package org.xdi.oxauth.service;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.io.IOUtils;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.annotations.async.Asynchronous;
import org.jboss.seam.async.TimerSchedule;
import org.jboss.seam.core.Events;
import org.jboss.seam.log.Log;
import org.python.core.PyLong;
import org.python.core.PyObject;
import org.xdi.exception.PythonException;
import org.xdi.model.AuthenticationScriptUsageType;
import org.xdi.model.SimpleCustomProperty;
import org.xdi.model.config.CustomAuthenticationConfiguration;
import org.xdi.oxauth.model.ExternalAuthenticatorConfiguration;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.service.python.interfaces.DummyExternalAuthenticatorType;
import org.xdi.oxauth.service.python.interfaces.ExternalAuthenticatorType;
import org.xdi.service.PythonService;
import org.xdi.util.StringHelper;

@Name("externalAuthenticationService")
@AutoCreate
@Scope(ScopeType.APPLICATION)
@Startup(depends = {"appInitializer"})
/* loaded from: input_file:org/xdi/oxauth/service/ExternalAuthenticationService.class */
public class ExternalAuthenticationService implements Serializable {
    private static final long serialVersionUID = -1225880597520443390L;
    private static final String EVENT_TYPE = "ExternalAuthenticationTimerEvent";
    private static final int DEFAULT_INTERVAL = 30;
    private static final ExternalAuthenticatorType DUMMY_AUTHENTICATOR_TYPE = new DummyExternalAuthenticatorType();
    private static final String PYTHON_ENTRY_INTERCEPTOR_TYPE = "ExternalAuthenticator";
    private transient Map<String, ExternalAuthenticatorConfiguration> externalAuthenticatorConfigurations;
    private transient Map<AuthenticationScriptUsageType, List<ExternalAuthenticatorConfiguration>> externalAuthenticatorConfigurationsByUsageType;
    private transient Map<AuthenticationScriptUsageType, ExternalAuthenticatorConfiguration> defaultExternalAuthenticators;

    @Logger
    private Log log;

    @In
    private PythonService pythonService;

    @In
    private LdapCustomAuthenticationConfigurationService ldapCustomAuthenticationConfigurationService;
    private AtomicBoolean isActive;
    private long lastFinishedTime;

    @Observer({"org.jboss.seam.postInitialization"})
    public void init() {
        this.isActive = new AtomicBoolean(false);
        this.lastFinishedTime = System.currentTimeMillis();
        reload();
        Events.instance().raiseTimedEvent(EVENT_TYPE, new TimerSchedule(60000L, 30000L), new Object[0]);
    }

    @Observer({EVENT_TYPE})
    @Asynchronous
    public void reloadTimerEvent() {
        if (this.isActive.get()) {
            return;
        }
        try {
            if (this.isActive.compareAndSet(false, true)) {
                try {
                    reload();
                    this.isActive.set(false);
                    this.lastFinishedTime = System.currentTimeMillis();
                } catch (Throwable th) {
                    this.log.error("Exception happened while reloading custom external authentication configuration", th, new Object[0]);
                    this.isActive.set(false);
                    this.lastFinishedTime = System.currentTimeMillis();
                }
            }
        } catch (Throwable th2) {
            this.isActive.set(false);
            this.lastFinishedTime = System.currentTimeMillis();
            throw th2;
        }
    }

    private void reload() {
        reloadImpl(this.ldapCustomAuthenticationConfigurationService.getCustomAuthenticationConfigurations());
    }

    private void reloadImpl(List<CustomAuthenticationConfiguration> list) {
        this.externalAuthenticatorConfigurations = reloadExternalConfigurations(this.externalAuthenticatorConfigurations, list);
        this.externalAuthenticatorConfigurationsByUsageType = groupExternalAuthenticatorConfigurationsByUsageType(this.externalAuthenticatorConfigurations);
        this.defaultExternalAuthenticators = determineDefaultExternalAuthenticatorConfigurations(this.externalAuthenticatorConfigurations);
    }

    public Map<String, ExternalAuthenticatorConfiguration> reloadExternalConfigurations(Map<String, ExternalAuthenticatorConfiguration> map, List<CustomAuthenticationConfiguration> list) {
        HashMap hashMap = map == null ? new HashMap() : new HashMap(map);
        ArrayList arrayList = new ArrayList();
        for (CustomAuthenticationConfiguration customAuthenticationConfiguration : list) {
            if (customAuthenticationConfiguration.isEnabled()) {
                String lowerCase = StringHelper.toLowerCase(customAuthenticationConfiguration.getName());
                arrayList.add(lowerCase);
                ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration = (ExternalAuthenticatorConfiguration) hashMap.get(lowerCase);
                if (externalAuthenticatorConfiguration == null || externalAuthenticatorConfiguration.getCustomAuthenticationConfiguration().getVersion() != customAuthenticationConfiguration.getVersion()) {
                    HashMap hashMap2 = new HashMap();
                    for (SimpleCustomProperty simpleCustomProperty : customAuthenticationConfiguration.getCustomAuthenticationAttributes()) {
                        hashMap2.put(simpleCustomProperty.getValue1(), simpleCustomProperty);
                    }
                    hashMap.put(lowerCase, new ExternalAuthenticatorConfiguration(customAuthenticationConfiguration, createExternalAuthenticator(customAuthenticationConfiguration, hashMap2), hashMap2));
                }
            }
        }
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            if (!arrayList.contains((String) ((Map.Entry) it.next()).getKey())) {
                it.remove();
            }
        }
        return hashMap;
    }

    public Map<AuthenticationScriptUsageType, List<ExternalAuthenticatorConfiguration>> groupExternalAuthenticatorConfigurationsByUsageType(Map<String, ExternalAuthenticatorConfiguration> map) {
        HashMap hashMap = new HashMap();
        for (AuthenticationScriptUsageType authenticationScriptUsageType : AuthenticationScriptUsageType.values()) {
            ArrayList arrayList = new ArrayList();
            for (ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration : map.values()) {
                if (isValidateUsageType(authenticationScriptUsageType, externalAuthenticatorConfiguration)) {
                    arrayList.add(externalAuthenticatorConfiguration);
                }
            }
            hashMap.put(authenticationScriptUsageType, arrayList);
        }
        return hashMap;
    }

    public Map<AuthenticationScriptUsageType, ExternalAuthenticatorConfiguration> determineDefaultExternalAuthenticatorConfigurations(Map<String, ExternalAuthenticatorConfiguration> map) {
        HashMap hashMap = new HashMap();
        for (AuthenticationScriptUsageType authenticationScriptUsageType : AuthenticationScriptUsageType.values()) {
            ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration = null;
            for (ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration2 : this.externalAuthenticatorConfigurationsByUsageType.get(authenticationScriptUsageType)) {
                if (externalAuthenticatorConfiguration == null || externalAuthenticatorConfiguration.getLevel() >= externalAuthenticatorConfiguration2.getLevel() || (externalAuthenticatorConfiguration.getLevel() == externalAuthenticatorConfiguration2.getLevel() && externalAuthenticatorConfiguration.getPriority() > externalAuthenticatorConfiguration2.getPriority())) {
                    externalAuthenticatorConfiguration = externalAuthenticatorConfiguration2;
                }
            }
            hashMap.put(authenticationScriptUsageType, externalAuthenticatorConfiguration);
        }
        return hashMap;
    }

    public ExternalAuthenticatorType createExternalAuthenticator(CustomAuthenticationConfiguration customAuthenticationConfiguration, Map<String, SimpleCustomProperty> map) {
        try {
            ExternalAuthenticatorType createExternalAuthenticatorFromStringWithPythonException = createExternalAuthenticatorFromStringWithPythonException(customAuthenticationConfiguration, map);
            if (createExternalAuthenticatorFromStringWithPythonException == null) {
                this.log.debug("Using default external authenticator class", new Object[0]);
                createExternalAuthenticatorFromStringWithPythonException = DUMMY_AUTHENTICATOR_TYPE;
            }
            return createExternalAuthenticatorFromStringWithPythonException;
        } catch (PythonException e) {
            this.log.error("Failed to prepare external authenticator", e, new Object[0]);
            return null;
        }
    }

    public boolean executeExternalAuthenticatorIsValidAuthenticationMethod(AuthenticationScriptUsageType authenticationScriptUsageType, ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration) {
        try {
            this.log.debug("Executing python 'isValidAuthenticationMethod' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().isValidAuthenticationMethod(authenticationScriptUsageType, externalAuthenticatorConfiguration.getConfigurationAttributes());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public String executeExternalAuthenticatorGetAlternativeAuthenticationMethod(AuthenticationScriptUsageType authenticationScriptUsageType, ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration) {
        try {
            this.log.debug("Executing python 'getAlternativeAuthenticationMethod' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().getAlternativeAuthenticationMethod(authenticationScriptUsageType, externalAuthenticatorConfiguration.getConfigurationAttributes());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public int executeExternalAuthenticatorGetCountAuthenticationSteps(ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration) {
        try {
            this.log.debug("Executing python 'getCountAuthenticationSteps' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().getCountAuthenticationSteps(externalAuthenticatorConfiguration.getConfigurationAttributes());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return -1;
        }
    }

    public boolean executeExternalAuthenticatorAuthenticate(ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration, Map<String, String[]> map, int i) {
        try {
            this.log.debug("Executing python 'authenticate' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().authenticate(externalAuthenticatorConfiguration.getConfigurationAttributes(), map, i);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public boolean executeExternalAuthenticatorLogout(ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration, Map<String, String[]> map) {
        if (executeExternalAuthenticatorGetApiVersion(externalAuthenticatorConfiguration) <= 2) {
            return true;
        }
        try {
            this.log.debug("Executing python 'logout' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().logout(externalAuthenticatorConfiguration.getConfigurationAttributes(), map);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public boolean executeExternalAuthenticatorPrepareForStep(ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration, Map<String, String[]> map, int i) {
        try {
            this.log.debug("Executing python 'prepareForStep' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().prepareForStep(externalAuthenticatorConfiguration.getConfigurationAttributes(), map, i);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public List<String> executeExternalAuthenticatorGetExtraParametersForStep(ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration, int i) {
        try {
            this.log.debug("Executing python 'getPageForStep' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().getExtraParametersForStep(externalAuthenticatorConfiguration.getConfigurationAttributes(), i);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public String executeExternalAuthenticatorGetPageForStep(ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration, int i) {
        try {
            this.log.debug("Executing python 'getPageForStep' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().getPageForStep(externalAuthenticatorConfiguration.getConfigurationAttributes(), i);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public int executeExternalAuthenticatorGetApiVersion(ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration) {
        try {
            this.log.debug("Executing python 'getApiVersion' authenticator method", new Object[0]);
            return externalAuthenticatorConfiguration.getExternalAuthenticatorType().getApiVersion();
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return -1;
        }
    }

    public ExternalAuthenticatorType createExternalAuthenticatorFromFile() {
        try {
            ExternalAuthenticatorType createExternalAuthenticatorFromFileWithPythonException = createExternalAuthenticatorFromFileWithPythonException();
            if (createExternalAuthenticatorFromFileWithPythonException == null) {
                this.log.debug("Using default external authenticator class", new Object[0]);
                createExternalAuthenticatorFromFileWithPythonException = DUMMY_AUTHENTICATOR_TYPE;
            }
            return createExternalAuthenticatorFromFileWithPythonException;
        } catch (PythonException e) {
            this.log.error("Failed to prepare external authenticator", e, new Object[0]);
            return null;
        }
    }

    public ExternalAuthenticatorType createExternalAuthenticatorFromFileWithPythonException() throws PythonException {
        String property;
        String externalAuthenticatorScriptFileName = ConfigurationFactory.getConfiguration().getExternalAuthenticatorScriptFileName();
        if (StringHelper.isEmpty(externalAuthenticatorScriptFileName) || (property = System.getProperty("catalina.home")) == null) {
            return null;
        }
        ExternalAuthenticatorType externalAuthenticatorType = (ExternalAuthenticatorType) this.pythonService.loadPythonScript(property + File.separator + "conf" + File.separator + "python" + File.separator + externalAuthenticatorScriptFileName, PYTHON_ENTRY_INTERCEPTOR_TYPE, ExternalAuthenticatorType.class, new PyObject[]{new PyLong(System.currentTimeMillis())});
        if (externalAuthenticatorType.init(null)) {
            return externalAuthenticatorType;
        }
        return null;
    }

    public ExternalAuthenticatorType createExternalAuthenticatorFromStringWithPythonException(CustomAuthenticationConfiguration customAuthenticationConfiguration, Map<String, SimpleCustomProperty> map) throws PythonException {
        String customAuthenticationScript = customAuthenticationConfiguration.getCustomAuthenticationScript();
        if (customAuthenticationScript == null) {
            return null;
        }
        ExternalAuthenticatorType externalAuthenticatorType = null;
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(customAuthenticationScript.getBytes("UTF-8"));
                externalAuthenticatorType = (ExternalAuthenticatorType) this.pythonService.loadPythonScript(byteArrayInputStream, PYTHON_ENTRY_INTERCEPTOR_TYPE, ExternalAuthenticatorType.class, new PyObject[]{new PyLong(System.currentTimeMillis())});
                IOUtils.closeQuietly(byteArrayInputStream);
            } catch (UnsupportedEncodingException e) {
                this.log.error(e.getMessage(), e, new Object[0]);
                IOUtils.closeQuietly(byteArrayInputStream);
            }
            if (externalAuthenticatorType == null) {
                return null;
            }
            boolean z = false;
            try {
                z = externalAuthenticatorType.init(map);
            } catch (Exception e2) {
                this.log.error("Failed to initialize custom authenticator", e2, new Object[0]);
            }
            if (z) {
                return externalAuthenticatorType;
            }
            return null;
        } catch (Throwable th) {
            IOUtils.closeQuietly(byteArrayInputStream);
            throw th;
        }
    }

    public boolean isEnabled(AuthenticationScriptUsageType authenticationScriptUsageType) {
        return this.externalAuthenticatorConfigurationsByUsageType.get(authenticationScriptUsageType).size() > 0;
    }

    public ExternalAuthenticatorConfiguration getExternalAuthenticatorByAuthLevel(AuthenticationScriptUsageType authenticationScriptUsageType, int i) {
        ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration = null;
        for (ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration2 : this.externalAuthenticatorConfigurationsByUsageType.get(authenticationScriptUsageType)) {
            if (externalAuthenticatorConfiguration2.getLevel() == i && (externalAuthenticatorConfiguration == null || externalAuthenticatorConfiguration.getPriority() > externalAuthenticatorConfiguration2.getPriority())) {
                externalAuthenticatorConfiguration = externalAuthenticatorConfiguration2;
            }
        }
        return externalAuthenticatorConfiguration;
    }

    public ExternalAuthenticatorConfiguration determineExternalAuthenticatorConfiguration(AuthenticationScriptUsageType authenticationScriptUsageType, int i, String str, String str2) {
        return i == 1 ? StringHelper.isNotEmpty(str2) ? getExternalAuthenticatorConfiguration(authenticationScriptUsageType, str2) : StringHelper.isNotEmpty(str) ? getExternalAuthenticatorByAuthLevel(authenticationScriptUsageType, StringHelper.toInteger(str)) : getDefaultExternalAuthenticator(authenticationScriptUsageType) : getExternalAuthenticatorConfiguration(authenticationScriptUsageType, str2);
    }

    public ExternalAuthenticatorConfiguration determineExternalAuthenticatorForWorkflow(AuthenticationScriptUsageType authenticationScriptUsageType, ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration) {
        if (executeExternalAuthenticatorGetApiVersion(externalAuthenticatorConfiguration) > 2) {
            String name = externalAuthenticatorConfiguration.getName();
            this.log.debug("Validating auth_mode: '{0}'", new Object[]{name});
            if (!executeExternalAuthenticatorIsValidAuthenticationMethod(authenticationScriptUsageType, externalAuthenticatorConfiguration)) {
                this.log.warn("Current auth_mode: '{0}' isn't valid", new Object[]{name});
                String executeExternalAuthenticatorGetAlternativeAuthenticationMethod = executeExternalAuthenticatorGetAlternativeAuthenticationMethod(authenticationScriptUsageType, externalAuthenticatorConfiguration);
                if (StringHelper.isEmpty(executeExternalAuthenticatorGetAlternativeAuthenticationMethod)) {
                    this.log.error("Failed to determine alternative authentication mode for auth_mode: '{0}'", new Object[]{name});
                    return null;
                }
                ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration2 = getExternalAuthenticatorConfiguration(AuthenticationScriptUsageType.INTERACTIVE, executeExternalAuthenticatorGetAlternativeAuthenticationMethod);
                if (externalAuthenticatorConfiguration2 != null) {
                    return externalAuthenticatorConfiguration2;
                }
                this.log.error("Failed to get alternative ExternalAuthenticatorConfiguration '{0}' for auth_mode: '{1}'", new Object[]{executeExternalAuthenticatorGetAlternativeAuthenticationMethod, name});
                return null;
            }
        }
        return externalAuthenticatorConfiguration;
    }

    public ExternalAuthenticatorConfiguration getDefaultExternalAuthenticator(AuthenticationScriptUsageType authenticationScriptUsageType) {
        return this.defaultExternalAuthenticators.get(authenticationScriptUsageType);
    }

    public ExternalAuthenticatorConfiguration getExternalAuthenticatorConfiguration(AuthenticationScriptUsageType authenticationScriptUsageType, String str) {
        for (ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration : this.externalAuthenticatorConfigurationsByUsageType.get(authenticationScriptUsageType)) {
            if (StringHelper.equalsIgnoreCase(str, externalAuthenticatorConfiguration.getName())) {
                return externalAuthenticatorConfiguration;
            }
        }
        return null;
    }

    public ExternalAuthenticatorConfiguration getExternalAuthenticatorConfiguration(String str) {
        for (ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration : this.externalAuthenticatorConfigurations.values()) {
            if (StringHelper.equalsIgnoreCase(str, externalAuthenticatorConfiguration.getName())) {
                return externalAuthenticatorConfiguration;
            }
        }
        return null;
    }

    private boolean isValidateUsageType(AuthenticationScriptUsageType authenticationScriptUsageType, ExternalAuthenticatorConfiguration externalAuthenticatorConfiguration) {
        if (externalAuthenticatorConfiguration == null) {
            return false;
        }
        AuthenticationScriptUsageType usageType = externalAuthenticatorConfiguration.getCustomAuthenticationConfiguration().getUsageType();
        if (usageType == null) {
            usageType = AuthenticationScriptUsageType.INTERACTIVE;
        }
        if (AuthenticationScriptUsageType.BOTH.equals(usageType)) {
            return true;
        }
        if (AuthenticationScriptUsageType.INTERACTIVE.equals(authenticationScriptUsageType) && AuthenticationScriptUsageType.INTERACTIVE.equals(usageType)) {
            return true;
        }
        if (AuthenticationScriptUsageType.SERVICE.equals(authenticationScriptUsageType) && AuthenticationScriptUsageType.SERVICE.equals(usageType)) {
            return true;
        }
        return AuthenticationScriptUsageType.LOGOUT.equals(authenticationScriptUsageType) && AuthenticationScriptUsageType.LOGOUT.equals(usageType);
    }
}
