package io.mosip.kernel.authcodeflowproxy.api.controller;

import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
import io.mosip.kernel.authcodeflowproxy.api.dto.MosipUserDto;
import io.mosip.kernel.authcodeflowproxy.api.exception.ClientException;
import io.mosip.kernel.authcodeflowproxy.api.exception.ServiceException;
import io.mosip.kernel.authcodeflowproxy.api.service.LoginService;
import io.mosip.kernel.core.http.ResponseFilter;
import io.mosip.kernel.core.http.ResponseWrapper;
import io.mosip.kernel.core.util.EmptyCheckUtils;
import java.io.IOException;
import java.util.List;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.class */
public class LoginController {
    private static final Logger LOGGER = LoggerFactory.getLogger(LoginController.class);

    @Value("${auth.token.header:Authorization}")
    private String authTokenHeader;

    @Value("#{'${auth.allowed.urls}'.split(',')}")
    private List<String> allowedUrls;

    @Autowired
    private LoginService loginService;

    @GetMapping({"/login/{redirectURI}"})
    public void login(@CookieValue(name = "state", required = false) String str, @PathVariable("redirectURI") String str2, @RequestParam(name = "state", required = false) String str3, HttpServletResponse httpServletResponse) throws IOException {
        String str4 = EmptyCheckUtils.isNullEmpty(str) ? str3 : str;
        if (EmptyCheckUtils.isNullEmpty(str4)) {
            throw new ServiceException(Errors.STATE_NULL_EXCEPTION.getErrorCode(), Errors.STATE_NULL_EXCEPTION.getErrorMessage());
        }
        try {
            if (!UUID.fromString(str4).toString().equals(str4)) {
                throw new ServiceException(Errors.STATE_NOT_UUID_EXCEPTION.getErrorCode(), Errors.STATE_NOT_UUID_EXCEPTION.getErrorMessage());
            }
            String login = this.loginService.login(str2, str4);
            Cookie cookie = new Cookie("state", str4);
            cookie.setHttpOnly(true);
            cookie.setSecure(true);
            cookie.setPath("/");
            httpServletResponse.addCookie(cookie);
            httpServletResponse.setStatus(302);
            httpServletResponse.sendRedirect(login);
        } catch (IllegalArgumentException e) {
            throw new ServiceException(Errors.STATE_NOT_UUID_EXCEPTION.getErrorCode(), Errors.STATE_NOT_UUID_EXCEPTION.getErrorMessage());
        }
    }

    @GetMapping({"/login-redirect/{redirectURI}"})
    public void loginRedirect(@PathVariable("redirectURI") String str, @RequestParam("state") String str2, @RequestParam("session_state") String str3, @RequestParam("code") String str4, @CookieValue("state") String str5, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.addCookie(this.loginService.createCookie(this.loginService.loginRedirect(str2, str3, str4, str5, str).getAccessToken()));
        httpServletResponse.setStatus(302);
        String str6 = new String(Base64.decodeBase64(str.getBytes()));
        if (str6.contains("#")) {
            str6 = str6.split("#")[0];
        }
        if (this.allowedUrls.contains(str6)) {
            httpServletResponse.sendRedirect(str6);
        } else {
            LOGGER.error("Url {} was not part of allowed url's", str6);
            throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
        }
    }

    @ResponseFilter
    @GetMapping({"/authorize/admin/validateToken"})
    public ResponseWrapper<MosipUserDto> validateAdminToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            throw new ClientException(Errors.COOKIE_NOTPRESENT_ERROR.getErrorCode(), Errors.COOKIE_NOTPRESENT_ERROR.getErrorMessage());
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().contains(this.authTokenHeader)) {
                str = cookie.getValue();
            }
        }
        if (str == null) {
            throw new ClientException(Errors.TOKEN_NOTPRESENT_ERROR.getErrorCode(), Errors.TOKEN_NOTPRESENT_ERROR.getErrorMessage());
        }
        MosipUserDto valdiateToken = this.loginService.valdiateToken(str);
        httpServletResponse.addCookie(this.loginService.createCookie(str));
        ResponseWrapper<MosipUserDto> responseWrapper = new ResponseWrapper<>();
        responseWrapper.setResponse(valdiateToken);
        return responseWrapper;
    }

    @ResponseFilter
    @GetMapping({"/logout/user"})
    public void logoutUser(@CookieValue(value = "Authorization", required = false) String str, @RequestParam(name = "redirecturi", required = true) String str2, HttpServletResponse httpServletResponse) throws IOException {
        String str3 = new String(Base64.decodeBase64(str2));
        if (str3.contains("#")) {
            str3 = str3.split("#")[0];
        }
        if (!this.allowedUrls.contains(str3)) {
            LOGGER.error("Url {} was not part of allowed url's", str3);
            throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
        }
        String logoutUser = this.loginService.logoutUser(str, str3);
        httpServletResponse.setStatus(302);
        httpServletResponse.sendRedirect(logoutUser);
    }
}
