package com.hypersocket.auth.json;

import com.hypersocket.auth.AuthenticationState;
import com.hypersocket.auth.FallbackAuthenticationRequired;
import com.hypersocket.context.AuthenticatedContext;
import com.hypersocket.i18n.I18NService;
import com.hypersocket.json.AuthenticationResult;
import com.hypersocket.json.ResourceStatus;
import com.hypersocket.json.input.FormTemplate;
import com.hypersocket.json.input.ParagraphField;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.permissions.PermissionService;
import com.hypersocket.permissions.Role;
import com.hypersocket.realm.Principal;
import com.hypersocket.realm.PrincipalType;
import com.hypersocket.realm.Realm;
import com.hypersocket.servlet.request.Request;
import com.hypersocket.session.Session;
import com.hypersocket.session.json.SessionTimeoutException;
import com.hypersocket.session.json.SessionUtils;
import java.io.Closeable;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;

@Controller
/* loaded from: input_file:com/hypersocket/auth/json/LogonController.class */
public class LogonController extends AuthenticatedController {

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private I18NService i18nService;

    @RequestMapping(value = {"logon/reset"}, method = {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json"})
    @ResponseBody
    @ResponseStatus(HttpStatus.OK)
    public AuthenticationResult resetLogon(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestParam(required = false) Boolean bool) throws AccessDeniedException, UnauthorizedException, IOException, RedirectException {
        AuthenticationState currentState = AuthenticationState.getCurrentState(Request.get());
        String str = (String) httpServletRequest.getSession().getAttribute(AuthenticatedController.PREVIOUS_AUTHENTICATION_SCHEME);
        if (str == null) {
            str = currentState == null ? null : currentState.getScheme().getResourceKey();
        }
        return resetLogon(httpServletRequest, httpServletResponse, str, bool);
    }

    @RequestMapping(value = {"logon/reset/{scheme}"}, method = {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json"})
    @ResponseBody
    @ResponseStatus(HttpStatus.OK)
    public AuthenticationResult resetLogon(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @PathVariable String str, @RequestParam(required = false) Boolean bool) throws AccessDeniedException, UnauthorizedException, IOException, RedirectException {
        try {
            Session session = this.sessionUtils.touchSession(httpServletRequest, httpServletResponse);
            if (session != null && this.sessionService.isLoggedOn(session, false)) {
                this.sessionService.closeSession(session);
                httpServletRequest.getSession().removeAttribute(SessionUtils.AUTHENTICATED_SESSION);
            }
        } catch (UnauthorizedException | SessionTimeoutException | AccessDeniedException e) {
        }
        Boolean bool2 = (Boolean) httpServletRequest.getSession().getAttribute("disableReset");
        if (Objects.isNull(bool2) || !bool2.booleanValue()) {
            AuthenticationState.clearCurrentState(httpServletRequest);
        }
        httpServletRequest.getSession().removeAttribute("disableReset");
        AuthenticationResult logon = logon(httpServletRequest, httpServletResponse, str);
        if (!Boolean.TRUE.equals(bool)) {
            return logon;
        }
        AuthenticationState currentState = AuthenticationState.getCurrentState(httpServletRequest);
        if (currentState != null) {
            currentState.clean();
        }
        throw new RedirectException(System.getProperty("hypersocket.uiPath", "/hypersocket/ui"));
    }

    @RequestMapping(value = {"logon/clear"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    public void clearLogon(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AccessDeniedException, UnauthorizedException, IOException, RedirectException {
        AuthenticationState.clearCurrentState(httpServletRequest);
    }

    public AuthenticationState resetAuthenticationState(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Realm realm) throws AccessDeniedException, UnsupportedEncodingException {
        AuthenticationState.clearCurrentState(httpServletRequest);
        return AuthenticationState.getOrCreateState(str, httpServletRequest, realm, (AuthenticationState) null, this.sessionUtils.getLocale(httpServletRequest));
    }

    @RequestMapping(value = {"logon/switchRealm/{scheme}/{realm}"}, method = {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    @AuthenticatedContext(system = true)
    public AuthenticationState switchLogonRealm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @PathVariable String str, @PathVariable String str2) throws AccessDeniedException, UnsupportedEncodingException {
        return resetAuthenticationState(httpServletRequest, httpServletResponse, str, this.realmService.getRealmByName(str2));
    }

    @RequestMapping(value = {"logon"}, method = {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    @AuthenticatedContext(realmHost = true)
    public AuthenticationResult logon(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AccessDeniedException, UnauthorizedException, IOException, RedirectException {
        return logon(httpServletRequest, httpServletResponse, null);
    }

    @RequestMapping(value = {"logon/{scheme}"}, method = {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    @AuthenticatedContext(realmHost = true)
    public AuthenticationResult logon(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @PathVariable String str) throws AccessDeniedException, UnauthorizedException, IOException, RedirectException {
        Closeable tryWithSystemContext;
        AuthenticationState currentState = AuthenticationState.getCurrentState(httpServletRequest);
        String str2 = (String) httpServletRequest.getSession().getAttribute("flash");
        String str3 = (String) httpServletRequest.getSession().getAttribute("flashStyle");
        boolean containsKey = httpServletRequest.getParameterMap().containsKey("rr");
        httpServletRequest.getSession().removeAttribute("flash");
        if (currentState == null) {
            try {
                Session session = this.sessionUtils.touchSession(httpServletRequest, httpServletResponse);
                if (session != null) {
                    return getSuccessfulResult(session, str2, currentState != null ? currentState.getHomePage() : "", httpServletRequest, httpServletResponse);
                }
            } catch (UnauthorizedException e) {
            } catch (AccessDeniedException e2) {
            } catch (SessionTimeoutException e3) {
            }
        }
        if (Objects.isNull(str)) {
            str = (String) httpServletRequest.getSession().getAttribute("authenticationScheme");
        }
        if (currentState != null) {
            try {
                currentState.setLastErrorMsg((String) null);
                currentState.setLastErrorIsResourceKey(false);
            } catch (JsonRedirectException e4) {
                tryWithSystemContext = tryWithSystemContext();
                try {
                    LogonRedirectResult logonRedirectResult = new LogonRedirectResult(LogonBannerHelper.HTML_SANITIZE_POLICY.sanitize(this.configurationService.getValue(currentState == null ? this.sessionUtils.getCurrentRealmOrDefault(httpServletRequest) : currentState.getRealm(), "logon.banner")), str2 != null ? str2 : currentState == null ? "" : currentState.getLastErrorMsg(), str3 != null ? str3 : currentState == null ? "" : currentState.getLastErrorType(), this.configurationService.hasUserLocales(), e4.getMessage());
                    if (tryWithSystemContext != null) {
                        tryWithSystemContext.close();
                    }
                    return logonRedirectResult;
                } finally {
                    if (tryWithSystemContext != null) {
                        try {
                            tryWithSystemContext.close();
                        } catch (Throwable th) {
                            th.addSuppressed(th);
                        }
                    }
                }
            } catch (FallbackAuthenticationRequired e5) {
                return resetLogon(httpServletRequest, httpServletResponse, "fallback", false);
            } catch (RedirectException e6) {
                throw e6;
            } catch (Throwable th2) {
                if (log.isErrorEnabled()) {
                    log.error("Error in authentication flow", th2);
                }
                currentState.setLastErrorMsg(th2.getMessage());
                currentState.setLastErrorIsResourceKey(false);
                return new LogonRequiredResult(LogonBannerHelper.HTML_SANITIZE_POLICY.sanitize(this.configurationService.getValue(currentState.getRealm(), "logon.banner")), currentState.getLastErrorMsg(), currentState.getLastErrorType(), currentState.getLastErrorIsResourceKey(), getErrorTemplate(currentState, th2.getMessage()), false, currentState.isNew(), currentState.getCurrentIndex().intValue() == 0, !currentState.hasNextStep(), currentState.isNew(), currentState.isAuthenticationComplete(), currentState.getScheme().getLastButtonResourceKey(), currentState.getRealm(), getNonce(httpServletRequest));
            }
        }
        if (currentState == null || (!StringUtils.isEmpty(str) && !currentState.getInitialSchemeResourceKey().equals(str))) {
            String parameter = httpServletRequest.getParameter("username");
            if (StringUtils.isNotBlank(parameter)) {
                tryWithSystemContext = tryWithSystemContext();
                try {
                    Principal principalByName = this.realmService.getPrincipalByName(getCurrentRealm(), parameter, new PrincipalType[]{PrincipalType.USER});
                    if (Objects.nonNull(principalByName)) {
                        currentState = AuthenticationState.createAuthenticationState(str, httpServletRequest, principalByName.getRealm(), principalByName, currentState, this.sessionUtils.getLocale(httpServletRequest));
                    }
                    if (tryWithSystemContext != null) {
                        tryWithSystemContext.close();
                    }
                } finally {
                }
            }
            tryWithSystemContext = tryWithSystemContext();
            try {
                currentState = AuthenticationState.createAuthenticationState(str, httpServletRequest, (Realm) null, currentState, this.sessionUtils.getLocale(httpServletRequest));
                if (tryWithSystemContext != null) {
                    tryWithSystemContext.close();
                }
            } finally {
            }
        }
        String str4 = (String) httpServletRequest.getSession().getAttribute("redirectHome");
        if (str4 == null && httpServletRequest.getParameterMap().containsKey("redirectHome")) {
            str4 = httpServletRequest.getParameter("redirectHome");
        }
        if (str4 != null) {
            currentState.setHomePage(str4);
            httpServletRequest.getSession().removeAttribute("redirectHome");
        }
        boolean logon = this.authenticationService.logon(currentState, httpServletRequest.getParameterMap());
        if (currentState.getSession() != null) {
            attachSession(currentState.getSession(), httpServletRequest, httpServletResponse);
        }
        if (currentState.isAuthenticationComplete() && !currentState.hasPostAuthenticationStep()) {
            AuthenticationState.clearCurrentState(httpServletRequest);
            Closeable tryAs = tryAs(currentState.getSession(), this.sessionUtils.getLocale(httpServletRequest));
            try {
                boolean z = currentState.getScheme().supportsHomeRedirect() || (Arrays.asList(this.configurationService.getValues(currentState.getRealm(), "session.altHomePage.onSchemes")).contains(currentState.getScheme().getResourceKey()) && !this.permissionService.hasAdministrativePermission(currentState.getPrincipal()));
                if (containsKey && z && StringUtils.isNotBlank(currentState.getHomePage())) {
                    throw new RedirectException(currentState.getHomePage());
                }
                checkRedirect(httpServletRequest, httpServletResponse);
                AuthenticationResult successfulResult = getSuccessfulResult(currentState.getSession(), str2, z ? currentState.getHomePage() : "", httpServletRequest, httpServletResponse);
                if (tryAs != null) {
                    tryAs.close();
                }
                return successfulResult;
            } catch (Throwable th3) {
                if (tryAs != null) {
                    try {
                        tryAs.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }
        if (!logon && containsKey) {
            if (StringUtils.isNotBlank(currentState.getHomePage())) {
                throw new RedirectException(currentState.getHomePage());
            }
            if (currentState.getInitialScheme() == null) {
                throw new RedirectException("/");
            }
            AuthenticationState.clearCurrentState(httpServletRequest);
            String str5 = currentState.getInitialScheme().getResourceKey().equals("userLogin") ? System.getProperty("hypersocket.appPath", "/app") + "/ui" : System.getProperty("hypersocket.appPath", "/app") + "/" + currentState.getInitialSchemeResourceKey();
            httpServletRequest.getSession().setAttribute("flash", this.i18nService.getResource("error.genericLogonError", currentState.getLocale()));
            httpServletRequest.getSession().setAttribute("flashStyle", "danger");
            throw new RedirectException(str5);
        }
        checkRedirect(httpServletRequest, httpServletResponse);
        boolean isAuthenticationComplete = currentState.isAuthenticationComplete();
        Closeable tryWithSystemContext2 = tryWithSystemContext();
        try {
            FormTemplate nextPostAuthenticationStep = isAuthenticationComplete ? this.authenticationService.nextPostAuthenticationStep(currentState) : this.authenticationService.nextAuthenticationTemplate(currentState, httpServletRequest.getParameterMap());
            if (tryWithSystemContext2 != null) {
                tryWithSystemContext2.close();
            }
            httpServletRequest.getSession().setAttribute("lastFormTemplate", nextPostAuthenticationStep);
            return new LogonRequiredResult(LogonBannerHelper.HTML_SANITIZE_POLICY.sanitize(this.configurationService.getValue(currentState.getRealm(), "logon.banner")), str2 != null ? str2 : currentState.getLastErrorMsg(), str3 != null ? str3 : currentState.getLastErrorType(), currentState.getLastErrorIsResourceKey(), nextPostAuthenticationStep, false, currentState.isNew(), currentState.getCurrentIndex().intValue() == 0, !currentState.hasNextStep(), logon || currentState.isNew(), currentState.isAuthenticationComplete(), currentState.getScheme().getLastButtonResourceKey(), currentState.getRealm(), getNonce(httpServletRequest), sanitizeMap(httpServletRequest.getParameterMap()));
        } finally {
            if (tryWithSystemContext2 != null) {
                try {
                    tryWithSystemContext2.close();
                } catch (Throwable th5) {
                    th.addSuppressed(th5);
                }
            }
        }
    }

    private Map<String, String[]> sanitizeMap(Map<String, String[]> map) {
        HashMap hashMap = new HashMap();
        map.forEach((str, strArr) -> {
            if (str.equalsIgnoreCase("username") || str.equalsIgnoreCase("password")) {
                return;
            }
            String[] strArr = new String[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                strArr[i] = LogonBannerHelper.HTML_SANITIZE_POLICY.sanitize(strArr[i]);
            }
            hashMap.put(str, strArr);
        });
        return hashMap;
    }

    private int getNonce(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("nonce");
        if (Objects.isNull(parameter)) {
            return 0;
        }
        return Integer.parseInt(parameter);
    }

    private FormTemplate getErrorTemplate(AuthenticationState authenticationState, String str) {
        FormTemplate formTemplate = new FormTemplate(authenticationState.getInitialSchemeResourceKey());
        formTemplate.setShowLogonButton(false);
        formTemplate.getInputFields().add(new ParagraphField("<i class=\"fa fa-exclamation\"></i> " + str, false, true, "danger"));
        return formTemplate;
    }

    protected void checkRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws RedirectException, IOException {
        if (httpServletRequest.getParameter("redirectTo") != null) {
            throw new RedirectException(httpServletRequest.getParameter("redirectTo"));
        }
        if (httpServletRequest.getAttribute("redirectTo") != null) {
            throw new RedirectException((String) httpServletRequest.getAttribute("redirectTo"));
        }
    }

    @RequestMapping(value = {"logoff"}, method = {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    @AuthenticatedContext
    public ResourceStatus<String> logoff(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws UnauthorizedException, SessionTimeoutException, AccessDeniedException {
        Session session = this.sessionUtils.touchSession(httpServletRequest, httpServletResponse);
        if (session != null && this.sessionService.isLoggedOn(session, false)) {
            this.sessionService.closeSession(session);
            httpServletRequest.getSession().removeAttribute(SessionUtils.AUTHENTICATED_SESSION);
        }
        return new ResourceStatus<>("/");
    }

    private void attachSession(Session session, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.getSession().setAttribute(SessionUtils.AUTHENTICATED_SESSION, session);
        this.sessionUtils.addAPISession(httpServletRequest, httpServletResponse, session);
    }

    @RequestMapping({"attach/{authCode}/{sessionId}"})
    @ResponseBody
    @ResponseStatus(HttpStatus.OK)
    public void attachSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @PathVariable String str, @PathVariable String str2, @RequestParam String str3) throws UnauthorizedException, SessionTimeoutException, RedirectException, IOException {
        Session session = this.sessionService.getSession(str2);
        Session session2 = (Session) this.sessionService.getSessionTokenResource(str, Session.class);
        if (!session2.equals(session)) {
            throw new UnauthorizedException();
        }
        Closeable tryAs = tryAs(session, this.sessionUtils.getLocale(httpServletRequest));
        try {
            attachSession(session2, httpServletRequest, httpServletResponse);
            if (!StringUtils.isEmpty(str3)) {
                throw new RedirectException(str3);
            }
            throw new RedirectException(System.getProperty("hypersocket.uiPath", "/hypersocket/ui"));
        } catch (Throwable th) {
            if (tryAs != null) {
                try {
                    tryAs.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @RequestMapping(value = {"logoff/{id}"}, method = {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    @AuthenticatedContext
    public ResourceStatus<String> logoffSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @PathVariable String str) throws UnauthorizedException, SessionTimeoutException {
        Session session = this.sessionService.getSession(str);
        if (session != null && this.sessionService.isLoggedOn(session, false)) {
            this.sessionService.closeSession(session);
        }
        return new ResourceStatus<>("/");
    }

    private AuthenticationResult getSuccessfulResult(Session session, String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, RedirectException {
        return new LogonSuccessResult(str, this.configurationService.hasUserLocales(), session, str2, getCurrentRole(session));
    }

    private Role getCurrentRole(Session session) {
        if (this.configurationService.getBooleanValue(session.getCurrentRealm(), "feature.roleSelection").booleanValue()) {
            return session.getCurrentRole();
        }
        return null;
    }
}
