package org.webswing.server.services.security.modules.openidconnect;

import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.server.services.security.api.AbstractWebswingUser;
import org.webswing.server.services.security.api.WebswingAuthenticationException;
import org.webswing.server.services.security.modules.AbstractExtendableSecurityModule;

/* loaded from: input_file:WEB-INF/lib/webswing-server-security-2.6.jar:org/webswing/server/services/security/modules/openidconnect/OpenIDConnectSecurityModule.class */
public class OpenIDConnectSecurityModule extends AbstractExtendableSecurityModule<OpenIDConnectSecurityModuleConfig> {
    private static final Logger log = LoggerFactory.getLogger(OpenIDConnectSecurityModule.class);
    private static final String OIDC_STATE = "OpenIdConnectSessionState";
    private OpenIdConnectClient client;

    public OpenIDConnectSecurityModule(OpenIDConnectSecurityModuleConfig openIDConnectSecurityModuleConfig) {
        super(openIDConnectSecurityModuleConfig);
    }

    @Override // org.webswing.server.services.security.modules.AbstractExtendableSecurityModule, org.webswing.server.services.security.modules.AbstractSecurityModule, org.webswing.server.services.security.api.WebswingSecurityModule
    public void init() {
        super.init();
        try {
            URL url = new URL(replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getCallbackUrl()));
            String replaceVar = replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getTrustedPemFile());
            File resolveFile = ((OpenIDConnectSecurityModuleConfig) getConfig()).getContext().resolveFile(replaceVar);
            boolean equals = "DISABLED".equals(replaceVar);
            String replaceVar2 = replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getRolesAttributeName());
            String replaceVar3 = replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getUsernameAttributeName());
            this.client = new OpenIdConnectClient(new URL(replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getImportDiscoveryJson())), url, replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getClientId()), replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getClientSecret()), equals, resolveFile, replaceVar2, replaceVar3);
        } catch (Exception e) {
            log.error("Initializing of OpenID Connect client failed.", (Throwable) e);
            throw new RuntimeException("Initializing of OpenID Connect client failed.", e);
        }
    }

    @Override // org.webswing.server.services.security.modules.AbstractSecurityModule
    protected void serveLoginPartial(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebswingAuthenticationException webswingAuthenticationException) throws IOException {
        String substring = UUID.randomUUID().toString().substring(0, 7);
        ((OpenIDConnectSecurityModuleConfig) getConfig()).getContext().setToSecuritySession(OIDC_STATE, substring);
        String openIDRedirectUrl = this.client.getOpenIDRedirectUrl(substring);
        if (webswingAuthenticationException != null || openIDRedirectUrl == null) {
            sendHtml(httpServletRequest, httpServletResponse, "errorPartial.html", webswingAuthenticationException);
        } else {
            sendRedirect(httpServletRequest, httpServletResponse, openIDRedirectUrl);
        }
    }

    @Override // org.webswing.server.services.security.modules.AbstractSecurityModule
    protected AbstractWebswingUser authenticate(HttpServletRequest httpServletRequest) throws WebswingAuthenticationException {
        OpenIdConnectClient openIdConnectClient = this.client;
        String code = OpenIdConnectClient.getCode(httpServletRequest);
        try {
            if (StringUtils.isEmpty(code)) {
                return null;
            }
            try {
                this.client.validateCodeRequest(httpServletRequest, (String) ((OpenIDConnectSecurityModuleConfig) getConfig()).getContext().getFromSecuritySession(OIDC_STATE));
                AbstractWebswingUser user = this.client.getUser(code, null);
                logSuccess(httpServletRequest, user.getUserId());
                ((OpenIDConnectSecurityModuleConfig) getConfig()).getContext().setToSecuritySession(OIDC_STATE, null);
                return user;
            } catch (Exception e) {
                logFailure(httpServletRequest, null, "Failed to authenticate." + e.getMessage());
                log.error("Failed to authenticate", (Throwable) e);
                throw new WebswingAuthenticationException("Failed to authenticate. " + e.getMessage(), WebswingAuthenticationException.FAILED_TO_AUTHENTICATE, e);
            }
        } catch (Throwable th) {
            ((OpenIDConnectSecurityModuleConfig) getConfig()).getContext().setToSecuritySession(OIDC_STATE, null);
            throw th;
        }
    }

    @Override // org.webswing.server.services.security.modules.AbstractSecurityModule
    public void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logoutRedirect(httpServletRequest, httpServletResponse, replaceVar(((OpenIDConnectSecurityModuleConfig) getConfig()).getLogoutUrl()));
    }
}
