package pt.digitalis.dif.oauth.listeners;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.RandomStringUtils;
import pt.digitalis.dif.RemoteAuthConfigurations;
import pt.digitalis.dif.controller.interfaces.IDIFSession;
import pt.digitalis.dif.controller.objects.DIFSession;
import pt.digitalis.dif.controller.objects.DIFUserInSession;
import pt.digitalis.dif.controller.objects.RESTAction;
import pt.digitalis.dif.controller.security.managers.IIdentityManager;
import pt.digitalis.dif.controller.security.managers.ISessionManager;
import pt.digitalis.dif.controller.security.objects.DIFGroupImpl;
import pt.digitalis.dif.controller.security.objects.DIFUserImpl;
import pt.digitalis.dif.controller.security.objects.IDIFGroup;
import pt.digitalis.dif.controller.security.objects.IDIFUser;
import pt.digitalis.dif.exception.InternalFrameworkException;
import pt.digitalis.dif.exception.security.IdentityManagerException;
import pt.digitalis.dif.features.IDIFFeatureAlternativeAuthentication;
import pt.digitalis.dif.ioc.DIFIoCRegistry;
import pt.digitalis.dif.listeners.AbstractRESTfullHttpListener;
import pt.digitalis.dif.oauth.remoteauth.IRemoteAuthProvider;
import pt.digitalis.dif.oauth.remoteauth.IRemoteUserBusinessData;
import pt.digitalis.dif.oauth.remoteauth.RemoteAuthParams;
import pt.digitalis.dif.oauth.remoteauth.RemoteUserData;
import pt.digitalis.dif.oauth.remoteauth.impl.OAuthDIFInterceptorAuthentication;
import pt.digitalis.dif.utils.http.HttpUtils;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.dif.utils.logging.IErrorLogManager;
import pt.digitalis.utils.common.StringUtils;

/* loaded from: input_file:WEB-INF/lib/dif-remote-auth-2.8.9-4.jar:pt/digitalis/dif/oauth/listeners/ClientRemoteAuthListener.class */
public class ClientRemoteAuthListener extends AbstractRESTfullHttpListener {
    private static final long serialVersionUID = 2470158169874543432L;
    private final String ERROR_LOG_ID = "Client Remote Auth listener";
    private final String CHECK_ERROR_LOG_MSG = "Check error log for further details, under application filter \"Client Remote Auth listener\".";
    private final IIdentityManager identityManager = (IIdentityManager) DIFIoCRegistry.getRegistry().getImplementation(IIdentityManager.class);
    private final IRemoteUserBusinessData remoteUserBusinessData = (IRemoteUserBusinessData) DIFIoCRegistry.getRegistry().getImplementation(IRemoteUserBusinessData.class);
    private final ISessionManager sessionManager = (ISessionManager) DIFIoCRegistry.getRegistry().getImplementation(ISessionManager.class);
    private IErrorLogManager errorLog = (IErrorLogManager) DIFIoCRegistry.getRegistry().getImplementation(IErrorLogManager.class);

    private void authenticate(HttpSession httpSession, String str, IRemoteAuthProvider iRemoteAuthProvider) throws ServletException {
        IDIFSession createSession = this.sessionManager.createSession(HttpUtils.buildSessionId(httpSession));
        try {
            IDIFUser user = this.identityManager.getUser(str);
            if (user != null) {
                createSession.setUser(new DIFUserInSession(user, null));
                createSession.addAttribute(DIFSession.REMOTE_AUTHENTICATION_PROVIDER_LOGIN, iRemoteAuthProvider.getName());
                createSession.addAttribute(DIFSession.REMOTE_AUTHENTICATION_SHOW_LOGGED_EXTERNAL_SYSTEM_MESSAGE, RemoteAuthConfigurations.getInstance().getShowLoggedExternalSystemMessage());
                if (StringUtils.isBlank(iRemoteAuthProvider.getLogoutURL())) {
                    createSession.addAttribute(DIFSession.REMOTE_AUTHENTICATION_PROVIDER_LOGIN, iRemoteAuthProvider.getName());
                } else {
                    createSession.addAttribute(OAuthDIFInterceptorAuthentication.REMOTE_AUTHENTICATION_PROVIDER_LOGOUT_URL, iRemoteAuthProvider.getLogoutURL());
                }
                this.sessionManager.update(createSession);
            }
            DIFLogger.getLogger().debug("User authenticated: " + str);
        } catch (IdentityManagerException e) {
            throw new ServletException("Problem getting the user from identity manager", e);
        }
    }

    private IDIFUser createUserIfDontExists(RemoteUserData remoteUserData, IRemoteAuthProvider iRemoteAuthProvider) throws ServletException {
        IDIFUser dIFUserImpl = new DIFUserImpl();
        try {
            if (this.identityManager.userExists(remoteUserData.getUserId()) || this.identityManager.isReadOnly()) {
                dIFUserImpl = this.identityManager.getUser(remoteUserData.getUserId());
            } else {
                dIFUserImpl.setID(remoteUserData.getUserId());
                dIFUserImpl.setPassword(RandomStringUtils.randomAlphanumeric(15));
                dIFUserImpl.setProfileID(remoteUserData.getProfileId());
                String email = remoteUserData.getEmail();
                if (StringUtils.isBlank(remoteUserData.getEmail())) {
                    email = " ";
                }
                dIFUserImpl.setEmail(email);
                String name = remoteUserData.getName();
                if (StringUtils.isBlank(name)) {
                    name = " ";
                }
                dIFUserImpl.setName(name);
                dIFUserImpl.setNick(remoteUserData.getUserId());
                this.identityManager.addUser(dIFUserImpl);
                dIFUserImpl.setAttributes(remoteUserData.getUserAttributes());
                DIFLogger.getLogger().debug("User created: " + remoteUserData.getUserId());
                iRemoteAuthProvider.doAfterUserCreation(dIFUserImpl);
            }
            return dIFUserImpl;
        } catch (InternalFrameworkException e) {
            this.errorLog.logError("Client Remote Auth listener", "Update Attributes", e);
            throw new ServletException("Problem updating the user. Check error log for further details, under application filter \"Client Remote Auth listener\".", e);
        } catch (IdentityManagerException e2) {
            this.errorLog.logError("Client Remote Auth listener", "Create user", e2);
            throw new ServletException("Problem creating the user. Check error log for further details, under application filter \"Client Remote Auth listener\".", e2);
        }
    }

    private IDIFUser manageUserGroups(RemoteUserData remoteUserData, IDIFUser iDIFUser) {
        try {
            if (!this.identityManager.isReadOnly()) {
                Map<String, IDIFGroup> groups = iDIFUser.getGroups();
                for (String str : iDIFUser.getGroupIDs()) {
                    if ((!remoteUserData.isUseGroupsPrefix() || (remoteUserData.isUseGroupsPrefix() && str.startsWith(remoteUserData.getProviderId()))) && !remoteUserData.getUserGroups().contains(str)) {
                        this.identityManager.removeUserFromGroup(iDIFUser.getID(), str);
                    }
                }
                for (String str2 : remoteUserData.getUserGroups()) {
                    if (!this.identityManager.groupExists(str2)) {
                        DIFGroupImpl dIFGroupImpl = new DIFGroupImpl();
                        dIFGroupImpl.setID(str2);
                        dIFGroupImpl.setName(str2);
                        this.identityManager.addGroup(dIFGroupImpl);
                    }
                    if (!groups.containsKey(str2)) {
                        this.identityManager.addUserToGroup(iDIFUser.getID(), str2);
                    }
                }
            }
        } catch (IdentityManagerException e) {
            e.printStackTrace();
        }
        return iDIFUser;
    }

    @Override // pt.digitalis.dif.listeners.AbstractRESTfullHttpListener
    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RESTAction rESTAction) throws ServletException, IOException {
        try {
            String parameter = httpServletRequest.getParameter("provider");
            DIFLogger.getLogger().debug("RemoteAuthProvider: " + parameter);
            IRemoteAuthProvider iRemoteAuthProvider = (IRemoteAuthProvider) DIFIoCRegistry.getRegistry().getImplementation(IDIFFeatureAlternativeAuthentication.class, parameter);
            if (iRemoteAuthProvider == null || !iRemoteAuthProvider.isActive().booleanValue()) {
                httpServletResponse.setStatus(400);
            } else {
                iRemoteAuthProvider.initializer(httpServletRequest);
                String parameter2 = httpServletRequest.getParameter(RemoteAuthParams.AUTHORIZATION_URL_PARAM);
                String parameter3 = httpServletRequest.getParameter(RemoteAuthParams.REMOTE_CALLBACK_PARAM);
                String parameter4 = httpServletRequest.getParameter("code");
                if (Boolean.TRUE.toString().equalsIgnoreCase(parameter2)) {
                    String authorizationUrl = iRemoteAuthProvider.getAuthorizationUrl();
                    DIFLogger.getLogger().debug("Authorization Url: " + authorizationUrl);
                    PrintWriter writer = httpServletResponse.getWriter();
                    writer.print(authorizationUrl);
                    writer.flush();
                    writer.close();
                    httpServletResponse.flushBuffer();
                } else if (Boolean.TRUE.toString().equalsIgnoreCase(parameter3) && StringUtils.isNotBlank(parameter4)) {
                    DIFLogger.getLogger().debug("Process Callback: " + parameter4);
                    RemoteUserData processCallback = iRemoteAuthProvider.processCallback(parameter4);
                    DIFLogger.getLogger().debug("Remote User Data: " + processCallback);
                    DIFLogger.getLogger().debug("Will process remote Business User Data");
                    RemoteUserData userData = this.remoteUserBusinessData.getUserData(processCallback);
                    DIFLogger.getLogger().debug("Remote Business User Data: " + userData);
                    DIFLogger.getLogger().debug("Start user creation");
                    IDIFUser createUserIfDontExists = createUserIfDontExists(userData, iRemoteAuthProvider);
                    DIFLogger.getLogger().debug("Update User attributes");
                    updateUserAtributes(userData, createUserIfDontExists);
                    iRemoteAuthProvider.updateUserAtributes(userData, createUserIfDontExists);
                    if (userData.getImportGroupsFromRemote().booleanValue()) {
                        DIFLogger.getLogger().debug("Update User groups");
                        manageUserGroups(userData, createUserIfDontExists);
                    }
                    DIFLogger.getLogger().debug("Start user authentication");
                    authenticate(httpServletRequest.getSession(), userData.getUserId(), iRemoteAuthProvider);
                    PrintWriter writer2 = httpServletResponse.getWriter();
                    writer2.append("<html>");
                    if (StringUtils.isNotEmpty(iRemoteAuthProvider.getLoginUrl())) {
                        writer2.append((CharSequence) ("<body onLoad=\"document.location = '" + HttpUtils.getBaseURL() + "';\">"));
                    } else {
                        writer2.append("<body onLoad=\"window.opener.location = window.opener.location.href.replace('logoutparam=true','').replace('#',''); window.close();\">");
                    }
                    writer2.append("Loading please wait...");
                    writer2.append("</body>");
                    writer2.append("</html>");
                    writer2.flush();
                    writer2.close();
                    httpServletResponse.flushBuffer();
                }
            }
        } catch (Exception e) {
            this.errorLog.logError("Client Remote Auth listener", "Process Request", e);
            httpServletResponse.sendRedirect("internal/generalServletError.jsp?errorText=" + e.getLocalizedMessage());
        }
    }

    private void updateUserAtributes(RemoteUserData remoteUserData, IDIFUser iDIFUser) throws ServletException {
        try {
            if (!this.identityManager.isReadOnly()) {
                iDIFUser.setAttributes(remoteUserData.getUserAttributes());
            }
            DIFLogger.getLogger().debug("User atrtibutes updated: " + remoteUserData.getUserId());
        } catch (Exception e) {
            this.errorLog.logError("Client Remote Auth listener", "Update Attributes", e);
            throw new ServletException("Problem updating the user  attributes. Check error log for further details, under application filter \"Client Remote Auth listener\".", e);
        }
    }
}
