package de.sep.sesam.restapi.v2.auth.impl;

import com.jidesoft.dialog.ButtonNames;
import de.sep.sesam.common.logging.LogContext;
import de.sep.sesam.model.Credentials;
import de.sep.sesam.model.auth.SessionType;
import de.sep.sesam.model.auth.dto.LoginDto;
import de.sep.sesam.model.dto.SessionDto;
import de.sep.sesam.model.type.UserOrigin;
import de.sep.sesam.rest.exceptions.AuthenticationException;
import de.sep.sesam.rest.exceptions.IllegalParameterException;
import de.sep.sesam.rest.exceptions.OperationNotPossibleException;
import de.sep.sesam.rest.exceptions.ServiceException;
import de.sep.sesam.restapi.authentication.AbstractExternalCredentialsLogin;
import de.sep.sesam.restapi.authentication.ActiveDirectoryCredentialsLogin;
import de.sep.sesam.restapi.authentication.LDAPCredentialsLogin;
import de.sep.sesam.restapi.authentication.SessionContext;
import de.sep.sesam.restapi.authentication.SessionHandler;
import de.sep.sesam.restapi.core.interfaces.ISepHttpRequest;
import de.sep.sesam.restapi.dao.login.LoginService;
import de.sep.sesam.restapi.v2.auth.AuthServiceServer;
import de.sep.sesam.restapi.v2.base.AbstractRestServiceImpl;
import de.sep.sesam.restapi.v2.base.ISepHttpRequestServer;
import de.sep.sesam.security.CertificateAuthenticationHandler;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.cookie.CookieHeaderNames;
import io.netty.handler.codec.http.cookie.DefaultCookie;
import io.netty.handler.codec.http.cookie.ServerCookieEncoder;
import java.io.ByteArrayInputStream;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.NestedRuntimeException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/sep/sesam/restapi/v2/auth/impl/AuthServiceImpl.class */
public final class AuthServiceImpl extends AbstractRestServiceImpl implements AuthServiceServer {
    private final LoginService loginService;
    static final /* synthetic */ boolean $assertionsDisabled;

    public AuthServiceImpl(LoginService loginService) {
        this.loginService = loginService;
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthService
    public String login(LoginDto loginDto) throws ServiceException {
        throw new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.MISSING_PARAMETER, "request");
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthServiceServer
    public String loginWithAdditionalParams(LoginDto loginDto, ISepHttpRequest iSepHttpRequest) throws ServiceException {
        if (!$assertionsDisabled && loginDto == null) {
            throw new AssertionError();
        }
        SocketAddress ip = SessionHandler.getIp();
        if (ip != null) {
            loginDto.setIp(((InetSocketAddress) ip).getHostString());
        }
        if (loginDto.getIp() == null) {
            return null;
        }
        String certificateEncoded = loginDto.getCertificateEncoded();
        if (StringUtils.isNotBlank(certificateEncoded)) {
            try {
                loginDto.setCertificate((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(new String(new Base64().decode(certificateEncoded), StandardCharsets.UTF_8)))));
            } catch (CertificateException e) {
            }
            try {
                CertificateAuthenticationHandler certificateAuthenticationHandler = CertificateAuthenticationHandler.getInstance();
                if (!$assertionsDisabled && certificateAuthenticationHandler == null) {
                    throw new AssertionError();
                }
                certificateAuthenticationHandler.validate(loginDto.getUsername(), loginDto.getCertificate());
            } catch (AuthenticationException e2) {
                loginDto.setCertificate(null);
                if (StringUtils.isBlank(loginDto.getSecret())) {
                    throw e2;
                }
            }
        }
        String secret = loginDto.getSecret();
        if (StringUtils.isNotBlank(secret)) {
            String str = null;
            try {
                str = URLDecoder.decode(secret, StandardCharsets.UTF_8);
            } catch (IllegalArgumentException e3) {
            }
            if (StringUtils.isNotBlank(str)) {
                loginDto.setSecret(str);
            }
        }
        String authenticate = this.loginService.authenticate(loginDto, false);
        if (StringUtils.isNotBlank(authenticate)) {
            SessionContext sessionContext = SessionHandler.get(authenticate);
            if ((iSepHttpRequest instanceof ISepHttpRequestServer) && sessionContext != null && SessionType.WEB.equals(sessionContext.getSessionType())) {
                DefaultCookie defaultCookie = new DefaultCookie(SessionHandler.COOKIE_NAME, authenticate);
                defaultCookie.setMaxAge(Long.MIN_VALUE);
                defaultCookie.setPath("/");
                defaultCookie.setSameSite(CookieHeaderNames.SameSite.Lax);
                HttpResponse response = ((ISepHttpRequestServer) iSepHttpRequest).getResponse();
                if (!$assertionsDisabled && response == null) {
                    throw new AssertionError();
                }
                response.headers().add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.STRICT.encode(defaultCookie));
            }
        }
        return authenticate;
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthService
    public Boolean logout() throws ServiceException {
        throw new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.MISSING_PARAMETER, "request");
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthServiceServer
    public Boolean logoutWithAdditionalParams(ISepHttpRequest iSepHttpRequest) throws ServiceException {
        SessionContext sessionContext = (SessionContext) SecurityContextHolder.getContext().getAuthentication();
        if (sessionContext != null && !sessionContext.equals(SessionHandler.ANONYMOUS) && sessionContext.getId() != null) {
            SessionHandler.remove(sessionContext.getId());
        }
        LogContext.destroy();
        if ((iSepHttpRequest instanceof ISepHttpRequestServer) && iSepHttpRequest.isSessionCookie()) {
            DefaultCookie defaultCookie = new DefaultCookie(SessionHandler.COOKIE_NAME, "");
            defaultCookie.setMaxAge(-1L);
            defaultCookie.setPath("/");
            defaultCookie.setSameSite(CookieHeaderNames.SameSite.Lax);
            HttpResponse response = ((ISepHttpRequestServer) iSepHttpRequest).getResponse();
            if (!$assertionsDisabled && response == null) {
                throw new AssertionError();
            }
            response.headers().add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.STRICT.encode(defaultCookie));
        }
        return Boolean.TRUE;
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthService
    public SessionDto getSession() throws ServiceException {
        throw new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.MISSING_PARAMETER, "request");
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthServiceServer
    public SessionDto getSessionWithAdditionalParams(ISepHttpRequest iSepHttpRequest) throws ServiceException {
        SessionContext sessionContext = (SessionContext) SecurityContextHolder.getContext().getAuthentication();
        if (sessionContext == null) {
            throw new AuthenticationException(AuthenticationException.AuthMessage.NOT_LOGGED_IN, new Object[0]);
        }
        Map<String, String> queryParameters = iSepHttpRequest != null ? iSepHttpRequest.getQueryParameters() : null;
        if (queryParameters != null) {
            SessionType valueOf = StringUtils.isNotBlank(queryParameters.get("type")) ? SessionType.valueOf(queryParameters.get("type").toUpperCase()) : null;
            boolean z = StringUtils.isNotBlank(queryParameters.get("forceCookie")) && Boolean.parseBoolean(queryParameters.get("forceCookie"));
            if (valueOf != null && ((!valueOf.equals(sessionContext.getSessionType()) || z) && SessionType.WEB.equals(valueOf))) {
                if (!valueOf.equals(sessionContext.getSessionType())) {
                    sessionContext = new SessionContext(sessionContext, valueOf, null);
                }
                sessionContext.setIp(iSepHttpRequest.getHostDomain());
                SessionHandler.put(sessionContext);
                if (iSepHttpRequest instanceof ISepHttpRequestServer) {
                    DefaultCookie defaultCookie = new DefaultCookie(SessionHandler.COOKIE_NAME, sessionContext.getId());
                    defaultCookie.setMaxAge(Long.MIN_VALUE);
                    defaultCookie.setPath("/");
                    defaultCookie.setSameSite(CookieHeaderNames.SameSite.Lax);
                    HttpResponse response = ((ISepHttpRequestServer) iSepHttpRequest).getResponse();
                    if (!$assertionsDisabled && response == null) {
                        throw new AssertionError();
                    }
                    response.headers().add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.STRICT.encode(defaultCookie));
                }
            }
        }
        SessionDto sessionDto = new SessionDto();
        sessionDto.setId(sessionContext.getId());
        sessionDto.setName(sessionContext.getName());
        sessionDto.setLoginName(sessionContext.getLoginName());
        sessionDto.setSessionType(sessionContext.getSessionType());
        sessionDto.setAddress(sessionContext.getIp());
        List<String> list = null;
        if (CollectionUtils.isEmpty(sessionContext.getRoles())) {
            sessionContext.hasAnyRole("NONE");
        }
        if (CollectionUtils.isNotEmpty(sessionContext.getRoles())) {
            list = (List) sessionContext.getRoles().stream().map((v0) -> {
                return v0.getName();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).collect(Collectors.toList());
        }
        sessionDto.setRoles(list);
        return sessionDto;
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthService
    public List<SessionDto> getSessions() throws ServiceException {
        ArrayList arrayList = new ArrayList();
        for (SessionContext sessionContext : SessionHandler.getAll()) {
            SessionDto sessionDto = new SessionDto();
            sessionDto.setId(sessionContext.getId());
            sessionDto.setName(sessionContext.getName());
            sessionDto.setLoginName(sessionContext.getLoginName());
            sessionDto.setSessionType(sessionContext.getSessionType());
            sessionDto.setAddress(sessionContext.getIp());
            List<String> list = null;
            if (CollectionUtils.isEmpty(sessionContext.getRoles())) {
                sessionContext.hasAnyRole("NONE");
            }
            if (CollectionUtils.isNotEmpty(sessionContext.getRoles())) {
                list = (List) sessionContext.getRoles().stream().map((v0) -> {
                    return v0.getName();
                }).filter((v0) -> {
                    return StringUtils.isNotBlank(v0);
                }).collect(Collectors.toList());
            }
            sessionDto.setRoles(list);
            arrayList.add(sessionDto);
        }
        return arrayList;
    }

    @Override // de.sep.sesam.restapi.v2.auth.AuthService
    public String testConnection(Credentials credentials) throws ServiceException {
        if (!$assertionsDisabled && credentials == null) {
            throw new AssertionError();
        }
        AbstractExternalCredentialsLogin abstractExternalCredentialsLogin = null;
        if (UserOrigin.AD.name().equals(credentials.getType())) {
            abstractExternalCredentialsLogin = new ActiveDirectoryCredentialsLogin(credentials);
        } else if (UserOrigin.LDAP.name().equals(credentials.getType())) {
            abstractExternalCredentialsLogin = new LDAPCredentialsLogin(credentials);
        }
        if (abstractExternalCredentialsLogin == null) {
            throw new IllegalParameterException(IllegalParameterException.IPEMessage.INVALID_VALUE, "type");
        }
        try {
            AbstractLdapAuthenticationProvider createAuthenticationProvider = abstractExternalCredentialsLogin.createAuthenticationProvider(credentials);
            if (createAuthenticationProvider == null) {
                throw new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.PASS_THROUGH, "Failed to create authentication provider from given configuration.");
            }
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("test", "test");
            if (!$assertionsDisabled && createAuthenticationProvider == null) {
                throw new AssertionError();
            }
            createAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
            return ButtonNames.OK;
        } catch (NestedRuntimeException e) {
            Throwable mostSpecificCause = e.getMostSpecificCause();
            OperationNotPossibleException.ONPMessage oNPMessage = OperationNotPossibleException.ONPMessage.PASS_THROUGH;
            Object[] objArr = new Object[1];
            objArr[0] = mostSpecificCause != null ? mostSpecificCause.toString() : e.getMessage();
            throw new OperationNotPossibleException(oNPMessage, objArr);
        } catch (org.springframework.security.core.AuthenticationException e2) {
            return ButtonNames.OK;
        }
    }

    static {
        $assertionsDisabled = !AuthServiceImpl.class.desiredAssertionStatus();
    }
}
