.ErrorMessage;
import com.floreysoft.jmte.message.ParseException;
import com.floreysoft.jmte.token.Token;
import com.google.common.collect.Lists;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.oauth2.ConsentPageFile;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.server.WebServerInterceptor;
import com.predic8.membrane.core.resolver.ResolverMap;
import com.predic8.membrane.core.util.URIFactory;
import com.predic8.membrane.core.util.URLParamUtil;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.NoSuchElementException;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.validation.DataBinder;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.7.1.jar:com/predic8/membrane/core/interceptor/authentication/session/LoginDialog.class */
public class LoginDialog {
    private static final Logger log = LoggerFactory.getLogger(LoginDialog.class.getName());
    private final String basePath;
    private final String path;
    private final String message;
    private final boolean exposeUserCredentialsToSession;
    private URIFactory uriFactory;
    private final UserDataProvider userDataProvider;
    private final TokenProvider tokenProvider;
    private final SessionManager sessionManager;
    private final AccountBlocker accountBlocker;
    private final WebServerInterceptor wsi;

    public LoginDialog(UserDataProvider userDataProvider, TokenProvider tokenProvider, SessionManager sessionManager, AccountBlocker accountBlocker, String str, String str2, String str3, boolean z, String str4) {
        this.basePath = str2;
        this.path = str3;
        if (str2.length() > 0) {
            if ((str2.endsWith("/") ? 1 : 0) + (str3.startsWith("/") ? 1 : 0) != 1) {
                throw new RuntimeException("Login dialog is configured with basePath='\" + basePath + \"' and path='" + str3 + "'. Please ensure that basePath ends with a '/' xOR path starts with a '/'. (Concatenation '" + str2 + str3 + "' looks weird.)')");
            }
        }
        this.exposeUserCredentialsToSession = z;
        this.userDataProvider = userDataProvider;
        this.tokenProvider = tokenProvider;
        this.sessionManager = sessionManager;
        this.accountBlocker = accountBlocker;
        this.message = str4;
        this.wsi = new WebServerInterceptor();
        this.wsi.setDocBase(str);
    }

    public void init(Router router) throws Exception {
        this.uriFactory = router.getUriFactory();
        this.wsi.init(router);
        router.getResolverMap().resolve(ResolverMap.combine(router.getBaseLocation(), this.wsi.getDocBase(), "index.html")).close();
    }

    public boolean isLoginRequest(Exchange exchange) {
        return this.uriFactory.createWithoutException(exchange.getRequest().getUri()).getPath().startsWith(this.path);
    }

    private void showPage(Exchange exchange, int i, Object... objArr) throws Exception {
        String defaultString = StringUtils.defaultString(URLParamUtil.getParams(this.uriFactory, exchange, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR).get(DataBinder.DEFAULT_OBJECT_NAME));
        exchange.getDestinations().set(0, "/index.html");
        this.wsi.handleRequest(exchange);
        Engine engine = new Engine();
        engine.setErrorHandler(new ErrorHandler() { // from class: com.predic8.membrane.core.interceptor.authentication.session.LoginDialog.1
            @Override // com.floreysoft.jmte.ErrorHandler
            public void error(ErrorMessage errorMessage, Token token, Map<String, Object> map) throws ParseException {
                LoginDialog.log.error(errorMessage.key);
            }

            @Override // com.floreysoft.jmte.ErrorHandler
            public void error(ErrorMessage errorMessage, Token token) throws ParseException {
                LoginDialog.log.error(errorMessage.key);
            }
        });
        HashMap hashMap = new HashMap();
        hashMap.put("action", StringEscapeUtils.escapeXml11(this.basePath + this.path));
        hashMap.put(DataBinder.DEFAULT_OBJECT_NAME, StringEscapeUtils.escapeXml11(defaultString));
        if (i == 0) {
            hashMap.put(Constants.PARAMETER_VALUE_LOGIN, true);
        }
        if (i == 1) {
            hashMap.put("token", true);
        }
        if (i == 2) {
            hashMap.put(Constants.LOGIN_CONSENT, true);
            hashMap.put("action", StringEscapeUtils.escapeXml11(this.basePath + this.path) + "consent");
        }
        for (int i2 = 0; i2 < objArr.length; i2 += 2) {
            hashMap.put((String) objArr[i2], objArr[i2 + 1]);
        }
        exchange.getResponse().setBodyContent(engine.transform(exchange.getResponse().getBodyAsStringDecoded(), hashMap).getBytes(StandardCharsets.UTF_8));
    }

    public void handleLoginRequest(Exchange exchange) throws Exception {
        SessionManager.Session session = this.sessionManager.getSession(exchange);
        String substring = exchange.getRequest().getUri().substring((this.basePath.length() + this.path.length()) - 1);
        if (substring.indexOf(63) >= 0) {
            substring = substring.substring(0, substring.indexOf(63));
        }
        exchange.getDestinations().set(0, substring);
        String str = substring;
        boolean z = -1;
        switch (str.hashCode()) {
            case 47:
                if (str.equals("/")) {
                    z = 2;
                    break;
                }
                break;
            case 1259207947:
                if (str.equals("/consent")) {
                    z = true;
                    break;
                }
                break;
            case 1960638073:
                if (str.equals("/logout")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (session != null) {
                    session.clear();
                }
                exchange.setResponse(Response.redirect(this.path, false).body("").build());
                return;
            case true:
                if (exchange.getRequest().getMethod().equals("POST")) {
                    processConsentPageResult(exchange, session);
                    return;
                } else {
                    showConsentPage(exchange, session);
                    return;
                }
            case true:
                if (session != null && session.isPreAuthorized()) {
                    if (this.accountBlocker != null && this.accountBlocker.isBlocked(session.getUserName())) {
                        showPage(exchange, 0, Constants.PARAMETER_ERROR, "ACCOUNT_BLOCKED");
                        return;
                    }
                    if (!exchange.getRequest().getMethod().equals("POST")) {
                        showPage(exchange, 1, new Object[0]);
                        return;
                    }
                    String str2 = URLParamUtil.getParams(this.uriFactory, exchange, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR).get("token");
                    try {
                        if (this.tokenProvider != null) {
                            this.tokenProvider.verifyToken(session.getUserAttributes(), str2);
                        }
                        if (this.accountBlocker != null) {
                            this.accountBlocker.unblock(session.getUserName());
                        }
                        String str3 = URLParamUtil.getParams(this.uriFactory, exchange, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR).get(DataBinder.DEFAULT_OBJECT_NAME);
                        if (StringUtils.isEmpty(str3)) {
                            str3 = this.basePath + (this.basePath.endsWith("/") ? "" : "/");
                        }
                        if (this.message != null) {
                            exchange.setResponse(Response.redirectWithout300(str3, this.message).build());
                        } else {
                            exchange.setResponse(Response.redirectWithout300(str3).build());
                        }
                        session.authorize();
                        return;
                    } catch (NoSuchElementException e) {
                        ArrayList newArrayList = Lists.newArrayList(Constants.PARAMETER_ERROR, "INVALID_TOKEN");
                        if (this.accountBlocker != null && this.accountBlocker.fail(session.getUserName())) {
                            newArrayList.addAll(Lists.newArrayList("accountBlocked", "true"));
                        }
                        session.clear();
                        showPage(exchange, 0, newArrayList.toArray());
                        return;
                    } catch (Exception e2) {
                        log.error("", (Throwable) e2);
                        session.clear();
                        showPage(exchange, 0, Constants.PARAMETER_ERROR, "INTERNAL_SERVER_ERROR");
                        return;
                    }
                }
                if (!exchange.getRequest().getMethod().equals("POST")) {
                    showPage(exchange, 0, new Object[0]);
                    return;
                }
                Map<String, String> params = URLParamUtil.getParams(this.uriFactory, exchange, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR);
                String str4 = params.get("username");
                if (str4 == null) {
                    showPage(exchange, 0, Constants.PARAMETER_ERROR, "INVALID_PASSWORD");
                    return;
                }
                if (this.accountBlocker != null && this.accountBlocker.isBlocked(str4)) {
                    showPage(exchange, 0, Constants.PARAMETER_ERROR, "ACCOUNT_BLOCKED");
                    return;
                }
                try {
                    Map<String, String> verify = this.userDataProvider.verify(params);
                    if (this.exposeUserCredentialsToSession) {
                        for (Map.Entry<String, String> entry : params.entrySet()) {
                            if (!verify.containsKey(entry.getKey())) {
                                verify.put(entry.getKey(), entry.getValue());
                            }
                        }
                    }
                    if (this.tokenProvider != null) {
                        showPage(exchange, 1, new Object[0]);
                    } else {
                        String str5 = params.get(DataBinder.DEFAULT_OBJECT_NAME);
                        if (StringUtils.isEmpty(str5)) {
                            str5 = this.basePath + (this.basePath.endsWith("/") ? "" : "/");
                        }
                        exchange.setResponse(Response.redirectWithout300(str5).build());
                    }
                    SessionManager.Session orCreateSession = this.sessionManager.getOrCreateSession(exchange);
                    orCreateSession.preAuthorize(str4, verify);
                    if (this.tokenProvider != null) {
                        this.tokenProvider.requestToken(orCreateSession.getUserAttributes());
                        return;
                    }
                    return;
                } catch (NoSuchElementException e3) {
                    ArrayList newArrayList2 = Lists.newArrayList(Constants.PARAMETER_ERROR, "INVALID_PASSWORD");
                    if (this.accountBlocker != null && this.accountBlocker.fail(str4)) {
                        newArrayList2.addAll(Lists.newArrayList("accountBlocked", "true"));
                    }
                    showPage(exchange, 0, newArrayList2.toArray());
                    return;
                } catch (Exception e4) {
                    log.error("", (Throwable) e4);
                    showPage(exchange, 0, Constants.PARAMETER_ERROR, "INTERNAL_SERVER_ERROR");
                    return;
                }
            default:
                this.wsi.handleRequest(exchange);
                return;
        }
    }

    private void processConsentPageResult(Exchange exchange, SessionManager.Session session) throws Exception {
        removeConsentPageDataFromSession(session);
        putConsentInSession(exchange, session);
        redirectAfterConsent(exchange);
    }

    private void removeConsentPageDataFromSession(SessionManager.Session session) {
        if (session == null) {
            return;
        }
        synchronized (session) {
            session.getUserAttributes().remove(ConsentPageFile.PRODUCT_NAME);
            session.getUserAttributes().remove(ConsentPageFile.LOGO_URL);
            session.getUserAttributes().remove(ConsentPageFile.SCOPE_DESCRIPTIONS);
            session.getUserAttributes().remove(ConsentPageFile.CLAIM_DESCRIPTIONS);
        }
    }

    private void redirectAfterConsent(Exchange exchange) throws Exception {
        String str = URLParamUtil.getParams(this.uriFactory, exchange, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR).get(DataBinder.DEFAULT_OBJECT_NAME);
        if (StringUtils.isEmpty(str)) {
            str = this.basePath + (this.basePath.endsWith("/") ? "" : "/");
        }
        exchange.setResponse(Response.redirectWithout300(str).build());
    }

    private void putConsentInSession(Exchange exchange, SessionManager.Session session) throws Exception {
        if (session == null) {
            return;
        }
        String str = URLParamUtil.getParams(this.uriFactory, exchange, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR).get(Constants.LOGIN_CONSENT);
        if (str == null) {
            throw new Exception("There is no form parameter consent in the request present.");
        }
        String str2 = str.equals("Accept") ? "true" : "false";
        synchronized (session) {
            session.getUserAttributes().put(Constants.LOGIN_CONSENT, str2);
        }
    }

    private void showConsentPage(Exchange exchange, SessionManager.Session session) throws Exception {
        if (session == null) {
            showPage(exchange, 2, ConsentPageFile.PRODUCT_NAME, null, ConsentPageFile.LOGO_URL, null, ConsentPageFile.SCOPES, null, "claims", null);
        } else {
            synchronized (session) {
                showPage(exchange, 2, ConsentPageFile.PRODUCT_NAME, session.getUserAttributes().get(ConsentPageFile.PRODUCT_NAME), ConsentPageFile.LOGO_URL, session.getUserAttributes().get(ConsentPageFile.LOGO_URL), ConsentPageFile.SCOPES, doubleStringArrayToMap(prepareScopesFromSession(session)), "claims", doubleStringArrayToMap(prepareClaimsFromSession(session)));
            }
        }
    }

    private Map<String, String> doubleStringArrayToMap(String[] strArr) {
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            String[] split = str.split(" ");
            for (int i = 2; i < split.length; i++) {
                split[1] = split[1] + " " + split[i];
            }
            hashMap.put(split[0], split[1]);
        }
        return hashMap;
    }

    private String[] prepareClaimsFromSession(SessionManager.Session session) throws UnsupportedEncodingException {
        return prepareStringArray(decodeClaimsFromSession(session));
    }

    private String[] prepareScopesFromSession(SessionManager.Session session) throws UnsupportedEncodingException {
        return prepareStringArray(decodeScopesFromSession(session));
    }

    private String[] prepareStringArray(String[] strArr) {
        if (strArr[0].isEmpty()) {
            return new String[0];
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < strArr.length; i += 2) {
            arrayList.add(strArr[i] + ": " + strArr[i + 1]);
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    private String[] decodeClaimsFromSession(SessionManager.Session session) {
        return getUserAttributesFor(session, ConsentPageFile.CLAIM_DESCRIPTIONS);
    }

    private String[] decodeScopesFromSession(SessionManager.Session session) {
        return getUserAttributesFor(session, ConsentPageFile.SCOPE_DESCRIPTIONS);
    }

    private static String[] getUserAttributesFor(SessionManager.Session session, String str) {
        if (!session.getUserAttributes().containsKey(str)) {
            return new String[0];
        }
        String[] split = session.getUserAttributes().get(str).split(" ");
        for (int i = 0; i < split.length; i++) {
            split[i] = OAuth2Util.urldecode(split[i]);
        }
        return split;
    }

    public Outcome redirectToLogin(Exchange exchange) {
        exchange.setResponse(Response.redirect(this.path + "?target=" + URLEncoder.encode(exchange.getOriginalRequestUri(), StandardCharsets.UTF_8), false).dontCache().body("").build());
        return Outcome.RETURN;
    }
}
