package com.appiancorp.security.auth.oidc.test;

import com.appiancorp.security.auth.oidc.OidcAuthenticationException;
import com.appiancorp.security.auth.oidc.OidcCommon;
import com.appiancorp.security.auth.oidc.OidcEncryptionService;
import com.appiancorp.security.auth.oidc.OidcSettingsSelector;
import com.appiancorp.security.auth.oidc.OidcSpringSecurityContextHelper;
import com.appiancorp.security.auth.oidc.persistence.entities.OidcSettings;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;

/* loaded from: input_file:com/appiancorp/security/auth/oidc/test/OidcTestStateManagerImpl.class */
public class OidcTestStateManagerImpl implements OidcTestStateManager {
    private static final Logger LOG = LoggerFactory.getLogger(OidcTestStateManagerImpl.class);
    public static final String OIDC_TEST_DATA = "oidcTestData";
    public static final String USE_OIDC_TEST_DATA = "useOidcTestData";
    private final OidcThreadLocalRequest oidcThreadLocalRequest;
    private final OidcEncryptionService oidcEncryptionService;
    private final OidcSpringSecurityContextHelper springSecurityContextHelper;
    private final OidcSettingsSelector oidcSettingsSelector;

    public OidcTestStateManagerImpl(OidcThreadLocalRequest oidcThreadLocalRequest, OidcEncryptionService oidcEncryptionService, OidcSpringSecurityContextHelper oidcSpringSecurityContextHelper, OidcSettingsSelector oidcSettingsSelector) {
        this.oidcThreadLocalRequest = oidcThreadLocalRequest;
        this.oidcEncryptionService = oidcEncryptionService;
        this.springSecurityContextHelper = oidcSpringSecurityContextHelper;
        this.oidcSettingsSelector = oidcSettingsSelector;
    }

    public void setOidcTestData(OidcTestData oidcTestData) {
        this.oidcThreadLocalRequest.get().getSession().setAttribute(OIDC_TEST_DATA, oidcTestData);
    }

    public OidcTestData getOidcTestData(HttpServletRequest httpServletRequest) {
        OidcTestData oidcTestData = (OidcTestData) httpServletRequest.getSession().getAttribute(OIDC_TEST_DATA);
        if (oidcTestData == null) {
            throw new IllegalStateException("No test OIDC settings saved");
        }
        return oidcTestData;
    }

    public OidcSettings getOidcSettings() {
        List asList = Arrays.asList(getOidcTestData(this.oidcThreadLocalRequest.get()).getOidcSettings());
        String currentUsername = this.springSecurityContextHelper.getCurrentUsername();
        Optional selectSettingsForUser = this.oidcSettingsSelector.selectSettingsForUser(asList, currentUsername);
        if (selectSettingsForUser.isPresent()) {
            return (OidcSettings) selectSettingsForUser.get();
        }
        throw new IllegalStateException("No OIDC settings exist for " + currentUsername);
    }

    public ClientRegistration getTestClientRegistration() {
        OidcTestData oidcTestData = getOidcTestData(this.oidcThreadLocalRequest.get());
        OidcSettings oidcSettings = oidcTestData.getOidcSettings();
        try {
            if (!oidcSettings.isDynamic()) {
                return createCoreClientRegistration(oidcTestData.getRegistrationId(), oidcSettings);
            }
            ClientRegistration createDynamicClientRegistration = createDynamicClientRegistration(oidcTestData.getRegistrationId(), oidcSettings);
            verifyIfNotHttps(createDynamicClientRegistration);
            return createDynamicClientRegistration;
        } catch (Exception e) {
            throw new OAuth2AuthenticationException(new OAuth2Error("Issue building ClientRegistration"), e);
        }
    }

    public void startUsingTestData() {
        HttpServletRequest httpServletRequest = this.oidcThreadLocalRequest.get();
        if (isTestModeUnavailable()) {
            throw new IllegalStateException("OIDC Test mode is not currently available. TestData: " + getOidcTestData(httpServletRequest));
        }
        httpServletRequest.getSession().setAttribute(USE_OIDC_TEST_DATA, true);
    }

    public void stopUsingTestData() {
        this.oidcThreadLocalRequest.get().getSession().setAttribute(USE_OIDC_TEST_DATA, false);
    }

    public boolean shouldUseTestData() {
        HttpServletRequest httpServletRequest = this.oidcThreadLocalRequest.get();
        return httpServletRequest != null && Boolean.TRUE.equals(httpServletRequest.getSession().getAttribute(USE_OIDC_TEST_DATA));
    }

    public void markTestCompletedWithSuccess(boolean z) {
        OidcTestData oidcTestData = getOidcTestData(this.oidcThreadLocalRequest.get());
        if (oidcTestData == null) {
            throw new IllegalStateException("Cannot mark OIDC test completed when test data is not set");
        }
        if (oidcTestData.isCompleted()) {
            throw new IllegalStateException("Cannot mark OIDC test completed when test is already completed");
        }
        setOidcTestData(new OidcTestData(oidcTestData.getOidcSettings(), z, true));
    }

    public boolean isLastTestSuccessful() {
        OidcTestData oidcTestData = getOidcTestData(this.oidcThreadLocalRequest.get());
        return oidcTestData != null && oidcTestData.isSuccess();
    }

    public boolean isTestModeUnavailable() {
        OidcTestData oidcTestData = getOidcTestData(this.oidcThreadLocalRequest.get());
        return oidcTestData == null || oidcTestData.isCompleted();
    }

    private ClientRegistration createDynamicClientRegistration(String str, OidcSettings oidcSettings) {
        return ClientRegistrations.fromOidcIssuerLocation(oidcSettings.getIssuerUri()).clientId(oidcSettings.getClientId()).clientSecret(this.oidcEncryptionService.decryptFromString(oidcSettings.getClientSecret())).registrationId(str).redirectUri("{baseUrl}/oidc/callback").scope(OidcCommon.parseScopes(oidcSettings.getScopes())).build();
    }

    private ClientRegistration createCoreClientRegistration(String str, OidcSettings oidcSettings) {
        return ClientRegistration.withRegistrationId(str).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientId(oidcSettings.getClientId()).clientSecret(this.oidcEncryptionService.decryptFromString(oidcSettings.getClientSecret())).scope(OidcCommon.parseScopes(oidcSettings.getScopes())).redirectUri("{baseUrl}/oidc/callback").issuerUri(oidcSettings.getIssuerUri()).authorizationUri(oidcSettings.getAuthorizationEndpoint()).tokenUri(oidcSettings.getTokenEndpoint()).jwkSetUri(oidcSettings.getJwksUri()).userInfoUri(oidcSettings.getUserInfoEndpoint()).userNameAttributeName("sub").build();
    }

    private void verifyIfNotHttps(ClientRegistration clientRegistration) throws OidcAuthenticationException {
        checkIfHttp(clientRegistration.getProviderDetails().getIssuerUri(), "IssuerURI");
        checkIfHttp(clientRegistration.getProviderDetails().getAuthorizationUri(), "AuthorizationURI");
        checkIfHttp(clientRegistration.getProviderDetails().getTokenUri(), "TokenURI");
        checkIfHttp(clientRegistration.getProviderDetails().getJwkSetUri(), "JWKSetURI");
        if (clientRegistration.getProviderDetails().getUserInfoEndpoint() == null || clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri() == null) {
            return;
        }
        checkIfHttp(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri(), "UserInfoEndpointURI");
    }

    private void checkIfHttp(String str, String str2) throws OidcAuthenticationException {
        if (str == null || !str.toLowerCase().startsWith("https://")) {
            LOG.error("{} is either null or not HTTPS given: {}", str2, str);
            throw new OidcAuthenticationException(String.format("%s is not HTTPS or null: %s", str2, str));
        }
    }
}
