package pl.edu.icm.unity.oauth.client.web;

import com.vaadin.server.Page;
import com.vaadin.server.Resource;
import com.vaadin.server.VaadinRequest;
import com.vaadin.server.VaadinSession;
import com.vaadin.server.WrappedSession;
import com.vaadin.ui.Component;
import com.vaadin.ui.Label;
import com.vaadin.ui.VerticalLayout;
import java.net.URI;
import java.util.Collection;
import java.util.Locale;
import java.util.Set;
import org.apache.log4j.Logger;
import pl.edu.icm.unity.oauth.client.OAuthContext;
import pl.edu.icm.unity.oauth.client.OAuthContextsManagement;
import pl.edu.icm.unity.oauth.client.OAuthExchange;
import pl.edu.icm.unity.oauth.client.config.CustomProviderProperties;
import pl.edu.icm.unity.oauth.client.config.OAuthClientProperties;
import pl.edu.icm.unity.server.authn.AuthenticatedEntity;
import pl.edu.icm.unity.server.authn.AuthenticationException;
import pl.edu.icm.unity.server.authn.AuthenticationResult;
import pl.edu.icm.unity.server.utils.ExecutorsService;
import pl.edu.icm.unity.server.utils.Log;
import pl.edu.icm.unity.server.utils.UnityMessageSource;
import pl.edu.icm.unity.webui.authn.VaadinAuthentication;
import pl.edu.icm.unity.webui.common.ErrorPopup;
import pl.edu.icm.unity.webui.common.HtmlLabel;
import pl.edu.icm.unity.webui.common.Styles;
import pl.edu.icm.unity.webui.common.idpselector.IdPsSpecification;
import pl.edu.icm.unity.webui.common.idpselector.IdpSelectorComponent;

/* loaded from: input_file:pl/edu/icm/unity/oauth/client/web/OAuth2RetrievalUI.class */
public class OAuth2RetrievalUI implements VaadinAuthentication.VaadinAuthenticationUI {
    private static final Logger log = Log.getLogger("unity.server.oauth", OAuth2RetrievalUI.class);
    public static final String CHOSEN_IDP_COOKIE = "lastOAuthIdP";
    private UnityMessageSource msg;
    private OAuthExchange credentialExchange;
    private OAuthContextsManagement contextManagement;
    private VaadinAuthentication.AuthenticationResultCallback callback;
    private String redirectParam;
    private IdpSelectorComponent idpSelector;
    private Label messageLabel;
    private HtmlLabel errorDetailLabel;

    public OAuth2RetrievalUI(UnityMessageSource unityMessageSource, OAuthExchange oAuthExchange, OAuthContextsManagement oAuthContextsManagement, ExecutorsService executorsService) {
        this.msg = unityMessageSource;
        this.credentialExchange = oAuthExchange;
        this.contextManagement = oAuthContextsManagement;
    }

    public boolean needsCommonUsernameComponent() {
        return false;
    }

    public Component getComponent() {
        this.redirectParam = installRequestHandler();
        final OAuthClientProperties settings = this.credentialExchange.getSettings();
        VerticalLayout verticalLayout = new VerticalLayout();
        verticalLayout.setSpacing(true);
        Label label = new Label(settings.getValue(OAuthClientProperties.DISPLAY_NAME));
        label.addStyleName("h2");
        verticalLayout.addComponent(label);
        verticalLayout.addComponent(new Label(this.msg.getMessage("OAuth2Retrieval.selectProvider", new Object[0])));
        final Set structuredListKeys = settings.getStructuredListKeys(OAuthClientProperties.PROVIDERS);
        this.idpSelector = new IdpSelectorComponent(this.msg, settings.getIntValue(OAuthClientProperties.PROVIDERS_IN_ROW).intValue(), settings.getEnumValue(OAuthClientProperties.ICON_SCALE, IdpSelectorComponent.ScaleMode.class), CHOSEN_IDP_COOKIE, new IdPsSpecification() { // from class: pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.1
            public Collection<String> getIdpKeys() {
                return structuredListKeys;
            }

            public String getIdPName(String str, Locale locale) {
                return settings.getProvider(str).getLocalizedValue(CustomProviderProperties.PROVIDER_NAME, locale);
            }

            public String getIdPLogoUri(String str, Locale locale) {
                return settings.getProvider(str).getLocalizedValue(CustomProviderProperties.ICON_URL, locale);
            }
        });
        verticalLayout.addComponent(this.idpSelector);
        this.messageLabel = new Label();
        this.messageLabel.addStyleName(Styles.error.toString());
        this.errorDetailLabel = new HtmlLabel(this.msg);
        this.errorDetailLabel.addStyleName(Styles.italic.toString());
        this.errorDetailLabel.setVisible(false);
        verticalLayout.addComponents(new Component[]{this.messageLabel, this.errorDetailLabel});
        return verticalLayout;
    }

    public void setUsernameCallback(VaadinAuthentication.UsernameProvider usernameProvider) {
    }

    public void setAuthenticationResultCallback(VaadinAuthentication.AuthenticationResultCallback authenticationResultCallback) {
        this.callback = authenticationResultCallback;
    }

    public void triggerAuthentication() {
        startLogin(this.idpSelector.getSelectedProvider());
    }

    public void cancelAuthentication() {
        breakLogin(false);
    }

    public String getLabel() {
        return this.credentialExchange.getSettings().getValue(OAuthClientProperties.DISPLAY_NAME);
    }

    public Resource getImage() {
        return null;
    }

    public void clear() {
    }

    private void showError(String str) {
        if (str != null) {
            this.messageLabel.setValue(str);
        } else {
            this.messageLabel.setValue("");
            showErrorDetail(null, new Object[0]);
        }
    }

    private void showErrorDetail(String str, Object... objArr) {
        if (str == null) {
            this.errorDetailLabel.setVisible(false);
            this.errorDetailLabel.resetValue();
        } else {
            this.errorDetailLabel.setVisible(true);
            this.errorDetailLabel.setHtmlValue(str, objArr);
        }
    }

    private String installRequestHandler() {
        VaadinSession current = VaadinSession.getCurrent();
        for (RedirectRequestHandler redirectRequestHandler : current.getRequestHandlers()) {
            if (redirectRequestHandler instanceof RedirectRequestHandler) {
                return redirectRequestHandler.getTriggeringParam();
            }
        }
        RedirectRequestHandler redirectRequestHandler2 = new RedirectRequestHandler();
        current.addRequestHandler(redirectRequestHandler2);
        return redirectRequestHandler2.getTriggeringParam();
    }

    private void breakLogin(boolean z) {
        WrappedSession session = VaadinSession.getCurrent().getSession();
        OAuthContext oAuthContext = (OAuthContext) session.getAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT);
        if (oAuthContext != null) {
            session.removeAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT);
            this.contextManagement.removeAuthnContext(oAuthContext.getRelayState());
        }
        if (z) {
            this.callback.cancelAuthentication();
        }
    }

    private void startLogin(String str) {
        WrappedSession session = VaadinSession.getCurrent().getSession();
        if (((OAuthContext) session.getAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT)) != null) {
            ErrorPopup.showError(this.msg, this.msg.getMessage("error", new Object[0]), this.msg.getMessage("OAuth2Retrieval.loginInProgressError", new Object[0]));
            return;
        }
        URI location = Page.getCurrent().getLocation();
        String path = location.getPath();
        String str2 = path + (location.getQuery() == null ? "" : "?" + location.getQuery());
        try {
            OAuthContext createRequest = this.credentialExchange.createRequest(str);
            createRequest.setReturnUrl(str2);
            session.setAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT, createRequest);
            IdpSelectorComponent.setLastIdpCookie(CHOSEN_IDP_COOKIE, createRequest.getProviderConfigKey());
            Page.getCurrent().open(path + "?" + this.redirectParam, (String) null);
        } catch (Exception e) {
            ErrorPopup.showError(this.msg, this.msg.getMessage("OAuth2Retrieval.configurationError", new Object[0]), e);
            log.error("Can not create OAuth2 request", e);
            breakLogin(true);
        }
    }

    private void onAuthzAnswer(OAuthContext oAuthContext) {
        AuthenticationResult result;
        log.debug("RetrievalUI received OAuth response");
        showError(null);
        log.debug("RetrievalUI will validate OAuth response");
        String str = null;
        Throwable th = null;
        try {
            result = this.credentialExchange.verifyOAuthAuthzResponse(oAuthContext);
        } catch (Exception e) {
            log.error("Runtime error during OAuth2 response processing or principal mapping", e);
            result = new AuthenticationResult(AuthenticationResult.Status.deny, (AuthenticatedEntity) null);
        } catch (AuthenticationException e2) {
            th = e2;
            str = ErrorPopup.getHumanMessage(e2, "<br>");
            result = e2.getResult();
        }
        String value = this.credentialExchange.getSettings().getProvider(oAuthContext.getProviderConfigKey()).getValue(CustomProviderProperties.REGISTRATION_FORM);
        if (result.getStatus() == AuthenticationResult.Status.success) {
            showError(null);
            breakLogin(false);
        } else if (result.getStatus() != AuthenticationResult.Status.unknownRemotePrincipal || value == null) {
            if (th != null) {
                log.warn("OAuth2 authorization code verification or processing failed", th);
            } else {
                log.warn("OAuth2 authorization code verification or processing failed");
            }
            if (str != null) {
                showErrorDetail("OAuth2Retrieval.authnFailedDetailInfo", str);
            }
            showError(this.msg.getMessage("OAuth2Retrieval.authnFailedError", new Object[0]));
            breakLogin(false);
        } else {
            log.debug("There is a registration form to show for the unknown user: " + value);
            result.setFormForUnknownPrincipal(value);
            showError(null);
            breakLogin(false);
        }
        this.callback.setAuthenticationResult(result);
    }

    public void refresh(VaadinRequest vaadinRequest) {
        OAuthContext oAuthContext = (OAuthContext) vaadinRequest.getWrappedSession().getAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT);
        if (oAuthContext == null) {
            log.trace("Either user refreshes page, or different authN arrived");
        } else if (oAuthContext.isAnswerPresent()) {
            onAuthzAnswer(oAuthContext);
        } else {
            log.debug("Authentication started but OAuth2 response not arrived (user back button)");
        }
    }
}
