package io.jans.as.server.auth;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import io.jans.as.common.model.common.User;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.model.authorize.AuthorizeErrorResponseType;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.security.Identity;
import io.jans.as.server.service.CookieService;
import io.jans.as.server.service.ErrorHandlerService;
import io.jans.as.server.service.RequestParameterService;
import io.jans.as.server.service.SessionIdService;
import io.jans.as.server.service.external.ExternalSelectAccountService;
import io.jans.jsf2.service.FacesService;
import jakarta.annotation.PostConstruct;
import jakarta.enterprise.context.RequestScoped;
import jakarta.faces.context.ExternalContext;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/as/server/auth/SelectAccountAction.class */
public class SelectAccountAction {
    private static final String FORM_ID = "selectForm";
    private static final String LOGIN_BUTTON_REF = "selectForm:loginButton";

    @Inject
    private Logger log;

    @Inject
    private Identity identity;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private FacesService facesService;

    @Inject
    private CookieService cookieService;

    @Inject
    private ExternalContext externalContext;

    @Inject
    private RequestParameterService requestParameterService;

    @Inject
    private Authenticator authenticator;

    @Inject
    private ExternalSelectAccountService externalSelectAccountService;

    @Inject
    private ErrorHandlerService errorHandlerService;
    private String scope;
    private String responseType;
    private String clientId;
    private String redirectUri;
    private String state;
    private String responseMode;
    private String nonce;
    private String display;
    private String prompt;
    private Integer maxAge;
    private String uiLocales;
    private String idTokenHint;
    private String loginHint;
    private String acrValues;
    private String amrValues;
    private String request;
    private String requestUri;
    private String codeChallenge;
    private String codeChallengeMethod;
    private String claims;
    private String authReqId;
    private String bindingMessage;
    private String sessionId;
    private String allowedScope;
    private List<SessionId> currentSessions = Lists.newArrayList();
    private String selectedSessionId;

    @PostConstruct
    public void prepare() {
        this.currentSessions = Lists.newArrayList();
        HashSet newHashSet = Sets.newHashSet();
        for (SessionId sessionId : this.sessionIdService.getCurrentSessions()) {
            User user = this.sessionIdService.getUser(sessionId);
            if (user == null) {
                this.log.error("Failed to get user for session. Skipping it from current_sessions, id: {}", sessionId.getId());
            } else {
                String userId = StringUtils.isNotBlank(user.getUserId()) ? user.getUserId() : user.getDn();
                if (this.currentSessions.contains(sessionId) || newHashSet.contains(userId)) {
                    this.log.trace("Unable to find session for session_id: {}", sessionId.getId());
                } else {
                    this.log.trace("User: {}, sessionId: {}", userId, sessionId.getId());
                    this.currentSessions.add(sessionId);
                    newHashSet.add(userId);
                }
            }
        }
        this.log.trace("Found {} sessions", Integer.valueOf(this.currentSessions.size()));
        ExecutionContext of = ExecutionContext.of(this.externalContext);
        of.setCurrentSessions(this.currentSessions);
        if (this.externalSelectAccountService.externalPrepare(of)) {
            return;
        }
        this.errorHandlerService.handleError("selectAccount.forbiddenByScript", AuthorizeErrorResponseType.ACCESS_DENIED, "Forbidden by select account script.");
    }

    public List<SessionId> getCurrentSessions() {
        return this.currentSessions;
    }

    public void select() {
        try {
            this.log.debug("Selected account: {}", this.selectedSessionId);
            clearSessionIdCookie();
            Optional<SessionId> findAny = this.currentSessions.stream().filter(sessionId -> {
                return sessionId.getId().equals(this.selectedSessionId);
            }).findAny();
            if (findAny.isEmpty()) {
                this.log.debug("Unable to find session.");
                return;
            }
            this.cookieService.createSessionIdCookie(findAny.get(), false);
            this.identity.setSessionId(findAny.get());
            ExecutionContext of = ExecutionContext.of(this.externalContext);
            of.setSessionId(findAny.get());
            if (!this.externalSelectAccountService.externalOnSelect(of)) {
                this.log.debug("SelectAccount is forbidded by onSelect() method of external script.");
                return;
            }
            this.authenticator.authenticateBySessionId(this.selectedSessionId);
            String buildAuthorizationUrl = buildAuthorizationUrl();
            this.log.trace("RedirectTo: {}", buildAuthorizationUrl);
            this.facesService.redirectToExternalURL(buildAuthorizationUrl);
        } catch (UnsupportedEncodingException e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public String getName(SessionId sessionId) {
        User user = sessionId.getUser();
        ExecutionContext of = ExecutionContext.of(this.externalContext);
        of.setSessionId(sessionId);
        of.setUser(user);
        String externalGetAccountDisplayName = this.externalSelectAccountService.externalGetAccountDisplayName(of);
        if (StringUtils.isNotBlank(externalGetAccountDisplayName)) {
            this.log.trace("External display name '{}' is used for sessionId {}", of, sessionId.getId());
            return externalGetAccountDisplayName;
        }
        String attribute = user.getAttribute("displayName");
        return StringUtils.isNotBlank(attribute) ? attribute : StringUtils.isNotBlank(user.getUserId()) ? user.getUserId() : user.getDn();
    }

    public void login() {
        try {
            clearSessionIdCookie();
            String buildAuthorizationUrl = buildAuthorizationUrl();
            this.log.trace("RedirectTo: {}", buildAuthorizationUrl);
            this.facesService.redirectToExternalURL(buildAuthorizationUrl);
        } catch (UnsupportedEncodingException e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void clearSessionIdCookie() {
        Object response = this.externalContext.getResponse();
        if (!(response instanceof HttpServletResponse)) {
            this.log.error("Unknown http response.");
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        this.cookieService.removeSessionIdCookie(httpServletResponse);
        this.cookieService.removeOPBrowserStateCookie(httpServletResponse);
        if (this.identity != null) {
            this.identity.logout();
        }
        this.log.trace("Removed session_id and opbs cookies.");
    }

    private String buildAuthorizationUrl() throws UnsupportedEncodingException {
        return ((HttpServletRequest) this.externalContext.getRequest()).getContextPath() + "/restv1/authorize?" + this.requestParameterService.parametersAsString(getFilteredParameters());
    }

    private Map<String, String> getFilteredParameters() {
        Map requestParameterMap = this.externalContext.getRequestParameterMap();
        HashMap newHashMap = Maps.newHashMap();
        for (Map.Entry entry : requestParameterMap.entrySet()) {
            String str = (String) entry.getKey();
            if (!str.equals("jakarta.faces.ViewState") && !str.equals(FORM_ID) && !str.contains(LOGIN_BUTTON_REF)) {
                if (str.startsWith("selectForm:")) {
                    newHashMap.put(StringUtils.removeStart(str, "selectForm:"), (String) entry.getValue());
                } else {
                    newHashMap.put(StringUtils.removeStart(str, "selectForm:"), (String) entry.getValue());
                }
            }
        }
        return newHashMap;
    }

    public String getScope() {
        return this.scope;
    }

    public void setScope(String str) {
        this.scope = str;
    }

    public String getResponseType() {
        return this.responseType;
    }

    public void setResponseType(String str) {
        this.responseType = str;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public void setRedirectUri(String str) {
        this.redirectUri = str;
    }

    public String getState() {
        return this.state;
    }

    public void setState(String str) {
        this.state = str;
    }

    public String getResponseMode() {
        return this.responseMode;
    }

    public void setResponseMode(String str) {
        this.responseMode = str;
    }

    public String getNonce() {
        return this.nonce;
    }

    public void setNonce(String str) {
        this.nonce = str;
    }

    public String getDisplay() {
        return this.display;
    }

    public void setDisplay(String str) {
        this.display = str;
    }

    public String getPrompt() {
        return this.prompt;
    }

    public void setPrompt(String str) {
        this.prompt = str;
    }

    public Integer getMaxAge() {
        return this.maxAge;
    }

    public void setMaxAge(Integer num) {
        this.maxAge = num;
    }

    public String getUiLocales() {
        return this.uiLocales;
    }

    public void setUiLocales(String str) {
        this.uiLocales = str;
    }

    public String getIdTokenHint() {
        return this.idTokenHint;
    }

    public void setIdTokenHint(String str) {
        this.idTokenHint = str;
    }

    public String getLoginHint() {
        return this.loginHint;
    }

    public void setLoginHint(String str) {
        this.loginHint = str;
    }

    public String getAcrValues() {
        return this.acrValues;
    }

    public void setAcrValues(String str) {
        this.acrValues = str;
    }

    public String getAmrValues() {
        return this.amrValues;
    }

    public void setAmrValues(String str) {
        this.amrValues = str;
    }

    public String getRequest() {
        return this.request;
    }

    public void setRequest(String str) {
        this.request = str;
    }

    public String getRequestUri() {
        return this.requestUri;
    }

    public void setRequestUri(String str) {
        this.requestUri = str;
    }

    public String getCodeChallenge() {
        return this.codeChallenge;
    }

    public void setCodeChallenge(String str) {
        this.codeChallenge = str;
    }

    public String getCodeChallengeMethod() {
        return this.codeChallengeMethod;
    }

    public void setCodeChallengeMethod(String str) {
        this.codeChallengeMethod = str;
    }

    public String getClaims() {
        return this.claims;
    }

    public void setClaims(String str) {
        this.claims = str;
    }

    public String getAuthReqId() {
        return this.authReqId;
    }

    public void setAuthReqId(String str) {
        this.authReqId = str;
    }

    public String getSessionId() {
        return this.sessionId;
    }

    public void setSessionId(String str) {
        this.sessionId = str;
    }

    public String getAllowedScope() {
        return this.allowedScope;
    }

    public void setAllowedScope(String str) {
        this.allowedScope = str;
    }

    public String getBindingMessage() {
        return this.bindingMessage;
    }

    public void setBindingMessage(String str) {
        this.bindingMessage = str;
    }

    public String getSelectedSessionId() {
        return this.selectedSessionId;
    }

    public void setSelectedSessionId(String str) {
        this.selectedSessionId = str;
    }
}
