package org.appng.application.authentication.saml;

import com.coveo.saml.SamlClient;
import com.coveo.saml.SamlException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.appng.api.Environment;
import org.appng.api.model.Application;
import org.appng.api.model.Site;
import org.appng.api.model.Subject;
import org.appng.api.support.ElementHelper;
import org.appng.application.authentication.MessageConstants;
import org.appng.core.service.CoreService;
import org.appng.xml.platform.Message;
import org.appng.xml.platform.MessageType;
import org.appng.xml.platform.Messages;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:org/appng/application/authentication/saml/SamlController.class */
public class SamlController implements InitializingBean {
    private final Site site;
    private final Application application;
    private final CoreService coreService;

    @Value("${samlEnabled:false}")
    private boolean samlEnabled;

    @Value("${samlClientId:}")
    private String clientId;
    private SamlClient samlClient;
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlController.class);
    private static final ResponseEntity NOT_IMPLEMENTED = ResponseEntity.status(HttpStatus.NOT_IMPLEMENTED).build();
    public static String CLAIM = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/";

    public void afterPropertiesSet() throws Exception {
        if (!this.samlEnabled) {
            LOGGER.debug("SAML is disabled");
            return;
        }
        byte[] bytes = this.application.getProperties().getClob("samlDescriptor").getBytes(StandardCharsets.UTF_8);
        String format = String.format("%s/service/%s/%s/rest/saml", this.site.getDomain(), this.site.getName(), this.application.getName());
        this.samlClient = SamlClient.fromMetadata(this.clientId, format, new InputStreamReader(new ByteArrayInputStream(bytes)), SamlClient.SamlIdpBinding.POST);
        LOGGER.debug("Created SAML client for '' with endpoint {}", this.clientId, format);
    }

    @GetMapping(path = {"/saml", "/saml/login"}, produces = {"text/html"})
    public void login(HttpServletResponse httpServletResponse) throws IOException, SamlException {
        if (this.samlEnabled) {
            this.samlClient.redirectToIdentityProvider(httpServletResponse, (String) null);
        } else {
            httpServletResponse.setStatus(NOT_IMPLEMENTED.getStatusCodeValue());
        }
    }

    @PostMapping(path = {"/saml/sign-on"}, produces = {"text/plain"}, consumes = {"text/plain", "application/xml"})
    public ResponseEntity<String> signOn(@RequestBody String str) {
        return !this.samlEnabled ? NOT_IMPLEMENTED : new ResponseEntity<>(str, HttpStatus.OK);
    }

    @PostMapping(path = {"/saml/logout"}, produces = {"text/plain"}, consumes = {"text/plain", "application/xml"})
    public ResponseEntity<String> logout(@RequestBody String str) {
        return !this.samlEnabled ? NOT_IMPLEMENTED : new ResponseEntity<>(str, HttpStatus.OK);
    }

    @PostMapping(path = {"/saml"}, produces = {"text/plain"}, consumes = {"application/x-www-form-urlencoded"})
    public ResponseEntity<Void> reply(HttpServletRequest httpServletRequest, Environment environment) {
        if (!this.samlEnabled) {
            return NOT_IMPLEMENTED;
        }
        new ResponseEntity(HttpStatus.UNAUTHORIZED);
        try {
            String parameter = httpServletRequest.getParameter("SAMLResponse");
            LOGGER.debug("Received SAMLResponse: {}", parameter);
            Assertion assertion = this.samlClient.decodeAndValidateSamlResponse(parameter, httpServletRequest.getMethod()).getAssertion();
            HashMap hashMap = new HashMap();
            Iterator it = assertion.getAttributeStatements().iterator();
            while (it.hasNext()) {
                for (Attribute attribute : ((AttributeStatement) it.next()).getAttributes()) {
                    String name = attribute.getName();
                    Stream filter = attribute.getAttributeValues().stream().filter(xMLObject -> {
                        return xMLObject instanceof AttributeValue;
                    });
                    Class<AttributeValue> cls = AttributeValue.class;
                    Objects.requireNonNull(AttributeValue.class);
                    List list = (List) filter.map((v1) -> {
                        return r1.cast(v1);
                    }).map((v0) -> {
                        return v0.getTextContent();
                    }).collect(Collectors.toList());
                    hashMap.put(name, list);
                    LOGGER.debug("Attribute {} with values {}", name, StringUtils.join(list, ", "));
                }
            }
            List list2 = (List) hashMap.get(CLAIM + MessageConstants.NAME);
            if (!list2.isEmpty()) {
                Subject subjectByEmail = this.coreService.getSubjectByEmail((String) list2.get(0));
                String str = "Login failed!";
                if (null != subjectByEmail) {
                    boolean loginByUserName = this.coreService.loginByUserName(environment, subjectByEmail.getAuthName());
                    LOGGER.info("Logged in {} : {}", subjectByEmail.getAuthName(), Boolean.valueOf(loginByUserName));
                    if (loginByUserName) {
                        str = "Login successfull";
                    }
                }
                Messages messages = new Messages();
                Message message = new Message();
                message.setClazz(MessageType.ERROR);
                message.setContent(str);
                messages.getMessageList().add(message);
                ElementHelper.addMessages(environment, messages);
            }
        } catch (SamlException e) {
            LOGGER.error("Error processing SAML Response", e);
            new ResponseEntity(HttpStatus.INTERNAL_SERVER_ERROR);
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("Location", "/manager");
        return new ResponseEntity<>(httpHeaders, HttpStatus.FOUND);
    }

    public SamlController(Site site, Application application, CoreService coreService) {
        this.site = site;
        this.application = application;
        this.coreService = coreService;
    }
}
