package org.xdi.oxauth.service;

import com.codahale.metrics.Timer;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.faces.context.FacesContext;
import org.apache.commons.lang.StringUtils;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.gluu.site.ldap.persistence.exception.EntryPersistenceException;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.faces.FacesManager;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;
import org.xdi.ldap.model.CustomAttribute;
import org.xdi.ldap.model.CustomEntry;
import org.xdi.ldap.model.GluuStatus;
import org.xdi.model.SimpleProperty;
import org.xdi.model.ldap.GluuLdapConfiguration;
import org.xdi.model.metric.MetricType;
import org.xdi.oxauth.model.common.SessionState;
import org.xdi.oxauth.model.common.SimpleUser;
import org.xdi.oxauth.model.common.User;
import org.xdi.oxauth.model.config.Constants;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.session.OAuthCredentials;
import org.xdi.oxauth.model.session.SessionClient;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.util.StringHelper;

@Name("authenticationService")
@AutoCreate
@Scope(ScopeType.STATELESS)
/* loaded from: input_file:org/xdi/oxauth/service/AuthenticationService.class */
public class AuthenticationService {
    public static final List<String> ALLOWED_PARAMETER = Collections.unmodifiableList(Arrays.asList("scope", "response_type", "client_id", "redirect_uri", "state", "response_mode", "nonce", "display", "prompt", "max_age", "ui_locales", "id_token_hint", "login_hint", "acr_values", SessionStateService.SESSION_STATE_COOKIE_NAME, "request", "request_uri", "origin_headers", "code_challenge", "code_challenge_method"));

    @Logger
    private Log log;

    @In
    private Identity identity;

    @In
    private OAuthCredentials credentials;

    @In(required = false, value = AppInitializer.LDAP_AUTH_CONFIG_NAME)
    private List<GluuLdapConfiguration> ldapAuthConfigs;

    @In
    private LdapEntryManager ldapEntryManager;

    @In(required = true, value = AppInitializer.LDAP_AUTH_ENTRY_MANAGER_NAME)
    private List<LdapEntryManager> ldapAuthEntryManagers;

    @In
    private UserService userService;

    @In
    private ClientService clientService;

    @In
    private SessionStateService sessionStateService;

    @In
    private ExternalAuthenticationService externalAuthenticationService;

    @In
    private SessionState sessionUser;

    @In
    private MetricService metricService;

    public boolean authenticate(String str, String str2) {
        this.log.debug("Authenticating user with LDAP: username: {0}", new Object[]{str});
        Timer.Context time = this.metricService.getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time();
        try {
            boolean localAuthenticate = this.ldapAuthConfigs == null ? localAuthenticate(str, str2) : externalAuthenticate(str, str2);
            SessionState sessionState = this.sessionStateService.getSessionState();
            if (sessionState != null) {
                sessionState.getSessionAttributes().put(Constants.AUTHENTICATED_USER, str);
                this.sessionStateService.updateSessionState(sessionState);
            }
            this.metricService.incCounter(localAuthenticate ? MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS : MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES);
            return localAuthenticate;
        } finally {
            time.stop();
        }
    }

    private boolean localAuthenticate(String str, String str2) {
        User user = this.userService.getUser(str, new String[0]);
        if (user == null || !checkUserStatus(user)) {
            return false;
        }
        boolean authenticate = this.ldapEntryManager.authenticate(user.getDn(), str2);
        if (authenticate) {
            this.credentials.setUser(user);
            updateLastLogonUserTime(user);
        }
        return authenticate;
    }

    private boolean externalAuthenticate(String str, String str2) {
        for (int i = 0; i < this.ldapAuthConfigs.size(); i++) {
            GluuLdapConfiguration gluuLdapConfiguration = this.ldapAuthConfigs.get(i);
            boolean authenticate = authenticate(gluuLdapConfiguration, this.ldapAuthEntryManagers.get(i), str, str2, StringHelper.isNotEmpty(gluuLdapConfiguration.getPrimaryKey()) ? gluuLdapConfiguration.getPrimaryKey() : "uid", StringHelper.isNotEmpty(gluuLdapConfiguration.getLocalPrimaryKey()) ? gluuLdapConfiguration.getLocalPrimaryKey() : "uid");
            if (authenticate) {
                return authenticate;
            }
        }
        return false;
    }

    public boolean authenticate(String str, String str2, String str3, String str4) {
        if (this.ldapAuthConfigs == null) {
            return authenticate(null, this.ldapEntryManager, str, str2, str3, str4);
        }
        boolean z = false;
        Timer.Context time = this.metricService.getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time();
        for (int i = 0; i < this.ldapAuthConfigs.size(); i++) {
            try {
                z = authenticate(this.ldapAuthConfigs.get(i), this.ldapAuthEntryManagers.get(i), str, str2, str3, str4);
                if (z) {
                    break;
                }
            } finally {
                time.stop();
            }
        }
        this.metricService.incCounter(z ? MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS : MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES);
        return z;
    }

    public boolean authenticate(GluuLdapConfiguration gluuLdapConfiguration, LdapEntryManager ldapEntryManager, String str, String str2, String str3, String str4) {
        this.log.debug("Attempting to find userDN by primary key: '{0}' and key value: '{1}'", new Object[]{str3, str});
        List asList = gluuLdapConfiguration == null ? Arrays.asList(this.userService.getDnForUser(null)) : gluuLdapConfiguration.getBaseDNs();
        if (asList == null || asList.isEmpty()) {
            this.log.error("There are no baseDns specified in authentication configuration.", new Object[0]);
            return false;
        }
        for (Object obj : asList) {
            User userByAttribute = getUserByAttribute(ldapEntryManager, obj instanceof SimpleProperty ? ((SimpleProperty) obj).getValue() : obj.toString(), str3, str);
            if (userByAttribute != null) {
                String dn = userByAttribute.getDn();
                this.log.debug("Attempting to authenticate userDN: {0}", new Object[]{dn});
                if (ldapEntryManager.authenticate(dn, str2)) {
                    this.log.debug("User authenticated: {0}", new Object[]{dn});
                    this.log.debug("Attempting to find userDN by local primary key: {0}", new Object[]{str4});
                    User userByAttribute2 = this.userService.getUserByAttribute(str4, str);
                    if (userByAttribute2 != null) {
                        if (!checkUserStatus(userByAttribute2)) {
                            return false;
                        }
                        this.credentials.setUser(userByAttribute2);
                        updateLastLogonUserTime(userByAttribute2);
                        return true;
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    public boolean authenticate(String str) {
        this.log.debug("Authenticating user with LDAP: username: {0}", new Object[]{str});
        boolean z = false;
        Timer.Context time = this.metricService.getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time();
        try {
            User user = this.userService.getUser(str, new String[0]);
            if (user != null && checkUserStatus(user)) {
                this.credentials.setUsername(user.getUserId());
                this.credentials.setUser(user);
                updateLastLogonUserTime(user);
                z = true;
            }
            this.metricService.incCounter(z ? MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS : MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES);
            return z;
        } finally {
            time.stop();
        }
    }

    private User getUserByAttribute(LdapEntryManager ldapEntryManager, String str, String str2, String str3) {
        this.log.debug("Getting user information from LDAP: attributeName = '{0}', attributeValue = '{1}'", new Object[]{str2, str3});
        SimpleUser simpleUser = new SimpleUser();
        simpleUser.setDn(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CustomAttribute(str2, str3));
        simpleUser.setCustomAttributes(arrayList);
        List findEntries = ldapEntryManager.findEntries(simpleUser, 1);
        this.log.debug("Found '{0}' entries", new Object[]{Integer.valueOf(findEntries.size())});
        if (findEntries.size() > 0) {
            return (User) ldapEntryManager.find(User.class, ((SimpleUser) findEntries.get(0)).getDn());
        }
        return null;
    }

    private boolean checkUserStatus(User user) {
        CustomAttribute customAttribute = this.userService.getCustomAttribute(user, "gluuStatus");
        if (customAttribute != null && GluuStatus.ACTIVE.equals(GluuStatus.getByValue(customAttribute.getValue()))) {
            return true;
        }
        this.log.warn("User '{0}' was disabled", new Object[]{user.getUserId()});
        return false;
    }

    private void updateLastLogonUserTime(User user) {
        CustomEntry customEntry = new CustomEntry();
        customEntry.setDn(user.getDn());
        customEntry.getCustomAttributes().add(new CustomAttribute("oxLastLogonTime", new Date()));
        try {
            this.ldapEntryManager.merge(customEntry);
        } catch (EntryPersistenceException e) {
            this.log.error("Failed to update oxLastLoginTime of user '{0}'", new Object[]{user.getUserId()});
        }
    }

    public void configureSessionUser(SessionState sessionState, Map<String, String> map) {
        User user = this.credentials.getUser();
        configureEventUserContext(sessionState == null ? this.sessionStateService.generateAuthenticatedSessionState(user.getDn(), map) : this.sessionStateService.setSessionStateAuthenticated(sessionState, user.getDn()));
    }

    public SessionState configureEventUser() {
        User user = this.credentials.getUser();
        if (user == null) {
            return null;
        }
        SessionState generateAuthenticatedSessionState = this.sessionStateService.generateAuthenticatedSessionState(user.getDn());
        configureEventUserContext(generateAuthenticatedSessionState);
        return generateAuthenticatedSessionState;
    }

    public void configureEventUser(SessionState sessionState) {
        this.sessionStateService.updateSessionState(sessionState);
        configureEventUserContext(sessionState);
    }

    private void configureEventUserContext(SessionState sessionState) {
        this.identity.addRole("user");
        Contexts.getEventContext().set("sessionUser", sessionState);
    }

    public void configureSessionClient(Context context) {
        configureSessionClient(context, this.clientService.getClient(this.credentials.getUsername()));
    }

    public void configureSessionClient(Context context, Client client) {
        this.identity.addRole("client");
        SessionClient sessionClient = new SessionClient();
        sessionClient.setClient(client);
        context.set("sessionClient", sessionClient);
        this.clientService.updatAccessTime(client, true);
    }

    @Observer({Constants.EVENT_OXAUTH_CUSTOM_LOGIN_SUCCESSFUL, "org.jboss.seam.security.loginSuccessful"})
    public void onSuccessfulLogin() {
        this.log.info("Attempting to redirect user. SessionUser: {0}", new Object[]{this.sessionUser});
        if (this.sessionUser == null || StringUtils.isBlank(this.sessionUser.getUserDn())) {
            return;
        }
        User userByDn = this.userService.getUserByDn(this.sessionUser.getUserDn(), new String[0]);
        this.log.info("Attempting to redirect user. User: {0}", new Object[]{userByDn});
        if (userByDn != null) {
            Map<String, String> sessionAttributes = this.sessionUser.getSessionAttributes();
            Map<String, String> allowedParameters = getAllowedParameters(sessionAttributes);
            sessionAttributes.put(SessionStateService.SESSION_STATE_COOKIE_NAME, this.sessionUser.getId());
            this.log.trace("Logged in successfully! User: {0}, page: /authorize.xhtml, map: {1}", new Object[]{userByDn, allowedParameters});
            FacesManager.instance().redirect("/authorize.xhtml", allowedParameters, false);
        }
    }

    public Map<String, String> getAllowedParameters(@Nonnull Map<String, String> map) {
        HashMap hashMap = new HashMap();
        if (!map.isEmpty()) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (ALLOWED_PARAMETER.contains(entry.getKey())) {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
        }
        return hashMap;
    }

    public User getUserOrRemoveSession(SessionState sessionState) {
        if (sessionState == null) {
            return null;
        }
        try {
            if (StringUtils.isNotBlank(sessionState.getUserDn())) {
                User userByDn = this.userService.getUserByDn(sessionState.getUserDn(), new String[0]);
                if (userByDn != null) {
                    return userByDn;
                }
                this.sessionStateService.remove(sessionState);
            } else {
                this.sessionStateService.remove(sessionState);
            }
            return null;
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public String parametersAsString() throws UnsupportedEncodingException {
        return parametersAsString(getParametersMap(null));
    }

    public String parametersAsString(Map<String, String> map) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String value = entry.getValue();
            if (StringUtils.isNotBlank(value)) {
                sb.append(entry.getKey()).append("=").append(URLEncoder.encode(value, "UTF-8")).append("&");
            }
        }
        String sb2 = sb.toString();
        if (sb2.endsWith("&")) {
            sb2 = sb2.substring(0, sb2.length() - 1);
        }
        return sb2;
    }

    public Map<String, String> getParametersMap(List<String> list) {
        return getParametersMap(list, new HashMap(FacesContext.getCurrentInstance().getExternalContext().getRequestParameterMap()));
    }

    public Map<String, String> getParametersMap(List<String> list, Map<String, String> map) {
        ArrayList arrayList = new ArrayList(ALLOWED_PARAMETER);
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                putInMap(map, it.next());
            }
            arrayList.addAll(list);
        }
        Iterator<Map.Entry<String, String>> it2 = map.entrySet().iterator();
        while (it2.hasNext()) {
            if (!arrayList.contains(it2.next().getKey())) {
                it2.remove();
            }
        }
        return map;
    }

    private void putInMap(Map<String, String> map, String str) {
        if (map == null) {
            return;
        }
        map.put(str, getParameterValue(str));
    }

    public String getParameterValue(String str) {
        Object obj = Contexts.getEventContext().get(str);
        if (obj instanceof String) {
            return (String) obj;
        }
        if (obj instanceof Integer) {
            return ((Integer) obj).toString();
        }
        if (obj instanceof Boolean) {
            return ((Boolean) obj).toString();
        }
        return null;
    }

    public boolean isParameterExists(String str) {
        return Contexts.getEventContext().isSet(str);
    }

    public static AuthenticationService instance() {
        return (AuthenticationService) ServerUtil.instance(AuthenticationService.class);
    }
}
