package org.lamsfoundation.lams.web;

import java.io.IOException;
import java.net.URL;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.openid.OpenIDConfig;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.lamsfoundation.lams.util.CSVUtil;
import org.lamsfoundation.lams.util.CentralConstants;
import org.lamsfoundation.lams.util.Configuration;
import org.lamsfoundation.lams.util.ConfigurationKeys;
import org.lamsfoundation.lams.util.MessageService;
import org.lamsfoundation.lams.util.WebUtil;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.verisign.joid.OpenIdException;
import org.verisign.joid.consumer.OpenIdFilter;
import org.verisign.joid.util.UrlUtils;

/* loaded from: input_file:org/lamsfoundation/lams/web/SIFOpenIDServlet.class */
public class SIFOpenIDServlet extends HttpServlet {
    private static final long serialVersionUID = -381530224124159008L;
    private static final Logger log = Logger.getLogger(SIFOpenIDServlet.class);
    private static final String PARAM_OPENID_URL = "openid_url";
    private static final String PARAM_ERROR_MSG = "errorMsg";
    private static final String ERROR_KEY_NOT_ENABLED = "openid.not.enabled";
    private static final String ERROR_KEY_BLACKLISTED = "openid.blacklisted";
    private static final String ERROR_KEY_NO_ID_PASSED = "openid.no.id";
    private static final String ERROR_KEY_AUTH = "openid.auth.error";
    private static final String ERROR_KEY_AUTH_LAMS = "openid.auth.fail";
    private IUserManagementService userService = null;
    private MessageService messageService = null;

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        setService();
        String readStrParam = WebUtil.readStrParam(httpServletRequest, PARAM_OPENID_URL, true);
        OpenIDConfig openIDConfig = (OpenIDConfig) this.userService.findById(OpenIDConfig.class, "enabled");
        String currentUser = OpenIdFilter.getCurrentUser(httpServletRequest.getSession(true));
        Long readLongParam = WebUtil.readLongParam(httpServletRequest, "lessonID", true);
        if (openIDConfig == null || !Boolean.parseBoolean(openIDConfig.getConfigValue())) {
            redirectToPortal(httpServletResponse, this.messageService.getMessage(ERROR_KEY_NOT_ENABLED));
            return;
        }
        if (currentUser != null) {
            log.info("Logging user into LAMS using openid token: " + currentUser);
            loginUser(currentUser, httpServletRequest, httpServletResponse);
        } else if (readStrParam == null || readStrParam.equals("")) {
            log.error("OpenID authentication failed, no value passed for the openid url");
            redirectToPortal(httpServletResponse, this.messageService.getMessage(ERROR_KEY_NO_ID_PASSED));
        } else {
            String str = UrlUtils.getBaseUrl(httpServletRequest) + "/OpenIDServlet";
            if (readLongParam != null) {
                str = str + "?lessonID=" + readLongParam;
            }
            sendAuthenticationRequest(httpServletResponse, readStrParam, str, UrlUtils.getBaseUrl(httpServletRequest));
        }
    }

    private void sendAuthenticationRequest(HttpServletResponse httpServletResponse, String str, String str2, String str3) throws IOException {
        try {
            String authUrl = OpenIdFilter.joid().getAuthUrl(str, str2, str3);
            if (isTrustedIdentityProvider(authUrl)) {
                log.info("No session found for user with url: " + str + ". Sending authentication request to identity provider.");
                httpServletResponse.sendRedirect(authUrl);
            } else {
                log.error("Identity provider not permitted: " + str);
                redirectToPortal(httpServletResponse, this.messageService.getMessage(ERROR_KEY_BLACKLISTED));
            }
        } catch (OpenIdException e) {
            log.error("Problem getting openid url.", e);
            redirectToPortal(httpServletResponse, this.messageService.getMessage(ERROR_KEY_AUTH));
        } catch (Exception e2) {
            log.error("Error sending redirect request.", e2);
            redirectToPortal(httpServletResponse, this.messageService.getMessage(ERROR_KEY_AUTH));
        }
    }

    private boolean isTrustedIdentityProvider(String str) {
        try {
            URL url = new URL(str);
            OpenIDConfig openIDConfig = (OpenIDConfig) this.userService.findById(OpenIDConfig.class, "trustedIDPs");
            if (openIDConfig != null) {
                for (String str2 : CSVUtil.parse(openIDConfig.getConfigValue())) {
                    if (new URL(str2).getHost().equals(url.getHost())) {
                        return true;
                    }
                }
            }
            return false;
        } catch (Exception e) {
            log.error("Error parsing trusted idps", e);
            return false;
        }
    }

    private void loginUser(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        User userDTOByOpenidURL = this.userService.getUserDTOByOpenidURL(str);
        if (userDTOByOpenidURL == null) {
            redirectToPortal(httpServletResponse, this.messageService.getMessage(ERROR_KEY_AUTH_LAMS, new String[]{str}));
            return;
        }
        HttpSession session = httpServletRequest.getSession(true);
        if (((String) session.getAttribute("openidUser")) != null) {
            session.invalidate();
            session = httpServletRequest.getSession(true);
        }
        session.setAttribute("user", userDTOByOpenidURL.getUserDTO());
        session.setAttribute("openidUser", userDTOByOpenidURL.getLogin());
        httpServletResponse.sendRedirect("j_security_check?j_username=" + userDTOByOpenidURL.getLogin() + "&j_password=" + userDTOByOpenidURL.getPassword());
    }

    private void redirectToPortal(HttpServletResponse httpServletResponse, String str) throws IOException {
        OpenIDConfig openIDConfig = (OpenIDConfig) this.userService.findById(OpenIDConfig.class, "portalURL");
        String configValue = openIDConfig != null ? openIDConfig.getConfigValue() : Configuration.get(ConfigurationKeys.SERVER_URL);
        if (str != null && str.length() > 0) {
            configValue = configValue + "?errorMsg=" + URLEncoder.encode(str, "UTF8");
        }
        httpServletResponse.sendRedirect(configValue);
    }

    private void setService() {
        if (this.userService == null) {
            this.userService = (IUserManagementService) WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()).getBean("userManagementService");
        }
        if (this.messageService == null) {
            this.messageService = (MessageService) WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()).getBean(CentralConstants.CENTRAL_MESSAGE_SERVICE_BEAN_NAME);
        }
    }
}
