package pl.edu.icm.unity.oauth.as.webauthz;

import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.vaadin.annotations.Theme;
import com.vaadin.server.Page;
import com.vaadin.server.VaadinRequest;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PreferencesManagement;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.identity.IdentityTypeSupport;
import pl.edu.icm.unity.engine.api.idp.CommonIdPProperties;
import pl.edu.icm.unity.engine.api.idp.IdPEngine;
import pl.edu.icm.unity.engine.api.policyAgreement.PolicyAgreementManagement;
import pl.edu.icm.unity.engine.api.translation.out.TranslationResult;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;
import pl.edu.icm.unity.oauth.as.OAuthErrorResponseException;
import pl.edu.icm.unity.oauth.as.OAuthIdpStatisticReporter;
import pl.edu.icm.unity.oauth.as.OAuthProcessor;
import pl.edu.icm.unity.types.basic.DynamicAttribute;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.basic.idpStatistic.IdpStatistic;
import pl.edu.icm.unity.types.policyAgreement.PolicyAgreementConfiguration;
import pl.edu.icm.unity.webui.UnityEndpointUIBase;
import pl.edu.icm.unity.webui.authn.StandardWebLogoutHandler;
import pl.edu.icm.unity.webui.common.attributes.AttributeHandlerRegistry;
import pl.edu.icm.unity.webui.common.policyAgreement.PolicyAgreementScreen;
import pl.edu.icm.unity.webui.forms.enquiry.EnquiresDialogLauncher;
import pl.edu.icm.unity.webui.idpcommon.EopException;
import pl.edu.icm.unity.webui.idpcommon.activesel.ActiveValueSelectionScreen;

@Theme("unityThemeValo")
@Scope("prototype")
@Component("OAuthAuthzUI")
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/webauthz/OAuthAuthzUI.class */
public class OAuthAuthzUI extends UnityEndpointUIBase {
    private static Logger log = Log.getLogger("unity.server.oauth", OAuthAuthzUI.class);
    private final MessageSource msg;
    private final OAuthIdPEngine idpEngine;
    private final AttributeHandlerRegistry handlersRegistry;
    private final PreferencesManagement preferencesMan;
    private final StandardWebLogoutHandler authnProcessor;
    private final IdentityTypeSupport idTypeSupport;
    private final AttributeTypeSupport aTypeSupport;
    private final OAuthSessionService oauthSessionService;
    private final OAuthProcessor oauthProcessor;
    private final PolicyAgreementManagement policyAgreementsMan;
    private OAuthResponseHandler oauthResponseHandler;
    private IdentityParam identity;
    private ObjectFactory<PolicyAgreementScreen> policyAgreementScreenObjectFactory;
    private final OAuthIdpStatisticReporter.OAuthIdpStatisticReporterFactory idpStatisticReporterFactory;

    @Autowired
    public OAuthAuthzUI(MessageSource messageSource, OAuthProcessor oAuthProcessor, AttributeHandlerRegistry attributeHandlerRegistry, PreferencesManagement preferencesManagement, StandardWebLogoutHandler standardWebLogoutHandler, IdPEngine idPEngine, EnquiresDialogLauncher enquiresDialogLauncher, IdentityTypeSupport identityTypeSupport, AttributeTypeSupport attributeTypeSupport, OAuthSessionService oAuthSessionService, PolicyAgreementManagement policyAgreementManagement, ObjectFactory<PolicyAgreementScreen> objectFactory, OAuthIdpStatisticReporter.OAuthIdpStatisticReporterFactory oAuthIdpStatisticReporterFactory) {
        super(messageSource, enquiresDialogLauncher);
        this.msg = messageSource;
        this.oauthProcessor = oAuthProcessor;
        this.handlersRegistry = attributeHandlerRegistry;
        this.preferencesMan = preferencesManagement;
        this.authnProcessor = standardWebLogoutHandler;
        this.oauthSessionService = oAuthSessionService;
        this.idpEngine = new OAuthIdPEngine(idPEngine);
        this.idTypeSupport = identityTypeSupport;
        this.aTypeSupport = attributeTypeSupport;
        this.policyAgreementsMan = policyAgreementManagement;
        this.policyAgreementScreenObjectFactory = objectFactory;
        this.idpStatisticReporterFactory = oAuthIdpStatisticReporterFactory;
    }

    protected void enter(VaadinRequest vaadinRequest) {
        OAuthAuthzContext vaadinContext = OAuthSessionService.getVaadinContext();
        OAuthASProperties config = vaadinContext.getConfig();
        List<PolicyAgreementConfiguration> filterAgreementsToPresents = filterAgreementsToPresents(config);
        if (filterAgreementsToPresents.isEmpty()) {
            activeValueSelectionAndConsentStage(vaadinContext, config);
        } else {
            policyAgreementsStage(vaadinContext, config, filterAgreementsToPresents);
        }
    }

    private List<PolicyAgreementConfiguration> filterAgreementsToPresents(OAuthASProperties oAuthASProperties) {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.addAll(this.policyAgreementsMan.filterAgreementToPresent(new EntityParam(Long.valueOf(InvocationContext.getCurrent().getLoginSession().getEntityId())), CommonIdPProperties.getPolicyAgreementsConfig(this.msg, oAuthASProperties).agreements));
        } catch (EngineException e) {
            log.error("Unable to determine policy agreements to accept");
        }
        return arrayList;
    }

    private void policyAgreementsStage(OAuthAuthzContext oAuthAuthzContext, OAuthASProperties oAuthASProperties, List<PolicyAgreementConfiguration> list) {
        setContent(((PolicyAgreementScreen) this.policyAgreementScreenObjectFactory.getObject()).withTitle(oAuthASProperties.getLocalizedStringWithoutFallbackToDefault(this.msg, "policyAgreementsTitle")).withInfo(oAuthASProperties.getLocalizedStringWithoutFallbackToDefault(this.msg, "policyAgreementsInfo")).withAgreements(list).withWidht((float) oAuthASProperties.getLongValue("policyAgreementsWidth").longValue(), oAuthASProperties.getValue("policyAgreementsWidthUnit")).withSubmitHandler(() -> {
            activeValueSelectionAndConsentStage(oAuthAuthzContext, oAuthASProperties);
        }));
    }

    private void activeValueSelectionAndConsentStage(OAuthAuthzContext oAuthAuthzContext, OAuthASProperties oAuthASProperties) {
        try {
            TranslationResult translationResult = getTranslationResult(oAuthAuthzContext);
            handleRedirectIfNeeded(translationResult);
            this.identity = this.idpEngine.getIdentity(translationResult, oAuthAuthzContext.getConfig().getSubjectIdentityType());
            Set<DynamicAttribute> filterAttributes = OAuthProcessor.filterAttributes(translationResult, oAuthAuthzContext.getEffectiveRequestedAttrs());
            Optional activeValueSelectionConfig = CommonIdPProperties.getActiveValueSelectionConfig(oAuthASProperties, oAuthAuthzContext.getClientUsername(), filterAttributes);
            if (activeValueSelectionConfig.isPresent()) {
                showActiveValueSelectionScreen((CommonIdPProperties.ActiveValueSelectionConfig) activeValueSelectionConfig.get());
            } else {
                gotoConsentStage(filterAttributes);
            }
        } catch (EopException e) {
        }
    }

    private void gotoConsentStage(Collection<DynamicAttribute> collection) {
        if (OAuthSessionService.getVaadinContext().getConfig().isSkipConsent()) {
            onFinalConfirm(this.identity, collection);
        } else {
            setContent(new OAuthConsentScreen(this.msg, this.handlersRegistry, this.preferencesMan, this.authnProcessor, this.idTypeSupport, this.aTypeSupport, this.identity, collection, this::onDecline, this::onFinalConfirm, this.oauthResponseHandler));
        }
    }

    private void showActiveValueSelectionScreen(CommonIdPProperties.ActiveValueSelectionConfig activeValueSelectionConfig) {
        setContent(new ActiveValueSelectionScreen(this.msg, this.handlersRegistry, this.authnProcessor, activeValueSelectionConfig.singleSelectableAttributes, activeValueSelectionConfig.multiSelectableAttributes, activeValueSelectionConfig.remainingAttributes, this::onDecline, (v1) -> {
            gotoConsentStage(v1);
        }));
    }

    private TranslationResult getTranslationResult(OAuthAuthzContext oAuthAuthzContext) throws EopException {
        this.oauthResponseHandler = new OAuthResponseHandler(this.oauthSessionService, this.idpStatisticReporterFactory.getForEndpoint(this.endpointDescription.getEndpoint()));
        try {
            return this.idpEngine.getUserInfo(oAuthAuthzContext);
        } catch (OAuthErrorResponseException e) {
            this.oauthResponseHandler.returnOauthResponseAndReportStatistic(e.getOauthResponse(), e.isInvalidateSession(), oAuthAuthzContext, IdpStatistic.Status.FAILED);
            return null;
        } catch (Exception e2) {
            log.error("Engine problem when handling client request", e2);
            this.oauthResponseHandler.returnOauthResponseAndReportStatistic(new AuthorizationErrorResponse(oAuthAuthzContext.getReturnURI(), OAuth2Error.SERVER_ERROR, oAuthAuthzContext.getRequest().getState(), oAuthAuthzContext.getRequest().impliedResponseMode()), true, oAuthAuthzContext, IdpStatistic.Status.FAILED);
            return null;
        }
    }

    private void handleRedirectIfNeeded(TranslationResult translationResult) throws EopException {
        String redirectURL = translationResult.getRedirectURL();
        if (redirectURL != null) {
            Page.getCurrent().open(redirectURL, (String) null);
            throw new EopException();
        }
    }

    private void onDecline() {
        OAuthAuthzContext vaadinContext = OAuthSessionService.getVaadinContext();
        this.oauthResponseHandler.returnOauthResponseNotThrowingAndReportStatistic(new AuthorizationErrorResponse(vaadinContext.getReturnURI(), OAuth2Error.ACCESS_DENIED, vaadinContext.getRequest().getState(), vaadinContext.getRequest().impliedResponseMode()), false, vaadinContext, IdpStatistic.Status.FAILED);
    }

    private void onFinalConfirm(IdentityParam identityParam, Collection<DynamicAttribute> collection) {
        OAuthAuthzContext vaadinContext = OAuthSessionService.getVaadinContext();
        try {
            this.oauthResponseHandler.returnOauthResponseNotThrowing(this.oauthProcessor.prepareAuthzResponseAndRecordInternalState(collection, identityParam, vaadinContext, this.oauthResponseHandler.statReporter), false);
        } catch (Exception e) {
            log.error("Error during OAuth processing", e);
            this.oauthResponseHandler.returnOauthResponseNotThrowingAndReportStatistic(new AuthorizationErrorResponse(vaadinContext.getReturnURI(), OAuth2Error.SERVER_ERROR, vaadinContext.getRequest().getState(), vaadinContext.getRequest().impliedResponseMode()), false, vaadinContext, IdpStatistic.Status.FAILED);
        }
    }
}
