package gr.cite.repo.auth.app.resources;

import com.fasterxml.jackson.databind.util.JSONPObject;
import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Lists;
import gr.cite.repo.auth.app.cookies.CookieFactory;
import gr.cite.repo.auth.app.entities.SAMLResourceHelpers;
import gr.cite.repo.auth.app.entities.SamlAuthRequestFactory;
import gr.cite.repo.auth.app.entities.SamlLogoutResponseFactory;
import gr.cite.repo.auth.app.entities.SamlResponseFactory;
import gr.cite.repo.auth.app.utils.LocationResolver;
import gr.cite.repo.auth.app.utils.UserInfo;
import gr.cite.repo.auth.app.views.HomeView;
import gr.cite.repo.auth.app.views.LoginView;
import gr.cite.repo.auth.filters.SessionAttributes;
import gr.cite.repo.auth.saml.messages.SamlAuthRequest;
import gr.cite.repo.auth.saml.messages.SamlIDPMetadata;
import gr.cite.repo.auth.saml.messages.SamlLogoutRequest;
import gr.cite.repo.auth.saml.messages.SamlResponse;
import gr.cite.repo.auth.saml.messages.SamlSPMetadata;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.XMLParserException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({MediaType.APPLICATION_JSON})
@Path("/saml")
/* loaded from: input_file:WEB-INF/lib/saml-ws-lib-0.0.1-4.1.0-132443.jar:gr/cite/repo/auth/app/resources/SAMLResource.class */
public class SAMLResource {
    private static final Logger logger = LoggerFactory.getLogger(SAMLResource.class);
    private final String spHost;
    private final String idpMetadataLocation;
    private final byte[] privateKey;
    private final String certificate;
    private final SamlResponseFactory samlResponseFactory;
    private final SamlAuthRequestFactory samlAuthRequestFactory;
    private final CookieFactory cookieFactory;
    private final boolean invalidateLocalSessionOnSamlError;
    private final boolean tryRenewSessionOnLogout;
    private LocationResolver locationResolver;
    private SamlIDPMetadata idpMetadata;
    private String idpHost;
    private boolean bulkLogout;
    Cache<String, List<HttpSession>> cacheSessions = CacheBuilder.newBuilder().maximumSize(1000).build();

    public SAMLResource(String str, String str2, String str3, String str4, SamlResponseFactory samlResponseFactory, SamlAuthRequestFactory samlAuthRequestFactory, LocationResolver locationResolver, CookieFactory cookieFactory, boolean z, boolean z2, boolean z3) throws IOException, ConfigurationException, XMLParserException, UnmarshallingException {
        this.spHost = str;
        this.idpMetadataLocation = str2;
        this.privateKey = SAMLResourceHelpers.readPrivateKey(str3);
        this.certificate = SAMLResourceHelpers.readCertificate(str4);
        this.samlResponseFactory = samlResponseFactory;
        this.samlAuthRequestFactory = samlAuthRequestFactory;
        this.cookieFactory = cookieFactory;
        this.invalidateLocalSessionOnSamlError = z;
        this.tryRenewSessionOnLogout = z2;
        this.bulkLogout = z3;
        this.locationResolver = locationResolver;
        initFromMeta();
    }

    final void initFromMeta() throws MalformedURLException, IOException, ConfigurationException, XMLParserException, UnmarshallingException {
        logger.info("metadata location : " + this.idpMetadataLocation);
        URL url = new URL(this.idpMetadataLocation);
        String contents = this.locationResolver.getContents(this.idpMetadataLocation);
        this.idpHost = String.format("%s://%s:%d", url.getProtocol(), url.getHost(), Integer.valueOf(url.getPort()));
        this.idpMetadata = new SamlIDPMetadata(contents);
        logger.info("idp host :" + this.idpHost);
        logger.info("SLS HTTP-POST     : " + this.idpMetadata.getSLSHttpPostEndpoint());
        logger.info("SLS SOAP          : " + this.idpMetadata.getSLSSoapEndpoint());
        logger.info("SLS HTTP-Redirect : " + this.idpMetadata.getSLSHttpRedirectEndpoint());
        logger.info("SSO AuthRequest          : " + this.idpMetadata.getSSOAuthRequestLocation());
        logger.info("SSO HTTP-POST            : " + this.idpMetadata.getSSOHttpPostEndpoint());
        logger.info("SSO HTTP-POST SimpleSign : " + this.idpMetadata.getSSOHttpPostSimpleSignEndpoint());
        logger.info("SSO HTTP-Redirect        : " + this.idpMetadata.getSSOHttpRedirectEndpoint());
    }

    @GET
    @Path("/simpleLogout")
    public Response simpleLogout(@Context HttpServletRequest httpServletRequest, @QueryParam("target") String str) {
        httpServletRequest.getSession().invalidate();
        if (str != null) {
            logger.info("relaystate was given. redirecting to  : " + str);
            return Response.seeOther(URI.create(str)).build();
        }
        logger.info("relaystate was not given");
        return Response.ok("you have logged out!").build();
    }

    @POST
    @Path("/logoutConsumer")
    public Response logoutConsumer(@Context HttpServletRequest httpServletRequest, @FormParam("SAMLResponse") String str, @FormParam("RelayState") String str2) throws UnsupportedEncodingException, MarshallingException, ConfigurationException {
        HttpSession session = httpServletRequest.getSession();
        logger.debug("sessionID : + " + session.getId());
        try {
            try {
                logger.info("validation : " + new SamlLogoutResponseFactory().create(this.privateKey, str).validate());
                String str3 = (String) session.getAttribute(SessionAttributes.SAML_NAME_ID_ATTRNAME);
                if (this.bulkLogout) {
                    invalidateLocalSessions(str3);
                } else {
                    session.invalidate();
                }
                if (str2 != null) {
                    logger.info("relaystate was given. redirecting to  : " + str2);
                    return Response.seeOther(URI.create(str2)).build();
                }
                logger.info("relaystate was not given");
                return Response.ok("you have logged out!").build();
            } catch (Exception e) {
                logger.warn("saml response validation failed : " + str, (Throwable) e);
                return checkInvalidateSession(session);
            }
        } catch (Exception e2) {
            logger.warn("error while reading samlResponse : " + str, (Throwable) e2);
            return Response.serverError().build();
        }
    }

    private void saveIdpSession(String str, List<String> list, HttpSession httpSession) {
        List<HttpSession> ifPresent = this.cacheSessions.getIfPresent(str);
        if (ifPresent != null) {
            ifPresent.add(httpSession);
        } else {
            this.cacheSessions.put(str, Lists.newArrayList(httpSession));
        }
    }

    private void invalidateLocalSessions(String str) {
        List<HttpSession> ifPresent = this.cacheSessions.getIfPresent(str);
        if (ifPresent == null) {
            return;
        }
        Iterator<HttpSession> it = ifPresent.iterator();
        while (it.hasNext()) {
            it.next().invalidate();
        }
        this.cacheSessions.invalidate(str);
    }

    @POST
    @Path("/consumer")
    public Response consumer(@Context HttpHeaders httpHeaders, @Context HttpServletRequest httpServletRequest, @FormParam("SAMLResponse") String str, @FormParam("RelayState") String str2) {
        HttpSession session = httpServletRequest.getSession();
        for (Map.Entry<String, Cookie> entry : httpHeaders.getCookies().entrySet()) {
            logger.info(" ~> cookie " + entry.getKey() + " : " + entry.getValue().getName() + " : " + entry.getValue().getValue());
        }
        logger.info(" consume sessionID : + " + session.getId());
        try {
            SamlResponse create = this.samlResponseFactory.create(this.privateKey, str);
            try {
                create.validate();
                logger.info("saml response is valid");
                String str3 = (String) create.getAttributes().get("cn");
                String str4 = (String) create.getAttributes().get("mail");
                String nameId = create.getNameId();
                List<String> sessionIds = create.getSessionIds();
                logger.info(" -> samlSessionIds : " + sessionIds);
                logger.info(" -> samlNameID     : " + nameId);
                session.setAttribute(SessionAttributes.LOGGED_IN_ATTRNAME, Boolean.TRUE);
                session.setAttribute(SessionAttributes.SAML_NAME_ID_ATTRNAME, nameId);
                session.setAttribute(SessionAttributes.SAML_SESSION_IDS_ATTRNAME, sessionIds);
                session.setAttribute(SessionAttributes.USERNAME_IN_ATTRNAME, str3);
                session.setAttribute(SessionAttributes.EMAIL_IN_ATTRNAME, str4);
                if (this.bulkLogout) {
                    saveIdpSession(nameId, sessionIds, session);
                }
                Cookie createCookie = this.cookieFactory.createCookie(session.getId());
                if (str2 != null) {
                    logger.info("relaystate was given. redirecting to  : " + str2);
                    return Response.seeOther(URI.create(str2)).cookie(new NewCookie(createCookie)).build();
                }
                logger.info("relaystate was not given");
                return Response.ok("Welcome : " + str3).cookie(new NewCookie(createCookie)).build();
            } catch (Exception e) {
                logger.warn("saml response validation failed : " + str, (Throwable) e);
                return Response.serverError().build();
            }
        } catch (Exception e2) {
            logger.warn("error while reading samlResponse : " + str, (Throwable) e2);
            return Response.serverError().build();
        }
    }

    @GET
    @Path("/sendLogoutRequest")
    public Response sendLogoutRequest(@Context HttpHeaders httpHeaders, @Context HttpServletRequest httpServletRequest, @QueryParam("target") String str) throws UnsupportedEncodingException, MarshallingException, ConfigurationException {
        HttpSession session = httpServletRequest.getSession();
        SamlLogoutRequest samlLogoutRequest = new SamlLogoutRequest(this.spHost + "/saml/metadata");
        logger.info("creating request");
        List<String> list = (List) session.getAttribute(SessionAttributes.SAML_SESSION_IDS_ATTRNAME);
        String sLSHttpRedirectEndpoint = this.idpMetadata.getSLSHttpRedirectEndpoint();
        String str2 = (String) session.getAttribute(SessionAttributes.SAML_NAME_ID_ATTRNAME);
        logger.info(" ~> samlSessionIds : " + list);
        logger.info(" ~> samlNameID     : " + str2);
        String logoutRequest = samlLogoutRequest.getLogoutRequest(str2, list, sLSHttpRedirectEndpoint, this.idpMetadata.getEntityId());
        logger.info("base 64 : " + logoutRequest);
        StringBuilder sb = new StringBuilder(this.idpMetadata.getSLSHttpRedirectEndpoint());
        sb.append("?SAMLRequest=").append(URLEncoder.encode(logoutRequest, "UTF-8"));
        if (str != null) {
            sb.append("&RelayState=").append(URLEncoder.encode(str, "UTF-8"));
        }
        logger.info("request : " + ((Object) sb));
        return Response.seeOther(URI.create(sb.toString())).build();
    }

    @GET
    @Path("/sendLoginRequest")
    public Response sendRequest(@QueryParam("target") String str) throws URISyntaxException, MarshallingException, ConfigurationException, UnsupportedEncodingException {
        SamlAuthRequest create = this.samlAuthRequestFactory.create(this.spHost + "/saml/metadata", this.spHost + "/saml/consumer");
        logger.info("creating request");
        String authReq = create.getAuthReq();
        logger.info("base 64 : " + authReq);
        StringBuilder sb = new StringBuilder(this.idpMetadata.getSSOHttpRedirectEndpoint());
        sb.append("?SAMLRequest=").append(URLEncoder.encode(authReq, "UTF-8"));
        if (str != null) {
            sb.append("&RelayState=").append(URLEncoder.encode(str, "UTF-8"));
        }
        logger.info("request : " + ((Object) sb));
        return Response.seeOther(URI.create(sb.toString())).build();
    }

    @GET
    @Produces({"text/html"})
    @Path("/login")
    public LoginView login() throws Exception {
        return new LoginView(this.idpHost, this.spHost, this.spHost + "/saml/metadata");
    }

    @GET
    @Produces({"text/html"})
    @Path("/home")
    public HomeView home(@Context HttpServletRequest httpServletRequest) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        return new HomeView(this.spHost, ((Boolean) session.getAttribute(SessionAttributes.LOGGED_IN_ATTRNAME)) != Boolean.TRUE ? "anonymous" : (String) session.getAttribute(SessionAttributes.USERNAME_IN_ATTRNAME));
    }

    @GET
    @Produces({MediaType.APPLICATION_XML})
    @Path("/metadata")
    public Response metadata() throws Exception {
        return Response.ok(new SamlSPMetadata(this.spHost + "/saml/metadata", this.certificate, this.spHost).getMetadata()).build();
    }

    @GET
    @Produces({JacksonJsonProvider.MIME_JAVASCRIPT_MS})
    @Path("infoP")
    public JSONPObject infoP(@Context HttpServletRequest httpServletRequest, @QueryParam("callback") String str) {
        return new JSONPObject(str, info(httpServletRequest));
    }

    @GET
    @Path("info")
    public UserInfo info(@Context HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(SessionAttributes.USERNAME_IN_ATTRNAME);
        String str2 = (String) session.getAttribute(SessionAttributes.EMAIL_IN_ATTRNAME);
        UserInfo.USER_ROLE valueOf = session.getAttribute(SessionAttributes.USER_ROLE) != null ? UserInfo.USER_ROLE.valueOf(((Integer) session.getAttribute(SessionAttributes.USER_ROLE)).intValue()) : UserInfo.USER_ROLE.VISITOR;
        UserInfo userInfo = new UserInfo();
        userInfo.setRole(valueOf);
        userInfo.setMail(str2);
        userInfo.setUsername(str);
        return userInfo;
    }

    private Response checkInvalidateSession(HttpSession httpSession) {
        if (!this.invalidateLocalSessionOnSamlError) {
            return Response.serverError().entity("SAML logout error").build();
        }
        httpSession.invalidate();
        return Response.ok().entity("local logout ok. saml logout error").build();
    }
}
