package com.xforceplus.sso.controller;

import com.xforceplus.business.tenant.service.TenantService;
import com.xforceplus.business.tenant.service.UserService;
import com.xforceplus.domain.user.UserDto;
import com.xforceplus.entity.User;
import com.xforceplus.exception.SSOException;
import com.xforceplus.jooq.tables.pojos.SsoConf;
import com.xforceplus.security.utils.CookieUtils;
import com.xforceplus.sso.model.AuthorizationCode;
import com.xforceplus.sso.model.SSOUser;
import com.xforceplus.sso.service.SSOProtocol;
import com.xforceplus.sso.service.SSOProtocolFactory;
import com.xforceplus.sso.service.SsoConfService;
import com.xforceplus.utils.TokenUtils;
import java.net.URI;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
/* loaded from: input_file:com/xforceplus/sso/controller/SSOController.class */
public class SSOController {
    private static final Logger log = LoggerFactory.getLogger(SSOController.class);
    private final SsoConfService ssoConfService;
    private final TenantService tenantService;
    private final SSOProtocolFactory ssoProtocolFactory;
    private final UserService userService;

    @Value("${xforce.url.404}")
    private String url404;

    public SSOController(SsoConfService ssoConfService, TenantService tenantService, SSOProtocolFactory sSOProtocolFactory, UserService userService) {
        this.ssoConfService = ssoConfService;
        this.tenantService = tenantService;
        this.ssoProtocolFactory = sSOProtocolFactory;
        this.userService = userService;
    }

    @RequestMapping(value = {"/api/login/{tenantCode}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public ResponseEntity login(@PathVariable(name = "tenantCode") String str) {
        AtomicReference atomicReference = new AtomicReference(this.url404);
        Long findTenantByCode = this.tenantService.findTenantByCode(str);
        if (null != findTenantByCode) {
            this.ssoConfService.getEnabledByTenantId(findTenantByCode).ifPresent(ssoConfDto -> {
                atomicReference.set(ssoConfDto.getAuthorizeUrl());
            });
        }
        return ResponseEntity.status(HttpStatus.FOUND).location(URI.create((String) atomicReference.get())).build();
    }

    @RequestMapping(value = {"/api/login/tenantName/{tenantName}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public ResponseEntity tenantNameLogin(HttpServletRequest httpServletRequest, @PathVariable(name = "tenantName") String str, @RequestParam(name = "redirectUrl") String str2) {
        Long findTenantByName = this.tenantService.findTenantByName(str);
        AtomicReference atomicReference = new AtomicReference();
        if (null != findTenantByName) {
            this.ssoConfService.getEnabledByTenantId(findTenantByName).ifPresent(ssoConfDto -> {
                atomicReference.set(ssoConfDto.getAuthorizeUrl());
            });
        }
        if (StringUtils.isBlank((CharSequence) atomicReference.get())) {
            atomicReference.set(httpServletRequest.getScheme() + "://" + httpServletRequest.getHeader("token-cookie-host") + "/login/#/?redirect=" + str2);
        }
        if (log.isDebugEnabled()) {
            log.debug("sso-tenant-name-url:{}", atomicReference.get());
        }
        return ResponseEntity.status(HttpStatus.FOUND).location(URI.create((String) atomicReference.get())).build();
    }

    @RequestMapping(value = {"/api/sso/{tenantCode}/callback"}, method = {RequestMethod.GET})
    public ResponseEntity<String> callback(HttpServletRequest httpServletRequest, @PathVariable(name = "tenantCode") String str) {
        String parameter = httpServletRequest.getParameter("redirect_uri");
        if (log.isDebugEnabled()) {
            log.debug("sso callback redirect_uri:{}", parameter);
        }
        if (StringUtils.isBlank(parameter)) {
            throw new SSOException("Parameter is missing redirect_ uri");
        }
        SsoConf ssoConf = getSsoConf(str);
        if (log.isDebugEnabled()) {
            log.debug("sso callback ssoConf id:{},authorizeUrl:{},logoffUrl:{},userInfo:{}", new Object[]{ssoConf.getId(), ssoConf.getAuthorizeUrl(), ssoConf.getLoginOffUrl(), ssoConf.getUserInfoUrl()});
        }
        SSOProtocol buildProtocol = this.ssoProtocolFactory.buildProtocol(ssoConf);
        Optional obtainAuthorizationCode = buildProtocol.obtainAuthorizationCode(httpServletRequest);
        if (!obtainAuthorizationCode.isPresent()) {
            invalidAuthInformation(ssoConf.getAuthorizeUrl());
        }
        Optional swapAuthorizationCode = buildProtocol.swapAuthorizationCode((AuthorizationCode) obtainAuthorizationCode.get());
        if (!swapAuthorizationCode.isPresent()) {
            invalidAuthInformation(ssoConf.getAuthorizeUrl());
        }
        Optional findByTenantIdAndUsername = this.userService.findByTenantIdAndUsername(ssoConf.getTenantId(), ((SSOUser) swapAuthorizationCode.get()).getUsername());
        if (!findByTenantIdAndUsername.isPresent()) {
            invalidAuthInformation(ssoConf.getAuthorizeUrl());
        }
        String generateUserToken = TokenUtils.generateUserToken((UserDto) findByTenantIdAndUsername.get());
        ResponseEntity.BodyBuilder location = ResponseEntity.status(HttpStatus.FOUND).location(URI.create(parameter));
        CookieUtils.setCookie(CookieUtils.buildCookie(CookieUtils.parseHost(httpServletRequest), 10, generateUserToken, (User) findByTenantIdAndUsername.get(), true), location);
        return location.build();
    }

    private SsoConf getSsoConf(String str) {
        Long findTenantByCode = this.tenantService.findTenantByCode(str);
        if (null == findTenantByCode) {
            throw new SSOException("Unknown tenantCode");
        }
        Optional enabledByTenantId = this.ssoConfService.getEnabledByTenantId(findTenantByCode);
        if (enabledByTenantId.isPresent()) {
            return (SsoConf) enabledByTenantId.get();
        }
        throw new SSOException("Missing SSO configuration");
    }

    private void invalidAuthInformation(String str) {
        throw new SSOException("Invalid authentication information", str);
    }
}
