package org.xdi.oxauth.service;

import com.codahale.metrics.Timer;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ejb.Stateless;
import javax.faces.context.ExternalContext;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.gluu.jsf2.service.FacesService;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.gluu.site.ldap.persistence.exception.EntryPersistenceException;
import org.slf4j.Logger;
import org.xdi.ldap.model.CustomAttribute;
import org.xdi.ldap.model.CustomEntry;
import org.xdi.ldap.model.GluuStatus;
import org.xdi.model.SimpleProperty;
import org.xdi.model.ldap.GluuLdapConfiguration;
import org.xdi.model.metric.MetricType;
import org.xdi.model.security.Credentials;
import org.xdi.model.security.SimplePrincipal;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.common.SimpleUser;
import org.xdi.oxauth.model.common.User;
import org.xdi.oxauth.model.config.Constants;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.session.SessionClient;
import org.xdi.oxauth.security.Identity;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.util.StringHelper;

@Stateless
@Named
/* loaded from: input_file:org/xdi/oxauth/service/AuthenticationService.class */
public class AuthenticationService {
    private static final String EVENT_CONTEXT_AUTHENTICATED_USER = "authenticatedUser";

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private Identity identity;

    @Inject
    private Credentials credentials;

    @Inject
    @Named(AppInitializer.LDAP_AUTH_CONFIG_NAME)
    private List<GluuLdapConfiguration> ldapAuthConfigs;

    @Inject
    private LdapEntryManager ldapEntryManager;

    @Inject
    @Named(AppInitializer.LDAP_AUTH_ENTRY_MANAGER_NAME)
    private List<LdapEntryManager> ldapAuthEntryManagers;

    @Inject
    private UserService userService;

    @Inject
    private ClientService clientService;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private ExternalAuthenticationService externalAuthenticationService;

    @Inject
    private MetricService metricService;

    @Inject
    private ExternalContext externalContext;

    @Inject
    private FacesService facesService;

    @Inject
    private RequestParameterService requestParameterService;

    public boolean authenticate(String str, String str2) {
        this.log.debug("Authenticating user with LDAP: username: '{}', credentials: '{}'", str, Integer.valueOf(System.identityHashCode(this.credentials)));
        Timer.Context time = this.metricService.getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time();
        try {
            boolean localAuthenticate = (this.ldapAuthConfigs == null || this.ldapAuthConfigs.size() == 0) ? localAuthenticate(str, str2) : externalAuthenticate(str, str2);
            String str3 = str;
            if (this.identity.getUser() != null && StringHelper.isNotEmpty(this.identity.getUser().getUserId())) {
                str3 = this.identity.getUser().getUserId();
            }
            setAuthenticatedUserSessionAttribute(str3, localAuthenticate);
            this.metricService.incCounter(localAuthenticate ? MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS : MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES);
            return localAuthenticate;
        } finally {
            time.stop();
        }
    }

    private void setAuthenticatedUserSessionAttribute(String str, boolean z) {
        SessionId sessionId = this.sessionIdService.getSessionId();
        if (sessionId != null) {
            Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
            if (z) {
                sessionAttributes.put(Constants.AUTHENTICATED_USER, str);
            }
            this.sessionIdService.updateSessionIdIfNeeded(sessionId, z);
        }
    }

    private boolean localAuthenticate(String str, String str2) {
        User user = this.userService.getUser(str, new String[0]);
        if (user == null || !checkUserStatus(user)) {
            return false;
        }
        boolean authenticate = this.ldapEntryManager.authenticate(user.getDn(), str2);
        if (authenticate) {
            configureAuthenticatedUser(user);
            updateLastLogonUserTime(user);
            this.log.trace("Authenticate: credentials: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", new Object[]{Integer.valueOf(System.identityHashCode(this.credentials)), this.credentials.getUsername(), getAuthenticatedUserId()});
        }
        return authenticate;
    }

    private boolean externalAuthenticate(String str, String str2) {
        for (int i = 0; i < this.ldapAuthConfigs.size(); i++) {
            GluuLdapConfiguration gluuLdapConfiguration = this.ldapAuthConfigs.get(i);
            boolean authenticate = authenticate(gluuLdapConfiguration, this.ldapAuthEntryManagers.get(i), str, str2, StringHelper.isNotEmpty(gluuLdapConfiguration.getPrimaryKey()) ? gluuLdapConfiguration.getPrimaryKey() : "uid", StringHelper.isNotEmpty(gluuLdapConfiguration.getLocalPrimaryKey()) ? gluuLdapConfiguration.getLocalPrimaryKey() : "uid");
            if (authenticate) {
                return authenticate;
            }
        }
        return false;
    }

    public boolean authenticate(String str, String str2, String str3, String str4) {
        if (this.ldapAuthConfigs == null) {
            return authenticate(null, this.ldapEntryManager, str, str2, str3, str4);
        }
        boolean z = false;
        Timer.Context time = this.metricService.getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time();
        for (int i = 0; i < this.ldapAuthConfigs.size(); i++) {
            try {
                z = authenticate(this.ldapAuthConfigs.get(i), this.ldapAuthEntryManagers.get(i), str, str2, str3, str4);
                if (z) {
                    break;
                }
            } finally {
                time.stop();
            }
        }
        this.metricService.incCounter(z ? MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS : MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES);
        return z;
    }

    public boolean authenticate(GluuLdapConfiguration gluuLdapConfiguration, LdapEntryManager ldapEntryManager, String str, String str2, String str3, String str4) {
        this.log.debug("Attempting to find userDN by primary key: '{}' and key value: '{}', credentials: '{}'", new Object[]{str3, str, Integer.valueOf(System.identityHashCode(this.credentials))});
        try {
            List asList = gluuLdapConfiguration == null ? Arrays.asList(this.userService.getDnForUser(null)) : gluuLdapConfiguration.getBaseDNs();
            if (asList == null || asList.isEmpty()) {
                this.log.error("There are no baseDns specified in authentication configuration.");
            } else {
                for (Object obj : asList) {
                    User userByAttribute = getUserByAttribute(ldapEntryManager, obj instanceof SimpleProperty ? ((SimpleProperty) obj).getValue() : obj.toString(), str3, str);
                    if (userByAttribute != null) {
                        String dn = userByAttribute.getDn();
                        this.log.debug("Attempting to authenticate userDN: {}", dn);
                        if (ldapEntryManager.authenticate(dn, str2)) {
                            this.log.debug("User authenticated: {}", dn);
                            this.log.debug("Attempting to find userDN by local primary key: {}", str4);
                            User userByAttribute2 = this.userService.getUserByAttribute(str4, str);
                            if (userByAttribute2 != null) {
                                if (!checkUserStatus(userByAttribute2)) {
                                    return false;
                                }
                                configureAuthenticatedUser(userByAttribute2);
                                updateLastLogonUserTime(userByAttribute2);
                                this.log.trace("authenticate_external: credentials: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", new Object[]{Integer.valueOf(System.identityHashCode(this.credentials)), this.credentials.getUsername(), getAuthenticatedUserId()});
                                return true;
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            return false;
        } catch (Exception e) {
            this.log.error(e.getMessage());
            return false;
        }
    }

    public boolean authenticate(String str) {
        this.log.debug("Authenticating user with LDAP: username: '{}', credentials: '{}'", str, Integer.valueOf(System.identityHashCode(this.credentials)));
        boolean z = false;
        Timer.Context time = this.metricService.getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time();
        try {
            User user = this.userService.getUser(str, new String[0]);
            if (user != null && checkUserStatus(user)) {
                this.credentials.setUsername(user.getUserId());
                configureAuthenticatedUser(user);
                updateLastLogonUserTime(user);
                this.log.trace("Authenticate: credentials: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", new Object[]{Integer.valueOf(System.identityHashCode(this.credentials)), this.credentials.getUsername(), getAuthenticatedUserId()});
                z = true;
            }
            setAuthenticatedUserSessionAttribute(str, z);
            this.metricService.incCounter(z ? MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS : MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES);
            return z;
        } finally {
            time.stop();
        }
    }

    private User getUserByAttribute(LdapEntryManager ldapEntryManager, String str, String str2, String str3) {
        this.log.debug("Getting user information from LDAP: attributeName = '{}', attributeValue = '{}'", str2, str3);
        if (StringHelper.isEmpty(str3)) {
            return null;
        }
        SimpleUser simpleUser = new SimpleUser();
        simpleUser.setDn(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CustomAttribute(str2, str3));
        simpleUser.setCustomAttributes(arrayList);
        this.log.debug("Searching user by attributes: '{}', baseDn: '{}'", arrayList, str);
        List findEntries = ldapEntryManager.findEntries(simpleUser, 1);
        this.log.debug("Found '{}' entries", Integer.valueOf(findEntries.size()));
        if (findEntries.size() > 0) {
            return (User) ldapEntryManager.find(User.class, ((SimpleUser) findEntries.get(0)).getDn());
        }
        return null;
    }

    private boolean checkUserStatus(User user) {
        CustomAttribute customAttribute = this.userService.getCustomAttribute(user, "gluuStatus");
        if (customAttribute != null && GluuStatus.ACTIVE.equals(GluuStatus.getByValue(customAttribute.getValue()))) {
            return true;
        }
        this.log.warn("User '{}' was disabled", user.getUserId());
        return false;
    }

    private void updateLastLogonUserTime(User user) {
        if (this.appConfiguration.getUpdateUserLastLogonTime().booleanValue()) {
            CustomEntry customEntry = new CustomEntry();
            customEntry.setDn(user.getDn());
            List personCustomObjectClassList = this.appConfiguration.getPersonCustomObjectClassList();
            if (personCustomObjectClassList == null || personCustomObjectClassList.isEmpty()) {
                customEntry.setCustomObjectClasses(UserService.USER_OBJECT_CLASSES);
            } else {
                customEntry.setCustomObjectClasses((String[]) personCustomObjectClassList.toArray(new String[personCustomObjectClassList.size()]));
            }
            customEntry.getCustomAttributes().add(new CustomAttribute("oxLastLogonTime", new Date()));
            try {
                this.ldapEntryManager.merge(customEntry);
            } catch (EntryPersistenceException e) {
                this.log.error("Failed to update oxLastLogonTime of user '{}'", user.getUserId());
            }
        }
    }

    public SessionId configureSessionUser(SessionId sessionId, Map<String, String> map) {
        SessionId sessionIdStateAuthenticated;
        this.log.trace("configureSessionUser: credentials: '{}', sessionId: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", new Object[]{Integer.valueOf(System.identityHashCode(this.credentials)), sessionId, this.credentials.getUsername(), getAuthenticatedUserId()});
        User authenticatedUser = getAuthenticatedUser();
        if (sessionId == null) {
            sessionIdStateAuthenticated = this.sessionIdService.generateAuthenticatedSessionId(authenticatedUser.getDn(), map);
        } else {
            this.log.trace("configureSessionUser sessionId: '{}', sessionId.auth_user: '{}'", sessionId, map.get(Constants.AUTHENTICATED_USER));
            sessionIdStateAuthenticated = this.sessionIdService.setSessionIdStateAuthenticated(sessionId, authenticatedUser.getDn());
        }
        this.identity.setSessionId(sessionId);
        return sessionIdStateAuthenticated;
    }

    public SessionId configureEventUser() {
        User authenticatedUser = getAuthenticatedUser();
        if (authenticatedUser == null) {
            return null;
        }
        this.log.debug("ConfigureEventUser: username: '{}', credentials: '{}'", authenticatedUser.getUserId(), Integer.valueOf(System.identityHashCode(this.credentials)));
        SessionId generateAuthenticatedSessionId = this.sessionIdService.generateAuthenticatedSessionId(authenticatedUser.getDn());
        this.identity.setSessionId(generateAuthenticatedSessionId);
        return generateAuthenticatedSessionId;
    }

    public void configureEventUser(SessionId sessionId) {
        this.sessionIdService.updateSessionId(sessionId);
        this.identity.setSessionId(sessionId);
    }

    public void quietLogin(String str) {
        this.identity.acceptExternallyAuthenticatedPrincipal(new SimplePrincipal(str));
        this.identity.quietLogin();
    }

    private void configureAuthenticatedUser(User user) {
        this.identity.setUser(user);
    }

    public User getAuthenticatedUser() {
        if (this.identity.getUser() != null) {
            return this.identity.getUser();
        }
        SessionId sessionId = this.sessionIdService.getSessionId();
        if (sessionId == null) {
            return null;
        }
        String str = sessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
        if (!StringHelper.isNotEmpty(str)) {
            return null;
        }
        User user = this.userService.getUser(str, new String[0]);
        this.identity.setUser(user);
        return user;
    }

    public String getAuthenticatedUserId() {
        User authenticatedUser = getAuthenticatedUser();
        if (authenticatedUser != null) {
            return authenticatedUser.getUserId();
        }
        return null;
    }

    public Client configureSessionClient() {
        String username = this.credentials.getUsername();
        this.log.debug("ConfigureSessionClient: username: '{}', credentials: '{}'", username, Integer.valueOf(System.identityHashCode(this.credentials)));
        Client client = this.clientService.getClient(username);
        configureSessionClient(client);
        return client;
    }

    public void configureSessionClient(Client client) {
        SessionClient sessionClient = new SessionClient();
        sessionClient.setClient(client);
        this.identity.setSessionClient(sessionClient);
        this.clientService.updatAccessTime(client, true);
    }

    public void onSuccessfulLogin(SessionId sessionId) {
        this.log.info("Attempting to redirect user: SessionUser: {}", sessionId);
        if (sessionId == null || StringUtils.isBlank(sessionId.getUserDn())) {
            return;
        }
        User userByDn = this.userService.getUserByDn(sessionId.getUserDn(), new String[0]);
        this.log.info("Attempting to redirect user: User: {}", userByDn);
        if (userByDn != null) {
            Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
            Map<String, String> allowedParameters = this.requestParameterService.getAllowedParameters(sessionAttributes);
            sessionAttributes.put(SessionIdService.SESSION_ID_COOKIE_NAME, sessionId.getId());
            this.log.trace("Logged in successfully! User: {}, page: /authorize.xhtml, map: {}", userByDn, allowedParameters);
            this.facesService.redirect("/authorize.xhtml", allowedParameters);
        }
    }

    public User getUserOrRemoveSession(SessionId sessionId) {
        if (sessionId == null) {
            return null;
        }
        try {
            if (StringUtils.isNotBlank(sessionId.getUserDn())) {
                User userByDn = this.userService.getUserByDn(sessionId.getUserDn(), new String[0]);
                if (userByDn != null) {
                    return userByDn;
                }
                this.sessionIdService.remove(sessionId);
            } else {
                this.sessionIdService.remove(sessionId);
            }
            return null;
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
            return null;
        }
    }

    public String parametersAsString() throws UnsupportedEncodingException {
        return this.requestParameterService.parametersAsString(getParametersMap(null));
    }

    public Map<String, String> getParametersMap(List<String> list) {
        return this.requestParameterService.getParametersMap(list, new HashMap(this.externalContext.getRequestParameterMap()));
    }

    public boolean isParameterExists(String str) {
        return this.identity.isSetWorkingParameter(str);
    }
}
