package org.lamsfoundation.lams.web;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apache.log4j.Logger;
import org.imsglobal.lti.launch.LtiOauthVerifier;
import org.imsglobal.lti.launch.LtiVerificationException;
import org.imsglobal.lti.launch.LtiVerificationResult;
import org.lamsfoundation.lams.integration.ExtServer;
import org.lamsfoundation.lams.integration.ExtServerLessonMap;
import org.lamsfoundation.lams.integration.service.IntegrationService;
import org.lamsfoundation.lams.integration.util.LtiUtils;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.lamsfoundation.lams.util.CentralConstants;
import org.lamsfoundation.lams.util.HashUtil;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/web/LoginRequestLtiServlet.class */
public class LoginRequestLtiServlet extends HttpServlet {
    private static Logger log = Logger.getLogger(LoginRequestLtiServlet.class);
    private static IntegrationService integrationService = null;
    private static IUserManagementService userManagementService = null;
    private final String DEFAULT_FIRST_NAME = "John";
    private final String DEFAULT_LAST_NAME = "Doe";

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        initServices();
        String parameter = httpServletRequest.getParameter("user_id");
        String parameter2 = httpServletRequest.getParameter("roles");
        String parameter3 = httpServletRequest.getParameter("lis_person_name_given");
        String parameter4 = httpServletRequest.getParameter("lis_person_name_family");
        String parameter5 = httpServletRequest.getParameter("lis_person_contact_email_primary");
        String parameter6 = httpServletRequest.getParameter("launch_presentation_locale");
        String country = getCountry(parameter6);
        String language = getLanguage(parameter6);
        String parameter7 = httpServletRequest.getParameter("oauth_consumer_key");
        String parameter8 = httpServletRequest.getParameter("resource_link_id");
        String parameter9 = httpServletRequest.getParameter("context_id");
        String parameter10 = httpServletRequest.getParameter("context_label");
        if (parameter == null || parameter7 == null) {
            httpServletResponse.sendError(400, "Login Failed - login parameters missing");
            return;
        }
        ExtServer extServer = integrationService.getExtServer(parameter7);
        String serverkey = extServer.getServerkey();
        try {
            LtiVerificationResult verify = new LtiOauthVerifier().verify(httpServletRequest, serverkey);
            verify.getLtiLaunchResult();
            if (!verify.getSuccess().booleanValue()) {
                log.warn("Authentication error: " + verify.getMessage());
                httpServletResponse.sendError(401, "Login Failed - authentication error. " + verify.getMessage());
                return;
            }
            if (StringUtils.isBlank(parameter3)) {
                parameter3 = "John";
            }
            if (StringUtils.isBlank(parameter3)) {
                parameter4 = "Doe";
            }
            ExtServerLessonMap ltiConsumerLesson = integrationService.getLtiConsumerLesson(parameter7, parameter8);
            boolean isToolConsumerCustomRole = LtiUtils.isToolConsumerCustomRole(parameter2, extServer.getLtiToolConsumerMonitorRoles());
            if (LtiUtils.isStaff(parameter2) || LtiUtils.isAdmin(parameter2) || isToolConsumerCustomRole) {
                str = ltiConsumerLesson == null ? "author" : "monitor";
            } else {
                str = "learnerStrictAuth";
            }
            String l = ltiConsumerLesson == null ? "" : ltiConsumerLesson.getLessonId().toString();
            String valueOf = String.valueOf(System.currentTimeMillis());
            String sha1 = HashUtil.sha1(valueOf.toLowerCase().trim() + parameter.toLowerCase().trim() + str.toLowerCase().trim() + ("learnerStrictAuth".equals(str) ? l : "") + parameter7.toLowerCase().trim() + serverkey.toLowerCase().trim());
            try {
                URIBuilder uRIBuilder = new URIBuilder("lti.do");
                Enumeration parameterNames = httpServletRequest.getParameterNames();
                while (parameterNames.hasMoreElements()) {
                    String str2 = (String) parameterNames.nextElement();
                    if ("oauth_consumer_key".equals(str2) || !str2.startsWith("oauth_")) {
                        uRIBuilder.addParameter(str2, httpServletRequest.getParameter(str2));
                    }
                    uRIBuilder.addParameter("_method", str);
                }
                URIBuilder uRIBuilder2 = new URIBuilder("LoginRequest");
                uRIBuilder2.addParameter(CentralConstants.PARAM_UID, URLEncoder.encode(parameter, "UTF8"));
                uRIBuilder2.addParameter(CentralConstants.PARAM_METHOD, str);
                uRIBuilder2.addParameter("ts", valueOf);
                uRIBuilder2.addParameter("sid", parameter7);
                uRIBuilder2.addParameter("hash", sha1);
                uRIBuilder2.addParameter("courseid", parameter9);
                uRIBuilder2.addParameter(CentralConstants.PARAM_COURSE_NAME, parameter10);
                uRIBuilder2.addParameter(CentralConstants.PARAM_COUNTRY, country);
                uRIBuilder2.addParameter(CentralConstants.PARAM_LANG, language);
                uRIBuilder2.addParameter("firstName", parameter3);
                uRIBuilder2.addParameter("lastName", parameter4);
                uRIBuilder2.addParameter("lsid", l);
                uRIBuilder2.addParameter("email", parameter5);
                uRIBuilder2.addParameter("redirectURL", uRIBuilder.build().toString());
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(uRIBuilder2.build().toString()));
            } catch (URISyntaxException e) {
                throw new ServletException("Error creating URL for LoginRequest", e);
            }
        } catch (LtiVerificationException e2) {
            log.error("Authentication error: ", e2);
            httpServletResponse.sendError(401, "Login Failed - authentication error. " + e2.getMessage());
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    private static String getLanguage(String str) {
        return str == null ? "xx" : str.split("_")[0];
    }

    private static String getCountry(String str) {
        if (str == null) {
            return "XX";
        }
        String[] split = str.split("_");
        return split.length > 1 ? split[1] : "AU";
    }

    private void initServices() {
        if (integrationService == null) {
            integrationService = (IntegrationService) WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()).getBean("integrationService");
        }
        if (userManagementService == null) {
            userManagementService = (IUserManagementService) WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()).getBean("userManagementService");
        }
    }
}
