package pl.edu.icm.unity.oauth.as.webauthz;

import com.google.gwt.thirdparty.guava.common.collect.Lists;
import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.vaadin.annotations.Theme;
import com.vaadin.server.Resource;
import com.vaadin.server.VaadinRequest;
import com.vaadin.ui.Alignment;
import com.vaadin.ui.CheckBox;
import com.vaadin.ui.Label;
import com.vaadin.ui.VerticalLayout;
import java.awt.image.BufferedImage;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.idpcommon.EopException;
import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;
import pl.edu.icm.unity.oauth.as.OAuthErrorResponseException;
import pl.edu.icm.unity.oauth.as.OAuthProcessor;
import pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences;
import pl.edu.icm.unity.server.api.PreferencesManagement;
import pl.edu.icm.unity.server.api.internal.IdPEngine;
import pl.edu.icm.unity.server.api.internal.SessionManagement;
import pl.edu.icm.unity.server.api.internal.TokensManagement;
import pl.edu.icm.unity.server.registries.IdentityTypesRegistry;
import pl.edu.icm.unity.server.translation.out.TranslationResult;
import pl.edu.icm.unity.server.utils.Log;
import pl.edu.icm.unity.server.utils.UnityMessageSource;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.webui.UnityEndpointUIBase;
import pl.edu.icm.unity.webui.authn.WebAuthenticationProcessor;
import pl.edu.icm.unity.webui.common.Styles;
import pl.edu.icm.unity.webui.common.TopHeaderLight;
import pl.edu.icm.unity.webui.common.attributes.AttributeHandlerRegistry;
import pl.edu.icm.unity.webui.common.attributes.ext.JpegImageAttributeHandler;
import pl.edu.icm.unity.webui.common.provider.ExposedAttributesComponent;
import pl.edu.icm.unity.webui.common.provider.IdPButtonsBar;
import pl.edu.icm.unity.webui.common.provider.IdentitySelectorComponent;
import pl.edu.icm.unity.webui.common.provider.SPInfoComponent;
import pl.edu.icm.unity.webui.common.safehtml.HtmlTag;
import pl.edu.icm.unity.webui.common.safehtml.SafePanel;
import pl.edu.icm.unity.webui.forms.enquiry.EnquiresDialogLauncher;

@Theme("unityThemeValo")
@Scope("prototype")
@Component("OAuthAuthzUI")
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/webauthz/OAuthAuthzUI.class */
public class OAuthAuthzUI extends UnityEndpointUIBase {
    private static Logger log = Log.getLogger("unity.server.oauth", OAuthAuthzUI.class);
    private UnityMessageSource msg;
    private TokensManagement tokensMan;
    private OAuthIdPEngine idpEngine;
    private AttributeHandlerRegistry handlersRegistry;
    private PreferencesManagement preferencesMan;
    private WebAuthenticationProcessor authnProcessor;
    private IdentityTypesRegistry identityTypesRegistry;
    private IdentitySelectorComponent idSelector;
    private ExposedAttributesComponent attrsPresenter;
    private OAuthResponseHandler oauthResponseHandler;
    private CheckBox rememberCB;
    private OAuthProcessor oauthProcessor;
    private SessionManagement sessionMan;

    @Autowired
    public OAuthAuthzUI(UnityMessageSource unityMessageSource, TokensManagement tokensManagement, AttributeHandlerRegistry attributeHandlerRegistry, PreferencesManagement preferencesManagement, WebAuthenticationProcessor webAuthenticationProcessor, IdPEngine idPEngine, IdentityTypesRegistry identityTypesRegistry, EnquiresDialogLauncher enquiresDialogLauncher, SessionManagement sessionManagement) {
        super(unityMessageSource, enquiresDialogLauncher);
        this.msg = unityMessageSource;
        this.handlersRegistry = attributeHandlerRegistry;
        this.preferencesMan = preferencesManagement;
        this.authnProcessor = webAuthenticationProcessor;
        this.sessionMan = sessionManagement;
        this.idpEngine = new OAuthIdPEngine(idPEngine);
        this.tokensMan = tokensManagement;
        this.identityTypesRegistry = identityTypesRegistry;
    }

    protected void appInit(VaadinRequest vaadinRequest) {
        OAuthAuthzContext context = OAuthContextUtils.getContext();
        this.oauthResponseHandler = new OAuthResponseHandler(this.sessionMan);
        this.oauthProcessor = new OAuthProcessor();
        VerticalLayout verticalLayout = new VerticalLayout();
        verticalLayout.addComponent(new TopHeaderLight(this.endpointDescription.getDisplayedName().getValue(this.msg), this.msg));
        VerticalLayout verticalLayout2 = new VerticalLayout();
        verticalLayout2.addStyleName(Styles.maxWidthColumn.toString());
        verticalLayout2.setMargin(true);
        verticalLayout2.setSpacing(true);
        verticalLayout.addComponent(verticalLayout2);
        verticalLayout.setComponentAlignment(verticalLayout2, Alignment.TOP_CENTER);
        try {
            createInfoPart(context, verticalLayout2);
            createExposedDataPart(context, verticalLayout2);
            createButtonsPart(verticalLayout2);
            setContent(verticalLayout);
            loadPreferences(context);
        } catch (EopException e) {
        }
    }

    private void createInfoPart(OAuthAuthzContext oAuthAuthzContext, VerticalLayout verticalLayout) {
        String clientName = oAuthAuthzContext.getClientName();
        if (clientName == null) {
            clientName = oAuthAuthzContext.getRequest().getClientID().getValue();
        }
        String aSCIIString = oAuthAuthzContext.getReturnURI().toASCIIString();
        Resource resource = null;
        Attribute<BufferedImage> clientLogo = oAuthAuthzContext.getClientLogo();
        if (oAuthAuthzContext.getClientLogo() != null) {
            resource = new JpegImageAttributeHandler.SimpleImageSource((BufferedImage) clientLogo.getValues().get(0), clientLogo.getAttributeSyntax(), "jpg").getResource();
        }
        com.vaadin.ui.Component label = new Label(this.msg.getMessage("OAuthAuthzUI.info1", new Object[0]));
        label.addStyleName(Styles.vLabelH1.toString());
        verticalLayout.addComponents(new com.vaadin.ui.Component[]{label, new SPInfoComponent(this.msg, resource, clientName, aSCIIString), HtmlTag.br(), new Label(this.msg.getMessage("OAuthAuthzUI.info2", new Object[0]))});
    }

    private void createExposedDataPart(OAuthAuthzContext oAuthAuthzContext, VerticalLayout verticalLayout) throws EopException {
        SafePanel safePanel = new SafePanel();
        verticalLayout.addComponent(safePanel);
        VerticalLayout verticalLayout2 = new VerticalLayout();
        verticalLayout2.setMargin(true);
        verticalLayout2.setSpacing(true);
        safePanel.setContent(verticalLayout2);
        try {
            for (OAuthAuthzContext.ScopeInfo scopeInfo : oAuthAuthzContext.getEffectiveRequestedScopes()) {
                com.vaadin.ui.Component label = new Label(scopeInfo.getName());
                com.vaadin.ui.Component label2 = new Label(scopeInfo.getDescription());
                label2.addStyleName(Styles.vLabelSmall.toString());
                verticalLayout2.addComponents(new com.vaadin.ui.Component[]{label, label2});
            }
            Label br = HtmlTag.br();
            br.addStyleName(Styles.vLabelSmall.toString());
            verticalLayout2.addComponent(br);
            TranslationResult userInfo = this.idpEngine.getUserInfo(oAuthAuthzContext);
            createIdentityPart(userInfo, verticalLayout2, oAuthAuthzContext.getConfig().getSubjectIdentityType());
            this.attrsPresenter = new ExposedAttributesComponent(this.msg, this.handlersRegistry, this.oauthProcessor.filterAttributes(userInfo, oAuthAuthzContext.getRequestedAttrs()));
            verticalLayout2.addComponent(this.attrsPresenter);
        } catch (OAuthErrorResponseException e) {
            this.oauthResponseHandler.returnOauthResponse(e.getOauthResponse(), e.isInvalidateSession());
            return;
        } catch (Exception e2) {
            log.error("Engine problem when handling client request", e2);
            this.oauthResponseHandler.returnOauthResponse(new AuthorizationErrorResponse(oAuthAuthzContext.getReturnURI(), OAuth2Error.SERVER_ERROR, oAuthAuthzContext.getRequest().getState(), oAuthAuthzContext.getRequest().impliedResponseMode()), true);
        }
        this.rememberCB = new CheckBox(this.msg.getMessage("OAuthAuthzUI.rememberSettings", new Object[0]));
        verticalLayout.addComponent(this.rememberCB);
    }

    private void createIdentityPart(TranslationResult translationResult, VerticalLayout verticalLayout, String str) throws EngineException {
        this.idSelector = new IdentitySelectorComponent(this.msg, this.identityTypesRegistry, Lists.newArrayList(new IdentityParam[]{this.idpEngine.getIdentity(translationResult, str)}));
        verticalLayout.addComponent(this.idSelector);
    }

    private void createButtonsPart(VerticalLayout verticalLayout) {
        IdPButtonsBar idPButtonsBar = new IdPButtonsBar(this.msg, this.authnProcessor, new IdPButtonsBar.ActionListener() { // from class: pl.edu.icm.unity.oauth.as.webauthz.OAuthAuthzUI.1
            public void buttonClicked(IdPButtonsBar.Action action) {
                try {
                    if (IdPButtonsBar.Action.ACCEPT == action) {
                        OAuthAuthzUI.this.confirm();
                    } else if (IdPButtonsBar.Action.DENY == action) {
                        OAuthAuthzUI.this.decline();
                    }
                } catch (EopException e) {
                }
            }
        });
        verticalLayout.addComponent(idPButtonsBar);
        verticalLayout.setComponentAlignment(idPButtonsBar, Alignment.MIDDLE_CENTER);
    }

    private void loadPreferences(OAuthAuthzContext oAuthAuthzContext) throws EopException {
        try {
            updateUIFromPreferences(OAuthPreferences.getPreferences(this.preferencesMan).getSPSettings(oAuthAuthzContext.getRequest().getClientID().getValue()));
        } catch (EopException e) {
            throw e;
        } catch (Exception e2) {
            log.error("Engine problem when processing stored preferences", e2);
            this.oauthResponseHandler.returnOauthResponse(new AuthorizationErrorResponse(oAuthAuthzContext.getReturnURI(), OAuth2Error.SERVER_ERROR, oAuthAuthzContext.getRequest().getState(), oAuthAuthzContext.getRequest().impliedResponseMode()), true);
        }
    }

    private void updateUIFromPreferences(OAuthPreferences.OAuthClientSettings oAuthClientSettings) throws EngineException, EopException {
        if (oAuthClientSettings == null) {
            return;
        }
        this.idSelector.setSelected(oAuthClientSettings.getSelectedIdentity());
        if (oAuthClientSettings.isDoNotAsk()) {
            if (oAuthClientSettings.isDefaultAccept()) {
                confirm();
            } else {
                decline();
            }
        }
    }

    private void updatePreferencesFromUI(OAuthPreferences oAuthPreferences, OAuthAuthzContext oAuthAuthzContext, boolean z) throws EngineException {
        if (((Boolean) this.rememberCB.getValue()).booleanValue()) {
            String value = oAuthAuthzContext.getRequest().getClientID().getValue();
            OAuthPreferences.OAuthClientSettings sPSettings = oAuthPreferences.getSPSettings(value);
            sPSettings.setDefaultAccept(z);
            sPSettings.setDoNotAsk(true);
            String selectedIdentityForPreferences = this.idSelector.getSelectedIdentityForPreferences();
            if (selectedIdentityForPreferences != null) {
                sPSettings.setSelectedIdentity(selectedIdentityForPreferences);
            }
            oAuthPreferences.setSPSettings(value, sPSettings);
        }
    }

    private void storePreferences(boolean z) {
        try {
            OAuthAuthzContext context = OAuthContextUtils.getContext();
            OAuthPreferences preferences = OAuthPreferences.getPreferences(this.preferencesMan);
            updatePreferencesFromUI(preferences, context, z);
            OAuthPreferences.savePreferences(this.preferencesMan, preferences);
        } catch (EngineException e) {
            log.error("Unable to store user's preferences", e);
        }
    }

    protected void decline() throws EopException {
        OAuthAuthzContext context = OAuthContextUtils.getContext();
        storePreferences(false);
        this.oauthResponseHandler.returnOauthResponse(new AuthorizationErrorResponse(context.getReturnURI(), OAuth2Error.ACCESS_DENIED, context.getRequest().getState(), context.getRequest().impliedResponseMode()), false);
    }

    protected void confirm() throws EopException {
        storePreferences(true);
        OAuthAuthzContext context = OAuthContextUtils.getContext();
        try {
            this.oauthResponseHandler.returnOauthResponse(this.oauthProcessor.prepareAuthzResponseAndRecordInternalState(this.attrsPresenter.getUserFilteredAttributes(), this.idSelector.getSelectedIdentity(), context, this.tokensMan), false);
        } catch (Exception e) {
            log.error("Error during OAuth processing", e);
            this.oauthResponseHandler.returnOauthResponse(new AuthorizationErrorResponse(context.getReturnURI(), OAuth2Error.SERVER_ERROR, context.getRequest().getState(), context.getRequest().impliedResponseMode()), false);
        } catch (EopException e2) {
            throw e2;
        }
    }
}
