package io.mosip.kernel.authcodeflowproxy.api.controller;

import io.mosip.kernel.authcodeflowproxy.api.validator.ValidateTokenUtil;
import io.mosip.kernel.core.http.ResponseFilter;
import io.mosip.kernel.core.http.ResponseWrapper;
import io.mosip.kernel.core.util.EmptyCheckUtils;
import io.mosip.kernel.openid.bridge.api.constants.Errors;
import io.mosip.kernel.openid.bridge.api.exception.ClientException;
import io.mosip.kernel.openid.bridge.api.exception.ServiceException;
import io.mosip.kernel.openid.bridge.api.service.LoginService;
import io.mosip.kernel.openid.bridge.dto.AccessTokenResponseDTO;
import java.io.IOException;
import java.util.List;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.class */
public class LoginController {
    private static final String ID_TOKEN = "id_token";
    private static final Logger LOGGER = LoggerFactory.getLogger(LoginController.class);
    private static final String IDTOKEN = "idToken";

    @Value("${auth.token.header:Authorization}")
    private String authTokenHeader;

    @Value("${iam.locale.cookie.name:KEYCLOAK_LOCALE}")
    private String localeCookieName;

    @Value("${iam.locale.cookie.name:/auth/realms/}")
    private String localeCookiePath;

    @Value("#{'${auth.allowed.urls}'.split(',')}")
    private List<String> allowedUrls;

    @Autowired
    private LoginService loginService;

    @Autowired
    private ValidateTokenUtil validateTokenHelper;

    @Autowired
    private Environment environment;

    @Value("${auth.validate.id-token:false}")
    private boolean validateIdToken;

    @Autowired
    private AntPathMatcher antPathMatcher;

    @Value("${mosip.iam.logout.offline:false}")
    private boolean offlineLogout;

    @GetMapping({"/login/{redirectURI}"})
    public void login(@CookieValue(name = "state", required = false) String str, @PathVariable("redirectURI") String str2, @RequestParam(name = "state", required = false) String str3, HttpServletResponse httpServletResponse) throws IOException {
        String str4 = EmptyCheckUtils.isNullEmpty(str) ? str3 : str;
        if (EmptyCheckUtils.isNullEmpty(str4)) {
            throw new ServiceException(Errors.STATE_NULL_EXCEPTION.getErrorCode(), Errors.STATE_NULL_EXCEPTION.getErrorMessage());
        }
        try {
            if (!UUID.fromString(str4).toString().equals(str4)) {
                throw new ServiceException(Errors.STATE_NOT_UUID_EXCEPTION.getErrorCode(), Errors.STATE_NOT_UUID_EXCEPTION.getErrorMessage());
            }
            String login = this.loginService.login(str2, str4);
            Cookie cookie = new Cookie("state", str4);
            setCookieParams(cookie, true, true, "/");
            httpServletResponse.addCookie(cookie);
            httpServletResponse.setStatus(302);
            httpServletResponse.sendRedirect(login);
        } catch (IllegalArgumentException e) {
            throw new ServiceException(Errors.STATE_NOT_UUID_EXCEPTION.getErrorCode(), Errors.STATE_NOT_UUID_EXCEPTION.getErrorMessage());
        }
    }

    @GetMapping({"/login-redirect/{redirectURI}"})
    public void loginRedirect(@PathVariable("redirectURI") String str, @RequestParam("state") String str2, @RequestParam(value = "session_state", required = false) String str3, @RequestParam("code") String str4, @CookieValue("state") String str5, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        AccessTokenResponseDTO loginRedirect = this.loginService.loginRedirect(str2, str3, str4, str5, str);
        String accessToken = loginRedirect.getAccessToken();
        this.validateTokenHelper.validateToken(accessToken);
        httpServletResponse.addCookie(this.loginService.createCookie(accessToken));
        if (this.validateIdToken) {
            String property = this.environment.getProperty(IDTOKEN, ID_TOKEN);
            String idToken = loginRedirect.getIdToken();
            if (idToken == null) {
                throw new ClientException(Errors.TOKEN_NOTPRESENT_ERROR.getErrorCode(), Errors.TOKEN_NOTPRESENT_ERROR.getErrorMessage() + ": " + property);
            }
            this.validateTokenHelper.validateToken(idToken);
            Cookie cookie = new Cookie(property, idToken);
            setCookieParams(cookie, true, true, "/");
            httpServletResponse.addCookie(cookie);
        }
        httpServletResponse.setStatus(302);
        String str6 = new String(Base64.decodeBase64(str.getBytes()));
        if (matchesAllowedUrls(str6)) {
            httpServletResponse.sendRedirect(str6);
        } else {
            LOGGER.error("Url {} was not part of allowed url's", str6);
            throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
        }
    }

    private boolean matchesAllowedUrls(String str) {
        boolean contains = this.allowedUrls.contains(str.contains("#") ? str.split("#")[0] : str);
        if (!contains) {
            contains = this.allowedUrls.stream().filter(str2 -> {
                return this.antPathMatcher.isPattern(str2);
            }).anyMatch(str3 -> {
                return this.antPathMatcher.match(str3, str);
            });
        }
        return contains;
    }

    private void setCookieParams(Cookie cookie, boolean z, boolean z2, String str) {
        cookie.setHttpOnly(z);
        cookie.setSecure(z2);
        cookie.setPath(str);
    }

    @ResponseFilter
    @GetMapping({"/authorize/admin/validateToken"})
    public ResponseWrapper<?> validateAdminToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            throw new ClientException(Errors.COOKIE_NOTPRESENT_ERROR.getErrorCode(), Errors.COOKIE_NOTPRESENT_ERROR.getErrorMessage());
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().contains(this.authTokenHeader)) {
                str = cookie.getValue();
            }
        }
        if (str == null) {
            throw new ClientException(Errors.TOKEN_NOTPRESENT_ERROR.getErrorCode(), Errors.TOKEN_NOTPRESENT_ERROR.getErrorMessage());
        }
        Object valdiateToken = this.loginService.valdiateToken(str);
        httpServletResponse.addCookie(this.loginService.createCookie(str));
        ResponseWrapper<?> responseWrapper = new ResponseWrapper<>();
        responseWrapper.setResponse(valdiateToken);
        return responseWrapper;
    }

    @ResponseFilter
    @GetMapping({"/logout/user"})
    public void logoutUser(@CookieValue(value = "Authorization", required = false) String str, @RequestParam(name = "redirecturi", required = true) String str2, HttpServletResponse httpServletResponse) throws IOException {
        String str3 = new String(Base64.decodeBase64(str2));
        if (!matchesAllowedUrls(str3)) {
            LOGGER.error("Url {} was not part of allowed url's", str3);
            throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
        }
        String logoutUser = this.loginService.logoutUser(str, str2);
        if (this.offlineLogout) {
            httpServletResponse.addCookie(this.loginService.createExpiringCookie());
            if (this.validateIdToken) {
                Cookie cookie = new Cookie(this.environment.getProperty(IDTOKEN, ID_TOKEN), (String) null);
                cookie.setMaxAge(0);
                setCookieParams(cookie, true, true, "/");
                httpServletResponse.addCookie(cookie);
            }
        }
        httpServletResponse.setStatus(302);
        httpServletResponse.sendRedirect(logoutUser);
    }
}
