package org.gluu.oxtrust.action;

import com.google.common.collect.Maps;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.enterprise.context.ConversationScoped;
import javax.faces.application.FacesMessage;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;
import org.gluu.config.oxtrust.AppConfiguration;
import org.gluu.config.oxtrust.AttributeResolverConfiguration;
import org.gluu.config.oxtrust.LdapOxTrustConfiguration;
import org.gluu.config.oxtrust.NameIdConfig;
import org.gluu.jsf2.message.FacesMessages;
import org.gluu.model.GluuAttribute;
import org.gluu.oxtrust.config.ConfigurationFactory;
import org.gluu.oxtrust.ldap.service.AttributeService;
import org.gluu.oxtrust.ldap.service.Shibboleth3ConfService;
import org.gluu.oxtrust.ldap.service.TrustService;
import org.gluu.oxtrust.util.OxTrustConstants;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.service.security.Secure;
import org.slf4j.Logger;

@ConversationScoped
@Secure("#{permissionService.hasPermission('trust', 'access')}")
@Named("configureNameIdAction")
/* loaded from: input_file:org/gluu/oxtrust/action/ConfigureNameIdAction.class */
public class ConfigureNameIdAction implements Serializable {
    private static final long serialVersionUID = -9125609238796284572L;

    @Inject
    private Logger log;

    @Inject
    private AttributeService attributeService;

    @Inject
    private FacesMessages facesMessages;

    @Inject
    private AppConfiguration applicationConfiguration;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private TrustService trustService;

    @Inject
    private Shibboleth3ConfService shibboleth3ConfService;

    @Inject
    private ConfigurationFactory configurationFactory;
    private ArrayList<NameIdConfig> nameIdConfigs;
    private List<GluuAttribute> attributes;
    private Map<String, String> availableNamedIds = new HashMap();
    private Map<String, String> usedNamedIds = new HashMap();

    public List<GluuAttribute> getAttributes() {
        return this.attributes;
    }

    public String init() {
        loadNameIds();
        this.attributes = this.attributeService.getAllAttributes();
        LdapOxTrustConfiguration loadConfigurationFromLdap = this.configurationFactory.loadConfigurationFromLdap("oxTrustConfAttributeResolver");
        if (loadConfigurationFromLdap == null) {
            this.log.error("Failed to load oxTrust configuration");
            return OxTrustConstants.RESULT_FAILURE;
        }
        this.nameIdConfigs = new ArrayList<>();
        AttributeResolverConfiguration attributeResolverConfig = loadConfigurationFromLdap.getAttributeResolverConfig();
        if (attributeResolverConfig == null || attributeResolverConfig.getNameIdConfigs() == null) {
            return OxTrustConstants.RESULT_SUCCESS;
        }
        this.usedNamedIds.clear();
        for (NameIdConfig nameIdConfig : attributeResolverConfig.getNameIdConfigs()) {
            this.nameIdConfigs.add(nameIdConfig);
            this.usedNamedIds.put(nameIdConfig.getNameIdType(), nameIdConfig.getNameIdType());
        }
        return OxTrustConstants.RESULT_SUCCESS;
    }

    private void loadNameIds() {
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName");
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos");
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:2.0:nameid-format:entity", "urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        this.availableNamedIds.put("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    }

    public String save() {
        String saveImpl = saveImpl();
        if (OxTrustConstants.RESULT_SUCCESS.equals(saveImpl)) {
            this.facesMessages.add(FacesMessage.SEVERITY_INFO, "NameId configuration updated successfully");
        } else if (OxTrustConstants.RESULT_FAILURE.equals(saveImpl)) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to update NameId configuration");
        }
        return saveImpl;
    }

    private String saveImpl() {
        AttributeResolverConfiguration attributeResolverConfiguration = new AttributeResolverConfiguration();
        attributeResolverConfiguration.setNameIdConfigs(this.nameIdConfigs);
        try {
            LdapOxTrustConfiguration loadConfigurationFromLdap = this.configurationFactory.loadConfigurationFromLdap(new String[0]);
            loadConfigurationFromLdap.setAttributeResolverConfig(attributeResolverConfiguration);
            loadConfigurationFromLdap.setRevision(loadConfigurationFromLdap.getRevision() + 1);
            this.ldapEntryManager.merge(loadConfigurationFromLdap);
            if (!this.applicationConfiguration.isConfigGeneration()) {
                return OxTrustConstants.RESULT_SUCCESS;
            }
            if (!this.shibboleth3ConfService.generateConfigurationFiles(this.trustService.getAllActiveTrustRelationships())) {
                this.log.error("Failed to update Shibboleth v3 configuration");
                this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to update Shibboleth v3 configuration");
                return OxTrustConstants.RESULT_SUCCESS;
            }
            try {
                CloseableHttpClient build = HttpClients.custom().setDefaultRequestConfig(RequestConfig.custom().setCookieSpec("standard").build()).setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()).build(), new NoopHostnameVerifier())).build();
                HttpGet httpGet = new HttpGet("https://localhost/idp/profile/admin/reload-service?id=shibboleth.NameIdentifierGenerationService");
                httpGet.addHeader("User-Agent", "Mozilla/5.0");
                this.log.info(EntityUtils.toString(build.execute(httpGet).getEntity(), "UTF-8"));
                return OxTrustConstants.RESULT_SUCCESS;
            } catch (Exception e) {
                e.printStackTrace();
                this.log.error("error refreshing nameid setting (kindly restart services manually)", e);
                return OxTrustConstants.RESULT_SUCCESS;
            }
        } catch (Exception e2) {
            this.log.error("Failed to save Attribute Resolver configuration configuration", e2);
            return OxTrustConstants.RESULT_FAILURE;
        }
    }

    public String cancel() {
        this.facesMessages.add(FacesMessage.SEVERITY_INFO, "Saml NameId configuration not updated");
        return OxTrustConstants.RESULT_SUCCESS;
    }

    public ArrayList<NameIdConfig> getNameIdConfigs() {
        return this.nameIdConfigs;
    }

    public void addNameIdConfig() {
        this.nameIdConfigs.add(new NameIdConfig());
    }

    public void removeNameIdConfig(NameIdConfig nameIdConfig) {
        Iterator<NameIdConfig> it = this.nameIdConfigs.iterator();
        while (it.hasNext()) {
            if (System.identityHashCode(nameIdConfig) == System.identityHashCode(it.next())) {
                it.remove();
                return;
            }
        }
    }

    public Map<String, String> getAvailableNamedIds(NameIdConfig nameIdConfig) {
        HashMap newHashMap = Maps.newHashMap(Maps.difference(this.availableNamedIds, this.usedNamedIds).entriesOnlyOnLeft());
        if (nameIdConfig.getNameIdType() != null) {
            newHashMap.put(nameIdConfig.getNameIdType(), nameIdConfig.getNameIdType());
        }
        return newHashMap;
    }

    public void setAvailableNamedIds(Map<String, String> map) {
        this.availableNamedIds = map;
    }

    public Map<String, String> getUsedNamedIds() {
        return this.usedNamedIds;
    }

    public void setUsedNamedIds(Map<String, String> map) {
        this.usedNamedIds = map;
    }
}
