package org.ovirt.engine.core.sso.utils;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.codehaus.jackson.map.DeserializationConfig;
import org.codehaus.jackson.map.ObjectMapper;
import org.ovirt.engine.api.extensions.Base;
import org.ovirt.engine.api.extensions.ExtMap;
import org.ovirt.engine.api.extensions.aaa.Authn;
import org.ovirt.engine.api.extensions.aaa.Authz;
import org.ovirt.engine.api.extensions.aaa.Mapping;
import org.ovirt.engine.core.extensions.mgr.ExtensionProxy;
import org.ovirt.engine.core.sso.search.AuthzUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/utils/AuthenticationUtils.class */
public class AuthenticationUtils {
    private static Logger log = LoggerFactory.getLogger(AuthenticationUtils.class);

    /* loaded from: input_file:org/ovirt/engine/core/sso/utils/AuthenticationUtils$ExtensionProfile.class */
    public static class ExtensionProfile {
        private ExtensionProxy authn;
        private ExtensionProxy authz;
        private ExtensionProxy mapper;

        public ExtensionProxy getAuthn() {
            return this.authn;
        }

        public ExtensionProxy getAuthz() {
            return this.authz;
        }

        public ExtensionProxy getMapper() {
            return this.mapper;
        }
    }

    public static void loginOnBehalf(SsoContext ssoContext, HttpServletRequest httpServletRequest, String str) throws Exception {
        log.debug("Entered AuthenticationUtils.loginOnBehalf");
        int lastIndexOf = str.lastIndexOf("@");
        String str2 = null;
        if (lastIndexOf != -1) {
            str2 = str.substring(lastIndexOf + 1);
            str = str.substring(0, lastIndexOf);
        }
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_PROVIDE_USERNAME_AND_PROFILE, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
        }
        ObjectMapper enableDefaultTyping = new ObjectMapper().configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, false).enableDefaultTyping(ObjectMapper.DefaultTyping.OBJECT_AND_NON_CONCRETE);
        enableDefaultTyping.getDeserializationConfig().addMixInAnnotations(ExtMap.class, JsonExtMapMixIn.class);
        String requestParameter = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_AUTH_RECORD, "");
        SsoSession login = login(ssoContext, httpServletRequest, new Credentials(str, null, str2, SsoUtils.getSsoContext(httpServletRequest).getSsoProfiles().contains(str2)), StringUtils.isNotEmpty(requestParameter) ? (ExtMap) enableDefaultTyping.readValue(requestParameter, ExtMap.class) : new ExtMap().mput(Authn.AuthRecord.PRINCIPAL, str), false);
        log.info("User {}@{} successfully logged in using login-on-behalf with client id : {} and scopes : {}", new Object[]{str, str2, login.getClientId(), login.getScope()});
    }

    public static void handleCredentials(SsoContext ssoContext, HttpServletRequest httpServletRequest, Credentials credentials) throws Exception {
        handleCredentials(ssoContext, httpServletRequest, credentials, true);
    }

    public static void handleCredentials(SsoContext ssoContext, HttpServletRequest httpServletRequest, Credentials credentials, boolean z) throws Exception {
        log.debug("Entered AuthenticationUtils.handleCredentials");
        if (StringUtils.isEmpty(credentials.getUsername()) || StringUtils.isEmpty(credentials.getProfile())) {
            throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_PROVIDE_USERNAME_PASSWORD_AND_PROFILE, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
        }
        log.info("User {} successfully logged in with scopes: {}", credentials.getUsernameWithProfile(), login(ssoContext, httpServletRequest, credentials, null, z).getScope());
    }

    private static SsoSession login(SsoContext ssoContext, HttpServletRequest httpServletRequest, Credentials credentials, ExtMap extMap, boolean z) throws Exception {
        ExtensionProfile extensionProfile = getExtensionProfile(ssoContext, credentials.getProfile());
        String mapUser = mapUser(extensionProfile, credentials);
        if (extMap == null) {
            log.debug("AuthenticationUtils.handleCredentials invoking AUTHENTICATE_CREDENTIALS on authn");
            ExtMap invoke = extensionProfile.authn.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS).mput(Authn.InvokeKeys.USER, mapUser).mput(Authn.InvokeKeys.CREDENTIALS, credentials.getPassword()));
            if (((Integer) invoke.get(Base.InvokeKeys.RESULT)).intValue() != 0 || ((Integer) invoke.get(Authn.InvokeKeys.RESULT)).intValue() != 0) {
                if (z) {
                    SsoUtils.getSsoSession(httpServletRequest).setChangePasswdCredentials(credentials);
                }
                log.debug("AuthenticationUtils.handleCredentials AUTHENTICATE_CREDENTIALS on authn failed");
                String mapMessageErrorCode = AuthnMessageMapper.mapMessageErrorCode(ssoContext, httpServletRequest, credentials.getProfile(), invoke);
                SsoSession ssoSession = SsoUtils.getSsoSession(httpServletRequest, false);
                String sourceAddr = ssoSession == null ? null : ssoSession.getSourceAddr();
                SsoUtils.notifyClientOfAuditLogEvent(ssoContext, sourceAddr == null ? httpServletRequest.getRemoteAddr() : sourceAddr, ssoContext.getSsoLocalConfig().getProperty("ENGINE_SSO_CLIENT_ID"), (String) Optional.ofNullable(credentials).map((v0) -> {
                    return v0.getUsernameWithProfile();
                }).orElse("N/A"), ssoContext.getLocalizationUtils().localize(mapMessageErrorCode, Locale.ENGLISH));
                throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(mapMessageErrorCode, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
            }
            log.debug("AuthenticationUtils.handleCredentials AUTHENTICATE_CREDENTIALS on authn succeeded");
            extMap = (ExtMap) invoke.get(Authn.InvokeKeys.AUTH_RECORD);
        }
        if (extensionProfile.mapper != null) {
            log.debug("AuthenticationUtils.handleCredentials invoking MAP_AUTH_RECORD on mapper");
            extMap = (ExtMap) extensionProfile.mapper.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Mapping.InvokeCommands.MAP_AUTH_RECORD).mput(Authn.InvokeKeys.AUTH_RECORD, extMap), true).get(Authn.InvokeKeys.AUTH_RECORD, extMap);
        }
        log.debug("AuthenticationUtils.handleCredentials invoking FETCH_PRINCIPAL_RECORD on authz");
        ExtMap invoke2 = extensionProfile.authz.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD).mput(Authn.InvokeKeys.AUTH_RECORD, extMap).mput(Authz.InvokeKeys.QUERY_FLAGS, 3));
        log.debug("AuthenticationUtils.handleCredentials saving data in session data");
        return SsoUtils.persistAuthInfoInContextWithToken(httpServletRequest, credentials.getPassword(), credentials.getProfile(), extMap, (ExtMap) invoke2.get(Authz.InvokeKeys.PRINCIPAL_RECORD));
    }

    public static void changePassword(SsoContext ssoContext, HttpServletRequest httpServletRequest, Credentials credentials) throws AuthenticationException {
        ExtensionProfile extensionProfile = getExtensionProfile(ssoContext, credentials.getProfile());
        String mapUser = mapUser(extensionProfile, credentials);
        log.debug("AuthenticationUtils.changePassword invoking CREDENTIALS_CHANGE on authn");
        ExtMap invoke = extensionProfile.authn.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.CREDENTIALS_CHANGE).mput(Authn.InvokeKeys.USER, mapUser).mput(Authn.InvokeKeys.CREDENTIALS, credentials.getCredentials()).mput(Authn.InvokeKeys.CREDENTIALS_NEW, credentials.getNewCredentials()));
        if (((Integer) invoke.get(Base.InvokeKeys.RESULT)).intValue() == 0 && ((Integer) invoke.get(Authn.InvokeKeys.RESULT)).intValue() == 0) {
            log.debug("AuthenticationUtils.changePassword CREDENTIALS_CHANGE on authn succeeded");
        } else {
            SsoUtils.getSsoSession(httpServletRequest).setChangePasswdCredentials(credentials);
            log.debug("AuthenticationUtils.changePassword CREDENTIALS_CHANGE on authn failed");
            throw new AuthenticationException(AuthnMessageMapper.mapMessageErrorCode(ssoContext, httpServletRequest, credentials.getProfile(), invoke));
        }
    }

    public static Map<String, List<String>> getAvailableNamesSpaces(SsoExtensionsManager ssoExtensionsManager) {
        HashMap hashMap = new HashMap();
        ssoExtensionsManager.getExtensionsByService(Authz.class.getName()).forEach(extensionProxy -> {
            String str = (String) extensionProxy.getContext().get(Base.ContextKeys.INSTANCE_NAME);
            ((Collection) extensionProxy.getContext().get(Authz.ContextKeys.AVAILABLE_NAMESPACES, Collections.emptyList())).forEach(str2 -> {
                if (!hashMap.containsKey(str)) {
                    hashMap.put(str, new ArrayList());
                }
                ((List) hashMap.get(str)).add(str2);
            });
        });
        hashMap.values().forEach(Collections::sort);
        return hashMap;
    }

    public static List<Map<String, Object>> getProfileList(SsoExtensionsManager ssoExtensionsManager) {
        return (List) ssoExtensionsManager.getExtensionsByService(Authn.class.getName()).stream().map(extensionProxy -> {
            return getProfileEntry(ssoExtensionsManager, extensionProxy);
        }).collect(Collectors.toList());
    }

    public static String getDefaultProfile(SsoExtensionsManager ssoExtensionsManager) {
        Optional findFirst = ssoExtensionsManager.getExtensionsByService(Authn.class.getName()).stream().filter(extensionProxy -> {
            return Boolean.valueOf(((Properties) extensionProxy.getContext().get(Base.ContextKeys.CONFIGURATION)).getProperty("ovirt.engine.aaa.authn.default.profile")).booleanValue();
        }).findFirst();
        if (findFirst.isPresent()) {
            return getProfileName((ExtensionProxy) findFirst.get());
        }
        return null;
    }

    public static List<String> getAvailableProfiles(SsoExtensionsManager ssoExtensionsManager) {
        return (List) ssoExtensionsManager.getExtensionsByService(Authn.class.getName()).stream().map(AuthenticationUtils::getProfileName).collect(Collectors.toList());
    }

    public static List<String> getAvailableProfilesSupportingPasswd(SsoExtensionsManager ssoExtensionsManager) {
        return getAvailableProfilesImpl(ssoExtensionsManager, 8L);
    }

    public static List<String> getAvailableProfilesSupportingPasswdChange(SsoExtensionsManager ssoExtensionsManager) {
        return getAvailableProfilesImpl(ssoExtensionsManager, 32L);
    }

    public static ExtensionProfile getExtensionProfile(SsoContext ssoContext, String str) {
        Optional<ExtensionProfile> extensionProfileImpl = getExtensionProfileImpl(ssoContext, str, null);
        if (extensionProfileImpl.isPresent()) {
            log.debug("AuthenticationUtils.getExtensionProfile authn and authz found for profile %s", str);
            return extensionProfileImpl.get();
        }
        log.debug("AuthenticationUtils.getExtensionProfile authn and authz NOT found for profile {}", str);
        throw new RuntimeException(String.format("Error in obtaining profile %s", str));
    }

    public static ExtensionProfile getExtensionProfileByAuthzName(SsoContext ssoContext, String str) {
        Optional<ExtensionProfile> extensionProfileImpl = getExtensionProfileImpl(ssoContext, null, str);
        if (extensionProfileImpl.isPresent()) {
            log.debug("AuthenticationUtils.getExtensionProfile authn and authz found for authz %s", str);
            return extensionProfileImpl.get();
        }
        log.debug("AuthenticationUtils.getExtensionProfile authn and authz NOT found for authz {}", str);
        throw new RuntimeException(String.format("Error in obtaining profile for authz %s", str));
    }

    private static List<String> getAvailableProfilesImpl(SsoExtensionsManager ssoExtensionsManager, long j) {
        return (List) ssoExtensionsManager.getExtensionsByService(Authn.class.getName()).stream().filter(extensionProxy -> {
            return (((Long) extensionProxy.getContext().get(Authn.ContextKeys.CAPABILITIES, 0L)).longValue() & j) != 0;
        }).map(AuthenticationUtils::getProfileName).sorted().collect(Collectors.toList());
    }

    private static String getProfileName(ExtensionProxy extensionProxy) {
        return ((Properties) extensionProxy.getContext().get(Base.ContextKeys.CONFIGURATION)).getProperty("ovirt.engine.aaa.authn.profile.name");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, Object> getProfileEntry(SsoExtensionsManager ssoExtensionsManager, ExtensionProxy extensionProxy) {
        HashMap hashMap = new HashMap();
        hashMap.put("authn_name", getProfileName(extensionProxy));
        ExtensionProxy extensionByName = ssoExtensionsManager.getExtensionByName(getAuthzName(extensionProxy));
        hashMap.put("authz_name", AuthzUtils.getName(extensionByName));
        hashMap.put("capability_password_auth", Boolean.valueOf(AuthzUtils.supportsPasswordAuthentication(extensionByName)));
        return hashMap;
    }

    private static String getAuthzName(ExtensionProxy extensionProxy) {
        return ((Properties) extensionProxy.getContext().get(Base.ContextKeys.CONFIGURATION)).getProperty("ovirt.engine.aaa.authn.authz.plugin");
    }

    private static Optional<ExtensionProfile> getExtensionProfileImpl(SsoContext ssoContext, String str, String str2) {
        return ssoContext.getSsoExtensionsManager().getExtensionsByService(Authn.class.getName()).stream().filter(extensionProxy -> {
            return matchesSearchName(extensionProxy, str, str2);
        }).map(extensionProxy2 -> {
            return mapToExtensionProfile(ssoContext, extensionProxy2);
        }).findFirst();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean matchesSearchName(ExtensionProxy extensionProxy, String str, String str2) {
        return (StringUtils.isNotEmpty(str) && str.equals(getProfileName(extensionProxy))) || (StringUtils.isNotEmpty(str2) && str2.equals(getAuthzName(extensionProxy)));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ExtensionProfile mapToExtensionProfile(SsoContext ssoContext, ExtensionProxy extensionProxy) {
        ExtensionProfile extensionProfile = new ExtensionProfile();
        String property = ((Properties) extensionProxy.getContext().get(Base.ContextKeys.CONFIGURATION)).getProperty("ovirt.engine.aaa.authn.mapping.plugin");
        extensionProfile.mapper = property != null ? ssoContext.getSsoExtensionsManager().getExtensionByName(property) : null;
        extensionProfile.authn = extensionProxy;
        extensionProfile.authz = ssoContext.getSsoExtensionsManager().getExtensionByName(getAuthzName(extensionProxy));
        return extensionProfile;
    }

    private static String mapUser(ExtensionProfile extensionProfile, Credentials credentials) {
        String username = credentials.getUsername();
        if (extensionProfile.mapper != null) {
            log.debug("AuthenticationUtils.handleCredentials invoking MAP_USER on mapper");
            username = (String) extensionProfile.mapper.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Mapping.InvokeCommands.MAP_USER).mput(Mapping.InvokeKeys.USER, username), true).get(Mapping.InvokeKeys.USER, username);
        }
        return username;
    }
}
