package org.gluu.casa.plugins.cert.vm;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.Cookie;
import org.gluu.casa.core.pojo.User;
import org.gluu.casa.misc.Utils;
import org.gluu.casa.misc.WebUtils;
import org.gluu.casa.plugins.cert.CertAuthenticationExtension;
import org.gluu.casa.plugins.cert.service.CertService;
import org.gluu.casa.plugins.cert.service.UserCertificateMatch;
import org.gluu.casa.service.IPersistenceService;
import org.gluu.casa.service.ISessionContext;
import org.gluu.casa.service.SndFactorAuthenticationUtils;
import org.gluu.oxauth.model.util.CertUtils;
import org.gluu.util.security.StringEncrypter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.zkoss.bind.annotation.Init;
import org.zkoss.util.Pair;
import org.zkoss.zk.ui.select.annotation.WireVariable;

/* loaded from: input_file:org/gluu/casa/plugins/cert/vm/CertAuthenticationViewModel.class */
public class CertAuthenticationViewModel {
    private static final String RND_KEY = "key";
    private static final String CERT_HEADER = "X-ClientCert";
    private Logger logger = LoggerFactory.getLogger(getClass());
    private CertService certService;
    private StringEncrypter stringEncrypter;

    @WireVariable
    private ISessionContext sessionContext;
    private User user;
    private boolean hasConfigErrors;
    private boolean present;
    private boolean parsed;
    private boolean valid;
    private boolean inCasaSession;
    private UserCertificateMatch userCertMatch;
    private String userId;

    public boolean isPresent() {
        return this.present;
    }

    public boolean isParsed() {
        return this.parsed;
    }

    public boolean isValid() {
        return this.valid;
    }

    public boolean isHasConfigErrors() {
        return this.hasConfigErrors;
    }

    public boolean isInCasaSession() {
        return this.inCasaSession;
    }

    public String getUserId() {
        return this.userId;
    }

    public UserCertificateMatch getUserCertMatch() {
        return this.userCertMatch;
    }

    @Init
    public void init() throws Exception {
        this.logger.info("Loading certificate validation page...");
        this.user = this.sessionContext.getLoggedUser();
        this.stringEncrypter = Utils.stringEncrypter();
        this.inCasaSession = this.user != null;
        this.logger.info("There is{} user in session", this.inCasaSession ? "" : " no");
        String queryParam = WebUtils.getQueryParam(RND_KEY);
        if (this.inCasaSession) {
            this.userId = this.user.getId();
        } else {
            if (Utils.isEmpty(queryParam)) {
                this.logger.warn("Expected parameter '{}' not specified in URL.", RND_KEY);
            } else {
                Pair<String, String> tokens = getTokens(queryParam);
                queryParam = (String) tokens.getX();
                this.userId = (String) tokens.getY();
            }
            if (this.userId == null) {
                this.logger.error("No user ID could be obtained. Aborting...");
                return;
            }
            this.logger.debug("User id is {}", this.userId);
        }
        this.certService = CertService.getInstance();
        this.hasConfigErrors = !this.certService.isHasValidProperties();
        if (this.hasConfigErrors) {
            this.logger.info("Configuration errors were detected. Please check the log file and plugin documentation");
            return;
        }
        this.userCertMatch = this.valid ? this.certService.processMatch(processCert(), this.userId, this.inCasaSession) : null;
        if (this.inCasaSession) {
            if (this.userCertMatch == null || !this.userCertMatch.equals(UserCertificateMatch.SUCCESS)) {
                return;
            }
            ((SndFactorAuthenticationUtils) Utils.managedBean(SndFactorAuthenticationUtils.class)).notifyEnrollment(this.user, CertAuthenticationExtension.ACR);
            return;
        }
        this.logger.debug("Setting cookie with outcome of operation");
        setCookie(queryParam, this.present, this.parsed, this.valid, this.userCertMatch);
        this.logger.info("Preparing redirect for completion of authentication flow");
        WebUtils.execRedirect(String.format("%s/oxauth/postlogin.htm", ((IPersistenceService) Utils.managedBean(IPersistenceService.class)).getIssuerUrl()), true);
    }

    private X509Certificate processCert() {
        X509Certificate x509Certificate = null;
        String requestHeader = WebUtils.getRequestHeader(CERT_HEADER);
        try {
            if (Utils.isEmpty(requestHeader)) {
                Optional ofNullable = Optional.ofNullable(WebUtils.getServletRequest().getAttribute("javax.servlet.request.X509Certificate"));
                if (ofNullable.isPresent()) {
                    this.logger.info("Got a certificate in request attribute '{}'", "javax.servlet.request.X509Certificate");
                    this.present = true;
                    Class<X509Certificate[]> cls = X509Certificate[].class;
                    Objects.requireNonNull(X509Certificate[].class);
                    x509Certificate = (X509Certificate) ofNullable.map(cls::cast).map(x509CertificateArr -> {
                        return x509CertificateArr[0];
                    }).orElse(null);
                }
            } else {
                this.logger.info("Got a certificate in request header '{}'", CERT_HEADER);
                this.present = true;
                x509Certificate = CertUtils.x509CertificateFromPem(requestHeader);
            }
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
        if (x509Certificate == null) {
            this.logger.warn("No client certificate was found. Probably the user hit the Cancel button in the browser prompt");
        } else {
            this.parsed = true;
            this.valid = this.certService.validate(x509Certificate);
        }
        return x509Certificate;
    }

    private Pair<String, String> getTokens(String str) {
        Pair<String, String> pair = new Pair<>((Object) null, (Object) null);
        try {
            String[] split = this.stringEncrypter.decrypt(str).split(";");
            return new Pair<>(split[0], split[1]);
        } catch (Exception e) {
            this.logger.error(e.getMessage());
            return pair;
        }
    }

    private void setCookie(String str, boolean z, boolean z2, boolean z3, UserCertificateMatch userCertificateMatch) {
        try {
            int i = (z ? 1 : 0) + (z2 ? 1 : 0) + (z3 ? 1 : 0);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(RND_KEY, str);
            linkedHashMap.put("status", Integer.valueOf(i));
            if (z3) {
                linkedHashMap.put("match", userCertificateMatch.name());
            }
            Cookie cookie = new Cookie("casa-cert-authn", this.stringEncrypter.encrypt(new ObjectMapper().writeValueAsString(linkedHashMap)));
            cookie.setPath("/");
            cookie.setSecure(true);
            cookie.setHttpOnly(true);
            cookie.setMaxAge(10);
            WebUtils.getServletResponse().addCookie(cookie);
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
    }
}
