package org.cloudfoundry.identity.uaa.authentication.login;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.log4j.spi.LocationInfo;
import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.client.ClientConstants;
import org.cloudfoundry.identity.uaa.client.SocialClientUserDetails;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.login.AutologinRequest;
import org.cloudfoundry.identity.uaa.login.AutologinResponse;
import org.cloudfoundry.identity.uaa.login.PasscodeInformation;
import org.cloudfoundry.identity.uaa.login.saml.IdentityProviderConfigurator;
import org.cloudfoundry.identity.uaa.login.saml.IdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.login.saml.LoginSamlAuthenticationToken;
import org.cloudfoundry.identity.uaa.oauth.Claims;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.util.UaaStringUtils;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.codehaus.jackson.map.ObjectMapper;
import org.hsqldb.Tokens;
import org.opensaml.ws.wssecurity.Password;
import org.springframework.core.env.Environment;
import org.springframework.core.io.support.PropertiesLoaderUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.saml.SAMLDiscovery;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.util.UriComponentsBuilder;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.2.4.jar:org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint.class */
public class LoginInfoEndpoint {
    public static final String NotANumber = "NaN";
    private Properties gitProperties;
    private Properties buildProperties;
    private String baseUrl;
    private String uaaHost;
    protected Environment environment;
    private IdentityProviderConfigurator idpDefinitions;
    private AuthenticationManager authenticationManager;
    private ExpiringCodeStore expiringCodeStore;
    private ClientDetailsService clientDetailsService;
    private Map<String, String> links = new HashMap();
    private long codeExpirationMillis = 300000;
    private String entityID = "";
    private List<Prompt> prompts = Arrays.asList(new Prompt("username", "text", "Email"), new Prompt("password", "password", Password.ELEMENT_LOCAL_NAME));

    @ResponseStatus(value = HttpStatus.FORBIDDEN, reason = "Unknown authentication token type, unable to derive user ID.")
    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.2.4.jar:org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint$UnknownPrincipalException.class */
    public static final class UnknownPrincipalException extends RuntimeException {
    }

    public void setExpiringCodeStore(ExpiringCodeStore expiringCodeStore) {
        this.expiringCodeStore = expiringCodeStore;
    }

    public long getCodeExpirationMillis() {
        return this.codeExpirationMillis;
    }

    public void setCodeExpirationMillis(long j) {
        this.codeExpirationMillis = j;
    }

    public void setIdpDefinitions(IdentityProviderConfigurator identityProviderConfigurator) {
        this.idpDefinitions = identityProviderConfigurator;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setEnvironment(Environment environment) {
        this.environment = environment;
    }

    public void setEntityID(String str) {
        this.entityID = str;
    }

    public LoginInfoEndpoint() {
        this.gitProperties = new Properties();
        this.buildProperties = new Properties();
        try {
            this.gitProperties = PropertiesLoaderUtils.loadAllProperties("git.properties");
        } catch (IOException e) {
        }
        try {
            this.buildProperties = PropertiesLoaderUtils.loadAllProperties("build.properties");
        } catch (IOException e2) {
        }
    }

    public void setPrompts(List<Prompt> list) {
        this.prompts = list;
    }

    public List<Prompt> getPrompts() {
        return this.prompts;
    }

    @RequestMapping(value = {"/login"}, headers = {"Accept=application/json"})
    public String loginForJson(Model model, Principal principal) {
        return login(model, principal, Collections.emptyList(), false);
    }

    @RequestMapping(value = {"/info"}, headers = {"Accept=application/json"})
    public String infoForJson(Model model, Principal principal) {
        return login(model, principal, Collections.emptyList(), true);
    }

    @RequestMapping(value = {"/info"}, headers = {"Accept=text/html, */*"})
    public String infoForHtml(Model model, Principal principal) {
        return login(model, principal, Arrays.asList("passcode"), false);
    }

    @RequestMapping(value = {"/login"}, headers = {"Accept=text/html, */*"})
    public String loginForHtml(Model model, Principal principal, HttpServletRequest httpServletRequest) {
        return login(model, principal, Arrays.asList("passcode"), false, httpServletRequest);
    }

    protected String getZonifiedEntityId() {
        return UaaUrlUtils.isUrl(this.entityID) ? UaaUrlUtils.addSubdomainToUrl(this.entityID) : UaaUrlUtils.getSubdomain() + this.entityID;
    }

    private String login(Model model, Principal principal, List<String> list, boolean z) {
        return login(model, principal, list, z, null);
    }

    private String login(Model model, Principal principal, List<String> list, boolean z, HttpServletRequest httpServletRequest) {
        List<String> allowedIdps = getAllowedIdps(httpServletRequest != null ? httpServletRequest.getSession(false) : null);
        List<IdentityProviderDefinition> identityProviderDefinitions = getIdentityProviderDefinitions(allowedIdps);
        if (allowedIdps == null || allowedIdps.contains(Origin.LDAP) || allowedIdps.contains(Origin.UAA) || allowedIdps.contains(Origin.KEYSTONE)) {
            model.addAttribute("fieldUsernameShow", true);
        } else {
            if (identityProviderDefinitions != null && identityProviderDefinitions.size() == 1) {
                UriComponentsBuilder fromPath = UriComponentsBuilder.fromPath("saml/discovery");
                fromPath.queryParam(SAMLDiscovery.RETURN_ID_PARAM, SAMLEntryPoint.IDP_PARAMETER);
                fromPath.queryParam("entityID", getZonifiedEntityId());
                fromPath.queryParam(SAMLEntryPoint.IDP_PARAMETER, identityProviderDefinitions.get(0).getIdpEntityAlias());
                fromPath.queryParam(SAMLDiscovery.PASSIVE_PARAM, "true");
                return "redirect:" + fromPath.build().toUriString();
            }
            model.addAttribute("fieldUsernameShow", false);
        }
        populatePrompts(model, list, z);
        setCommitInfo(model);
        model.addAttribute("zone_name", IdentityZoneHolder.get().getName());
        model.addAttribute("links", getLinksInfo());
        model.addAttribute("entityID", getZonifiedEntityId());
        model.addAttribute("idpDefinitions", identityProviderDefinitions);
        Iterator<IdentityProviderDefinition> it = identityProviderDefinitions.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().isShowSamlLink()) {
                model.addAttribute("showSamlLoginLinks", true);
                break;
            }
        }
        if (principal != null) {
            return "home";
        }
        if (!(!"false".equalsIgnoreCase(this.environment.getProperty("login.selfServiceLinksEnabled"))) || z) {
            return "login";
        }
        String property = this.environment.getProperty("links.signup");
        String property2 = this.environment.getProperty("links.passwd");
        if (StringUtils.hasText(property)) {
            model.addAttribute("createAccountLink", property);
        } else {
            model.addAttribute("createAccountLink", "/create_account");
        }
        if (StringUtils.hasText(property2)) {
            model.addAttribute("forgotPasswordLink", property2);
            return "login";
        }
        model.addAttribute("forgotPasswordLink", "/forgot_password");
        return "login";
    }

    protected List<IdentityProviderDefinition> getIdentityProviderDefinitions(List<String> list) {
        return this.idpDefinitions.getIdentityProviderDefinitions(list, IdentityZoneHolder.get());
    }

    protected boolean hasSavedOauthAuthorizeRequest(HttpSession httpSession) {
        if (httpSession == null || httpSession.getAttribute("SPRING_SECURITY_SAVED_REQUEST") == null) {
            return false;
        }
        SavedRequest savedRequest = (SavedRequest) httpSession.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
        String redirectUrl = savedRequest.getRedirectUrl();
        String[] parameterValues = savedRequest.getParameterValues("client_id");
        return (redirectUrl == null || !redirectUrl.contains("/oauth/authorize") || parameterValues == null || parameterValues.length == 0) ? false : true;
    }

    public List<String> getAllowedIdps(HttpSession httpSession) {
        if (!hasSavedOauthAuthorizeRequest(httpSession)) {
            return null;
        }
        return (List) this.clientDetailsService.loadClientByClientId(((SavedRequest) httpSession.getAttribute("SPRING_SECURITY_SAVED_REQUEST")).getParameterValues("client_id")[0]).getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS);
    }

    private void setCommitInfo(Model model) {
        model.addAttribute("commit_id", this.gitProperties.getProperty("git.commit.id.abbrev", Tokens.T_UNKNOWN));
        model.addAttribute("timestamp", this.gitProperties.getProperty("git.commit.time", new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").format(new Date())));
        model.addAttribute("app", UaaStringUtils.getMapFromProperties(this.buildProperties, "build."));
    }

    public void populatePrompts(Model model, List<String> list, boolean z) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        LinkedList linkedList = new LinkedList();
        for (Prompt prompt : this.prompts) {
            if (!list.contains(prompt.getName())) {
                if (z) {
                    LinkedHashMap linkedHashMap2 = new LinkedHashMap();
                    linkedHashMap2.put("name", prompt.getName());
                    linkedHashMap2.put("type", prompt.getDetails()[0]);
                    linkedHashMap2.put("text", prompt.getDetails()[1]);
                    linkedList.add(linkedHashMap2);
                } else {
                    linkedHashMap.put(prompt.getName(), prompt.getDetails());
                }
            }
        }
        if (z) {
            model.addAttribute("prompts", linkedList);
        } else {
            model.addAttribute("prompts", linkedHashMap);
        }
    }

    @RequestMapping(value = {"/autologin"}, method = {RequestMethod.POST})
    @ResponseBody
    public AutologinResponse generateAutologinCode(@RequestBody AutologinRequest autologinRequest, @RequestHeader(value = "Authorization", required = false) String str) throws Exception {
        UaaPrincipal uaaPrincipal;
        if (str == null || !str.startsWith("Basic")) {
            throw new BadCredentialsException("No basic authorization client information in request");
        }
        String username = autologinRequest.getUsername();
        if (username == null) {
            throw new BadCredentialsException("No username in request");
        }
        Authentication authentication = null;
        if (this.authenticationManager != null) {
            String password = autologinRequest.getPassword();
            if (!StringUtils.hasText(password)) {
                throw new BadCredentialsException("No password in request");
            }
            authentication = this.authenticationManager.authenticate(new AuthzAuthenticationRequest(username, password, null));
        }
        String trim = str.substring("Basic".length()).trim();
        new Base64();
        String[] split = new String(Base64.decode(trim.getBytes()), Charset.forName("UTF-8")).split(":", 2);
        if (split == null || split.length == 0) {
            throw new BadCredentialsException("Invalid authorization header.");
        }
        String str2 = split[0];
        SocialClientUserDetails socialClientUserDetails = new SocialClientUserDetails(username, UaaAuthority.USER_AUTHORITIES);
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", str2);
        socialClientUserDetails.setDetails(hashMap);
        if (authentication != null && (authentication.getPrincipal() instanceof UaaPrincipal) && (uaaPrincipal = (UaaPrincipal) authentication.getPrincipal()) != null) {
            hashMap.put(Origin.ORIGIN, uaaPrincipal.getOrigin());
            hashMap.put(Claims.USER_ID, uaaPrincipal.getId());
        }
        return new AutologinResponse(doGenerateCode(socialClientUserDetails).getCode());
    }

    @RequestMapping(value = {"/passcode"}, method = {RequestMethod.GET})
    public String generatePasscode(Map<String, Object> map, Principal principal) throws NoSuchAlgorithmException, IOException {
        String name;
        String origin;
        String id;
        if (principal instanceof UaaPrincipal) {
            UaaPrincipal uaaPrincipal = (UaaPrincipal) principal;
            name = uaaPrincipal.getName();
            origin = uaaPrincipal.getOrigin();
            id = uaaPrincipal.getId();
        } else if (principal instanceof UaaAuthentication) {
            UaaPrincipal principal2 = ((UaaAuthentication) principal).getPrincipal();
            name = principal2.getName();
            origin = principal2.getOrigin();
            id = principal2.getId();
        } else if (principal instanceof LoginSamlAuthenticationToken) {
            name = principal.getName();
            origin = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getOrigin();
            id = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getId();
        } else {
            if (!(principal instanceof Authentication) || !(((Authentication) principal).getPrincipal() instanceof UaaPrincipal)) {
                throw new UnknownPrincipalException();
            }
            UaaPrincipal uaaPrincipal2 = (UaaPrincipal) ((Authentication) principal).getPrincipal();
            name = uaaPrincipal2.getName();
            origin = uaaPrincipal2.getOrigin();
            id = uaaPrincipal2.getId();
        }
        map.put("passcode", doGenerateCode(new PasscodeInformation(id, name, (String) null, origin, (Map<String, Object>) null)).getCode());
        return "passcode";
    }

    protected ExpiringCode doGenerateCode(Object obj) throws IOException {
        return this.expiringCodeStore.generateCode(new ObjectMapper().writeValueAsString(obj), new Timestamp(System.currentTimeMillis() + getCodeExpirationMillis()));
    }

    protected Map<String, ?> getLinksInfo() {
        HashMap hashMap = new HashMap();
        hashMap.put(Origin.UAA, getUaaBaseUrl());
        hashMap.put("login", getUaaBaseUrl().replaceAll(Origin.UAA, "login"));
        hashMap.putAll(getLinks());
        return hashMap;
    }

    public void setUaaBaseUrl(String str) {
        this.baseUrl = str;
        try {
            URI uri = new URI(str);
            setUaaHost(uri.getHost());
            if (uri.getPort() != 443 && uri.getPort() != 80 && uri.getPort() > 0) {
                setUaaHost(getUaaHost() + ":" + uri.getPort());
            }
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Could not extract host from URI: " + str);
        }
    }

    public Map<String, String> getLinks() {
        return this.links;
    }

    public void setLinks(Map<String, String> map) {
        this.links = map;
    }

    public String getBaseUrl() {
        return this.baseUrl;
    }

    public void setBaseUrl(String str) {
        this.baseUrl = str;
    }

    protected String getUaaBaseUrl() {
        return this.baseUrl;
    }

    public String getUaaHost() {
        return this.uaaHost;
    }

    public void setUaaHost(String str) {
        this.uaaHost = str;
    }

    protected String extractPath(HttpServletRequest httpServletRequest) {
        String str;
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            str = "";
        } else {
            try {
                str = LocationInfo.NA + URLDecoder.decode(queryString, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("Cannot decode query string: " + queryString);
            }
        }
        String substring = (httpServletRequest.getRequestURI() + str).substring(httpServletRequest.getContextPath().length());
        if (substring.startsWith("/")) {
            substring = substring.substring(1);
        }
        return substring;
    }

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }
}
