package ru.org.openam.rest;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.iplanet.dpro.session.SessionID;
import com.iplanet.dpro.session.service.InternalSession;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.client.AuthClientUtils;
import com.sun.identity.authentication.server.AuthContextLocal;
import com.sun.identity.authentication.server.AuthXMLRequest;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.service.AuthUtils;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.shared.encode.CookieUtils;
import java.io.InputStream;
import java.text.MessageFormat;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ru.org.openam.httpdump.Dump;
import ru.org.openam.rest.data.AuthContextInput;
import ru.org.openam.rest.data.AuthContextOutput;
import ru.org.openam.servlets.Authentificate;

@Path("/")
/* loaded from: input_file:WEB-INF/lib/web-14.8.1.0.jar:ru/org/openam/rest/Rest2Auth.class */
public class Rest2Auth {
    public static Logger logger = LoggerFactory.getLogger((Class<?>) Rest2Auth.class);
    public static ObjectMapper mapper = new ObjectMapper();

    @Path("authentificate")
    @Consumes({MediaType.WILDCARD})
    @POST
    @Produces({"application/json;charset=utf-8"})
    public Response authentificate(@QueryParam("realm") String str, @QueryParam("service") String str2, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        NameCallback[] requirements;
        InternalSession session;
        logger.info("authentificate {}: {}", Authentificate.whois(httpServletRequest), httpServletRequest.getQueryString());
        AuthContextLocal authContextLocal = null;
        try {
            String cookieValueFromReq = CookieUtils.getCookieValueFromReq(httpServletRequest, AuthClientUtils.getAuthCookieName());
            if (!StringUtils.isBlank(cookieValueFromReq) && (session = AuthD.getSession(new SessionID(cookieValueFromReq))) != null) {
                authContextLocal = session.getAuthContext();
            }
            if (authContextLocal == null) {
                if (Authentificate.getToken(httpServletRequest) != null) {
                    authContextLocal = AuthUtils.getAuthContext(Authentificate.getToken(httpServletRequest).getProperty("Organization"), Authentificate.getToken(httpServletRequest).getTokenID().toString(), false, httpServletRequest, (String) null, (AuthXMLRequest) null, true);
                } else {
                    authContextLocal = AuthUtils.getAuthContext(httpServletRequest, httpServletResponse, AuthUtils.getSessionIDFromRequest(httpServletRequest), false, false);
                    if (StringUtils.isNotBlank(str)) {
                        authContextLocal.setOrgDN(str);
                    }
                }
                authContextLocal.getLoginState().setHttpServletRequest(httpServletRequest);
                authContextLocal.getLoginState().setHttpServletResponse(httpServletResponse);
                if (StringUtils.isNotBlank(str2)) {
                    authContextLocal.login(AuthContext.IndexType.SERVICE, str2);
                } else {
                    authContextLocal.login();
                }
            } else {
                authContextLocal.getLoginState().setHttpServletRequest(httpServletRequest);
                authContextLocal.getLoginState().setHttpServletResponse(httpServletResponse);
            }
            authContextLocal.hasMoreRequirements();
            try {
                InputStream inputStream = httpServletRequest.getInputStream();
                AuthContextInput authContextInput = (AuthContextInput) mapper.readValue(inputStream, AuthContextInput.class);
                inputStream.close();
                if (authContextInput != null && authContextInput.callbacks != null && authContextInput.callbacks.length > 0 && (requirements = authContextLocal.getRequirements(false)) != null) {
                    for (int i = 0; i < requirements.length && i < authContextInput.callbacks.length; i++) {
                        if (requirements[i] instanceof NameCallback) {
                            requirements[i].setName((String) authContextInput.callbacks[i].value);
                        } else if (requirements[i] instanceof PasswordCallback) {
                            ((PasswordCallback) requirements[i]).setPassword(((String) authContextInput.callbacks[i].value).toCharArray());
                        } else {
                            if (!(requirements[i] instanceof ConfirmationCallback)) {
                                throw new RuntimeException("unknown callback " + requirements[i].getClass().getName());
                            }
                            boolean z = true;
                            for (int i2 = 0; i2 < ((ConfirmationCallback) requirements[i]).getOptions().length; i2++) {
                                if (StringUtils.equalsIgnoreCase(((ConfirmationCallback) requirements[i]).getOptions()[i2], (String) authContextInput.callbacks[i].value)) {
                                    ((ConfirmationCallback) requirements[i]).setSelectedIndex(i2);
                                    z = false;
                                }
                            }
                            if (z) {
                                ((ConfirmationCallback) requirements[i]).setSelectedIndex(Integer.parseInt((String) authContextInput.callbacks[i].value));
                            }
                        }
                    }
                    authContextLocal.submitRequirements(requirements);
                    authContextLocal.hasMoreRequirements();
                }
            } catch (Exception e) {
                logger.debug("{}", (Throwable) e);
            }
            if (AuthContext.Status.SUCCESS.equals(authContextLocal.getStatus())) {
                for (String str3 : AuthClientUtils.getCookieDomainsForRequest(httpServletRequest)) {
                    CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(AuthUtils.getCookieName(), authContextLocal.getSSOToken().getTokenID().toString(), "/", str3));
                    CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(AuthUtils.getAuthCookieName(), "", "/", str3));
                }
            } else {
                for (String str4 : AuthClientUtils.getCookieDomainsForRequest(httpServletRequest)) {
                    try {
                        if (AuthUtils.getlbCookieName() != null) {
                            CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(AuthUtils.getlbCookieName(), AuthUtils.getlbCookieValue(), "/", str4));
                        }
                    } catch (Throwable th) {
                    }
                    CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(AuthUtils.getAuthCookieName(), authContextLocal.getAuthIdentifier(), "/", str4));
                }
            }
            AuthContextOutput authContextOutput = new AuthContextOutput(authContextLocal);
            if (!StringUtils.isNotBlank(authContextOutput.redirectURL)) {
                return Response.status(200).entity(mapper.writeValueAsString(authContextOutput)).build();
            }
            authContextOutput.callbacks = null;
            return Response.status(302).header("Location", authContextOutput.redirectURL).entity(mapper.writeValueAsString(authContextOutput)).build();
        } catch (Exception e2) {
            if ((e2 instanceof AuthLoginException) && authContextLocal != null) {
                try {
                    return Response.status(200).entity(mapper.writeValueAsString(new AuthContextOutput(authContextLocal))).build();
                } catch (Exception e3) {
                    logger.error("{} {} {}", Authentificate.getToken(httpServletRequest), Dump.toString(httpServletRequest), e2);
                    return Response.status(500).entity(MessageFormat.format("Server busy: {0}", e2.getMessage())).build();
                }
            }
            logger.error("{} {} {}", Authentificate.getToken(httpServletRequest), Dump.toString(httpServletRequest), e2);
            return Response.status(500).entity(MessageFormat.format("Server busy: {0}", e2.getMessage())).build();
        }
    }

    static {
        mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        mapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
    }
}
