package org.cloudfoundry.identity.uaa.login;

import java.awt.Color;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.spi.LocationInfo;
import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.oauth.UaaTokenStore;
import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants;
import org.cloudfoundry.identity.uaa.provider.AbstractIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.oauth.XOAuthProviderConfigurator;
import org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken;
import org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator;
import org.cloudfoundry.identity.uaa.provider.saml.SamlRedirectUtils;
import org.cloudfoundry.identity.uaa.util.ColorHash;
import org.cloudfoundry.identity.uaa.util.DomainFilter;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.util.MapCollector;
import org.cloudfoundry.identity.uaa.util.UaaStringUtils;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.web.UaaSavedRequestAwareAuthenticationSuccessHandler;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.hsqldb.Tokens;
import org.springframework.core.io.support.PropertiesLoaderUtils;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.12.0.jar:org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.class */
public class LoginInfoEndpoint {
    public static final String NotANumber = "NaN";
    public static final String PASSCODE = "passcode";
    public static final String SHOW_LOGIN_LINKS = "showLoginLinks";
    public static final String LINKS = "links";
    public static final String ZONE_NAME = "zone_name";
    public static final String ENTITY_ID = "entityID";
    public static final String IDP_DEFINITIONS = "idpDefinitions";
    public static final String OAUTH_LINKS = "oauthLinks";
    private Properties gitProperties;
    private Properties buildProperties;
    private String baseUrl;
    private String externalLoginUrl;
    private String samlSPBaseUrl;
    private String uaaHost;
    private SamlIdentityProviderConfigurator idpDefinitions;
    private AuthenticationManager authenticationManager;
    private ExpiringCodeStore expiringCodeStore;
    private ClientDetailsService clientDetailsService;
    private IdentityProviderProvisioning providerProvisioning;
    private XOAuthProviderConfigurator xoAuthProviderConfigurator;
    public static final String CREATE_ACCOUNT_LINK = "createAccountLink";
    public static final String FORGOT_PASSWORD_LINK = "forgotPasswordLink";
    public static final String LINK_CREATE_ACCOUNT_SHOW = "linkCreateAccountShow";
    public static final String FIELD_USERNAME_SHOW = "fieldUsernameShow";
    public static final List<String> UI_ONLY_ATTRIBUTES = Collections.unmodifiableList(Arrays.asList(CREATE_ACCOUNT_LINK, FORGOT_PASSWORD_LINK, LINK_CREATE_ACCOUNT_SHOW, FIELD_USERNAME_SHOW));
    private static final Pattern urlPattern = Pattern.compile("((https?|ftp|gopher|telnet|file):((//)|(\\\\))+[\\w\\d:#@%/;$()~_?\\+-=\\\\\\.&]*)", 2);
    private long codeExpirationMillis = UaaTokenStore.EXPIRATION_TIME;
    private MapCollector<IdentityProvider, String, AbstractXOAuthIdentityProviderDefinition> idpsMapCollector = new MapCollector<>(identityProvider -> {
        return identityProvider.getOriginKey();
    }, identityProvider2 -> {
        return (AbstractXOAuthIdentityProviderDefinition) identityProvider2.getConfig();
    });
    private String entityID = "";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.12.0.jar:org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint$SavedAccountOptionModel.class */
    public static class SavedAccountOptionModel extends SavedAccountOption {
        public int red;
        public int green;
        public int blue;

        SavedAccountOptionModel() {
        }

        public void assignColors(Color color) {
            this.red = color.getRed();
            this.blue = color.getBlue();
            this.green = color.getGreen();
        }
    }

    @ResponseStatus(value = HttpStatus.FORBIDDEN, reason = "Unknown authentication token type, unable to derive user ID.")
    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.12.0.jar:org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint$UnknownPrincipalException.class */
    public static final class UnknownPrincipalException extends RuntimeException {
    }

    public LoginInfoEndpoint setXoAuthProviderConfigurator(XOAuthProviderConfigurator xOAuthProviderConfigurator) {
        this.xoAuthProviderConfigurator = xOAuthProviderConfigurator;
        return this;
    }

    public void setExpiringCodeStore(ExpiringCodeStore expiringCodeStore) {
        this.expiringCodeStore = expiringCodeStore;
    }

    public long getCodeExpirationMillis() {
        return this.codeExpirationMillis;
    }

    public void setCodeExpirationMillis(long j) {
        this.codeExpirationMillis = j;
    }

    public void setIdpDefinitions(SamlIdentityProviderConfigurator samlIdentityProviderConfigurator) {
        this.idpDefinitions = samlIdentityProviderConfigurator;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setEntityID(String str) {
        this.entityID = str;
    }

    public LoginInfoEndpoint() {
        this.gitProperties = new Properties();
        this.buildProperties = new Properties();
        try {
            this.gitProperties = PropertiesLoaderUtils.loadAllProperties("git.properties");
        } catch (IOException e) {
        }
        try {
            this.buildProperties = PropertiesLoaderUtils.loadAllProperties("build.properties");
        } catch (IOException e2) {
        }
    }

    @RequestMapping(value = {DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL}, headers = {"Accept=application/json"})
    public String loginForJson(Model model, Principal principal, HttpServletRequest httpServletRequest) {
        return login(model, principal, Collections.emptyList(), true, httpServletRequest);
    }

    @RequestMapping(value = {"/info"}, headers = {"Accept=application/json"})
    public String infoForJson(Model model, Principal principal, HttpServletRequest httpServletRequest) {
        return login(model, principal, Collections.emptyList(), true, httpServletRequest);
    }

    @RequestMapping(value = {"/info"}, headers = {"Accept=text/html, */*"})
    public String infoForHtml(Model model, Principal principal, HttpServletRequest httpServletRequest) {
        return login(model, principal, Arrays.asList(PASSCODE), false, httpServletRequest);
    }

    @RequestMapping(value = {DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL}, headers = {"Accept=text/html, */*"})
    public String loginForHtml(Model model, Principal principal, HttpServletRequest httpServletRequest) {
        List savedAccounts = getSavedAccounts(httpServletRequest.getCookies(), SavedAccountOptionModel.class);
        savedAccounts.forEach(savedAccountOptionModel -> {
            savedAccountOptionModel.assignColors(ColorHash.getColor(savedAccountOptionModel.getUserId()));
        });
        model.addAttribute("savedAccounts", savedAccounts);
        return login(model, principal, Arrays.asList(PASSCODE), false, httpServletRequest);
    }

    private static <T extends SavedAccountOption> List<T> getSavedAccounts(Cookie[] cookieArr, Class<T> cls) {
        return (List) Arrays.asList((Object[]) Optional.ofNullable(cookieArr).orElse(new Cookie[0])).stream().filter(cookie -> {
            return cookie.getName().startsWith("Saved-Account");
        }).map(cookie2 -> {
            return (SavedAccountOption) JsonUtils.readValue(cookie2.getValue(), cls);
        }).collect(Collectors.toList());
    }

    @RequestMapping({"/invalid_request"})
    public String invalidRequest(HttpServletRequest httpServletRequest) {
        return OAuth2Exception.INVALID_REQUEST;
    }

    protected String getZonifiedEntityId() {
        return SamlRedirectUtils.getZonifiedEntityId(this.entityID);
    }

    private String login(Model model, Principal principal, List<String> list, boolean z, HttpServletRequest httpServletRequest) {
        String redirectToExternalProvider;
        if ((principal instanceof UaaAuthentication) && ((UaaAuthentication) principal).isAuthenticated()) {
            return "redirect:/home";
        }
        HttpSession session = httpServletRequest != null ? httpServletRequest.getSession(false) : null;
        List<String> list2 = null;
        Object obj = null;
        Map<String, Object> clientInfo = getClientInfo(session);
        if (clientInfo != null) {
            list2 = (List) clientInfo.get(ClientConstants.ALLOWED_PROVIDERS);
            obj = (String) clientInfo.get("name");
        }
        Map<String, SamlIdentityProviderDefinition> samlIdentityProviderDefinitions = getSamlIdentityProviderDefinitions(list2);
        Map<String, AbstractXOAuthIdentityProviderDefinition> oauthIdentityProviderDefinitions = getOauthIdentityProviderDefinitions(list2);
        HashMap hashMap = new HashMap();
        hashMap.putAll(samlIdentityProviderDefinitions);
        hashMap.putAll(oauthIdentityProviderDefinitions);
        boolean z2 = true;
        boolean z3 = true;
        IdentityProvider identityProvider = null;
        try {
            identityProvider = this.providerProvisioning.retrieveByOrigin("ldap", IdentityZoneHolder.get().getId());
        } catch (EmptyResultDataAccessException e) {
        }
        if (!this.providerProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()).isActive() && (identityProvider == null || !identityProvider.isActive())) {
            z2 = false;
            z3 = false;
        }
        if (list2 != null && !list2.contains("ldap") && !list2.contains(OriginKeys.UAA) && !list2.contains(OriginKeys.KEYSTONE)) {
            z2 = false;
        }
        Map.Entry entry = null;
        Optional flatMap = Optional.ofNullable(session).flatMap(httpSession -> {
            return Optional.ofNullable((SavedRequest) httpSession.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE));
        }).flatMap(savedRequest -> {
            return Optional.ofNullable(savedRequest.getParameterValues("login_hint"));
        }).flatMap(strArr -> {
            return Arrays.asList(strArr).stream().findFirst();
        });
        if (flatMap.isPresent()) {
            String str = (String) flatMap.get();
            List list3 = (List) hashMap.entrySet().stream().filter(entry2 -> {
                return ((AbstractIdentityProviderDefinition) entry2.getValue()).getEmailDomain().contains(str);
            }).collect(Collectors.toList());
            if (list3.size() > 1) {
                throw new IllegalStateException("There is a misconfiguration with the identity provider(s). Please contact your system administrator.");
            }
            if (list3.size() == 1) {
                entry = (Map.Entry) list3.get(0);
            }
        }
        if (entry == null && !z && !z2 && hashMap.size() == 1) {
            entry = (Map.Entry) hashMap.entrySet().stream().findAny().get();
        }
        if (entry != null && (redirectToExternalProvider = redirectToExternalProvider((AbstractIdentityProviderDefinition) entry.getValue(), (String) entry.getKey(), httpServletRequest)) != null) {
            return redirectToExternalProvider;
        }
        boolean z4 = z2;
        if (z2 && list2 != null && !list2.contains(OriginKeys.UAA)) {
            z4 = false;
        }
        Object zonifiedEntityId = getZonifiedEntityId();
        Map<String, ?> linksInfo = getLinksInfo();
        if (z) {
            Iterator<String> it = UI_ONLY_ATTRIBUTES.iterator();
            while (it.hasNext()) {
                linksInfo.remove(it.next());
            }
            HashMap hashMap2 = new HashMap();
            if (samlIdentityProviderDefinitions != null) {
                for (SamlIdentityProviderDefinition samlIdentityProviderDefinition : samlIdentityProviderDefinitions.values()) {
                    hashMap2.put(samlIdentityProviderDefinition.getIdpEntityAlias(), linksInfo.get("login") + String.format("/saml/discovery?returnIDParam=idp&entityID=%s&idp=%s&isPassive=true", zonifiedEntityId, samlIdentityProviderDefinition.getIdpEntityAlias()));
                }
                model.addAttribute(IDP_DEFINITIONS, hashMap2);
            }
        } else {
            model.addAttribute(LINK_CREATE_ACCOUNT_SHOW, Boolean.valueOf(z4));
            model.addAttribute(FIELD_USERNAME_SHOW, Boolean.valueOf(z2));
            model.addAttribute(IDP_DEFINITIONS, samlIdentityProviderDefinitions.values());
            HashMap hashMap3 = new HashMap();
            ((Map) Optional.ofNullable(oauthIdentityProviderDefinitions).orElse(Collections.emptyMap())).entrySet().stream().filter(entry3 -> {
                return ((AbstractXOAuthIdentityProviderDefinition) entry3.getValue()).isShowLinkText();
            }).forEach(entry4 -> {
            });
            model.addAttribute(OAUTH_LINKS, hashMap3);
            model.addAttribute("clientName", obj);
        }
        model.addAttribute(LINKS, linksInfo);
        setCommitInfo(model);
        model.addAttribute(ZONE_NAME, IdentityZoneHolder.get().getName());
        model.addAttribute("entityID", zonifiedEntityId);
        boolean z5 = true;
        Iterator<SamlIdentityProviderDefinition> it2 = samlIdentityProviderDefinitions.values().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            if (it2.next().isShowSamlLink()) {
                model.addAttribute(SHOW_LOGIN_LINKS, true);
                z5 = false;
                break;
            }
        }
        Iterator<AbstractXOAuthIdentityProviderDefinition> it3 = oauthIdentityProviderDefinitions.values().iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            }
            if (it3.next().isShowLinkText()) {
                model.addAttribute(SHOW_LOGIN_LINKS, true);
                z5 = false;
                break;
            }
        }
        LinkedList linkedList = new LinkedList(list);
        if (z5) {
            linkedList.add(PASSCODE);
        }
        if (!z3) {
            linkedList.add("username");
            linkedList.add("password");
        }
        populatePrompts(model, linkedList, z);
        if (principal != null) {
            return "home";
        }
        if ((!IdentityZoneHolder.get().getConfig().isIdpDiscoveryEnabled() || !IdentityZoneHolder.get().getConfig().isAccountChooserEnabled() || httpServletRequest == null || Boolean.parseBoolean(httpServletRequest.getParameter("otherAccountSignIn")) || getSavedAccounts(httpServletRequest.getCookies(), SavedAccountOption.class).isEmpty()) ? false : true) {
            return "idp_discovery/account_chooser";
        }
        return IdentityZoneHolder.get().getConfig().isIdpDiscoveryEnabled() && (httpServletRequest == null || !Boolean.parseBoolean(httpServletRequest.getParameter("discoveryPerformed"))) ? "idp_discovery/email" : "login";
    }

    @RequestMapping({"/delete_saved_account"})
    public String deleteSavedAccount(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Cookie cookie = new Cookie("Saved-Account-" + str, "");
        cookie.setMaxAge(0);
        cookie.setPath(httpServletRequest.getContextPath() + DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
        httpServletResponse.addCookie(cookie);
        return "redirect:/login";
    }

    private String redirectToExternalProvider(AbstractIdentityProviderDefinition abstractIdentityProviderDefinition, String str, HttpServletRequest httpServletRequest) {
        if (abstractIdentityProviderDefinition == null) {
            return null;
        }
        if (abstractIdentityProviderDefinition instanceof SamlIdentityProviderDefinition) {
            return "redirect:/" + SamlRedirectUtils.getIdpRedirectUrl((SamlIdentityProviderDefinition) abstractIdentityProviderDefinition, this.entityID);
        }
        if (!(abstractIdentityProviderDefinition instanceof AbstractXOAuthIdentityProviderDefinition)) {
            return null;
        }
        try {
            return "redirect:" + getRedirectUrlForXOAuthIDP(httpServletRequest, str, (AbstractXOAuthIdentityProviderDefinition) abstractIdentityProviderDefinition);
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    private String getRedirectUrlForXOAuthIDP(HttpServletRequest httpServletRequest, String str, AbstractXOAuthIdentityProviderDefinition abstractXOAuthIdentityProviderDefinition) throws UnsupportedEncodingException {
        return this.xoAuthProviderConfigurator.getCompleteAuthorizationURI(str, UaaUrlUtils.getBaseURL(httpServletRequest), abstractXOAuthIdentityProviderDefinition);
    }

    protected Map<String, SamlIdentityProviderDefinition> getSamlIdentityProviderDefinitions(List<String> list) {
        return (Map) this.idpDefinitions.getIdentityProviderDefinitions(list, IdentityZoneHolder.get()).stream().collect(new MapCollector((v0) -> {
            return v0.getUniqueAlias();
        }, samlIdentityProviderDefinition -> {
            return samlIdentityProviderDefinition;
        }));
    }

    protected Map<String, AbstractXOAuthIdentityProviderDefinition> getOauthIdentityProviderDefinitions(List<String> list) {
        return (Map) this.xoAuthProviderConfigurator.retrieveAll(true, IdentityZoneHolder.get().getId()).stream().filter(identityProvider -> {
            return list == null || list.contains(identityProvider.getOriginKey());
        }).collect(this.idpsMapCollector);
    }

    protected boolean hasSavedOauthAuthorizeRequest(HttpSession httpSession) {
        if (httpSession == null || httpSession.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE) == null) {
            return false;
        }
        SavedRequest savedRequest = (SavedRequest) httpSession.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE);
        String redirectUrl = savedRequest.getRedirectUrl();
        String[] parameterValues = savedRequest.getParameterValues("client_id");
        return (redirectUrl == null || !redirectUrl.contains("/oauth/authorize") || parameterValues == null || parameterValues.length == 0) ? false : true;
    }

    public Map<String, Object> getClientInfo(HttpSession httpSession) {
        if (!hasSavedOauthAuthorizeRequest(httpSession)) {
            return null;
        }
        try {
            return this.clientDetailsService.loadClientByClientId(((SavedRequest) httpSession.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE)).getParameterValues("client_id")[0]).getAdditionalInformation();
        } catch (NoSuchClientException e) {
            return null;
        }
    }

    private void setCommitInfo(Model model) {
        model.addAttribute("commit_id", this.gitProperties.getProperty("git.commit.id.abbrev", Tokens.T_UNKNOWN));
        model.addAttribute("timestamp", this.gitProperties.getProperty("git.commit.time", new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").format(new Date())));
        model.addAttribute("app", UaaStringUtils.getMapFromProperties(this.buildProperties, "build."));
    }

    public void populatePrompts(Model model, List<String> list, boolean z) {
        IdentityZoneConfiguration config = IdentityZoneHolder.get().getConfig();
        if (Objects.isNull(config)) {
            config = new IdentityZoneConfiguration();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Prompt prompt : config.getPrompts()) {
            if (!list.contains(prompt.getName())) {
                String[] details = prompt.getDetails();
                if (PASSCODE.equals(prompt.getName()) && !IdentityZoneHolder.isUaa()) {
                    String extractUrlFromString = extractUrlFromString(prompt.getDetails()[1]);
                    if (StringUtils.hasText(extractUrlFromString)) {
                        String[] strArr = new String[details.length];
                        System.arraycopy(details, 0, strArr, 0, details.length);
                        strArr[1] = strArr[1].replace(extractUrlFromString, UaaUrlUtils.addSubdomainToUrl(extractUrlFromString));
                        details = strArr;
                    }
                }
                linkedHashMap.put(prompt.getName(), details);
            }
        }
        model.addAttribute("prompts", linkedHashMap);
    }

    public String extractUrlFromString(String str) {
        Matcher matcher = urlPattern.matcher(str);
        if (matcher.find()) {
            return str.substring(matcher.start(0), matcher.end(0));
        }
        return null;
    }

    @RequestMapping(value = {"/login/idp_discovery"}, method = {RequestMethod.POST})
    public String discoverIdentityProvider(@RequestParam String str, Model model, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        ClientDetails clientDetails = null;
        if (hasSavedOauthAuthorizeRequest(httpSession)) {
            try {
                clientDetails = this.clientDetailsService.loadClientByClientId(((SavedRequest) httpSession.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE)).getParameterValues("client_id")[0]);
            } catch (NoSuchClientException e) {
            }
        }
        List<IdentityProvider> filter = DomainFilter.filter(this.providerProvisioning.retrieveActive(IdentityZoneHolder.get().getId()), clientDetails, str);
        if (filter.size() != 1) {
            return "redirect:/login?discoveryPerformed=true";
        }
        IdentityProvider identityProvider = filter.get(0);
        if (identityProvider.getType().equals(OriginKeys.UAA)) {
            return goToPasswordPage(str, model);
        }
        String redirectToExternalProvider = redirectToExternalProvider(identityProvider.getConfig(), identityProvider.getOriginKey(), httpServletRequest);
        return redirectToExternalProvider != null ? redirectToExternalProvider : "redirect:/login?discoveryPerformed=true";
    }

    private String goToPasswordPage(String str, Model model) {
        model.addAttribute(ZONE_NAME, IdentityZoneHolder.get().getName());
        model.addAttribute("email", str);
        String str2 = getSelfServiceLinks().get(FORGOT_PASSWORD_LINK);
        if (str2 == null) {
            return "idp_discovery/password";
        }
        model.addAttribute(FORGOT_PASSWORD_LINK, str2);
        return "idp_discovery/password";
    }

    @RequestMapping(value = {"/autologin"}, method = {RequestMethod.POST})
    @ResponseBody
    public AutologinResponse generateAutologinCode(@RequestBody AutologinRequest autologinRequest, @RequestHeader(value = "Authorization", required = false) String str) throws Exception {
        UaaPrincipal uaaPrincipal;
        if (str == null || !str.startsWith("Basic")) {
            throw new BadCredentialsException("No basic authorization client information in request");
        }
        String username = autologinRequest.getUsername();
        if (username == null) {
            throw new BadCredentialsException("No username in request");
        }
        Authentication authentication = null;
        if (this.authenticationManager != null) {
            String password = autologinRequest.getPassword();
            if (!StringUtils.hasText(password)) {
                throw new BadCredentialsException("No password in request");
            }
            authentication = this.authenticationManager.authenticate(new AuthzAuthenticationRequest(username, password, null));
        }
        String trim = str.substring("Basic".length()).trim();
        new Base64();
        String[] split = new String(Base64.decode(trim.getBytes()), Charset.forName("UTF-8")).split(":", 2);
        if (split == null || split.length == 0) {
            throw new BadCredentialsException("Invalid authorization header.");
        }
        String str2 = split[0];
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", str2);
        hashMap.put("username", username);
        if (authentication != null && (authentication.getPrincipal() instanceof UaaPrincipal) && (uaaPrincipal = (UaaPrincipal) authentication.getPrincipal()) != null) {
            hashMap.put("user_id", uaaPrincipal.getId());
            hashMap.put("origin", uaaPrincipal.getOrigin());
        }
        return new AutologinResponse(this.expiringCodeStore.generateCode(JsonUtils.writeValueAsString(hashMap), new Timestamp(System.currentTimeMillis() + UaaTokenStore.EXPIRATION_TIME), ExpiringCodeType.AUTOLOGIN.name()).getCode());
    }

    @RequestMapping(value = {"/autologin"}, method = {RequestMethod.GET})
    public String performAutologin(HttpSession httpSession) {
        String str = "home";
        SavedRequest savedRequest = (SavedRequest) httpSession.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE);
        if (savedRequest != null && savedRequest.getRedirectUrl() != null) {
            str = savedRequest.getRedirectUrl();
        }
        return "redirect:" + str;
    }

    @RequestMapping(value = {"/login_implicit"}, method = {RequestMethod.GET})
    public String captureImplicitValuesUsingJavascript() {
        return "login_implicit";
    }

    @RequestMapping({"/login/callback/{origin}"})
    public String handleXOAuthCallback(HttpSession httpSession) {
        String str = "/home";
        SavedRequest savedRequest = (SavedRequest) httpSession.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE);
        if (savedRequest != null && savedRequest.getRedirectUrl() != null) {
            str = savedRequest.getRedirectUrl();
        }
        return "redirect:" + str;
    }

    @RequestMapping(value = {"/passcode"}, method = {RequestMethod.GET})
    public String generatePasscode(Map<String, Object> map, Principal principal) throws NoSuchAlgorithmException, IOException {
        String name;
        String origin;
        String id;
        if (principal instanceof UaaPrincipal) {
            UaaPrincipal uaaPrincipal = (UaaPrincipal) principal;
            name = uaaPrincipal.getName();
            origin = uaaPrincipal.getOrigin();
            id = uaaPrincipal.getId();
        } else if (principal instanceof UaaAuthentication) {
            UaaPrincipal principal2 = ((UaaAuthentication) principal).getPrincipal();
            name = principal2.getName();
            origin = principal2.getOrigin();
            id = principal2.getId();
        } else if (principal instanceof LoginSamlAuthenticationToken) {
            name = principal.getName();
            origin = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getOrigin();
            id = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getId();
        } else {
            if (!(principal instanceof Authentication) || !(((Authentication) principal).getPrincipal() instanceof UaaPrincipal)) {
                throw new UnknownPrincipalException();
            }
            UaaPrincipal uaaPrincipal2 = (UaaPrincipal) ((Authentication) principal).getPrincipal();
            name = uaaPrincipal2.getName();
            origin = uaaPrincipal2.getOrigin();
            id = uaaPrincipal2.getId();
        }
        PasscodeInformation passcodeInformation = new PasscodeInformation(id, name, (String) null, origin, (Map<String, Object>) null);
        String str = ExpiringCodeType.PASSCODE + " " + passcodeInformation.getUserId();
        this.expiringCodeStore.expireByIntent(str);
        map.put(PASSCODE, this.expiringCodeStore.generateCode(JsonUtils.writeValueAsString(passcodeInformation), new Timestamp(System.currentTimeMillis() + getCodeExpirationMillis()), str).getCode());
        return PASSCODE;
    }

    protected Map<String, ?> getLinksInfo() {
        HashMap hashMap = new HashMap();
        hashMap.put(OriginKeys.UAA, UaaUrlUtils.addSubdomainToUrl(getUaaBaseUrl()));
        if (getBaseUrl().contains("localhost:")) {
            hashMap.put("login", UaaUrlUtils.addSubdomainToUrl(getUaaBaseUrl()));
        } else if (StringUtils.hasText(getExternalLoginUrl())) {
            hashMap.put("login", getExternalLoginUrl());
        } else {
            hashMap.put("login", UaaUrlUtils.addSubdomainToUrl(getUaaBaseUrl().replaceAll(OriginKeys.UAA, "login")));
        }
        hashMap.putAll(getSelfServiceLinks());
        return hashMap;
    }

    private Map<String, String> getSelfServiceLinks() {
        HashMap hashMap = new HashMap();
        IdentityZone identityZone = IdentityZoneHolder.get();
        IdentityProvider retrieveByOrigin = this.providerProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId());
        boolean isDisableInternalUserManagement = retrieveByOrigin.getConfig() != null ? ((UaaIdentityProviderDefinition) retrieveByOrigin.getConfig()).isDisableInternalUserManagement() : false;
        boolean isSelfServiceLinksEnabled = identityZone.getConfig() != null ? identityZone.getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled() : true;
        String signup = identityZone.getConfig() != null ? identityZone.getConfig().getLinks().getSelfService().getSignup() : "/create_account";
        String passwd = identityZone.getConfig() != null ? identityZone.getConfig().getLinks().getSelfService().getPasswd() : "/forgot_password";
        if (isSelfServiceLinksEnabled && !isDisableInternalUserManagement) {
            if (StringUtils.hasText(signup)) {
                hashMap.put(CREATE_ACCOUNT_LINK, signup);
                hashMap.put("register", signup);
            }
            if (StringUtils.hasText(passwd)) {
                hashMap.put(FORGOT_PASSWORD_LINK, passwd);
                hashMap.put("passwd", passwd);
            }
        }
        return hashMap;
    }

    public void setUaaBaseUrl(String str) {
        this.baseUrl = str;
        try {
            URI uri = new URI(str);
            setUaaHost(uri.getHost());
            if (uri.getPort() != 443 && uri.getPort() != 80 && uri.getPort() > 0) {
                setUaaHost(getUaaHost() + ":" + uri.getPort());
            }
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Could not extract host from URI: " + str);
        }
    }

    public String getBaseUrl() {
        return this.baseUrl;
    }

    public void setBaseUrl(String str) {
        this.baseUrl = str;
    }

    protected String getUaaBaseUrl() {
        return this.baseUrl;
    }

    public String getUaaHost() {
        return this.uaaHost;
    }

    public void setUaaHost(String str) {
        this.uaaHost = str;
    }

    public void setExternalLoginUrl(String str) {
        this.externalLoginUrl = str;
    }

    public String getExternalLoginUrl() {
        return this.externalLoginUrl;
    }

    public String getSamlSPBaseUrl() {
        return this.samlSPBaseUrl;
    }

    public void setSamlSPBaseUrl(String str) {
        this.samlSPBaseUrl = str;
    }

    protected String extractPath(HttpServletRequest httpServletRequest) {
        String str;
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            str = "";
        } else {
            try {
                str = LocationInfo.NA + URLDecoder.decode(queryString, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("Cannot decode query string: " + queryString);
            }
        }
        String substring = (httpServletRequest.getRequestURI() + str).substring(httpServletRequest.getContextPath().length());
        if (substring.startsWith("/")) {
            substring = substring.substring(1);
        }
        return substring;
    }

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public IdentityProviderProvisioning getProviderProvisioning() {
        return this.providerProvisioning;
    }

    public void setProviderProvisioning(IdentityProviderProvisioning identityProviderProvisioning) {
        this.providerProvisioning = identityProviderProvisioning;
    }
}
