package org.xdi.oxauth.service;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.faces.context.FacesContext;
import org.apache.commons.lang.StringUtils;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.gluu.site.ldap.persistence.exception.EntryPersistenceException;
import org.hibernate.annotations.common.util.StringHelper;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;
import org.xdi.ldap.model.CustomEntry;
import org.xdi.ldap.model.GluuStatus;
import org.xdi.model.SimpleProperty;
import org.xdi.model.ldap.GluuLdapConfiguration;
import org.xdi.oxauth.authorize.ws.rs.AuthorizeAction;
import org.xdi.oxauth.model.common.CustomAttribute;
import org.xdi.oxauth.model.common.Prompt;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.common.SimpleUser;
import org.xdi.oxauth.model.common.User;
import org.xdi.oxauth.model.session.OAuthCredentials;
import org.xdi.oxauth.util.ServerUtil;

@Name("authenticationService")
@AutoCreate
@Scope(ScopeType.STATELESS)
/* loaded from: input_file:org/xdi/oxauth/service/AuthenticationService.class */
public class AuthenticationService {
    private static final String STORED_REQUEST_PARAMETERS = "stored_request_parameters";

    @Logger
    private Log log;

    @In
    private Identity identity;

    @In
    private OAuthCredentials credentials;

    @In(required = false, value = AppInitializer.LDAP_AUTH_CONFIG_NAME)
    private GluuLdapConfiguration ldapAuthConfig;

    @In
    private LdapEntryManager ldapEntryManager;

    @In
    private LdapEntryManager ldapAuthEntryManager;

    @In
    private UserService userService;

    @In
    private SessionIdService sessionIdService;

    public boolean authenticate(String str, String str2) {
        this.log.debug("Authenticating user with LDAP: username: {0}", new Object[]{str});
        if (this.ldapAuthConfig != null) {
            return authenticate(str, str2, StringHelper.isNotEmpty(this.ldapAuthConfig.getPrimaryKey()) ? this.ldapAuthConfig.getPrimaryKey() : "uid", StringHelper.isNotEmpty(this.ldapAuthConfig.getLocalPrimaryKey()) ? this.ldapAuthConfig.getLocalPrimaryKey() : "uid");
        }
        User user = this.userService.getUser(str);
        if (user == null || !checkUserStatus(user)) {
            return false;
        }
        boolean authenticate = this.ldapAuthEntryManager.authenticate(user.getDn(), str2);
        if (authenticate) {
            this.credentials.setUser(user);
            updateLastLogonUserTime(user);
        }
        return authenticate;
    }

    public boolean authenticate(String str, String str2, String str3, String str4) {
        this.log.debug("Attempting to find userDN by primary key: '{0}' and key value: '{1}'", new Object[]{str3, str});
        List asList = this.ldapAuthConfig == null ? Arrays.asList(new SimpleProperty(this.userService.getDnForUser(null))) : this.ldapAuthConfig.getBaseDNs();
        if (asList == null || asList.isEmpty()) {
            this.log.error("There are no baseDns specified in authentication configuration.", new Object[0]);
            return false;
        }
        Iterator it = asList.iterator();
        while (it.hasNext()) {
            User userByAttribute = getUserByAttribute(((SimpleProperty) it.next()).getValue(), str3, str);
            if (userByAttribute != null) {
                String dn = userByAttribute.getDn();
                this.log.debug("Attempting to authenticate userDN: {0}", new Object[]{dn});
                if (this.ldapAuthEntryManager.authenticate(dn, str2)) {
                    this.log.debug("User authenticated: {0}", new Object[]{dn});
                    this.log.debug("Attempting to find userDN by local primary key: {0}", new Object[]{str4});
                    User userByAttribute2 = this.userService.getUserByAttribute(str4, str);
                    if (userByAttribute2 != null) {
                        if (!checkUserStatus(userByAttribute2)) {
                            return false;
                        }
                        this.credentials.setUser(userByAttribute2);
                        updateLastLogonUserTime(userByAttribute2);
                        return true;
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    public boolean authenticate(String str) {
        this.log.debug("Authenticating user with LDAP: username: {0}", new Object[]{str});
        User user = this.userService.getUser(str);
        if (user == null || !checkUserStatus(user)) {
            return false;
        }
        this.credentials.setUsername(user.getUserId());
        this.credentials.setUser(user);
        updateLastLogonUserTime(user);
        return true;
    }

    public User getUserByAttribute(String str, String str2, String str3) {
        this.log.debug("Getting user information from LDAP: attributeName = '{0}', attributeValue = '{1}'", new Object[]{str2, str3});
        SimpleUser simpleUser = new SimpleUser();
        simpleUser.setDn(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CustomAttribute(str2, str3));
        simpleUser.setCustomAttributes(arrayList);
        List findEntries = this.ldapAuthEntryManager.findEntries(simpleUser, 1);
        this.log.debug("Found '{0}' entries", new Object[]{Integer.valueOf(findEntries.size())});
        if (findEntries.size() > 0) {
            return (User) this.ldapAuthEntryManager.find(User.class, ((SimpleUser) findEntries.get(0)).getDn());
        }
        return null;
    }

    private boolean checkUserStatus(User user) {
        CustomAttribute customAttribute = this.userService.getCustomAttribute(user, "gluuStatus");
        if (customAttribute != null && !GluuStatus.INACTIVE.equals(GluuStatus.getByValue(customAttribute.getValue()))) {
            return true;
        }
        this.log.warn("User '{0}' was disabled", new Object[]{user.getUserId()});
        return false;
    }

    private void updateLastLogonUserTime(User user) {
        CustomEntry customEntry = new CustomEntry();
        customEntry.setDn(user.getDn());
        customEntry.getCustomAttributes().add(new org.xdi.ldap.model.CustomAttribute("oxLastLogonTime", new Date()));
        try {
            this.ldapEntryManager.merge(customEntry);
        } catch (EntryPersistenceException e) {
            this.log.error("Failed to update oxLastLoginTime of user '{0}'", new Object[]{user.getUserId()});
        }
    }

    public String parametersAsString() throws UnsupportedEncodingException {
        return parametersAsString(getParametersMap(null));
    }

    public String parametersAsString(Map<String, String> map) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String value = entry.getValue();
            if (StringUtils.isNotBlank(value)) {
                sb.append(entry.getKey()).append("=").append(URLEncoder.encode(value, "UTF-8")).append("&");
            }
        }
        String sb2 = sb.toString();
        if (sb2.endsWith("&")) {
            sb2 = sb2.substring(0, sb2.length() - 1);
        }
        return sb2;
    }

    public Map<String, String> getParametersMap(List<String> list) {
        return getParametersMap(list, new HashMap(FacesContext.getCurrentInstance().getExternalContext().getRequestParameterMap()));
    }

    public Map<String, String> getParametersMap(List<String> list, Map<String, String> map) {
        ArrayList arrayList = new ArrayList(AuthorizeAction.ALLOWED_PARAMETER);
        arrayList.addAll(Arrays.asList("auth_mode", "auth_level", "auth_step"));
        putInMap(map, "auth_mode");
        putInMap(map, "auth_level");
        putInMap(map, "auth_step");
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                putInMap(map, it.next());
            }
            arrayList.addAll(list);
        }
        Iterator<Map.Entry<String, String>> it2 = map.entrySet().iterator();
        while (it2.hasNext()) {
            if (!arrayList.contains(it2.next().getKey())) {
                it2.remove();
            }
        }
        return map;
    }

    private static void putInMap(Map<String, String> map, String str) {
        if (map == null) {
            return;
        }
        Object obj = Contexts.getEventContext().get(str);
        if (obj instanceof String) {
            map.put(str, (String) obj);
        } else if (obj instanceof Boolean) {
            map.put(str, ((Boolean) obj).toString());
        }
    }

    public void configureEventUser(boolean z) {
        User user = this.credentials.getUser();
        if (user != null) {
            configureEventUser(user, z);
        }
    }

    public void configureEventUser(User user, boolean z) {
        ArrayList arrayList = new ArrayList();
        if (!z) {
            arrayList.add(Prompt.NONE);
        }
        SessionId generateSessionId = this.sessionIdService.generateSessionId(user.getDn(), arrayList);
        generateSessionId.setAuthenticationTime(new Date());
        configureEventUser(generateSessionId, arrayList);
    }

    public void configureEventUser(SessionId sessionId, List<Prompt> list) {
        this.identity.addRole("user");
        this.sessionIdService.updateSessionWithLastUsedDate(sessionId, list);
        Contexts.getEventContext().set("sessionUser", sessionId);
    }

    public void storeRequestParametersInSession() {
        Contexts.getSessionContext().set(STORED_REQUEST_PARAMETERS, getParametersMap(null));
    }

    public Map<String, String> restoreRequestParametersFromSession() {
        Context eventContext = Contexts.getEventContext();
        Context sessionContext = Contexts.getSessionContext();
        if (!sessionContext.isSet(STORED_REQUEST_PARAMETERS)) {
            return null;
        }
        Map<String, String> map = (Map) sessionContext.get(STORED_REQUEST_PARAMETERS);
        sessionContext.remove(STORED_REQUEST_PARAMETERS);
        eventContext.set(STORED_REQUEST_PARAMETERS, map);
        return map;
    }

    public static AuthenticationService instance() {
        return (AuthenticationService) ServerUtil.instance(AuthenticationService.class);
    }
}
