package org.jahia.community.aws.cognito.jaxrs;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.jahia.api.content.JCRTemplate;
import org.jahia.api.usermanager.JahiaUserManagerService;
import org.jahia.community.aws.cognito.connector.AwsCognitoConnector;
import org.jahia.community.aws.cognito.connector.AwsCognitoLoginUrlProvider;
import org.jahia.community.aws.cognito.provider.AwsCognitoConfiguration;
import org.jahia.modules.jahiaauth.service.ConnectorConfig;
import org.jahia.modules.jahiaauth.service.SettingsService;
import org.jahia.osgi.BundleUtils;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.sites.JahiaSitesService;
import org.jahia.services.usermanager.JahiaUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/cognito")
/* loaded from: input_file:org/jahia/community/aws/cognito/jaxrs/AwsCognitoEndpoint.class */
public class AwsCognitoEndpoint {
    private static final Logger logger = LoggerFactory.getLogger(AwsCognitoEndpoint.class);

    @GET
    public Response getData(@QueryParam("user") String str, @Context HttpServletRequest httpServletRequest) {
        try {
            String siteKey = AwsCognitoLoginUrlProvider.getSiteKey(httpServletRequest, (JCRTemplate) BundleUtils.getOsgiService(JCRTemplate.class, (String) null), (JahiaSitesService) BundleUtils.getOsgiService(JahiaSitesService.class, (String) null));
            if (siteKey == null) {
                logger.warn("Site not found.");
                return Response.status(Response.Status.NOT_FOUND).build();
            }
            SettingsService settingsService = (SettingsService) BundleUtils.getOsgiService(SettingsService.class, (String) null);
            ConnectorConfig connectorConfig = settingsService.getConnectorConfig(siteKey, AwsCognitoConnector.KEY);
            if (connectorConfig == null) {
                connectorConfig = settingsService.getConnectorConfig("systemsite", AwsCognitoConnector.KEY);
                if (connectorConfig == null) {
                    logger.warn("The site {} doesn't have the AWS Cognito configuration", siteKey);
                    return Response.status(Response.Status.NOT_FOUND).build();
                }
            }
            if (!login(decryptUser(str, connectorConfig.getProperty(AwsCognitoConfiguration.SECRET_KEY)), httpServletRequest)) {
                return Response.status(Response.Status.NOT_FOUND).build();
            }
            String str2 = (String) httpServletRequest.getSession(false).getAttribute(AwsCognitoLoginUrlProvider.SESSION_OAUTH_AWS_COGNITO_RETURN_URL);
            if (str2 == null) {
                str2 = "/";
            }
            return Response.seeOther(URI.create(str2)).build();
        } catch (Exception e) {
            logger.warn("", e);
            return Response.status(Response.Status.NOT_FOUND).build();
        }
    }

    private static String decryptUser(String str, String str2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, DigestException {
        byte[] decode = Base64.getDecoder().decode(str);
        byte[] copyOfRange = Arrays.copyOfRange(decode, 8, 16);
        MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.MD5);
        int digestLength = messageDigest.getDigestLength();
        byte[] bArr = new byte[(((48 + digestLength) - 1) / digestLength) * digestLength];
        messageDigest.reset();
        for (int i = 0; i < 48; i += digestLength) {
            if (i > 0) {
                messageDigest.update(bArr, i - digestLength, digestLength);
            }
            messageDigest.update(str2.getBytes(StandardCharsets.UTF_8));
            messageDigest.update(copyOfRange, 0, 8);
            messageDigest.digest(bArr, i, digestLength);
        }
        byte[] copyOfRange2 = Arrays.copyOfRange(decode, 16, decode.length);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, new SecretKeySpec(Arrays.copyOfRange(bArr, 0, 32), "AES"), new IvParameterSpec(Arrays.copyOfRange(bArr, 32, 48)));
        return new String(cipher.doFinal(copyOfRange2), StandardCharsets.UTF_8);
    }

    private static boolean login(String str, HttpServletRequest httpServletRequest) {
        JCRUserNode lookupUser = ((JahiaUserManagerService) BundleUtils.getOsgiService(JahiaUserManagerService.class, (String) null)).lookupUser(str);
        if (lookupUser == null) {
            logger.warn("Login failed (user {} not found in JCR).", str);
            return false;
        }
        JahiaUser jahiaUser = lookupUser.getJahiaUser();
        httpServletRequest.getSession().invalidate();
        httpServletRequest.getSession().setAttribute("org.jahia.usermanager.jahiauser", jahiaUser);
        httpServletRequest.setAttribute("login_valve_result", "ok");
        return true;
    }
}
