package com.el.edp.iam.api.java;

import com.el.edp.iam.spi.java.realm.EdpIamRealm;
import com.el.edp.iam.spi.java.realm.EdpIamToken;
import com.el.edp.iam.spi.java.realm.oidc.EdpIamOidcAccountBinder;
import com.el.edp.iam.support.repository.account.EdpIamPrincipal;
import com.el.edp.iam.support.shiro.EdpIamShiroSecurityManager;
import com.el.edp.iam.support.util.EdpIamOp;
import com.el.edp.iam.support.util.EdpIamUtil;
import com.el.edp.iam.support.util.captcha.EdpIamCaptchaUtil;
import com.el.edp.util.EdpOpException;
import java.io.IOException;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.CredentialsException;
import org.apache.shiro.session.SessionException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:com/el/edp/iam/api/java/EdpIamSecurityApi.class */
public class EdpIamSecurityApi {
    private static final Logger log = LoggerFactory.getLogger(EdpIamSecurityApi.class);

    @Autowired
    private EdpIamShiroSecurityManager securityManager;

    @Autowired(required = false)
    private EdpIamOidcAccountBinder oidcAccountBinder;

    @Autowired
    private EdpIamPrincipalService principalService;

    protected boolean isObscureResponse() {
        return true;
    }

    @RequestMapping(path = {"/xsrf"}, method = {RequestMethod.HEAD})
    public void xsrfToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        EdpIamUtil.createXsrfToken(httpServletRequest, httpServletResponse);
    }

    @RequestMapping(path = {"/ssrf"}, method = {RequestMethod.HEAD})
    public void ssrfToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.getSession(true);
        xsrfToken(httpServletRequest, httpServletResponse);
    }

    @GetMapping({"/captcha"})
    public String generateCaptcha(HttpServletRequest httpServletRequest) throws IOException {
        return Base64.getEncoder().encodeToString(EdpIamCaptchaUtil.generate(httpServletRequest));
    }

    @PostMapping({"/login"})
    public void login(HttpServletRequest httpServletRequest) {
        EdpIamToken recognizeToken = recognizeToken(httpServletRequest);
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            subject.logout();
        } else {
            subject.getSession().stop();
        }
        try {
            subject.login(recognizeToken);
        } catch (AccountException e) {
            throw new EdpOpException(isObscureResponse() ? EdpIamOp.NG_ACCOUNT : EdpIamOp.NG_PRINCIPAL);
        } catch (CredentialsException e2) {
            throw new EdpOpException(isObscureResponse() ? EdpIamOp.NG_ACCOUNT : EdpIamOp.NG_CREDENTIAL);
        }
    }

    private EdpIamToken recognizeToken(HttpServletRequest httpServletRequest) {
        return (EdpIamToken) this.securityManager.getRealms().stream().map(realm -> {
            return (EdpIamRealm) realm;
        }).map(edpIamRealm -> {
            return edpIamRealm.recognizeToken(httpServletRequest);
        }).filter((v0) -> {
            return v0.isPresent();
        }).findFirst().map((v0) -> {
            return v0.get();
        }).orElseThrow(() -> {
            return new EdpOpException(EdpIamOp.NG_UNSUPPORTED);
        });
    }

    @PostMapping({"/logout"})
    public void logout() {
        try {
            Subject subject = SecurityUtils.getSubject();
            if (subject.isAuthenticated()) {
                EdpIamPrincipal edpIamPrincipal = (EdpIamPrincipal) subject.getPrincipal();
                subject.logout();
                if (this.oidcAccountBinder != null) {
                    edpIamPrincipal.unbindOpenId();
                }
                onLogout(edpIamPrincipal);
            }
        } catch (SessionException e) {
            log.trace("[EDP-IAM] Encountered session exception during logout. This can generally safely be ignored.");
        }
    }

    protected void onLogout(EdpIamPrincipal edpIamPrincipal) {
    }

    @GetMapping({"/principal"})
    public ResponseEntity<Object> principal() {
        return this.principalService.isUser() ? ResponseEntity.ok(this.principalService.getPrincipal()) : ResponseEntity.noContent().build();
    }
}
