package pl.edu.icm.unity.oauth.as.webauthz;

import eu.unicore.util.configuration.ConfigurationException;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import javax.servlet.DispatcherType;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.engine.api.AttributesManagement;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.config.UnityServerConfiguration;
import pl.edu.icm.unity.engine.api.endpoint.EndpointFactory;
import pl.edu.icm.unity.engine.api.endpoint.EndpointInstance;
import pl.edu.icm.unity.engine.api.server.AdvertisedAddressProvider;
import pl.edu.icm.unity.engine.api.server.NetworkServer;
import pl.edu.icm.unity.engine.api.session.LoginToHttpSessionBinder;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.utils.FreemarkerAppHandler;
import pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.engine.api.utils.RoutingServlet;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthEndpointsCoordinator;
import pl.edu.icm.unity.types.endpoint.EndpointTypeDescription;
import pl.edu.icm.unity.webui.EndpointRegistrationConfiguration;
import pl.edu.icm.unity.webui.UnityVaadinServlet;
import pl.edu.icm.unity.webui.VaadinEndpoint;
import pl.edu.icm.unity.webui.authn.AuthenticationFilter;
import pl.edu.icm.unity.webui.authn.AuthenticationUI;
import pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter;
import pl.edu.icm.unity.webui.authn.ProxyAuthenticationFilter;
import pl.edu.icm.unity.webui.authn.RememberMeProcessor;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/webauthz/OAuthAuthzWebEndpoint.class */
public class OAuthAuthzWebEndpoint extends VaadinEndpoint {
    public static final String NAME = "OAuth2Authz";
    public static final String OAUTH_UI_SERVLET_PATH = "/oauth2-authz-web-ui";
    public static final String OAUTH_CONSUMER_SERVLET_PATH = "/oauth2-authz";
    public static final String OAUTH_ROUTING_SERVLET_PATH = "/oauth2-authz-web-entry";
    public static final String OAUTH_CONSENT_DECIDER_SERVLET_PATH = "/oauth2-authz-consentdecider";
    private OAuthASProperties oauthProperties;
    private FreemarkerAppHandler freemarkerHandler;
    private EntityManagement identitiesManagement;
    private AttributesManagement attributesManagement;
    private PKIManagement pkiManagement;
    private OAuthEndpointsCoordinator coordinator;
    private ASConsentDeciderServletFactory dispatcherServletFactory;

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/oauth/as/webauthz/OAuthAuthzWebEndpoint$Factory.class */
    public static class Factory implements EndpointFactory {

        @Autowired
        private ObjectFactory<OAuthAuthzWebEndpoint> factory;
        public static final EndpointTypeDescription TYPE = new EndpointTypeDescription(OAuthAuthzWebEndpoint.NAME, "OAuth 2 Server - Authorization Grant endpoint", "web-vaadin7", Collections.singletonMap(OAuthAuthzWebEndpoint.OAUTH_CONSUMER_SERVLET_PATH, "OAuth 2 Authorization Grant web endpoint"));

        public EndpointTypeDescription getDescription() {
            return TYPE;
        }

        public EndpointInstance newInstance() {
            return (EndpointInstance) this.factory.getObject();
        }
    }

    @Autowired
    public OAuthAuthzWebEndpoint(NetworkServer networkServer, ApplicationContext applicationContext, FreemarkerAppHandler freemarkerAppHandler, @Qualifier("insecure") EntityManagement entityManagement, @Qualifier("insecure") AttributesManagement attributesManagement, PKIManagement pKIManagement, OAuthEndpointsCoordinator oAuthEndpointsCoordinator, ASConsentDeciderServletFactory aSConsentDeciderServletFactory, AdvertisedAddressProvider advertisedAddressProvider, MessageSource messageSource) {
        super(networkServer, advertisedAddressProvider, messageSource, applicationContext, OAuthAuthzUI.class.getSimpleName(), OAUTH_UI_SERVLET_PATH);
        this.freemarkerHandler = freemarkerAppHandler;
        this.attributesManagement = attributesManagement;
        this.identitiesManagement = entityManagement;
        this.pkiManagement = pKIManagement;
        this.coordinator = oAuthEndpointsCoordinator;
        this.dispatcherServletFactory = aSConsentDeciderServletFactory;
    }

    public void setSerializedConfiguration(String str) {
        super.setSerializedConfiguration(str);
        try {
            this.oauthProperties = new OAuthASProperties(this.properties, this.pkiManagement, getServletUrl(OAUTH_CONSUMER_SERVLET_PATH));
            this.coordinator.registerAuthzEndpoint(this.oauthProperties.getValue(OAuthASProperties.ISSUER_URI), getServletUrl(OAUTH_CONSUMER_SERVLET_PATH));
        } catch (Exception e) {
            throw new ConfigurationException("Can't initialize the OAuth 2 AS endpoint's configuration", e);
        }
    }

    protected ServletContextHandler getServletContextHandlerOverridable() {
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setContextPath(this.description.getEndpoint().getContextAddress());
        servletContextHandler.addServlet(createServletHolder(new OAuthParseServlet(this.oauthProperties, getServletUrl(OAUTH_ROUTING_SERVLET_PATH), new ErrorHandler(this.freemarkerHandler), this.identitiesManagement, this.attributesManagement), true), "/oauth2-authz/*");
        SessionManagement sessionManagement = (SessionManagement) this.applicationContext.getBean(SessionManagement.class);
        LoginToHttpSessionBinder loginToHttpSessionBinder = (LoginToHttpSessionBinder) this.applicationContext.getBean(LoginToHttpSessionBinder.class);
        UnityServerConfiguration unityServerConfiguration = (UnityServerConfiguration) this.applicationContext.getBean(UnityServerConfiguration.class);
        RememberMeProcessor rememberMeProcessor = (RememberMeProcessor) this.applicationContext.getBean(RememberMeProcessor.class);
        servletContextHandler.addServlet(createServletHolder(new RoutingServlet(OAUTH_CONSENT_DECIDER_SERVLET_PATH), true), "/oauth2-authz-web-entry/*");
        servletContextHandler.addServlet(createServletHolder(this.dispatcherServletFactory.getInstance(OAUTH_UI_SERVLET_PATH, "/authentication"), true), "/oauth2-authz-consentdecider/*");
        servletContextHandler.addFilter(new FilterHolder(new OAuthGuardFilter(new ErrorHandler(this.freemarkerHandler))), "/oauth2-authz-web-entry/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
        servletContextHandler.addFilter(new FilterHolder(new HiddenResourcesFilter(Collections.unmodifiableList(Arrays.asList("/authentication", OAUTH_CONSENT_DECIDER_SERVLET_PATH, OAUTH_UI_SERVLET_PATH)))), "/*", EnumSet.of(DispatcherType.REQUEST));
        this.authnFilter = new AuthenticationFilter(Collections.singletonList(OAUTH_ROUTING_SERVLET_PATH), "/authentication", this.description.getRealm(), sessionManagement, loginToHttpSessionBinder, rememberMeProcessor);
        servletContextHandler.addFilter(new FilterHolder(this.authnFilter), "/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
        this.proxyAuthnFilter = new ProxyAuthenticationFilter(this.authenticationFlows, this.description.getEndpoint().getContextAddress(), this.genericEndpointProperties.getBooleanValue("autoLogin").booleanValue());
        servletContextHandler.addFilter(new FilterHolder(this.proxyAuthnFilter), "/authentication/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
        this.contextSetupFilter = new InvocationContextSetupFilter(unityServerConfiguration, this.description.getRealm(), (String) null, getAuthenticationFlows());
        servletContextHandler.addFilter(new FilterHolder(this.contextSetupFilter), "/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
        EndpointRegistrationConfiguration registrationConfiguration = this.genericEndpointProperties.getRegistrationConfiguration();
        this.authenticationServlet = new UnityVaadinServlet(this.applicationContext, AuthenticationUI.class.getSimpleName(), this.description, this.authenticationFlows, registrationConfiguration, this.properties, getBootstrapHandler4Authn(OAUTH_ROUTING_SERVLET_PATH));
        this.authenticationServlet.setCancelHandler(new OAuthCancelHandler(new OAuthResponseHandler(sessionManagement)));
        ServletHolder createVaadinServletHolder = createVaadinServletHolder(this.authenticationServlet, true);
        servletContextHandler.addServlet(createVaadinServletHolder, "/authentication/*");
        servletContextHandler.addServlet(createVaadinServletHolder, "/VAADIN/*");
        this.theServlet = new UnityVaadinServlet(this.applicationContext, this.uiBeanName, this.description, this.authenticationFlows, registrationConfiguration, this.properties, getBootstrapHandler(OAUTH_ROUTING_SERVLET_PATH));
        servletContextHandler.addServlet(createVaadinServletHolder(this.theServlet, false), "/oauth2-authz-web-ui/*");
        return servletContextHandler;
    }
}
