package com.inet.authentication.oauth2.internal;

import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.LoginRoles;
import com.inet.authentication.RemoteLoginProcessor;
import com.inet.authentication.base.LoginManager;
import com.inet.authentication.oauth2.OAuthAuthenticationServerPlugin;
import com.inet.authentication.oauth2.api.OAuthException;
import com.inet.authentication.oauth2.api.OAuthServerDescription;
import com.inet.cache.MemoryStoreMap;
import com.inet.error.ErrorCode;
import com.inet.http.error.ServletErrorHandler;
import com.inet.http.security.TrustAllTrustManager;
import com.inet.id.GUID;
import com.inet.lib.io.FastByteArrayInputStream;
import com.inet.lib.json.Json;
import com.inet.lib.json.JsonTypeResolver;
import com.inet.lib.util.EncodingFunctions;
import com.inet.lib.util.IOFunctions;
import com.inet.lib.util.StringFunctions;
import com.inet.oauth.connection.api.token.OauthAccessTokenManager;
import com.inet.plugin.image.UserAvatar;
import com.inet.shared.servlet.ProxyHttpServletRequest;
import com.inet.shared.servlet.ServletUtils;
import com.inet.usersandgroups.UsersAndGroups;
import com.inet.usersandgroups.api.user.LoginSettings;
import com.inet.usersandgroups.api.user.MutableUserData;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/inet/authentication/oauth2/internal/f.class */
public class f extends RemoteLoginProcessor implements LoginRoles {
    private static final MemoryStoreMap<String, f> f = new MemoryStoreMap<>(900, false);
    private static final String[] g = {"roles", "groups", "role", "group"};
    private final AuthenticationDescription h;
    private final OAuthServerDescription i;
    private String j;
    private String k;
    private String l;
    private Set<String> m;
    private boolean n;
    private Set<String> o;
    private HttpSession p;

    public f(AuthenticationDescription authenticationDescription, @Nonnull OAuthServerDescription oAuthServerDescription) {
        super(authenticationDescription);
        this.h = authenticationDescription;
        this.i = oAuthServerDescription;
    }

    @SuppressFBWarnings(value = {"UNVALIDATED_REDIRECT"}, justification = "Redirect to known url. No user input possible.")
    public void requestLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String authenticationURL;
        if (httpServletRequest.getParameter("state") != null) {
            LOGGER.debug("Calling URL: " + httpServletRequest.getRequestURL() + "?" + httpServletRequest.getQueryString());
            LOGGER.debug("Session: " + httpServletRequest.getSession(false));
            String parameter = httpServletRequest.getParameter("error");
            String parameter2 = httpServletRequest.getParameter("error_description");
            StringBuilder sb = new StringBuilder("Login failed for " + this.h.getDisplayName());
            boolean z = false;
            if (!StringFunctions.isEmpty(parameter)) {
                String msgAllowMissing = OAuthAuthenticationServerPlugin.MSG.getMsgAllowMissing(parameter, new Object[0]);
                sb.append("\n");
                if (StringFunctions.isEmpty(msgAllowMissing)) {
                    sb.append("error: ").append(parameter);
                } else {
                    sb.append(msgAllowMissing);
                }
                z = true;
            }
            if (!StringFunctions.isEmpty(parameter2)) {
                sb.append("\ndescription: ").append(parameter2);
                z = true;
            }
            if (!z) {
                sb.append("\n\nEnable cookies or try to login directly from the start page.");
            }
            throw new OAuthException(sb.toString());
        }
        if (LoginManager.isApplicationRequest(httpServletRequest)) {
            httpServletResponse.setStatus(401);
            return;
        }
        String requestPage = ServletUtils.getRequestPage(httpServletRequest);
        if (requestPage == null) {
            requestPage = httpServletRequest.getRequestURI();
        }
        String createRedirectURL = ServletUtils.createRedirectURL(httpServletRequest, requestPage);
        if (!createRedirectURL.contains("#")) {
            createRedirectURL = createRedirectURL + "#";
        }
        this.l = createRedirectURL;
        String bigInteger = new BigInteger(130, new SecureRandom()).toString(32);
        this.p = httpServletRequest.getSession();
        f.put(bigInteger, this);
        if (OAuthServerDescription.OAUTH_CONNECTION && Boolean.parseBoolean((String) this.h.getSettings().get(OAuthServerDescription.USE_OAUTH_CONNECTION)) && this.i.hasOauthConnectionSettings()) {
            authenticationURL = OauthAccessTokenManager.getAuthenticationURL(this.i.getOauthConnectionProvider(), bigInteger, this.i.getScope(this.h));
        } else {
            authenticationURL = this.i.getAuthenticationURL(this.h, ProxyHttpServletRequest.getHttpServerPort(httpServletRequest) + httpServletRequest.getContextPath() + "/login/" + this.h.getName(), bigInteger);
        }
        try {
            if (LOGGER.isDebug()) {
                LOGGER.debug("Redirect to oauth server: " + authenticationURL);
            }
            httpServletResponse.sendRedirect(authenticationURL);
        } catch (IOException e) {
            ErrorCode.throwAny(e);
        }
    }

    @Nullable
    @SuppressFBWarnings(value = {"TRUST_BOUNDARY_VIOLATION"}, justification = "no trust mix")
    public static f a(HttpServletRequest httpServletRequest) {
        HttpSession session;
        String parameter = httpServletRequest.getParameter("state");
        if (parameter == null) {
            return null;
        }
        f fVar = (f) f.get(parameter);
        if (fVar != null && (session = httpServletRequest.getSession()) != fVar.p) {
            fVar.p.getAttributeNames();
            Enumeration attributeNames = fVar.p.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str = (String) attributeNames.nextElement();
                session.setAttribute(str, fVar.p.getAttribute(str));
            }
        }
        return fVar;
    }

    @SuppressFBWarnings(value = {"UNVALIDATED_REDIRECT", "URLCONNECTION_SSRF_FD"}, justification = "Validation occur in ServletUtils.createRedirectURL")
    public boolean transferClientLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String tokenURL;
        String tokenData;
        String readString;
        HashMap<?, ?> b;
        InputStream inputStream;
        String parameter = httpServletRequest.getParameter("code");
        String parameter2 = httpServletRequest.getParameter("state");
        if (parameter == null || parameter2 == null) {
            return true;
        }
        f fVar = (f) f.get(parameter2);
        if (fVar == null) {
            LOGGER.debug("State " + parameter2 + " does not match expected states " + f.keySet());
            return true;
        }
        try {
            if (OAuthServerDescription.OAUTH_CONNECTION && Boolean.parseBoolean((String) this.h.getSettings().get(OAuthServerDescription.USE_OAUTH_CONNECTION)) && this.i.hasOauthConnectionSettings()) {
                String oauthConnectionProvider = this.i.getOauthConnectionProvider();
                tokenURL = OauthAccessTokenManager.getTokenURL(oauthConnectionProvider);
                tokenData = OauthAccessTokenManager.getTokenData(oauthConnectionProvider, parameter);
            } else {
                tokenURL = this.i.getTokenURL(this.h);
                tokenData = this.i.getTokenData(this.h, ProxyHttpServletRequest.getHttpServerPort(httpServletRequest) + httpServletRequest.getContextPath() + "/login/" + this.h.getName(), parameter);
            }
            URLConnection openConnection = new URL(tokenURL).openConnection();
            if (this.i.isTrustAllCerificates(this.h)) {
                TrustAllTrustManager.trustAllCerticates(openConnection, true);
            }
            openConnection.setDoOutput(true);
            openConnection.addRequestProperty("Accept", "application/json");
            OutputStream outputStream = openConnection.getOutputStream();
            try {
                outputStream.write(tokenData.getBytes(StandardCharsets.UTF_8));
                if (outputStream != null) {
                    outputStream.close();
                }
                try {
                    inputStream = openConnection.getInputStream();
                } catch (IOException e) {
                    InputStream errorStream = ((HttpURLConnection) openConnection).getErrorStream();
                    if (errorStream == null) {
                        throw e;
                    }
                    readString = IOFunctions.readString(errorStream, StandardCharsets.UTF_8);
                }
                try {
                    readString = IOFunctions.readString(inputStream, StandardCharsets.UTF_8);
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    HashMap<Object, Map<String, String>> hashMap = new HashMap<>();
                    HashMap<Object, Object> hashMap2 = (HashMap) new Json().fromJson(readString, HashMap.class, hashMap, (JsonTypeResolver) null);
                    if (LOGGER.isDebug()) {
                        LOGGER.debug("Token response: " + readString);
                    }
                    a(hashMap2, hashMap);
                    String str = (String) hashMap2.get("id_token");
                    String str2 = (String) hashMap2.get("access_token");
                    if (str != null) {
                        b = EncodingFunctions.decodeJWT(str, LOGGER);
                        String parameter3 = httpServletRequest.getParameter("user");
                        if (!StringFunctions.isEmpty(parameter3)) {
                            try {
                                HashMap hashMap3 = (HashMap) ((HashMap) new Json().fromJson(parameter3, HashMap.class)).get("name");
                                b.put("given_name", hashMap3.get("firstName"));
                                b.put("family_name", hashMap3.get("lastName"));
                            } catch (Throwable th) {
                            }
                        }
                    } else {
                        b = b(str2);
                    }
                    a(b, str2);
                    f.remove(parameter2);
                    this.p = null;
                    if (this.j == null) {
                        LOGGER.error("Login is failing without an error on URL: " + tokenURL);
                        httpServletResponse.sendRedirect(ProxyHttpServletRequest.getHttpServerPort(httpServletRequest) + httpServletRequest.getContextPath() + "/login");
                        return false;
                    }
                    httpServletResponse.setStatus(200);
                    httpServletResponse.setContentType("text/html; charset=utf-8");
                    httpServletResponse.getOutputStream().write(("<html><head><meta http-equiv=\"refresh\" content=\"0; URL='" + fVar.l + "'\"/></head></html>").getBytes(StandardCharsets.UTF_8));
                    return false;
                } catch (Throwable th2) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            } finally {
            }
        } catch (Throwable th4) {
            if (0 != 0) {
                LOGGER.debug((Object) null);
            }
            LOGGER.debug(th4);
            ServletErrorHandler.sendErrorPage(httpServletRequest, httpServletResponse, th4);
            return false;
        }
    }

    public void a(String str) {
        if (str == null) {
            return;
        }
        try {
            HashMap<Object, Object> b = b(str);
            a((HashMap<?, ?>) b, str);
            if (this.j == null) {
                LOGGER.error("Login failed for access token: " + b);
            }
        } catch (Throwable th) {
            LOGGER.debug(th);
        }
    }

    @Nullable
    private HashMap<Object, Object> b(String str) throws IOException {
        URLConnection dataConnection;
        String readString;
        String str2;
        Map map;
        if (str == null || (dataConnection = this.i.getDataConnection(this.h, str)) == null) {
            return null;
        }
        if (this.i.isTrustAllCerificates(this.h)) {
            TrustAllTrustManager.trustAllCerticates(dataConnection, true);
        }
        dataConnection.addRequestProperty("Accept", "application/json");
        try {
            InputStream inputStream = dataConnection.getInputStream();
            try {
                readString = IOFunctions.readString(inputStream, StandardCharsets.UTF_8);
                if (inputStream != null) {
                    inputStream.close();
                }
            } finally {
            }
        } catch (IOException e) {
            InputStream errorStream = ((HttpURLConnection) dataConnection).getErrorStream();
            if (errorStream == null) {
                throw e;
            }
            readString = IOFunctions.readString(errorStream, StandardCharsets.UTF_8);
        }
        if (LOGGER.isDebug()) {
            LOGGER.debug("Userinfo response: " + readString);
        }
        HashMap<Object, Map<String, String>> hashMap = new HashMap<>();
        HashMap<Object, Object> hashMap2 = (HashMap) new Json().fromJson(readString, HashMap.class, hashMap, (JsonTypeResolver) null);
        a(hashMap2, hashMap);
        Map<String, String> map2 = hashMap.get(hashMap2.get("picture"));
        if (map2 != null && (str2 = map2.get("data")) != null && (map = (Map) new Json().fromJson(str2, HashMap.class, hashMap, (JsonTypeResolver) null)) != null) {
            hashMap2.put("avatar_url", map.get("url"));
        }
        return hashMap2;
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x00e3  */
    /* JADX WARN: Removed duplicated region for block: B:45:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void a(java.util.HashMap<?, ?> r9, @javax.annotation.Nonnull java.lang.String r10) {
        /*
            Method dump skipped, instructions count: 349
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.inet.authentication.oauth2.internal.f.a(java.util.HashMap, java.lang.String):void");
    }

    @SuppressFBWarnings(value = {"URLCONNECTION_SSRF_FD"}, justification = "URL come form login server")
    private void a(String str, String str2, String str3, HashMap<?, ?> hashMap, String str4, @Nullable String str5) {
        this.k = this.i.getLoginDisplayName(str, str2, str3, str5);
        UserManager userManager = UserManager.getInstance();
        UserAccount userAccount = null;
        if (str5 != null) {
            userAccount = userManager.findActiveUserAccount(getLoginSource(), this.j);
            if (userAccount == null) {
                userAccount = userManager.findActiveUserAccount("system", str5);
                if (userAccount != null) {
                    userManager.updateLoginSettings(userAccount.getID(), Arrays.asList(createLoginSettings(this.j)), Collections.emptyList());
                }
            } else if (userManager.findActiveUserAccount("system", str5) == null) {
                userManager.updateLoginSettings(userAccount.getID(), Arrays.asList(new LoginSettings("system", str5, (String) null)), Collections.emptyList());
            }
        }
        if (userAccount == null) {
            userAccount = getOrCreateUserAccount(this.j);
        }
        if (userAccount == null) {
            return;
        }
        GUID id = userAccount.getID();
        if (this.k != null) {
            Iterator it = userAccount.getLoginSettings().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                LoginSettings loginSettings = (LoginSettings) it.next();
                if (isSameAccount(this.j, null, loginSettings)) {
                    if (!Objects.equals(this.k, loginSettings.getDisplayName())) {
                        userManager.updateLoginSettings(id, Arrays.asList(createLoginSettings(this.j)), Arrays.asList(loginSettings));
                    }
                }
            }
        }
        if (isNewUser()) {
            MutableUserData mutableUserData = new MutableUserData();
            if (str != null) {
                mutableUserData.put(UsersAndGroups.FIELD_EMAIL, str);
            }
            if (str2 != null) {
                mutableUserData.put(UsersAndGroups.FIELD_FIRSTNAME, str2);
            }
            if (str3 != null) {
                mutableUserData.put(UsersAndGroups.FIELD_LASTNAME, str3);
            }
            userManager.updateUserData(id, mutableUserData);
            String a = a(hashMap.get("picture"));
            if (a == null) {
                a = a(hashMap.get("avatar_url"));
            }
            try {
                InputStream openStream = a != null ? new URL(a).openStream() : this.i.getAvatar(str4);
                if (openStream != null) {
                    try {
                        byte[] createScaledUserImage = UserAvatar.createScaledUserImage(openStream, 300, 300, 0, 0);
                        userManager.storeBinaryData(id, UserAvatar.BINARYKEY_USERAVATAR, new FastByteArrayInputStream(createScaledUserImage), createScaledUserImage.length);
                    } finally {
                    }
                }
                if (openStream != null) {
                    openStream.close();
                }
            } catch (Exception e) {
                LOGGER.debug(e);
            }
            if (str5 != null) {
                userManager.updateLoginSettings(id, Arrays.asList(new LoginSettings("system", str5, (String) null)), Collections.emptyList());
            }
        }
    }

    @Nonnull
    public LoginSettings createLoginSettings(String str) {
        return new LoginSettings(getLoginSource(), str, (String) null, this.k);
    }

    private void a(HashMap<Object, Object> hashMap, HashMap<Object, Map<String, String>> hashMap2) {
        Object obj = hashMap.get("error_description");
        if (obj == null) {
            obj = hashMap.get("error");
            if ((obj instanceof Map) && ((Map) obj).get("message") != null) {
                obj = String.valueOf(((Map) obj).get("message"));
            }
        }
        if (obj == null) {
            obj = hashMap.get("message");
        }
        if (obj == null) {
            obj = hashMap.get("error");
        }
        if (obj != null) {
            String str = (String) hashMap.get("error_uri");
            if (str != null) {
                obj = obj + "\n" + str;
            }
            throw new OAuthException(obj.toString());
        }
    }

    private static String a(Object obj) {
        if (obj == null) {
            return null;
        }
        return obj.toString();
    }

    @Nonnull
    public String getLoginSource() {
        return this.i.name();
    }

    @Nullable
    public String getLoginID() {
        return this.j;
    }

    public boolean supportsRoles() {
        return this.n;
    }

    public boolean isWebUserInRole(String str) {
        if (this.o == null) {
            this.o = new HashSet();
            Iterator<String> it = getRoles().iterator();
            while (it.hasNext()) {
                this.o.add(it.next().toLowerCase());
            }
        }
        return this.o.contains(str.toLowerCase());
    }

    @Nonnull
    public Set<String> getRoles() {
        if (this.m == null) {
            this.m = new HashSet();
        }
        return this.m;
    }
}
