package com.suncode.sso.authenticator;

import com.coveo.saml.BrowserUtils;
import com.coveo.saml.SamlException;
import com.coveo.saml.SamlLogoutResponse;
import com.coveo.saml.SamlResponse;
import com.google.gson.Gson;
import com.suncode.plugin.framework.Plugin;
import com.suncode.plugin.pluginconfigurationmanager.configuration.definition.file.service.ConfigurationFileService;
import com.suncode.pwfl.security.AuthenticationButton;
import com.suncode.pwfl.security.AuthenticationResult;
import com.suncode.pwfl.security.Authenticator;
import com.suncode.pwfl.security.SSOLogoutStatusCode;
import com.suncode.pwfl.security.SSORedirectType;
import com.suncode.pwfl.security.UserCreationStrategyDuringAuthentication;
import com.suncode.pwfl.translation.Translator;
import com.suncode.pwfl.translation.Translators;
import com.suncode.sso.authenticator.configuration.ConfigurationDto;
import com.suncode.sso.authenticator.configuration.saml.SamlClient;
import com.suncode.sso.authenticator.configuration.saml.SamlHelper;
import com.suncode.sso.authenticator.configuration.saml.SamlRequest;
import com.suncode.sso.authenticator.exception.SsoConfigurationMissingException;
import com.suncode.sso.authenticator.exception.UnsupportedAuthenticationSolutionException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/suncode/sso/authenticator/SsoAuthenticator.class */
public class SsoAuthenticator implements Authenticator {
    private static final Logger log = LoggerFactory.getLogger(SsoAuthenticator.class);
    public static final String CONFIG_FILE_ID = "SSO Config";
    public static final String ENTITY_DESCRIPTOR_FILE_ID = "Entity Descriptor";
    private static final String SSO_SESSION_INDEX_KEY = "SSOSessionIndex";
    private static final String RELAY_STATE_KEY = "RelayState";
    private Translator translator;
    private final Gson gson = new Gson();
    private ConfigurationDto configuration;

    @Autowired
    private Plugin plugin;

    @Autowired
    private ConfigurationFileService fileConfigurationService;

    @Autowired
    private SamlHelper samlHelper;
    private SamlClient client;

    @PostConstruct
    private void init() {
        this.translator = Translators.get(SsoAuthenticator.class);
    }

    private SamlClient getClient() throws SamlException {
        if (this.client == null) {
            this.client = SamlClient.fromMetadata(getConfiguration().getSamlConfig().getIssuer(), getConfiguration().getSamlConfig().getAssertionConsumerServiceURL(), this.samlHelper.getIdPCertificateReader());
            PrivateKey privateKeyFromKeyStore = this.samlHelper.getPrivateKeyFromKeyStore(getConfiguration().getKeyStore());
            this.client.setSPKeys(this.samlHelper.getX509FromKeyStore(getConfiguration().getKeyStore()), privateKeyFromKeyStore);
        }
        return this.client;
    }

    private ConfigurationDto getConfiguration() {
        if (this.configuration == null) {
            try {
                this.configuration = (ConfigurationDto) this.gson.fromJson(IOUtils.toString(this.fileConfigurationService.readFile(this.plugin.getKey(), CONFIG_FILE_ID), Charset.defaultCharset()), ConfigurationDto.class);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return this.configuration;
    }

    public String getName() {
        validateSooConfiguration();
        return getConfiguration().getSolution().name();
    }

    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest) {
        try {
            return new AuthenticationResult(true, extractUserName(httpServletRequest));
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return new AuthenticationResult(false, (String) null);
        }
    }

    public AuthenticationButton authenticationButtonDefinition() {
        if (!getConfiguration().isActive()) {
            return null;
        }
        try {
            getClient();
            return AuthenticationButton.builder().name(this.translator.getMessage("sso.authenticator.buttonName", new Object[]{getName()})).redirectType(SSORedirectType.POST).url(this.samlHelper.getIdPSingleLogInUrl()).postParameters(generatePostParameters()).styles(buttonStyles()).build();
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return generateErrorButton();
        }
    }

    @Nullable
    public UserCreationStrategyDuringAuthentication getUserCreationStrategyDuringAuthentication() {
        String createUserFromDataSourceId = getConfiguration().getCreateUserFromDataSourceId();
        if (StringUtils.isBlank(createUserFromDataSourceId)) {
            return null;
        }
        return new UserCreationStrategyDuringAuthentication(createUserFromDataSourceId, getConfiguration().getDefaultGroupNames() != null ? Arrays.asList(getConfiguration().getDefaultGroupNames().split(";")) : new ArrayList());
    }

    public String getLogoutRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(SamlClient.HTTP_REQ_SAML_PARAM);
    }

    public boolean validLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws Exception {
        getClient().decodeAndValidateSamlLogoutRequest(str, str2.toUpperCase(), "POST");
        return true;
    }

    public String getLogoutResponse(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(SamlClient.HTTP_RESP_SAML_PARAM);
    }

    public boolean validLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        SamlLogoutResponse decodeAndValidateSamlLogoutResponse = getClient().decodeAndValidateSamlLogoutResponse(str, getRequestIdFromRealState(httpServletRequest), "POST");
        if (!decodeAndValidateSamlLogoutResponse.isNotValid()) {
            return true;
        }
        log.error("SSO Logout Response is invalid: {}", decodeAndValidateSamlLogoutResponse.getMessage());
        return false;
    }

    public void sendLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SSOLogoutStatusCode sSOLogoutStatusCode) throws Exception {
        String samlLogoutResponse = getClient().getSamlLogoutResponse(sSOLogoutStatusCode.toString(), null, this.samlHelper.getRequestIdParameter(str));
        HashMap hashMap = new HashMap();
        hashMap.put(SamlClient.HTTP_RESP_SAML_PARAM, samlLogoutResponse);
        BrowserUtils.postUsingBrowser(this.samlHelper.getIdPSingleLogOutUrl(), httpServletResponse, hashMap);
    }

    public boolean sendLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        SamlRequest logoutRequest = getClient().getLogoutRequest(str.toUpperCase(), (String) httpServletRequest.getSession(false).getAttribute(SSO_SESSION_INDEX_KEY));
        String encodeToString = Base64.getEncoder().encodeToString(logoutRequest.getRequestId().getBytes());
        HashMap hashMap = new HashMap();
        hashMap.put(SamlClient.HTTP_REQ_SAML_PARAM, logoutRequest.getEncodedAndSignedSamlRequest());
        hashMap.put(RELAY_STATE_KEY, encodeToString);
        BrowserUtils.postUsingBrowser(this.samlHelper.getIdPSingleLogOutUrl(), httpServletResponse, hashMap);
        return true;
    }

    public void afterSuccessLogIn(HttpServletRequest httpServletRequest) throws SamlException {
        SamlResponse decodeAndValidateSamlResponse = getClient().decodeAndValidateSamlResponse(httpServletRequest.getParameter(SamlClient.HTTP_RESP_SAML_PARAM), getRequestIdFromRealState(httpServletRequest), "POST");
        if (CollectionUtils.isNotEmpty(decodeAndValidateSamlResponse.getAssertion().getAuthnStatements())) {
            httpServletRequest.getSession(false).setAttribute(SSO_SESSION_INDEX_KEY, ((AuthnStatement) decodeAndValidateSamlResponse.getAssertion().getAuthnStatements().get(0)).getSessionIndex());
        }
    }

    private AuthenticationButton generateErrorButton() {
        return AuthenticationButton.builder().name(this.translator.getMessage("sso.authenticator.buttonNameError")).styles(buttonErrorStyles()).build();
    }

    private Map<String, String> generatePostParameters() {
        validateSooConfiguration();
        if (!getConfiguration().getSolution().isSamlSolution()) {
            throw new UnsupportedAuthenticationSolutionException(getConfiguration().getSolution());
        }
        SamlRequest generateSamlRequest = generateSamlRequest();
        String encodeToString = Base64.getEncoder().encodeToString(generateSamlRequest.getRequestId().getBytes());
        HashMap hashMap = new HashMap();
        hashMap.put(SamlClient.HTTP_REQ_SAML_PARAM, generateSamlRequest.getEncodedAndSignedSamlRequest());
        hashMap.put(RELAY_STATE_KEY, encodeToString);
        return hashMap;
    }

    private SamlRequest generateSamlRequest() {
        try {
            return getClient().getSamlRequest();
        } catch (SamlException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private String extractUserName(HttpServletRequest httpServletRequest) throws Exception {
        validateSooConfiguration();
        if (!getConfiguration().getSolution().isSamlSolution()) {
            throw new UnsupportedAuthenticationSolutionException(getConfiguration().getSolution());
        }
        return getClient().decodeAndValidateSamlResponse(httpServletRequest.getParameter(SamlClient.HTTP_RESP_SAML_PARAM), getRequestIdFromRealState(httpServletRequest), "POST").getNameID();
    }

    private String getRequestIdFromRealState(HttpServletRequest httpServletRequest) {
        return new String(Base64.getDecoder().decode(httpServletRequest.getParameter(RELAY_STATE_KEY)));
    }

    private void validateSooConfiguration() {
        if (getConfiguration().getSolution() == null) {
            throw new SsoConfigurationMissingException();
        }
    }

    private Map<String, String> buttonStyles() {
        HashMap hashMap = new HashMap();
        hashMap.put("color", "white");
        hashMap.put("background", "linear-gradient(#007dc1,#0073b2)");
        hashMap.put("border-color", "#004b75");
        return hashMap;
    }

    private Map<String, String> buttonErrorStyles() {
        HashMap hashMap = new HashMap();
        hashMap.put("color", "white");
        hashMap.put("background", "linear-gradient(#EB6262,#EF7272)");
        hashMap.put("border-color", "#FF2D2D");
        return hashMap;
    }
}
