package org.gluu.oxtrust.ws.rs.scim;

import java.net.URI;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.codehaus.jackson.map.ObjectMapper;
import org.gluu.oxtrust.ldap.service.IPersonService;
import org.gluu.oxtrust.ldap.service.PersonService;
import org.gluu.oxtrust.ldap.service.SecurityService;
import org.gluu.oxtrust.model.GluuCustomPerson;
import org.gluu.oxtrust.model.oxchooser.ForwardedRequest;
import org.gluu.oxtrust.model.oxchooser.IdentityRequest;
import org.gluu.oxtrust.model.oxchooser.IdentityResponse;
import org.gluu.oxtrust.model.oxchooser.InitialID;
import org.gluu.oxtrust.model.oxchooser.OxChooserError;
import org.gluu.oxtrust.model.scim.ScimPerson;
import org.gluu.oxtrust.util.CopyUtils;
import org.gluu.oxtrust.util.OxTrustConstants;
import org.gluu.oxtrust.util.Utils;
import org.gluu.site.ldap.persistence.exception.EntryPersistenceException;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;
import org.openid4java.association.AssociationException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.xdi.model.GluuUserRole;

@Name("oxChooserWebService")
@Path("/scim/v1/Chooser")
/* loaded from: input_file:org/gluu/oxtrust/ws/rs/scim/OxChooserWebService.class */
public class OxChooserWebService extends BaseScimWebService {

    @Logger
    private Log log;

    @In
    private IPersonService personService;

    @In
    private SecurityService securityService;

    @In
    Identity identity;
    private static ConsumerManager manager = new ConsumerManager();

    @GET
    @Path("/Request")
    @Consumes({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    @POST
    @Produces({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    public Response requestHandler(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @QueryParam("idRequest") String str) throws Exception {
        try {
            try {
                IdentityRequest identityRequest = (IdentityRequest) jsonToObject(Base64.decodeBase64(str), IdentityRequest.class);
                this.log.debug("openid_identifier_operation : ", new Object[]{identityRequest.getIdentifier()});
                this.log.debug("instantiating manager", new Object[0]);
                this.log.debug("manager instantiated ", new Object[0]);
                String returnToUrl = identityRequest.getReturnToUrl();
                this.log.debug("getting list of discoveries", new Object[0]);
                List discover = manager.discover(identityRequest.getIdentifier());
                this.log.debug("retrieving descovered", new Object[0]);
                DiscoveryInformation associate = manager.associate(discover);
                this.log.debug("saving request", new Object[0]);
                httpServletRequest.getSession().setAttribute("openid-disc", associate);
                this.log.debug("instantiating AuthRequest", new Object[0]);
                AuthRequest authenticate = manager.authenticate(associate, returnToUrl, identityRequest.getRealm());
                FetchRequest createFetchRequest = FetchRequest.createFetchRequest();
                if (identityRequest.getAxschema().contains("axschema")) {
                    createFetchRequest.addAttribute("nickname", "http://axschema.org/namePerson/friendly", true);
                    createFetchRequest.addAttribute("fullname", "http://axschema.org/namePerson", true);
                    createFetchRequest.addAttribute("email", "http://axschema.org/contact/email", true);
                    createFetchRequest.addAttribute("gender", "http://axschema.org/person/gender", true);
                    createFetchRequest.addAttribute("language", "http://axschema.org/pref/language", true);
                    createFetchRequest.addAttribute("timezone", "http://axschema.org/pref/timezone", true);
                    createFetchRequest.addAttribute("image", "http://axschema.org/media/image/default", true);
                } else {
                    createFetchRequest.addAttribute("firstname", "http://schema.openid.net/namePerson/first", true);
                    createFetchRequest.addAttribute("lastname", "http://schema.openid.net/namePerson/last", true);
                    createFetchRequest.addAttribute("email", "http://schema.openid.net/contact/email", true);
                    createFetchRequest.addAttribute("country", "http://axschema.org/contact/country/home", true);
                    createFetchRequest.addAttribute("language", "http://axschema.org/pref/language", true);
                }
                this.log.debug("adding fetch data", new Object[0]);
                authenticate.addExtension(createFetchRequest);
                this.log.debug("redirecting", new Object[0]);
                httpServletResponse.sendRedirect(authenticate.getDestinationUrl(true));
                this.log.debug("reterning build", new Object[0]);
                Response build = Response.ok().build();
                this.identity.logout();
                return build;
            } catch (ConsumerException e) {
                this.log.debug("Error occured : ", new Object[]{e.getMessage(), " ", e.getCause()});
                OxChooserError oxChooserError = new OxChooserError();
                oxChooserError.setDescription("An Error occured , request didnt go through.");
                Response build2 = Response.status(400).entity(oxChooserError).build();
                this.identity.logout();
                return build2;
            }
        } catch (Throwable th) {
            this.identity.logout();
            throw th;
        }
    }

    @GET
    @Path("/Response")
    @Consumes({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    @POST
    @Produces({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    public Response responseHandler(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, ForwardedRequest forwardedRequest) throws ConsumerException {
        try {
            try {
                this.log.debug("instantiating a ParameterList ", new Object[0]);
                ParameterList parameterList = new ParameterList(forwardedRequest.getParameterMap());
                this.log.debug("getting DiscoveryInformation ", new Object[0]);
                DiscoveryInformation discoveryInformation = (DiscoveryInformation) httpServletRequest.getSession().getAttribute("openid-disc");
                this.log.debug("getting StringBuffer ", new Object[0]);
                StringBuffer requestURL = forwardedRequest.getRequestURL();
                this.log.debug("getting QueryString ", new Object[0]);
                String queryString = forwardedRequest.getQueryString();
                if (queryString != null && queryString.length() > 0) {
                    this.log.debug("getting receivingURL ", new Object[0]);
                }
                requestURL.append("?").append(forwardedRequest.getQueryString());
                this.log.debug("getting VerificationResult ", new Object[0]);
                VerificationResult verify = manager.verify(requestURL.toString(), parameterList, discoveryInformation);
                this.log.debug("getting VerificationResult ", new Object[0]);
                Identifier verifiedId = verify.getVerifiedId();
                this.log.debug(" VerificationResult retrieved ", new Object[0]);
                if (verifiedId == null) {
                    this.identity.logout();
                    return errorResponse("An Error occured , please check your request.");
                }
                this.log.debug("verified != null", new Object[0]);
                AuthSuccess authResponse = verify.getAuthResponse();
                if (!authResponse.hasExtension("http://openid.net/srv/ax/1.0")) {
                    Response errorResponse = errorResponse("Could not get fetched attributes");
                    this.identity.logout();
                    return errorResponse;
                }
                this.log.debug("getting FetchResponse", new Object[0]);
                FetchResponse extension = authResponse.getExtension("http://openid.net/srv/ax/1.0");
                this.log.debug("getting emails", new Object[0]);
                List attributeValues = extension.getAttributeValues("email");
                this.log.debug("getting FirstName", new Object[0]);
                String attributeValue = extension.getAttributeValue("firstname");
                this.log.debug("getting LastName", new Object[0]);
                String attributeValue2 = extension.getAttributeValue("lastname");
                this.log.debug("getting one Email", new Object[0]);
                String str = (String) attributeValues.get(0);
                this.log.debug("email : ", new Object[]{str});
                String attributeValue3 = extension.getAttributeValue("nickname");
                String attributeValue4 = extension.getAttributeValue("image");
                String attributeValue5 = extension.getAttributeValue("language");
                String attributeValue6 = extension.getAttributeValue("country");
                String attributeValue7 = extension.getAttributeValue("timezone");
                String attributeValue8 = extension.getAttributeValue("gender");
                String attributeValue9 = extension.getAttributeValue("fullname");
                IdentityResponse identityResponse = new IdentityResponse();
                identityResponse.setFirstname(attributeValue);
                identityResponse.setLastname(attributeValue2);
                identityResponse.setEmail(str);
                identityResponse.setNickname(attributeValue3);
                identityResponse.setImage(attributeValue4);
                identityResponse.setLanguage(attributeValue5);
                identityResponse.setCountry(attributeValue6);
                identityResponse.setTimezone(attributeValue7);
                identityResponse.setGender(attributeValue8);
                identityResponse.setFullname(attributeValue9);
                Response build = Response.ok(identityResponse).build();
                this.identity.logout();
                return build;
            } catch (AssociationException e) {
                Response errorResponse2 = errorResponse("An AssociationException occured , please check your request.");
                this.identity.logout();
                return errorResponse2;
            } catch (MessageException e2) {
                Response errorResponse3 = errorResponse("An MessageException occured , please check your request.");
                this.identity.logout();
                return errorResponse3;
            } catch (DiscoveryException e3) {
                Response errorResponse4 = errorResponse("An DiscoveryException occured , please check your request.");
                this.identity.logout();
                return errorResponse4;
            }
        } catch (Throwable th) {
            this.identity.logout();
            throw th;
        }
    }

    private Response errorResponse(String str) {
        return Response.status(400).entity(new OxChooserError(str)).build();
    }

    @Path("/AddUser")
    @Consumes({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    @POST
    @Produces({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    public Response addUser(@HeaderParam("Authorization") String str, ScimPerson scimPerson) throws Exception {
        this.personService = PersonService.instance();
        Response processAuthorization = processAuthorization(str);
        if (processAuthorization != null) {
            return processAuthorization;
        }
        this.log.debug(" copying gluuperson ", new Object[0]);
        GluuCustomPerson copy = CopyUtils.copy(scimPerson, (GluuCustomPerson) null, false);
        if (copy == null) {
            return getErrorResponse("Failed to create user", Response.Status.BAD_REQUEST.getStatusCode());
        }
        try {
            this.log.debug(" generating inum ", new Object[0]);
            String generateInumForNewPerson = this.personService.generateInumForNewPerson();
            this.log.debug(" getting DN ", new Object[0]);
            String dnForPerson = this.personService.getDnForPerson(generateInumForNewPerson);
            this.log.debug(" getting iname ", new Object[0]);
            String generateInameForNewPerson = this.personService.generateInameForNewPerson(scimPerson.getUserName());
            this.log.debug(" setting dn ", new Object[0]);
            copy.setDn(dnForPerson);
            this.log.debug(" setting inum ", new Object[0]);
            copy.setInum(generateInumForNewPerson);
            this.log.debug(" setting iname ", new Object[0]);
            copy.setIname(generateInameForNewPerson);
            this.log.debug(" setting commonName ", new Object[0]);
            copy.setCommonName(copy.getGivenName() + " " + copy.getSurname());
            this.log.info("gluuPerson.getMemberOf().size() : " + copy.getMemberOf().size(), new Object[0]);
            if (scimPerson.getGroups().size() > 0) {
                this.log.info(" jumping to groupMemebersAdder ", new Object[0]);
                this.log.info("gluuPerson.getDn() : " + copy.getDn(), new Object[0]);
                Utils.groupMemebersAdder(copy, copy.getDn());
            }
            this.log.debug("adding new GluuPerson", new Object[0]);
            this.personService.addPerson(copy);
            ScimPerson copy2 = CopyUtils.copy(copy, (ScimPerson) null);
            return Response.created(URI.create("/oxChooser/AddUser/" + copy2.getId())).entity(copy2).build();
        } catch (Exception e) {
            this.log.error("Failed to add user", e, new Object[0]);
            return getErrorResponse("Unexpected processing error, please check the input parameters", Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        }
    }

    @GET
    @Path("/EditUser/{email}")
    @Consumes({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    @POST
    @Produces({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    public Response editUser(@HeaderParam("Authorization") String str, @PathParam("email") String str2, ScimPerson scimPerson) throws Exception {
        this.personService = PersonService.instance();
        Response processAuthorization = processAuthorization(str);
        if (processAuthorization != null) {
            return processAuthorization;
        }
        try {
            GluuCustomPerson personByEmail = this.personService.getPersonByEmail(str2);
            if (personByEmail == null) {
                return getErrorResponse("Resource " + str2 + " not found", Response.Status.NOT_FOUND.getStatusCode());
            }
            GluuCustomPerson copy = CopyUtils.copy(scimPerson, personByEmail, true);
            if (scimPerson.getGroups().size() > 0) {
                Utils.groupMemebersAdder(copy, this.personService.getDnForPerson(personByEmail.getUid()));
            }
            this.personService.updatePerson(copy);
            this.log.debug(" person updated ", new Object[0]);
            return Response.ok(CopyUtils.copy(copy, (ScimPerson) null)).location(new URI("/oxChooser/AddUser/" + personByEmail.getUid())).build();
        } catch (Exception e) {
            this.log.error("Exception: ", e, new Object[0]);
            e.printStackTrace();
            return getErrorResponse("Unexpected processing error, please check the input parameters", Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        } catch (EntryPersistenceException e2) {
            return getErrorResponse("Resource " + str2 + " not found", Response.Status.NOT_FOUND.getStatusCode());
        }
    }

    @GET
    @Produces({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    @Path("/AddUser/{uid}")
    public Response getUserByUid(@HeaderParam("Authorization") String str, @PathParam("uid") String str2) throws Exception {
        this.personService = PersonService.instance();
        Response processAuthorization = processAuthorization(str);
        if (processAuthorization != null) {
            return processAuthorization;
        }
        try {
            GluuCustomPerson personByInum = this.personService.getPersonByInum(str2);
            if (personByInum == null) {
                return getErrorResponse("Resource " + str2 + " not found", Response.Status.NOT_FOUND.getStatusCode());
            }
            return Response.ok(CopyUtils.copy(personByInum, (ScimPerson) null)).location(new URI("/oxChooser/AddUser/" + str2)).build();
        } catch (EntryPersistenceException e) {
            this.log.error("Exception: ", e, new Object[0]);
            return getErrorResponse("Resource " + str2 + " not found", Response.Status.NOT_FOUND.getStatusCode());
        } catch (Exception e2) {
            this.log.error("Exception: ", e2, new Object[0]);
            return getErrorResponse("Unexpected processing error, please check the input parameters", Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        }
    }

    @GET
    @Produces({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    @Path("/Test")
    public Response getMarshallingTest() {
        try {
            IdentityRequest identityRequest = new IdentityRequest();
            identityRequest.setAxschema("openid");
            identityRequest.setIdentifier("https://www.google.com/accounts/o8/id");
            identityRequest.setRealm("http://www.gluu.org");
            identityRequest.setReturnToUrl("http://www.gluu.org");
            return Response.ok(identityRequest).build();
        } catch (Exception e) {
            return Response.ok("<error>an Error occured!</error>").build();
        }
    }

    @POST
    @Produces({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    @Consumes({"application/json", OxTrustConstants.CONTENT_TYPE_APPLICATION_XML})
    public Response clientIdentification(InitialID initialID) throws DiscoveryException, Exception {
        try {
            if (!this.personService.authenticate(initialID.getUserID(), initialID.getPassWord())) {
                return Response.status(401).entity("Not Authorized").build();
            }
            postLogin(this.personService.getPersonByUid(initialID.getUserID()));
            return Response.ok().build();
        } catch (Exception e) {
            this.log.error("an error occured", e, new Object[0]);
            return Response.status(401).entity("Not Authorized").build();
        }
    }

    public void postLogin(GluuCustomPerson gluuCustomPerson) throws Exception {
        this.log.debug("Configuring application after user '{0}' login", new Object[]{gluuCustomPerson.getUid()});
        Contexts.getSessionContext().set(OxTrustConstants.CURRENT_PERSON, gluuCustomPerson);
        for (GluuUserRole gluuUserRole : this.securityService.getUserRoles(gluuCustomPerson)) {
            this.identity.addRole(gluuUserRole.getRoleName());
        }
    }

    private Object jsonToObject(byte[] bArr, Class<?> cls) throws Exception {
        return new ObjectMapper().readValue(bArr, cls);
    }
}
