package pl.edu.icm.unity.oauth.client.web;

import com.vaadin.server.Page;
import com.vaadin.server.Resource;
import com.vaadin.server.VaadinRequest;
import com.vaadin.server.VaadinSession;
import com.vaadin.server.WrappedSession;
import com.vaadin.ui.Alignment;
import com.vaadin.ui.Component;
import com.vaadin.ui.Label;
import com.vaadin.ui.VerticalLayout;
import java.net.MalformedURLException;
import java.net.URI;
import java.util.Collections;
import java.util.Set;
import org.apache.log4j.Logger;
import pl.edu.icm.unity.oauth.as.token.OAuthTokenEndpointFactory;
import pl.edu.icm.unity.oauth.client.OAuthContext;
import pl.edu.icm.unity.oauth.client.OAuthContextsManagement;
import pl.edu.icm.unity.oauth.client.OAuthExchange;
import pl.edu.icm.unity.oauth.client.config.CustomProviderProperties;
import pl.edu.icm.unity.oauth.client.config.OAuthClientProperties;
import pl.edu.icm.unity.server.authn.AuthenticatedEntity;
import pl.edu.icm.unity.server.authn.AuthenticationException;
import pl.edu.icm.unity.server.authn.AuthenticationResult;
import pl.edu.icm.unity.server.authn.remote.SandboxAuthnResultCallback;
import pl.edu.icm.unity.server.utils.ExecutorsService;
import pl.edu.icm.unity.server.utils.Log;
import pl.edu.icm.unity.server.utils.UnityMessageSource;
import pl.edu.icm.unity.types.basic.Entity;
import pl.edu.icm.unity.webui.VaadinEndpointProperties;
import pl.edu.icm.unity.webui.authn.IdPROComponent;
import pl.edu.icm.unity.webui.authn.VaadinAuthentication;
import pl.edu.icm.unity.webui.common.ImageUtils;
import pl.edu.icm.unity.webui.common.NotificationPopup;
import pl.edu.icm.unity.webui.common.Styles;
import pl.edu.icm.unity.webui.common.safehtml.HtmlSimplifiedLabel;

/* loaded from: input_file:pl/edu/icm/unity/oauth/client/web/OAuth2RetrievalUI.class */
public class OAuth2RetrievalUI implements VaadinAuthentication.VaadinAuthenticationUI {
    private static final Logger log = Log.getLogger("unity.server.oauth", OAuth2RetrievalUI.class);
    private UnityMessageSource msg;
    private OAuthExchange credentialExchange;
    private OAuthContextsManagement contextManagement;
    private String idpKey;
    private VaadinAuthentication.AuthenticationResultCallback callback;
    private SandboxAuthnResultCallback sandboxCallback;
    private String redirectParam;
    private Label messageLabel;
    private HtmlSimplifiedLabel errorDetailLabel;
    private Component main;

    public OAuth2RetrievalUI(UnityMessageSource unityMessageSource, OAuthExchange oAuthExchange, OAuthContextsManagement oAuthContextsManagement, ExecutorsService executorsService, String str) {
        this.msg = unityMessageSource;
        this.credentialExchange = oAuthExchange;
        this.contextManagement = oAuthContextsManagement;
        this.idpKey = str;
        initUI();
    }

    public Component getComponent() {
        return this.main;
    }

    private void initUI() {
        this.redirectParam = installRequestHandler();
        OAuthClientProperties settings = this.credentialExchange.getSettings();
        VerticalLayout verticalLayout = new VerticalLayout();
        verticalLayout.setSpacing(true);
        VaadinEndpointProperties.ScaleMode enumValue = settings.getEnumValue(OAuthClientProperties.SELECTED_ICON_SCALE, VaadinEndpointProperties.ScaleMode.class);
        CustomProviderProperties provider = settings.getProvider(this.idpKey);
        IdPROComponent idPROComponent = new IdPROComponent(provider.getLocalizedValue(CustomProviderProperties.ICON_URL, this.msg.getLocale()), provider.getLocalizedValue("name", this.msg.getLocale()), enumValue);
        verticalLayout.addComponent(idPROComponent);
        verticalLayout.setComponentAlignment(idPROComponent, Alignment.TOP_CENTER);
        this.messageLabel = new Label();
        this.messageLabel.addStyleName(Styles.error.toString());
        this.errorDetailLabel = new HtmlSimplifiedLabel();
        this.errorDetailLabel.addStyleName(Styles.emphasized.toString());
        this.errorDetailLabel.setVisible(false);
        verticalLayout.addComponents(new Component[]{this.messageLabel, this.errorDetailLabel});
        this.main = verticalLayout;
    }

    public void setAuthenticationResultCallback(VaadinAuthentication.AuthenticationResultCallback authenticationResultCallback) {
        this.callback = authenticationResultCallback;
    }

    public void triggerAuthentication() {
        startLogin();
    }

    public void cancelAuthentication() {
        breakLogin(false);
    }

    public String getLabel() {
        return this.credentialExchange.getSettings().getProvider(this.idpKey).getLocalizedValue("name", this.msg.getLocale());
    }

    public Resource getImage() {
        String localizedValue = this.credentialExchange.getSettings().getProvider(this.idpKey).getLocalizedValue(CustomProviderProperties.ICON_URL, this.msg.getLocale());
        if (localizedValue == null) {
            return null;
        }
        try {
            return ImageUtils.getLogoResource(localizedValue);
        } catch (MalformedURLException e) {
            log.error("Invalid logo URL " + localizedValue, e);
            return null;
        }
    }

    public void clear() {
    }

    private void showError(String str) {
        if (str != null) {
            this.messageLabel.setValue(str);
        } else {
            this.messageLabel.setValue(OAuthTokenEndpointFactory.PATH);
            showErrorDetail(null, new Object[0]);
        }
    }

    private void showErrorDetail(String str, Object... objArr) {
        if (str == null) {
            this.errorDetailLabel.setVisible(false);
            this.errorDetailLabel.setValue(OAuthTokenEndpointFactory.PATH);
        } else {
            this.errorDetailLabel.setVisible(true);
            this.errorDetailLabel.setValue(this.msg.getMessage(str, objArr));
        }
    }

    private String installRequestHandler() {
        VaadinSession current = VaadinSession.getCurrent();
        for (RedirectRequestHandler redirectRequestHandler : current.getRequestHandlers()) {
            if (redirectRequestHandler instanceof RedirectRequestHandler) {
                return redirectRequestHandler.getTriggeringParam();
            }
        }
        RedirectRequestHandler redirectRequestHandler2 = new RedirectRequestHandler();
        current.addRequestHandler(redirectRequestHandler2);
        return redirectRequestHandler2.getTriggeringParam();
    }

    private void breakLogin(boolean z) {
        WrappedSession session = VaadinSession.getCurrent().getSession();
        OAuthContext oAuthContext = (OAuthContext) session.getAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT);
        if (oAuthContext != null) {
            session.removeAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT);
            this.contextManagement.removeAuthnContext(oAuthContext.getRelayState());
        }
        if (z) {
            this.callback.cancelAuthentication();
        }
    }

    private void startLogin() {
        WrappedSession session = VaadinSession.getCurrent().getSession();
        if (((OAuthContext) session.getAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT)) != null) {
            NotificationPopup.showError(this.msg, this.msg.getMessage("error", new Object[0]), this.msg.getMessage("OAuth2Retrieval.loginInProgressError", new Object[0]));
            return;
        }
        URI location = Page.getCurrent().getLocation();
        String path = location.getPath();
        String str = path + (location.getQuery() == null ? OAuthTokenEndpointFactory.PATH : "?" + location.getQuery());
        try {
            OAuthContext createRequest = this.credentialExchange.createRequest(this.idpKey);
            createRequest.setReturnUrl(str);
            session.setAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT, createRequest);
            createRequest.setSandboxCallback(this.sandboxCallback);
            Page.getCurrent().open(path + "?" + this.redirectParam, (String) null);
        } catch (Exception e) {
            NotificationPopup.showError(this.msg, this.msg.getMessage("OAuth2Retrieval.configurationError", new Object[0]), e);
            log.error("Can not create OAuth2 request", e);
            breakLogin(true);
        }
    }

    private void onAuthzAnswer(OAuthContext oAuthContext) {
        AuthenticationResult authenticationResult;
        log.debug("RetrievalUI received OAuth response");
        showError(null);
        String str = null;
        Throwable th = null;
        try {
            authenticationResult = this.credentialExchange.verifyOAuthAuthzResponse(oAuthContext);
        } catch (AuthenticationException e) {
            th = e;
            str = NotificationPopup.getHumanMessage(e, "<br>");
            authenticationResult = e.getResult();
        } catch (Exception e2) {
            log.error("Runtime error during OAuth2 response processing or principal mapping", e2);
            authenticationResult = new AuthenticationResult(AuthenticationResult.Status.deny, (AuthenticatedEntity) null);
        }
        OAuthClientProperties settings = this.credentialExchange.getSettings();
        CustomProviderProperties provider = settings.getProvider(oAuthContext.getProviderConfigKey());
        String value = provider.getValue("registrationFormForUnknown");
        if (value != null) {
            authenticationResult.setFormForUnknownPrincipal(value);
        }
        authenticationResult.setEnableAssociation((provider.isSet("enableAccountAssociation") ? provider.getBooleanValue("enableAccountAssociation") : settings.getBooleanValue("defaultEnableAccountAssociation")).booleanValue());
        if (authenticationResult.getStatus() == AuthenticationResult.Status.success || authenticationResult.getStatus() == AuthenticationResult.Status.unknownRemotePrincipal) {
            showError(null);
            breakLogin(false);
        } else {
            if (th != null) {
                log.debug("OAuth2 authorization code verification or processing failed", th);
            } else {
                log.debug("OAuth2 authorization code verification or processing failed");
            }
            if (str != null) {
                showErrorDetail("OAuth2Retrieval.authnFailedDetailInfo", str);
            }
            showError(this.msg.getMessage("OAuth2Retrieval.authnFailedError", new Object[0]));
            breakLogin(false);
        }
        this.callback.setAuthenticationResult(authenticationResult);
    }

    public void refresh(VaadinRequest vaadinRequest) {
        OAuthContext oAuthContext = (OAuthContext) vaadinRequest.getWrappedSession().getAttribute(OAuth2Retrieval.REMOTE_AUTHN_CONTEXT);
        if (oAuthContext == null) {
            log.trace("Either user refreshes page, or different authN arrived");
        } else if (oAuthContext.isAnswerPresent()) {
            onAuthzAnswer(oAuthContext);
        } else {
            log.debug("Authentication started but OAuth2 response not arrived (user back button)");
        }
    }

    public void setSandboxAuthnResultCallback(SandboxAuthnResultCallback sandboxAuthnResultCallback) {
        this.sandboxCallback = sandboxAuthnResultCallback;
    }

    public String getId() {
        return this.idpKey;
    }

    public void presetEntity(Entity entity) {
    }

    public Set<String> getTags() {
        return Collections.emptySet();
    }
}
