package org.opencastproject.security.aai;

import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.impl.jpa.JpaOrganization;
import org.opencastproject.security.impl.jpa.JpaRole;
import org.opencastproject.security.impl.jpa.JpaUserReference;
import org.opencastproject.security.shibboleth.ShibbolethLoginHandler;
import org.opencastproject.userdirectory.api.UserReferenceProvider;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencastproject/security/aai/ConfigurableLoginHandler.class */
public class ConfigurableLoginHandler implements ShibbolethLoginHandler, RoleProvider, ManagedService {
    private static final String CFG_AAI_ENABLED_KEY = "enabled";
    private static final boolean CFG_AAI_ENABLED_DEFAULT = false;
    private static final String CFG_BOOTSTRAP_USER_ID_KEY = "bootstrap.user.id";
    private static final String CFG_HEADER_GIVEN_NAME_KEY = "header.given_name";
    private static final String CFG_HEADER_SURNAME_KEY = "header.surname";
    private static final String CFG_HEADER_MAIL_KEY = "header.mail";
    private static final String CFG_HEADER_HOME_ORGANIZATION_KEY = "header.home_organization";
    private static final String CFG_HEADER_AFFILIATION_KEY = "header.affiliation";
    private static final String CFG_ROLE_USER_PREFIX_KEY = "role.user.prefix";
    private static final String CFG_ROLE_USER_PREFIX_DEFAULT = "ROLE_AAI_USER_";
    private static final String CFG_ROLE_ORGANIZATION_PREFIX_KEY = "role.organization.prefix";
    private static final String CFG_ROLE_ORGANIZATION_PREFIX_DEFAULT = "ROLE_AAI_ORG_";
    private static final String CFG_ROLE_ORGANIZATION_SUFFIX_KEY = "role.organization.suffix";
    private static final String CFG_ROLE_ORGANIZATION_SUFFIX_DEFAULT = "_MEMBER";
    private static final String CFG_ROLE_FEDERATION_KEY = "role.federation";
    private static final String CFG_ROLE_FEDERATION_DEFAULT = "ROLE_AAI_USER";
    private static final String CFG_ROLE_AFFILIATION_PREFIX_KEY = "role.affiliation.prefix";
    private static final String CFG_ROLE_AFFILIATION_PREFIX_DEFAULT = "ROLE_AAI_USER_AFFILIATION_";
    private static final Logger logger = LoggerFactory.getLogger(ConfigurableLoginHandler.class);
    private UserReferenceProvider userReferenceProvider = null;
    private SecurityService securityService = null;
    private boolean enabled = false;
    private String bootstrapUserId = null;
    private String headerGivenName = null;
    private String headerSurname = null;
    private String headerMail = null;
    private String headerHomeOrganization = null;
    private String headerAffiliation = null;
    private String roleFederationMember = CFG_ROLE_FEDERATION_DEFAULT;
    private String roleUserPrefix = CFG_ROLE_USER_PREFIX_DEFAULT;
    private String roleOrganizationPrefix = CFG_ROLE_ORGANIZATION_PREFIX_DEFAULT;
    private String roleOrganizationSuffix = CFG_ROLE_ORGANIZATION_SUFFIX_DEFAULT;
    private String roleAffiliationPrefix = CFG_ROLE_AFFILIATION_PREFIX_DEFAULT;

    public ConfigurableLoginHandler() {
        registerAsManagedService(FrameworkUtil.getBundle(getClass()).getBundleContext());
    }

    protected ConfigurableLoginHandler(BundleContext bundleContext) {
        registerAsManagedService(bundleContext);
    }

    private void registerAsManagedService(BundleContext bundleContext) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("service.pid", getClass().getName());
        bundleContext.registerService(ManagedService.class.getName(), this, hashtable);
    }

    public void updated(Dictionary dictionary) throws ConfigurationException {
        if (dictionary == null) {
            return;
        }
        String trimToNull = StringUtils.trimToNull((String) dictionary.get(CFG_AAI_ENABLED_KEY));
        if (trimToNull != null) {
            this.enabled = BooleanUtils.toBoolean(trimToNull);
        }
        if (!this.enabled) {
            logger.info("AAI login handler is disabled.");
            return;
        }
        logger.info("AAI login handler is enabled.");
        String trimToNull2 = StringUtils.trimToNull((String) dictionary.get(CFG_BOOTSTRAP_USER_ID_KEY));
        if (trimToNull2 != null) {
            this.bootstrapUserId = trimToNull2;
            logger.warn("AAI User ID '{}' is configured as AAI boostrap user. You want to disable this after bootstrapping.", this.bootstrapUserId);
        } else {
            this.bootstrapUserId = null;
        }
        String trimToNull3 = StringUtils.trimToNull((String) dictionary.get(CFG_HEADER_GIVEN_NAME_KEY));
        if (trimToNull3 != null) {
            this.headerGivenName = trimToNull3;
            logger.info("Header '{}' set to '{}'", CFG_HEADER_GIVEN_NAME_KEY, this.headerGivenName);
        } else {
            logger.error("Header '{}' is not configured ", CFG_HEADER_GIVEN_NAME_KEY);
        }
        String trimToNull4 = StringUtils.trimToNull((String) dictionary.get(CFG_HEADER_SURNAME_KEY));
        if (trimToNull4 != null) {
            this.headerSurname = trimToNull4;
            logger.info("Header '{}' set to '{}'", CFG_HEADER_SURNAME_KEY, this.headerSurname);
        } else {
            logger.error("Header '{}' is not configured ", CFG_HEADER_SURNAME_KEY);
        }
        String trimToNull5 = StringUtils.trimToNull((String) dictionary.get(CFG_HEADER_MAIL_KEY));
        if (trimToNull5 != null) {
            this.headerMail = trimToNull5;
            logger.info("Header '{}' set to '{}'", CFG_HEADER_MAIL_KEY, this.headerMail);
        } else {
            logger.error("Header '{}' is not configured ", CFG_HEADER_MAIL_KEY);
        }
        String trimToNull6 = StringUtils.trimToNull((String) dictionary.get(CFG_HEADER_HOME_ORGANIZATION_KEY));
        if (trimToNull6 != null) {
            this.headerHomeOrganization = trimToNull6;
            logger.info("Header '{}' set to '{}'", CFG_HEADER_HOME_ORGANIZATION_KEY, this.headerHomeOrganization);
        } else {
            logger.warn("Optional header '{}' is not configured ", CFG_HEADER_HOME_ORGANIZATION_KEY);
        }
        String trimToNull7 = StringUtils.trimToNull((String) dictionary.get(CFG_HEADER_AFFILIATION_KEY));
        if (trimToNull7 != null) {
            this.headerAffiliation = trimToNull7;
            logger.info("Header '{}' set to '{}'", CFG_HEADER_AFFILIATION_KEY, this.headerAffiliation);
        } else {
            logger.warn("Optional header '{}' is not configured ", CFG_HEADER_AFFILIATION_KEY);
        }
        String trimToNull8 = StringUtils.trimToNull((String) dictionary.get(CFG_ROLE_FEDERATION_KEY));
        if (trimToNull8 != null) {
            this.roleFederationMember = trimToNull8;
            logger.info("AAI federation membership role '{}' set to '{}'", CFG_ROLE_FEDERATION_KEY, this.roleFederationMember);
        } else {
            this.roleFederationMember = CFG_ROLE_FEDERATION_DEFAULT;
            logger.info("AAI federation membership role '{}' is not configured, using default '{}'", CFG_ROLE_FEDERATION_KEY, this.roleFederationMember);
        }
        String trimToNull9 = StringUtils.trimToNull((String) dictionary.get(CFG_ROLE_USER_PREFIX_KEY));
        if (trimToNull9 != null) {
            this.roleUserPrefix = trimToNull9;
            logger.info("AAI user role prefix '{}' set to '{}'", CFG_ROLE_USER_PREFIX_KEY, this.roleUserPrefix);
        } else {
            this.roleUserPrefix = CFG_ROLE_USER_PREFIX_DEFAULT;
            logger.info("AAI user role prefix '{}' is not configured, using default '{}'", CFG_ROLE_USER_PREFIX_KEY, this.roleUserPrefix);
        }
        String trimToNull10 = StringUtils.trimToNull((String) dictionary.get(CFG_ROLE_ORGANIZATION_PREFIX_KEY));
        if (trimToNull10 != null) {
            this.roleOrganizationPrefix = trimToNull10;
            logger.info("AAI organization membership role prefix '{}' set to '{}'", CFG_ROLE_ORGANIZATION_PREFIX_KEY, trimToNull10);
        } else {
            this.roleOrganizationPrefix = CFG_ROLE_ORGANIZATION_PREFIX_DEFAULT;
            logger.info("AAI organization membership role prefix '{}' is not configured, using default '{}'", CFG_ROLE_ORGANIZATION_PREFIX_KEY, this.roleOrganizationPrefix);
        }
        String trimToNull11 = StringUtils.trimToNull((String) dictionary.get(CFG_ROLE_ORGANIZATION_SUFFIX_KEY));
        if (trimToNull11 != null) {
            this.roleOrganizationSuffix = trimToNull11;
            logger.info("AAI organization membership role suffix '{}' set to '{}'", CFG_ROLE_ORGANIZATION_SUFFIX_KEY, trimToNull11);
        } else {
            this.roleOrganizationSuffix = CFG_ROLE_ORGANIZATION_SUFFIX_DEFAULT;
            logger.info("AAI organization membership role suffix '{}' is not configured, using default '{}'", CFG_ROLE_ORGANIZATION_SUFFIX_KEY, this.roleOrganizationSuffix);
        }
        String trimToNull12 = StringUtils.trimToNull((String) dictionary.get(CFG_ROLE_AFFILIATION_PREFIX_KEY));
        if (trimToNull12 != null) {
            this.roleAffiliationPrefix = trimToNull12;
            logger.info("AAI affiliation role prefix '{}' set to '{}'", CFG_ROLE_AFFILIATION_PREFIX_KEY, trimToNull12);
        } else {
            this.roleAffiliationPrefix = CFG_ROLE_AFFILIATION_PREFIX_DEFAULT;
            logger.info("AAI affiliation role prefix '{}' is not configured, using default '{}'", CFG_ROLE_AFFILIATION_PREFIX_KEY, this.roleAffiliationPrefix);
        }
    }

    public void newUserLogin(String str, HttpServletRequest httpServletRequest) {
        JpaUserReference jpaUserReference = new JpaUserReference(str, extractName(httpServletRequest), extractEmail(httpServletRequest), "shibboleth", new Date(), fromOrganization(this.securityService.getOrganization()), extractRoles(str, httpServletRequest));
        logger.debug("Shibboleth user '{}' logged in for the first time", str);
        this.userReferenceProvider.addUserReference(jpaUserReference, "shibboleth");
    }

    public void existingUserLogin(String str, HttpServletRequest httpServletRequest) {
        JpaUserReference findUserReference = this.userReferenceProvider.findUserReference(str, this.securityService.getOrganization().getId());
        if (findUserReference == null) {
            throw new IllegalStateException("User reference '" + str + "' was not found");
        }
        findUserReference.setName(extractName(httpServletRequest));
        findUserReference.setEmail(extractEmail(httpServletRequest));
        findUserReference.setLastLogin(new Date());
        findUserReference.setRoles(extractRoles(str, httpServletRequest));
        logger.debug("Shibboleth user '{}' logged in", str);
        this.userReferenceProvider.updateUserReference(findUserReference);
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public void setUserReferenceProvider(UserReferenceProvider userReferenceProvider) {
        this.userReferenceProvider = userReferenceProvider;
    }

    private String extractName(HttpServletRequest httpServletRequest) {
        return StringUtils.join(new String[]{StringUtils.isBlank(httpServletRequest.getHeader(this.headerGivenName)) ? "" : new String(httpServletRequest.getHeader(this.headerGivenName).getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8), StringUtils.isBlank(httpServletRequest.getHeader(this.headerSurname)) ? "" : new String(httpServletRequest.getHeader(this.headerSurname).getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8)}, " ");
    }

    private String extractEmail(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(this.headerMail);
    }

    private Set<JpaRole> extractRoles(String str, HttpServletRequest httpServletRequest) {
        String header;
        JpaOrganization fromOrganization = fromOrganization(this.securityService.getOrganization());
        HashSet hashSet = new HashSet();
        hashSet.add(new JpaRole(this.roleFederationMember, fromOrganization));
        hashSet.add(new JpaRole(this.roleUserPrefix + str, fromOrganization));
        hashSet.add(new JpaRole(fromOrganization.getAnonymousRole(), fromOrganization));
        if (this.headerHomeOrganization != null) {
            hashSet.add(new JpaRole(this.roleOrganizationPrefix + httpServletRequest.getHeader(this.headerHomeOrganization) + this.roleOrganizationSuffix, fromOrganization));
        }
        if (StringUtils.equals(str, this.bootstrapUserId)) {
            hashSet.add(new JpaRole("ROLE_ADMIN", fromOrganization));
        }
        if (this.headerAffiliation != null && (header = httpServletRequest.getHeader(this.headerAffiliation)) != null) {
            Iterator it = Arrays.asList(header.split(";")).iterator();
            while (it.hasNext()) {
                hashSet.add(new JpaRole(this.roleAffiliationPrefix + ((String) it.next()), fromOrganization));
            }
        }
        return hashSet;
    }

    private JpaOrganization fromOrganization(Organization organization) {
        return organization instanceof JpaOrganization ? (JpaOrganization) organization : new JpaOrganization(organization.getId(), organization.getName(), organization.getServers(), organization.getAdminRole(), organization.getAnonymousRole(), organization.getProperties());
    }

    public Iterator<Role> getRoles() {
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(this.securityService.getOrganization());
        HashSet hashSet = new HashSet();
        hashSet.add(new JaxbRole(this.roleFederationMember, fromOrganization));
        hashSet.add(new JaxbRole(fromOrganization.getAnonymousRole(), fromOrganization));
        return hashSet.iterator();
    }

    public List<Role> getRolesForUser(String str) {
        return Collections.emptyList();
    }

    public String getOrganization() {
        return "*";
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        HashSet hashSet = new HashSet();
        Iterator<Role> roles = getRoles();
        while (roles.hasNext()) {
            Role next = roles.next();
            if (like(next.getName(), str) || like(next.getDescription(), str)) {
                hashSet.add(next);
            }
        }
        return offsetLimitCollection(i, i2, hashSet).iterator();
    }

    private <T> HashSet<T> offsetLimitCollection(int i, int i2, HashSet<T> hashSet) {
        HashSet<T> hashSet2 = new HashSet<>();
        int i3 = CFG_AAI_ENABLED_DEFAULT;
        Iterator<T> it = hashSet.iterator();
        while (it.hasNext()) {
            T next = it.next();
            if (i2 != 0 && hashSet2.size() >= i2) {
                break;
            }
            if (i3 >= i) {
                hashSet2.add(next);
            }
            i3++;
        }
        return hashSet2;
    }

    private boolean like(String str, String str2) {
        return Pattern.compile(str2.replace("_", ".").replace("%", ".*?"), 34).matcher(str).matches();
    }
}
