package fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication;

import fr.paris.lutece.plugins.mylutece.authentication.PortalAuthentication;
import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseHome;
import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseUser;
import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseUserHome;
import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.web.MyLuteceOpenIdDatabaseApp;
import fr.paris.lutece.portal.service.i18n.I18nService;
import fr.paris.lutece.portal.service.plugin.Plugin;
import fr.paris.lutece.portal.service.plugin.PluginService;
import fr.paris.lutece.portal.service.security.LoginRedirectException;
import fr.paris.lutece.portal.service.security.LuteceUser;
import fr.paris.lutece.portal.service.security.SecurityService;
import fr.paris.lutece.portal.service.util.AppLogService;
import fr.paris.lutece.portal.service.util.AppPathService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import fr.paris.lutece.util.url.UrlItem;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.StoreResponse;
import org.openid4java.message.sreg.SRegRequest;
import org.openid4java.message.sreg.SRegResponse;
import org.openid4java.util.HttpClientFactory;
import org.openid4java.util.ProxyProperties;

/* loaded from: input_file:fr/paris/lutece/plugins/mylutece/modules/openiddatabase/authentication/BaseAuthentication.class */
public class BaseAuthentication extends PortalAuthentication {
    private static final String PROPERTY_MESSAGE_USER_NOT_FOUND_DATABASE = "module.mylutece.database.message.userNotFoundDatabase";
    private static final String PLUGIN_NAME = "mylutece-openiddatabase";
    private static final String URL_CALLBACK = "jsp/site/plugins/mylutece/modules/openiddatabase/OpenIdDatabaseProviderCallBack.jsp";
    private static final String MESSAGE_KEY_AUTHENTICATION_FAILED = "module.mylutece.openid.authenticationFailed";
    private static ConsumerManager _manager;
    private static final String PROPERTY_PROXY_PASSWORD = "openiddatabase.proxyPassword";
    private static final String PROPERTY_PROXY_HOST_NAME = "openiddatabase.proxyHostName";
    private static final String PROPERTY_PROXY_PORT_NUMBER = "openiddatabase.proxyPort";
    private static final String PROPERTY_PROXY_DOMAIN_NAME = "openiddatabase.domainName";
    private static final String PROPERTY_PROXY_USER_NAME = "openiddatabase.proxyUserName";
    public static final String PARAMETER_PAGE = "page";
    public static final String PARAMETER_XPAGE_VALUE = "myluteceopeniddatabase";
    public static final String PARAMETER_ERROR = "error";
    private static final String PARAMETER_LOGIN = "login";
    private static final String PARAMETER_LAST_NAME = "last_name";
    private static final String PARAMETER_FIRST_NAME = "first_name";
    private static final String PARAMETER_EMAIL = "email";
    private static final String AUTH_SERVICE_NAME = AppPropertiesService.getProperty("mylutece-database.service.name");
    private static Logger _logger = Logger.getLogger("openid");

    public BaseAuthentication() {
        if (_manager == null) {
            try {
                _manager = new ConsumerManager();
            } catch (ConsumerException e) {
                AppLogService.error("Error instantiating OpenID ConsumerManager : " + e.getMessage(), e);
            }
        }
    }

    public String getAuthServiceName() {
        return AUTH_SERVICE_NAME;
    }

    public String getAuthType(HttpServletRequest httpServletRequest) {
        return "BASIC";
    }

    public LuteceUser login(String str, String str2, HttpServletRequest httpServletRequest) throws LoginException, LoginRedirectException {
        return str2.equals("dummy") ? loginOpenId(str, httpServletRequest) : loginDatabase(str, str2, httpServletRequest);
    }

    public LuteceUser loginOpenId(String str, HttpServletRequest httpServletRequest) throws LoginException, LoginRedirectException {
        String providerRedirectUrl = getProviderRedirectUrl(httpServletRequest, str);
        if (providerRedirectUrl != null) {
            throw new LoginRedirectException(providerRedirectUrl);
        }
        return null;
    }

    public LuteceUser loginDatabase(String str, String str2, HttpServletRequest httpServletRequest) throws LoginException, LoginRedirectException {
        Locale locale = httpServletRequest.getLocale();
        Plugin plugin = PluginService.getPlugin(PLUGIN_NAME);
        BaseUser findLuteceUserByLogin = OpenIdDatabaseHome.findLuteceUserByLogin(str, plugin, this);
        if (findLuteceUserByLogin == null) {
            AppLogService.info("Unable to find user in the database : " + str);
            throw new LoginException(I18nService.getLocalizedString(PROPERTY_MESSAGE_USER_NOT_FOUND_DATABASE, locale));
        }
        if (!OpenIdDatabaseUserHome.checkPassword(str, str2, plugin)) {
            AppLogService.info("User login : Incorrect login or password" + str);
            throw new LoginException(I18nService.getLocalizedString(PROPERTY_MESSAGE_USER_NOT_FOUND_DATABASE, locale));
        }
        ArrayList<String> findUserRolesFromLogin = OpenIdDatabaseHome.findUserRolesFromLogin(str, plugin);
        if (!findUserRolesFromLogin.isEmpty()) {
            findLuteceUserByLogin.setRoles(findUserRolesFromLogin);
        }
        ArrayList<String> findUserGroupsFromLogin = OpenIdDatabaseHome.findUserGroupsFromLogin(str, plugin);
        if (!findUserGroupsFromLogin.isEmpty()) {
            findLuteceUserByLogin.setGroups(findUserGroupsFromLogin);
        }
        return findLuteceUserByLogin;
    }

    public void logout(LuteceUser luteceUser) {
    }

    public LuteceUser getAnonymousUser() {
        return new BaseUser("GUEST", this);
    }

    public boolean isUserInRole(LuteceUser luteceUser, HttpServletRequest httpServletRequest, String str) {
        String[] allRoles = setAllRoles(luteceUser);
        if (allRoles == null || str == null) {
            return false;
        }
        for (String str2 : allRoles) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    public String getViewAccountPageUrl() {
        return MyLuteceOpenIdDatabaseApp.getViewAccountUrl();
    }

    public String getNewAccountPageUrl() {
        return MyLuteceOpenIdDatabaseApp.getNewAccountUrl();
    }

    public String getChangePasswordPageUrl() {
        return MyLuteceOpenIdDatabaseApp.getChangePasswordUrl();
    }

    public String getLostPasswordPageUrl() {
        return MyLuteceOpenIdDatabaseApp.getLostPasswordUrl();
    }

    private String[] setAllRoles(LuteceUser luteceUser) {
        HashSet hashSet = new HashSet();
        luteceUser.getGroups();
        String[] roles = luteceUser.getRoles();
        if (roles != null) {
            for (String str : roles) {
                hashSet.add(str);
            }
        }
        String[] strArr = new String[hashSet.size()];
        hashSet.toArray(strArr);
        return strArr;
    }

    public Collection<LuteceUser> getUsers() {
        Collection<BaseUser> findDatabaseUsersList = OpenIdDatabaseHome.findDatabaseUsersList(PluginService.getPlugin(PLUGIN_NAME), this);
        ArrayList arrayList = new ArrayList();
        Iterator<BaseUser> it = findDatabaseUsersList.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList;
    }

    public LuteceUser getUser(String str) {
        return OpenIdDatabaseHome.findLuteceUserByLogin(str, PluginService.getPlugin(PLUGIN_NAME), this);
    }

    private String getProviderRedirectUrl(HttpServletRequest httpServletRequest, String str) {
        String messageUrl = getMessageUrl(httpServletRequest, MESSAGE_KEY_AUTHENTICATION_FAILED);
        String property = AppPropertiesService.getProperty(PROPERTY_PROXY_HOST_NAME);
        if (property != null && !property.equals("")) {
            ProxyProperties proxyProperties = new ProxyProperties();
            String property2 = AppPropertiesService.getProperty(PROPERTY_PROXY_DOMAIN_NAME);
            int parseInt = Integer.parseInt(AppPropertiesService.getProperty(PROPERTY_PROXY_PORT_NUMBER));
            String property3 = AppPropertiesService.getProperty(PROPERTY_PROXY_USER_NAME);
            String property4 = AppPropertiesService.getProperty(PROPERTY_PROXY_PASSWORD);
            proxyProperties.setProxyHostName(property);
            proxyProperties.setProxyPort(parseInt);
            proxyProperties.setDomain(property2);
            proxyProperties.setUserName(property3);
            proxyProperties.setPassword(property4);
            HttpClientFactory.setProxyProperties(proxyProperties);
        }
        try {
            _manager = new ConsumerManager();
            _manager.setAssociations(new InMemoryConsumerAssociationStore());
            _manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
            DiscoveryInformation associate = _manager.associate(_manager.discover(str.trim()));
            httpServletRequest.getSession().setAttribute("openid-disc", associate);
            SRegRequest createFetchRequest = SRegRequest.createFetchRequest();
            createFetchRequest.addAttribute("fullname", true);
            createFetchRequest.addAttribute("nickname", true);
            createFetchRequest.addAttribute(PARAMETER_EMAIL, true);
            AuthRequest authenticate = _manager.authenticate(associate, getReturnUrl(httpServletRequest));
            authenticate.addExtension(createFetchRequest);
            messageUrl = authenticate.getDestinationUrl(true);
        } catch (OpenIDException e) {
            _logger.error("OpenId Error building authentication request : " + e.getMessage(), e);
        }
        return messageUrl;
    }

    private String getReturnUrl(HttpServletRequest httpServletRequest) {
        _logger.debug("Callback URL : " + AppPathService.getBaseUrl(httpServletRequest) + URL_CALLBACK);
        return AppPathService.getBaseUrl(httpServletRequest) + URL_CALLBACK;
    }

    private String getMessageUrl(HttpServletRequest httpServletRequest, String str) {
        UrlItem urlItem = new UrlItem(AppPathService.getBaseUrl(httpServletRequest) + AppPathService.getPortalUrl());
        urlItem.addParameter(PARAMETER_PAGE, PARAMETER_XPAGE_VALUE);
        urlItem.addParameter("error", str);
        return urlItem.getUrl();
    }

    public String verifyResponse(HttpServletRequest httpServletRequest) {
        String messageUrl = getMessageUrl(httpServletRequest, MESSAGE_KEY_AUTHENTICATION_FAILED);
        _logger.debug("Provider callback - host : " + httpServletRequest.getRemoteHost() + " - IP : " + httpServletRequest.getRemoteAddr());
        try {
            ParameterList parameterList = new ParameterList(httpServletRequest.getParameterMap());
            DiscoveryInformation discoveryInformation = (DiscoveryInformation) httpServletRequest.getSession().getAttribute("openid-disc");
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null && queryString.length() > 0) {
                requestURL.append("?").append(httpServletRequest.getQueryString());
            }
            VerificationResult verify = _manager.verify(requestURL.toString(), parameterList, discoveryInformation);
            Identifier verifiedId = verify.getVerifiedId();
            _logger.debug("Authentication verification  : " + verifiedId);
            if (verifiedId != null) {
                BaseUser baseUser = new BaseUser(verifiedId.getIdentifier(), this);
                AuthSuccess authResponse = verify.getAuthResponse();
                if (authResponse.hasExtension("http://openid.net/sreg/1.0")) {
                    _logger.debug("Authentication successfull - identifier : " + verifiedId.getIdentifier());
                    SRegResponse extension = authResponse.getExtension("http://openid.net/sreg/1.0");
                    if (extension instanceof SRegResponse) {
                        SRegResponse sRegResponse = extension;
                        String attributeValue = sRegResponse.getAttributeValue("fullname");
                        String attributeValue2 = sRegResponse.getAttributeValue("nickname");
                        String attributeValue3 = sRegResponse.getAttributeValue(PARAMETER_EMAIL);
                        baseUser.setUserInfo("user.name.given", attributeValue);
                        baseUser.setUserInfo("user.name.family", attributeValue2);
                        baseUser.setUserInfo("user.business-info.online.email", attributeValue3);
                        Plugin plugin = PluginService.getPlugin(PLUGIN_NAME);
                        OpenIdDatabaseUser openIdDatabaseUser = new OpenIdDatabaseUser();
                        openIdDatabaseUser.setEmail(attributeValue3);
                        openIdDatabaseUser.setFirstName(attributeValue);
                        openIdDatabaseUser.setLastName(attributeValue2);
                        openIdDatabaseUser.setLogin(verifiedId.getIdentifier());
                        openIdDatabaseUser.setAuthentificationType("openid");
                        messageUrl = AppPathService.getBaseUrl(httpServletRequest) + AppPathService.getPortalUrl();
                        if (OpenIdDatabaseUserHome.checkUserLogin(verifiedId.getIdentifier(), plugin)) {
                            SecurityService.getInstance().registerUser(httpServletRequest, baseUser);
                            if (openIdDatabaseUser.isValid()) {
                                OpenIdDatabaseUserHome.updateByLogin(openIdDatabaseUser, plugin);
                            } else {
                                messageUrl = getUserDetailsUrl(httpServletRequest, openIdDatabaseUser);
                            }
                        } else {
                            OpenIdDatabaseUserHome.create(openIdDatabaseUser, "", plugin);
                            if (openIdDatabaseUser.isValid()) {
                                SecurityService.getInstance().registerUser(httpServletRequest, baseUser);
                            } else {
                                messageUrl = getUserDetailsUrl(httpServletRequest, openIdDatabaseUser);
                            }
                        }
                    } else if (extension instanceof StoreResponse) {
                    }
                }
            }
        } catch (OpenIDException e) {
            _logger.error("OpenId Error in provider response : " + e.getMessage(), e);
        }
        return messageUrl;
    }

    private String getUserDetailsUrl(HttpServletRequest httpServletRequest, OpenIdDatabaseUser openIdDatabaseUser) {
        UrlItem urlItem = new UrlItem(AppPathService.getBaseUrl(httpServletRequest) + AppPathService.getPortalUrl());
        urlItem.addParameter(PARAMETER_PAGE, PARAMETER_XPAGE_VALUE);
        urlItem.addParameter("action", "detailsOpenId");
        urlItem.addParameter(PARAMETER_LOGIN, openIdDatabaseUser.getLogin());
        urlItem.addParameter(PARAMETER_FIRST_NAME, openIdDatabaseUser.getFirstName());
        urlItem.addParameter(PARAMETER_LAST_NAME, openIdDatabaseUser.getLastName());
        urlItem.addParameter(PARAMETER_EMAIL, openIdDatabaseUser.getEmail());
        return urlItem.getUrl();
    }
}
