package com.erudika.para.security.filters;

import com.erudika.para.Para;
import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.security.AuthenticatedUserDetails;
import com.erudika.para.security.SecurityUtils;
import com.erudika.para.security.UserAuthentication;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.Utils;
import com.erudika.para.utils.filters.CORSFilter;
import com.onelogin.saml2.Auth;
import com.onelogin.saml2.exception.SettingsException;
import com.onelogin.saml2.settings.IdPMetadataParser;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.settings.SettingsBuilder;
import com.onelogin.saml2.util.Constants;
import java.io.IOException;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/erudika/para/security/filters/SAMLAuthFilter.class */
public class SAMLAuthFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger LOG = LoggerFactory.getLogger(SAMLAuthFilter.class);
    public static final String SAML_ACTION = "/saml_auth";

    public SAMLAuthFilter(String str) {
        super(str);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Map<String, Object> parseRemoteXML;
        String requestURI = httpServletRequest.getRequestURI();
        UserAuthentication userAuthentication = null;
        if (requestURI.startsWith(SAML_ACTION)) {
            String rootAppIdentifier = Config.getRootAppIdentifier();
            if (requestURI.startsWith("/saml_auth/")) {
                String urlDecode = Utils.urlDecode(StringUtils.removeStart(requestURI, "/saml_auth/"));
                rootAppIdentifier = !urlDecode.isEmpty() ? urlDecode : Config.getRootAppIdentifier();
            }
            try {
                App app = (App) Para.getDAO().read(App.id(rootAppIdentifier == null ? Config.getRootAppIdentifier() : rootAppIdentifier));
                if (app != null) {
                    SettingsBuilder settingsBuilder = new SettingsBuilder();
                    String settingForApp = SecurityUtils.getSettingForApp(app, "security.saml.idp.metadata_url", CORSFilter.DEFAULT_EXPOSED_HEADERS);
                    if (StringUtils.isBlank(settingForApp)) {
                        parseRemoteXML = getSAMLSettings(app);
                    } else {
                        parseRemoteXML = IdPMetadataParser.parseRemoteXML(new URL(settingForApp), httpServletRequest.getParameter("entityid"));
                        parseRemoteXML.putAll(getSAMLSettings(app));
                    }
                    Saml2Settings build = settingsBuilder.fromValues(parseRemoteXML).build();
                    Auth auth = new Auth(build, httpServletRequest, httpServletResponse);
                    if (httpServletRequest.getParameter("SAMLResponse") == null) {
                        auth.login(build.getSpAssertionConsumerServiceUrl().toString());
                        return null;
                    }
                    auth.processResponse();
                    if (auth.isAuthenticated()) {
                        List errors = auth.getErrors();
                        if (!errors.isEmpty()) {
                            throw new AuthenticationServiceException(StringUtils.join(errors, "; "));
                        }
                        userAuthentication = getOrCreateUser(app, auth.getAttributes());
                    }
                }
            } catch (SettingsException e) {
                LOG.error("Failed to authenticate app '{}' with SAML: {}", rootAppIdentifier, e.getMessage());
            } catch (Exception e2) {
                LOG.error((String) null, e2);
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, SecurityUtils.getAuthenticatedUser(userAuthentication), true);
    }

    public UserAuthentication getOrCreateUser(App app, Map<String, List<String>> map) throws IOException {
        UserAuthentication userAuthentication = null;
        User user = new User();
        Map<String, String> populateUserData = populateUserData(app, map);
        if (!populateUserData.isEmpty()) {
            String str = populateUserData.get("uid");
            String orDefault = populateUserData.getOrDefault("pic", null);
            String orDefault2 = populateUserData.getOrDefault("email", null);
            String orDefault3 = populateUserData.getOrDefault("name", CORSFilter.DEFAULT_EXPOSED_HEADERS);
            String str2 = populateUserData.get("domain");
            user.setAppid(getAppid(app));
            user.setIdentifier(Config.SAML_PREFIX.concat(str));
            user.setEmail(orDefault2);
            user = User.readUserForIdentifier(user);
            if (user == null) {
                user = new User();
                user.setActive(true);
                user.setAppid(getAppid(app));
                user.setEmail(StringUtils.isBlank(orDefault2) ? Utils.getNewId() + "@" + str2 : orDefault2);
                user.setName(StringUtils.isBlank(orDefault3) ? "Anonymous" : orDefault3);
                user.setPassword(Utils.generateSecurityToken());
                user.setPicture(getPicture(orDefault));
                user.setIdentifier(Config.SAML_PREFIX.concat(str));
                if (user.create() == null) {
                    throw new AuthenticationServiceException("Authentication failed: cannot create new user.");
                }
            } else if (updateUserInfo(user, orDefault, orDefault2, orDefault3)) {
                user.update();
            }
            userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(user));
        }
        return SecurityUtils.checkIfActive(userAuthentication, user, false);
    }

    private boolean updateUserInfo(User user, String str, String str2, String str3) {
        String picture = getPicture(str);
        boolean z = false;
        if (!StringUtils.equals(user.getPicture(), picture)) {
            user.setPicture(picture);
            z = true;
        }
        if (!StringUtils.isBlank(str2) && !StringUtils.equals(user.getEmail(), str2)) {
            user.setEmail(str2);
            z = true;
        }
        if (!StringUtils.isBlank(str3) && !StringUtils.equals(user.getName(), str3)) {
            user.setName(str3);
            z = true;
        }
        return z;
    }

    private static Map<String, String> populateUserData(App app, Map<String, List<String>> map) {
        HashMap hashMap = new HashMap();
        String settingForApp = SecurityUtils.getSettingForApp(app, "security.saml.attributes.id", "UserID");
        String settingForApp2 = SecurityUtils.getSettingForApp(app, "security.saml.attributes.picture", "Picture");
        String settingForApp3 = SecurityUtils.getSettingForApp(app, "security.saml.attributes.email", "EmailAddress");
        String settingForApp4 = SecurityUtils.getSettingForApp(app, "security.saml.attributes.name", "GivenName");
        String settingForApp5 = SecurityUtils.getSettingForApp(app, "security.saml.attributes.firstname", "FirstName");
        String settingForApp6 = SecurityUtils.getSettingForApp(app, "security.saml.attributes.lastname", "LastName");
        String settingForApp7 = SecurityUtils.getSettingForApp(app, "security.saml.domain", "paraio.com");
        if (map.containsKey(settingForApp)) {
            hashMap.put("uid", map.get(settingForApp).get(0));
            hashMap.put("domain", settingForApp7);
            if (map.containsKey(settingForApp2) && !map.get(settingForApp2).isEmpty()) {
                hashMap.put("pic", map.get(settingForApp2).get(0));
            }
            if (!map.containsKey(settingForApp3) || map.get(settingForApp3).isEmpty()) {
                LOG.warn("Missing value for SAML attribute '{}'.", settingForApp3);
            } else {
                hashMap.put("email", map.get(settingForApp3).get(0));
            }
            if (map.containsKey(settingForApp4) && !map.get(settingForApp4).isEmpty()) {
                hashMap.put("name", map.get(settingForApp4).get(0));
            }
            if (!hashMap.containsKey("name") && map.containsKey(settingForApp5)) {
                String str = map.get(settingForApp5).get(0);
                if (map.containsKey(settingForApp6)) {
                    hashMap.put("name", StringUtils.trimToEmpty(str + " " + map.get(settingForApp6).get(0)));
                }
            }
            if (!hashMap.containsKey("name") || StringUtils.isBlank((CharSequence) hashMap.get("name"))) {
                LOG.warn("Missing values for SAML attributes '{}', '{}', '{}'.", new Object[]{settingForApp4, settingForApp5, settingForApp6});
            }
        } else {
            LOG.error("Incorrect SAML attibute mapping - couldn't find user id value for key '{}'.", settingForApp);
        }
        return hashMap;
    }

    private static String getPicture(String str) {
        if (str != null) {
            return str.contains("?") ? str.substring(0, str.indexOf(63)) : str;
        }
        return null;
    }

    private String getAppid(App app) {
        if (app == null) {
            return null;
        }
        return app.getAppIdentifier();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, Object> getSAMLSettings(App app) {
        if (app == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("onelogin.saml2.strict", true);
        hashMap.put("onelogin.saml2.debug", Boolean.valueOf(!Config.IN_PRODUCTION));
        String configProp = getConfigProp(app, "onelogin.saml2.sp.entityid", CORSFilter.DEFAULT_EXPOSED_HEADERS);
        String configProp2 = getConfigProp(app, "onelogin.saml2.sp.assertion_consumer_service.url", configProp);
        hashMap.put("onelogin.saml2.sp.entityid", configProp);
        hashMap.put("onelogin.saml2.sp.assertion_consumer_service.url", StringUtils.isBlank(configProp2) ? configProp : configProp2);
        hashMap.put("onelogin.saml2.sp.nameidformat", getConfigProp(app, "onelogin.saml2.sp.nameidformat", Constants.NAMEID_UNSPECIFIED));
        hashMap.put("onelogin.saml2.sp.x509cert", Utils.base64dec(getConfigProp(app, "onelogin.saml2.sp.x509cert", CORSFilter.DEFAULT_EXPOSED_HEADERS)));
        hashMap.put("onelogin.saml2.sp.privatekey", Utils.base64dec(getConfigProp(app, "onelogin.saml2.sp.privatekey", CORSFilter.DEFAULT_EXPOSED_HEADERS)));
        String configProp3 = getConfigProp(app, "onelogin.saml2.idp.entityid", CORSFilter.DEFAULT_EXPOSED_HEADERS);
        String configProp4 = getConfigProp(app, "onelogin.saml2.idp.single_sign_on_service.url", CORSFilter.DEFAULT_EXPOSED_HEADERS);
        String base64dec = Utils.base64dec(getConfigProp(app, "onelogin.saml2.idp.x509cert", CORSFilter.DEFAULT_EXPOSED_HEADERS));
        if (!StringUtils.isBlank(configProp3)) {
            hashMap.put("onelogin.saml2.idp.entityid", configProp3);
        }
        if (!StringUtils.isBlank(configProp4)) {
            hashMap.put("onelogin.saml2.idp.single_sign_on_service.url", configProp4);
        }
        if (!StringUtils.isBlank(base64dec)) {
            hashMap.put("onelogin.saml2.idp.x509cert", base64dec);
        }
        hashMap.put("onelogin.saml2.security.authnrequest_signed", Boolean.valueOf(getConfigPropBool(app, "onelogin.saml2.security.authnrequest_signed", false)));
        hashMap.put("onelogin.saml2.security.want_messages_signed", Boolean.valueOf(getConfigPropBool(app, "onelogin.saml2.security.want_messages_signed", false)));
        hashMap.put("onelogin.saml2.security.want_assertions_signed", Boolean.valueOf(getConfigPropBool(app, "onelogin.saml2.security.want_assertions_signed", false)));
        hashMap.put("onelogin.saml2.security.want_assertions_encrypted", Boolean.valueOf(getConfigPropBool(app, "onelogin.saml2.security.want_assertions_encrypted", false)));
        hashMap.put("onelogin.saml2.security.want_nameid_encrypted", Boolean.valueOf(getConfigPropBool(app, "onelogin.saml2.security.want_nameid_encrypted", false)));
        hashMap.put("onelogin.saml2.security.sign_metadata", Boolean.valueOf(getConfigPropBool(app, "onelogin.saml2.security.sign_metadata", false)));
        hashMap.put("onelogin.saml2.security.want_xml_validation", Boolean.valueOf(getConfigPropBool(app, "onelogin.saml2.security.want_xml_validation", true)));
        hashMap.put("onelogin.saml2.security.signature_algorithm", getConfigProp(app, "onelogin.saml2.security.signature_algorithm", CORSFilter.DEFAULT_EXPOSED_HEADERS));
        return hashMap;
    }

    private static String getConfigProp(App app, String str, String str2) {
        return SecurityUtils.getSettingForApp(app, "security.saml" + StringUtils.removeStart(str, "onelogin.saml2"), str2);
    }

    private static boolean getConfigPropBool(App app, String str, boolean z) {
        return Boolean.parseBoolean(getConfigProp(app, str, Boolean.toString(z)));
    }
}
