package pl.edu.icm.unity.webui.forms.reg;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.vaadin.server.VaadinServletResponse;
import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.RealmsManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.InteractiveAuthenticationProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedPrincipal;
import pl.edu.icm.unity.engine.api.session.SessionParticipant;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.registration.RegistrationForm;
import pl.edu.icm.unity.types.registration.RegistrationRequestState;
import pl.edu.icm.unity.types.registration.RegistrationRequestStatus;
import pl.edu.icm.unity.webui.authn.LoginMachineDetailsExtractor;
import pl.edu.icm.unity.webui.authn.column.VaadinSessionReinitializer;

/* JADX INFO: Access modifiers changed from: package-private */
@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/webui/forms/reg/AutoLoginAfterSignUpProcessor.class */
public class AutoLoginAfterSignUpProcessor {
    private static final Logger LOG = Log.getLogger("unity.server.web", AutoLoginAfterSignUpProcessor.class);

    @Autowired
    private InteractiveAuthenticationProcessor authnProcessor;

    @Autowired
    @Qualifier("insecure")
    private RealmsManagement realmsManagement;

    AutoLoginAfterSignUpProcessor() {
    }

    public boolean signInIfPossible(RegistrationRequestEditor registrationRequestEditor, RegistrationRequestState registrationRequestState) {
        if (registrationRequestState == null) {
            return false;
        }
        if (registrationRequestState.getStatus() != RegistrationRequestStatus.accepted) {
            LOG.debug("Registration request {} is not eligible for automatic sign in, status was: {}, expected: {}", registrationRequestState.getRequestId(), registrationRequestState.getStatus(), RegistrationRequestStatus.accepted);
            return false;
        }
        RegistrationForm mo131getForm = registrationRequestEditor.mo131getForm();
        if (Strings.isNullOrEmpty(mo131getForm.getAutoLoginToRealm())) {
            LOG.debug("Automatic login for registration form {} disabled, skipping sign in for registration request {}", mo131getForm.getName(), registrationRequestState.getRequestId());
            return false;
        }
        RemotelyAuthenticatedPrincipal remoteAuthnContext = registrationRequestEditor.getRemoteAuthnContext();
        if (RemotelyAuthenticatedPrincipal.isLocalContext(remoteAuthnContext)) {
            LOG.debug("Automatic login for registration request {} is not supported, auto sign in requires form to be submitted with remote sign up method", registrationRequestState.getRequestId());
            return false;
        }
        if (registrationRequestEditor.getAuthnOptionKey() == null) {
            LOG.debug("Automatic login for registration request {} is not supported, auto sign in requires information on the authentication option key used for sign in", registrationRequestState.getRequestId());
            return false;
        }
        try {
            AuthenticationRealm realm = this.realmsManagement.getRealm(mo131getForm.getAutoLoginToRealm());
            if (remoteAuthnContext.getCreationTime() == null) {
                LOG.debug("Unable to determine whether session expired or not, entity {} is not eligible for sign up after registration {}.", registrationRequestState.getCreatedEntityId(), registrationRequestState.getRequestId());
                return false;
            }
            if (isSessionExpiredDueToUserInactivity(remoteAuthnContext.getCreationTime(), realm)) {
                LOG.debug("Automatic login for registration request {} is not possible, session expired.", registrationRequestState.getRequestId());
                return false;
            }
            try {
                AuthenticatedEntity authenticatedEntity = new AuthenticatedEntity(registrationRequestState.getCreatedEntityId(), remoteAuthnContext.getMappingResult().getAuthenticatedWith(), (String) null);
                authenticatedEntity.setRemoteIdP(remoteAuthnContext.getRemoteIdPName());
                loginUser(authenticatedEntity, realm, remoteAuthnContext, registrationRequestEditor.getAuthnOptionKey());
                LOG.info("Entity Id {} automatically signed into realm {}, as the result of successful registration request processing: {}", registrationRequestState.getCreatedEntityId(), mo131getForm.getAutoLoginToRealm(), registrationRequestState.getRequestId());
                return true;
            } catch (Exception e) {
                LOG.error("Failed to automatically sign in entity {}", registrationRequestState.getCreatedEntityId(), e);
                return false;
            }
        } catch (EngineException e2) {
            LOG.error("Unable to automatically sign in entity {}.", registrationRequestState.getCreatedEntityId(), e2);
            return false;
        }
    }

    private boolean isSessionExpiredDueToUserInactivity(Instant instant, AuthenticationRealm authenticationRealm) {
        return Instant.now().getEpochSecond() - instant.getEpochSecond() > ((long) authenticationRealm.getMaxInactivity());
    }

    private void loginUser(AuthenticatedEntity authenticatedEntity, AuthenticationRealm authenticationRealm, RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal, AuthenticationOptionKey authenticationOptionKey) {
        VaadinServletResponse current = VaadinServletResponse.getCurrent();
        this.authnProcessor.syntheticAuthenticate(authenticatedEntity, extractParticipants(remotelyAuthenticatedPrincipal), authenticationOptionKey, authenticationRealm, LoginMachineDetailsExtractor.getLoginMachineDetailsFromCurrentRequest(), false, current, new VaadinSessionReinitializer());
    }

    private List<SessionParticipant> extractParticipants(RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal) {
        ArrayList newArrayList = Lists.newArrayList();
        if (remotelyAuthenticatedPrincipal.getSessionParticipants() != null) {
            newArrayList.addAll(remotelyAuthenticatedPrincipal.getSessionParticipants());
        }
        return newArrayList;
    }
}
