package pl.edu.icm.unity.webui.authn;

import com.vaadin.server.Page;
import com.vaadin.server.SynchronizedRequestHandler;
import com.vaadin.server.VaadinRequest;
import com.vaadin.server.VaadinResponse;
import com.vaadin.server.VaadinService;
import com.vaadin.server.VaadinServletRequest;
import com.vaadin.server.VaadinServletResponse;
import com.vaadin.server.VaadinSession;
import com.vaadin.ui.UI;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticationProcessor;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.authn.PartialAuthnState;
import pl.edu.icm.unity.engine.api.authn.UnsuccessfulAuthenticationCounter;
import pl.edu.icm.unity.engine.api.authn.remote.UnknownRemoteUserException;
import pl.edu.icm.unity.engine.api.config.UnityServerConfiguration;
import pl.edu.icm.unity.engine.api.session.LoginToHttpSessionBinder;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.session.SessionParticipant;
import pl.edu.icm.unity.engine.api.session.SessionParticipantTypesRegistry;
import pl.edu.icm.unity.engine.api.session.SessionParticipants;
import pl.edu.icm.unity.engine.api.utils.ExecutorsService;
import pl.edu.icm.unity.exceptions.AuthorizationException;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.webui.CookieHelper;

@Scope("prototype")
@Component
@Primary
/* loaded from: input_file:pl/edu/icm/unity/webui/authn/StandardWebAuthenticationProcessor.class */
public class StandardWebAuthenticationProcessor implements WebAuthenticationProcessor {
    public static final String UNITY_SESSION_COOKIE_PFX = "USESSIONID_";

    @Autowired
    private UnityServerConfiguration config;

    @Autowired
    private SessionParticipantTypesRegistry participantTypesRegistry;

    @Autowired
    private SessionManagement sessionMan;

    @Autowired
    private LoginToHttpSessionBinder sessionBinder;

    @Autowired
    private LogoutProcessorsManager logoutProcessorsManager;

    @Autowired
    private AuthenticationProcessor authnProcessor;

    @Autowired
    private EntityManagement entityMan;

    @Autowired
    private ExecutorsService executorsService;

    @Autowired
    private RememberMeProcessor rememberMeProcessor;
    private static final Logger log = Log.getLogger("unity.server.web", StandardWebAuthenticationProcessor.class);
    private static final String LOGOUT_REDIRECT_TRIGGERING = StandardWebAuthenticationProcessor.class.getName() + ".invokeLogout";
    private static final String LOGOUT_REDIRECT_RET_URI = StandardWebAuthenticationProcessor.class.getName() + ".returnUri";

    /* loaded from: input_file:pl/edu/icm/unity/webui/authn/StandardWebAuthenticationProcessor$LogoutRedirectHandler.class */
    public class LogoutRedirectHandler extends SynchronizedRequestHandler {
        public LogoutRedirectHandler() {
        }

        public boolean synchronizedHandleRequest(VaadinSession vaadinSession, VaadinRequest vaadinRequest, VaadinResponse vaadinResponse) throws IOException {
            Boolean bool = (Boolean) vaadinSession.getAttribute(StandardWebAuthenticationProcessor.LOGOUT_REDIRECT_TRIGGERING);
            if (bool == null) {
                return false;
            }
            String str = (String) vaadinSession.getAttribute(StandardWebAuthenticationProcessor.LOGOUT_REDIRECT_RET_URI);
            vaadinSession.removeRequestHandler(this);
            VaadinServletResponse vaadinServletResponse = (VaadinServletResponse) vaadinResponse;
            try {
                try {
                    StandardWebAuthenticationProcessor.this.logoutProcessorsManager.handleAsyncLogout(StandardWebAuthenticationProcessor.this.sessionMan.getSession(InvocationContext.getCurrent().getLoginSession().getId()), null, str, vaadinServletResponse.getHttpServletResponse());
                } catch (Exception e) {
                    StandardWebAuthenticationProcessor.log.warn("Logout of session peers failed", e);
                }
                StandardWebAuthenticationProcessor.this.destroySession(bool.booleanValue());
                return true;
            } catch (IllegalArgumentException e2) {
                StandardWebAuthenticationProcessor.log.warn("Can not refresh the state of the current session. Logout of session participants won't be performed", e2);
                StandardWebAuthenticationProcessor.this.destroySession(bool.booleanValue());
                return false;
            }
        }
    }

    @Override // pl.edu.icm.unity.webui.authn.WebAuthenticationProcessor
    public Optional<PartialAuthnState> processPrimaryAuthnResult(AuthenticationResult authenticationResult, String str, AuthenticationRealm authenticationRealm, AuthenticationFlow authenticationFlow, boolean z, AuthenticationOptionKey authenticationOptionKey) throws AuthenticationException {
        LoginSession loginSessionForEntity;
        UnsuccessfulAuthenticationCounter loginCounter = getLoginCounter();
        try {
            PartialAuthnState processPrimaryAuthnResult = this.authnProcessor.processPrimaryAuthnResult(authenticationResult, authenticationFlow, authenticationOptionKey);
            if (processPrimaryAuthnResult.isSecondaryAuthenticationRequired()) {
                Optional<LoginSession> processRememberedSecondFactor = this.rememberMeProcessor.processRememberedSecondFactor(VaadinServletRequest.getCurrent(), VaadinServletResponse.getCurrent(), authenticationResult.getAuthenticatedEntity().getEntityId().longValue(), str, authenticationRealm, getLoginCounter());
                if (!processRememberedSecondFactor.isPresent()) {
                    return Optional.ofNullable(processPrimaryAuthnResult);
                }
                loginSessionForEntity = processRememberedSecondFactor.get();
                log.debug("Second factor authn is remembered by entity " + loginSessionForEntity.getEntityId() + ", skipping it");
            } else {
                loginSessionForEntity = getLoginSessionForEntity(processPrimaryAuthnResult.getPrimaryResult().getAuthenticatedEntity(), authenticationRealm, processPrimaryAuthnResult.getFirstFactorOptionId(), null);
            }
            if (loginSessionForEntity == null) {
                throw new IllegalStateException("BUG: code tried to finalize authentication without login session");
            }
            AuthenticatedEntity finalizeAfterPrimaryAuthentication = this.authnProcessor.finalizeAfterPrimaryAuthentication(processPrimaryAuthnResult, loginSessionForEntity.getRememberMeInfo().secondFactorSkipped);
            logged(finalizeAfterPrimaryAuthentication, loginSessionForEntity, authenticationRealm, str, z, AuthenticationProcessor.extractParticipants(new AuthenticationResult[]{authenticationResult}));
            finalizeLogin(finalizeAfterPrimaryAuthentication);
            return Optional.empty();
        } catch (AuthenticationException e) {
            if (!(e instanceof UnknownRemoteUserException)) {
                loginCounter.unsuccessfulAttempt(str);
            }
            throw e;
        }
    }

    public LoginSession getLoginSessionForEntity(AuthenticatedEntity authenticatedEntity, AuthenticationRealm authenticationRealm, AuthenticationOptionKey authenticationOptionKey, AuthenticationOptionKey authenticationOptionKey2) {
        long longValue = authenticatedEntity.getEntityId().longValue();
        return this.sessionMan.getCreateSession(longValue, authenticationRealm, getLabel(longValue), authenticatedEntity.getOutdatedCredentialId(), new LoginSession.RememberMeInfo(false, false), authenticationOptionKey, authenticationOptionKey2);
    }

    @Override // pl.edu.icm.unity.webui.authn.WebAuthenticationProcessor
    public void processSecondaryAuthnResult(PartialAuthnState partialAuthnState, AuthenticationResult authenticationResult, String str, AuthenticationRealm authenticationRealm, AuthenticationFlow authenticationFlow, boolean z, AuthenticationOptionKey authenticationOptionKey) throws AuthenticationException {
        UnsuccessfulAuthenticationCounter loginCounter = getLoginCounter();
        try {
            AuthenticatedEntity finalizeAfterSecondaryAuthentication = this.authnProcessor.finalizeAfterSecondaryAuthentication(partialAuthnState, authenticationResult);
            logged(finalizeAfterSecondaryAuthentication, getLoginSessionForEntity(finalizeAfterSecondaryAuthentication, authenticationRealm, partialAuthnState.getFirstFactorOptionId(), authenticationOptionKey), authenticationRealm, str, z, AuthenticationProcessor.extractParticipants(new AuthenticationResult[]{partialAuthnState.getPrimaryResult(), authenticationResult}));
            finalizeLogin(finalizeAfterSecondaryAuthentication);
        } catch (AuthenticationException e) {
            if (!(e instanceof UnknownRemoteUserException)) {
                loginCounter.unsuccessfulAttempt(str);
            }
            throw e;
        }
    }

    private void finalizeLogin(AuthenticatedEntity authenticatedEntity) throws AuthenticationException {
        if (authenticatedEntity.getOutdatedCredentialId() != null) {
            UI.getCurrent().getPage().reload();
        } else {
            gotoOrigin(this.executorsService.getService());
        }
    }

    private String getLabel(long j) {
        try {
            return this.entityMan.getEntityLabel(new EntityParam(Long.valueOf(j)));
        } catch (EngineException e) {
            log.error("Can not get the attribute designated with EntityName", e);
            return null;
        } catch (AuthorizationException e2) {
            log.debug("Not setting entity's label as the client is not authorized to read the attribute", e2);
            return null;
        }
    }

    public void logged(AuthenticatedEntity authenticatedEntity, LoginSession loginSession, AuthenticationRealm authenticationRealm, String str, boolean z, List<SessionParticipant> list) throws AuthenticationException {
        InvocationContext.getCurrent().setLoginSession(loginSession);
        try {
            this.sessionMan.updateSessionAttributes(loginSession.getId(), new SessionParticipants.AddParticipantToSessionTask(this.participantTypesRegistry, (SessionParticipant[]) list.toArray(new SessionParticipant[list.size()])));
            VaadinSession current = VaadinSession.getCurrent();
            if (current == null) {
                log.error("BUG: Can't get VaadinSession to store authenticated user's data.");
                throw new AuthenticationException("AuthenticationProcessor.authnInternalError");
            }
            VaadinService.reinitializeSession(VaadinService.getCurrentRequest());
            this.sessionBinder.bindHttpSession(current.getSession().getHttpSession(), loginSession);
            HttpServletResponse current2 = VaadinServletResponse.getCurrent();
            if (z) {
                this.rememberMeProcessor.addRememberMeCookieAndUnityToken(current2, authenticationRealm, str, loginSession.getEntityId(), loginSession.getStarted(), loginSession.getLogin1stFactorOptionId(), loginSession.getLogin2ndFactorOptionId());
            }
            addSessionCookie(getSessionCookieName(authenticationRealm.getName()), loginSession.getId(), VaadinServletResponse.getCurrent());
            loginSession.addAuthenticatedIdentities(authenticatedEntity.getAuthenticatedWith());
            loginSession.setRemoteIdP(authenticatedEntity.getRemoteIdP());
            if (loginSession.isUsedOutdatedCredential()) {
                log.info("User {} logged with outdated credential", Long.valueOf(loginSession.getEntityId()));
            }
            log.info("Logged with session: {}, first factor authn option: {}, second factor authn option: {}, first factor skipped: {}, second factor skipped: {}", loginSession.toString(), loginSession.getLogin1stFactorOptionId(), loginSession.getLogin2ndFactorOptionId(), Boolean.valueOf(loginSession.getRememberMeInfo().firstFactorSkipped), Boolean.valueOf(loginSession.getRememberMeInfo().secondFactorSkipped));
        } catch (IllegalArgumentException e) {
            log.error("Can't store session participants", e);
            throw new AuthenticationException("AuthenticationProcessor.authnInternalError");
        }
    }

    public static String getSessionCookieName(String str) {
        return UNITY_SESSION_COOKIE_PFX + str;
    }

    private void addSessionCookie(String str, String str2, HttpServletResponse httpServletResponse) {
        httpServletResponse.addCookie(CookieHelper.setupHttpCookie(str, str2, -1));
    }

    private static void gotoOrigin(ScheduledExecutorService scheduledExecutorService) throws AuthenticationException {
        UI current = UI.getCurrent();
        if (current == null) {
            log.error("BUG Can't get UI to redirect the authenticated user.");
            throw new AuthenticationException("AuthenticationProcessor.authnInternalError");
        }
        scheduledExecutorService.schedule(() -> {
            current.getSession().close();
        }, 10L, TimeUnit.SECONDS);
        current.getPage().reload();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroySession(boolean z) {
        LoginSession loginSession = InvocationContext.getCurrent().getLoginSession();
        if (loginSession == null) {
            throw new IllegalStateException("There is no login session");
        }
        this.sessionMan.removeSession(loginSession.getId(), z);
    }

    @Override // pl.edu.icm.unity.webui.authn.WebAuthenticationProcessor
    public void logout() {
        logout(false);
    }

    @Override // pl.edu.icm.unity.webui.authn.WebAuthenticationProcessor
    public void logout(boolean z) {
        Page current = Page.getCurrent();
        logoutSessionPeers(current.getLocation(), z);
        current.reload();
    }

    private void logoutSessionPeers(URI uri, boolean z) {
        UnityServerConfiguration.LogoutMode enumValue = this.config.getEnumValue("logoutMode", UnityServerConfiguration.LogoutMode.class);
        LoginSession loginSession = InvocationContext.getCurrent().getLoginSession();
        if (enumValue == UnityServerConfiguration.LogoutMode.internalOnly) {
            destroySession(z);
        } else if (enumValue == UnityServerConfiguration.LogoutMode.internalAndSyncPeers) {
            try {
                this.logoutProcessorsManager.handleSynchronousLogout(this.sessionMan.getSession(loginSession.getId()));
            } catch (IllegalArgumentException e) {
                log.warn("Can not refresh the state of the current session. Logout of session participants won't be performed", e);
            }
            destroySession(z);
        } else {
            VaadinSession current = VaadinSession.getCurrent();
            current.addRequestHandler(new LogoutRedirectHandler());
            current.setAttribute(LOGOUT_REDIRECT_TRIGGERING, new Boolean(z));
            current.setAttribute(LOGOUT_REDIRECT_RET_URI, Page.getCurrent().getLocation().toASCIIString());
        }
        this.rememberMeProcessor.removeRememberMeWithWholeAuthn(loginSession.getRealm(), VaadinServletRequest.getCurrent(), VaadinServletResponse.getCurrent());
    }

    public static UnsuccessfulAuthenticationCounter getLoginCounter() {
        return (UnsuccessfulAuthenticationCounter) VaadinSession.getCurrent().getSession().getHttpSession().getServletContext().getAttribute(UnsuccessfulAuthenticationCounter.class.getName());
    }
}
