package org.jahia.modules.saml2.actions;

import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import javax.jcr.RepositoryException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.jahia.bin.Action;
import org.jahia.bin.ActionResult;
import org.jahia.modules.saml2.SAML2Util;
import org.jahia.modules.saml2.admin.SAML2SettingsService;
import org.jahia.modules.saml2.utils.JCRConstants;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.render.RenderContext;
import org.jahia.services.render.Resource;
import org.jahia.services.render.URLResolver;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.utils.ClassLoaderUtils;
import org.json.JSONObject;
import org.opensaml.core.config.InitializationService;
import org.pac4j.core.context.J2EContext;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.exceptions.SAMLException;
import org.pac4j.saml.profile.SAML2Profile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/modules/saml2/actions/SAMLCallback.class */
public class SAMLCallback extends Action {
    private static final Logger logger = LoggerFactory.getLogger(SAMLCallback.class);
    private static final String REDIRECT = "redirect";
    private static final String SSO_LOGIN = "ssoLoginId";
    private SAML2SettingsService saml2SettingsService;
    private JahiaUserManagerService jahiaUserManagerService;
    private SAML2Util util;

    public ActionResult doExecute(HttpServletRequest httpServletRequest, RenderContext renderContext, Resource resource, JCRSessionWrapper jCRSessionWrapper, Map<String, List<String>> map, URLResolver uRLResolver) throws Exception {
        String siteKey = renderContext.getSite().getSiteKey();
        try {
            ClassLoaderUtils.executeWith(InitializationService.class.getClassLoader(), () -> {
                SAML2Client sAML2Client = this.util.getSAML2Client(this.saml2SettingsService, httpServletRequest, siteKey);
                J2EContext j2EContext = new J2EContext(httpServletRequest, renderContext.getResponse());
                executeMapper(httpServletRequest, renderContext, siteKey, getMapperResult((SAML2Profile) sAML2Client.getUserProfile(sAML2Client.getCredentials(j2EContext), j2EContext)));
                return true;
            });
        } catch (SAMLException e) {
            logger.warn("Cannot log in user : {}", e.getMessage());
        }
        return new ActionResult(200, retrieveRedirectUrl(httpServletRequest, siteKey), true, (JSONObject) null);
    }

    private void executeMapper(HttpServletRequest httpServletRequest, RenderContext renderContext, String str, Map<String, Object> map) {
        String str2 = (String) map.get(SSO_LOGIN);
        logger.debug("id of SAML Profile: {}", str2);
        try {
            if (StringUtils.isNotEmpty(str2)) {
                JahiaUser processSSOUserInJcr = processSSOUserInJcr(map, str);
                if (processSSOUserInJcr.isAccountLocked()) {
                    logger.info("Login failed. Account is locked for user {}", str2);
                    return;
                }
                httpServletRequest.getSession().setAttribute("org.jahia.usermanager.jahiauser", processSSOUserInJcr);
            }
        } catch (RepositoryException e) {
            logger.error("Cannot login user", e);
        }
    }

    private JahiaUser processSSOUserInJcr(Map<String, Object> map, String str) throws RepositoryException {
        JCRNodeWrapper createUser;
        JCRSessionWrapper currentSystemSession = JCRSessionFactory.getInstance().getCurrentSystemSession((String) null, (Locale) null, (Locale) null);
        String str2 = (String) map.get(SSO_LOGIN);
        if (this.jahiaUserManagerService.userExists(str2, str)) {
            createUser = this.jahiaUserManagerService.lookupUser(str2, str, currentSystemSession);
            if (createUser == null) {
                createUser = this.jahiaUserManagerService.lookupUser(str2, (String) null, currentSystemSession);
            }
            if (createUser.getProviderName().equals("default") && updateUserProperties(createUser.getDecoratedNode(), map)) {
                currentSystemSession.save();
            }
        } else {
            createUser = this.jahiaUserManagerService.createUser(str2, str, "SHA-1:*", new Properties(), currentSystemSession);
            updateUserProperties(createUser, map);
            currentSystemSession.save();
        }
        return createUser.getJahiaUser();
    }

    private Map<String, Object> getMapperResult(SAML2Profile sAML2Profile) {
        HashMap hashMap = new HashMap();
        hashMap.put(SSO_LOGIN, sAML2Profile.getId());
        hashMap.put(JCRConstants.USER_PROPERTY_EMAIL, sAML2Profile.getEmail());
        hashMap.put(JCRConstants.USER_PROPERTY_LASTNAME, sAML2Profile.getFamilyName());
        hashMap.put(JCRConstants.USER_PROPERTY_FIRSTNAME, sAML2Profile.getFirstName());
        return hashMap;
    }

    private boolean updateUserProperties(JCRNodeWrapper jCRNodeWrapper, Map<String, Object> map) throws RepositoryException {
        boolean z = false;
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (Objects.isNull(jCRNodeWrapper.getPropertyAsString(entry.getKey())) || (!Objects.isNull(entry.getValue()) && !jCRNodeWrapper.getPropertyAsString(entry.getKey()).equals(entry.getValue()))) {
                jCRNodeWrapper.setProperty(entry.getKey(), (String) entry.getValue());
                z = true;
            }
        }
        return z;
    }

    private String retrieveRedirectUrl(HttpServletRequest httpServletRequest, String str) {
        String cookieValue = this.util.getCookieValue(httpServletRequest, REDIRECT);
        if (StringUtils.isEmpty(cookieValue)) {
            cookieValue = httpServletRequest.getContextPath() + this.saml2SettingsService.getSettings(str).getPostLoginPath();
            if (StringUtils.isEmpty(cookieValue)) {
                cookieValue = "/";
            }
        }
        return cookieValue;
    }

    public void setSaml2SettingsService(SAML2SettingsService sAML2SettingsService) {
        this.saml2SettingsService = sAML2SettingsService;
    }

    public void setJahiaUserManagerService(JahiaUserManagerService jahiaUserManagerService) {
        this.jahiaUserManagerService = jahiaUserManagerService;
    }

    public void setUtil(SAML2Util sAML2Util) {
        this.util = sAML2Util;
    }
}
