package cronapp.framework.authentication.sso;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import cronapi.ErrorResponse;
import cronapi.RestClient;
import cronapp.framework.authentication.security.CronappUserDetails;
import cronapp.framework.authentication.token.AuthenticationController;
import cronapp.framework.authentication.token.AuthenticationResponse;
import cronapp.framework.i18n.Messages;
import cronapp.framework.tenant.TenantComponent;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.context.ApplicationContext;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.lang.Nullable;
import org.springframework.mobile.device.LiteDeviceResolver;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"auth"})
@RestController
/* loaded from: input_file:cronapp/framework/authentication/sso/SSORESTController.class */
public class SSORESTController {
    private static final Logger log = LoggerFactory.getLogger(SSORESTController.class);
    private AuthenticationController authenticationController;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private UserInfoTokenServices tokenServices;

    @Autowired
    private Environment env;

    public SSORESTController(@Nullable TenantComponent tenantComponent) {
        this.authenticationController = new AuthenticationController(tenantComponent);
    }

    @ExceptionHandler({Throwable.class})
    @ResponseBody
    ResponseEntity<ErrorResponse> handleControllerException(HttpServletRequest httpServletRequest, Throwable th) {
        log.error(th.getMessage(), th);
        return new ResponseEntity<>(new ErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR.value(), th, httpServletRequest.getMethod()), HttpStatus.INTERNAL_SERVER_ERROR);
    }

    @RequestMapping(value = {"sso"}, method = {RequestMethod.POST})
    public ResponseEntity<AuthenticationResponse> authenticationSSORequest(@RequestParam(name = "client_id") String str, @RequestParam(name = "client_secret") String str2, @RequestParam(name = "access_token") String str3, HttpServletRequest httpServletRequest) throws AuthenticationException {
        if (!this.env.getProperty("security.oauth2.client.clientId").equals(str) || !this.env.getProperty("security.oauth2.client.clientSecret").equals(str2)) {
            throw new AuthenticationServiceException(Messages.getString("AuthError", "Not Authorized"));
        }
        CronappUserDetails cronappUserDetails = SsoSecurityConfigurer.getCronappUserDetails(this.tokenServices.loadAuthentication(str3).getUserAuthentication());
        JsonObject jsonTree = new Gson().toJsonTree(cronappUserDetails);
        Map map = (Map) new ObjectMapper().convertValue(cronappUserDetails, Map.class);
        LiteDeviceResolver liteDeviceResolver = new LiteDeviceResolver();
        AuthenticationController authenticationController = new AuthenticationController(null);
        RestClient.getRestClient().getRequest().setAttribute("CronappToken:SSOAccessToken", str3);
        RestClient.getRestClient().getRequest().setAttribute("CronappToken:SSOUserDetails", map);
        return authenticationController.auth(cronappUserDetails.getEmail(), "cronapp", liteDeviceResolver.resolveDevice(httpServletRequest), "SSO", null, jsonTree, httpServletRequest);
    }

    @RequestMapping(method = {RequestMethod.POST})
    public ResponseEntity<AuthenticationResponse> authenticationRequest(@RequestParam String str, String str2, @RequestHeader(name = "X-AUTH-TOKEN", required = false) String str3, HttpServletRequest httpServletRequest) throws AuthenticationException {
        return this.authenticationController.auth(str, str2, new LiteDeviceResolver().resolveDevice(httpServletRequest), "local", str3, null, httpServletRequest);
    }

    @RequestMapping(value = {"refresh"}, method = {RequestMethod.GET})
    public ResponseEntity<?> authenticationRequest(HttpServletRequest httpServletRequest) {
        return this.authenticationController.authenticationRequest(httpServletRequest);
    }

    @RequestMapping(value = {"/signin/sso"}, method = {RequestMethod.GET})
    @ResponseBody
    public String forwardLoginSSO(@RequestParam(name = "_ctk") String str, HttpServletRequest httpServletRequest) {
        return "<!DOCTYPE html><html><head>    <meta charset='UTF-8'>    <meta http-equiv='Content-Security-Policy' content=\"default-src * cronapp://*; connect-src * cronapp:;script-src 'unsafe-inline';\"></head><body>    <script>       try {          let data = {'type': 'sso_user', '_ctk': '" + str + "' };          let parentWindow = window.opener;          parentWindow.postMessage(data, location.href);        } catch(error) {          console.error(error);        }        window.location.assign('" + httpServletRequest.getContextPath() + "/#/connected?_ctk=" + str + "');      </script></body></html>";
    }
}
