package nosi.webapps.igrp.pages.login;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.http.Cookie;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.Form;
import nosi.core.config.Config;
import nosi.core.config.ConfigCommonMainConstants;
import nosi.core.i18n.Translator;
import nosi.core.integration.autentika.RemoteUserStoreManagerServiceSoapClient;
import nosi.core.integration.autentika.dto.AuthenticateRequestDTO;
import nosi.core.integration.autentika.dto.ClaimDTO;
import nosi.core.integration.autentika.dto.RemoteUserStoreManagerServiceConstants;
import nosi.core.integration.autentika.dto.UserClaimValuesRequestDTO;
import nosi.core.integration.autentika.dto.UserClaimValuesResponseDTO;
import nosi.core.ldap.LdapPerson;
import nosi.core.ldap.NosiLdapAPI;
import nosi.core.webapp.Controller;
import nosi.core.webapp.Core;
import nosi.core.webapp.FlashMessage;
import nosi.core.webapp.Igrp;
import nosi.core.webapp.Response;
import nosi.webapps.igrp.dao.Organization;
import nosi.webapps.igrp.dao.Profile;
import nosi.webapps.igrp.dao.ProfileType;
import nosi.webapps.igrp.dao.Session;
import nosi.webapps.igrp.dao.User;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:nosi/webapps/igrp/pages/login/LoginController.class */
public class LoginController extends Controller {
    private Properties settings = this.configApp.getMainSettings();
    private static Logger log = LogManager.getLogger(LoginController.class);

    public Response actionLogin() throws Exception {
        Response createResponseForRetrieveAccount = createResponseForRetrieveAccount();
        if (createResponseForRetrieveAccount != null) {
            return createResponseForRetrieveAccount;
        }
        Login login = new Login();
        LoginView loginView = new LoginView(login);
        Response createResponseIfIsAuthenticated = createResponseIfIsAuthenticated();
        if (createResponseIfIsAuthenticated != null) {
            return createResponseIfIsAuthenticated;
        }
        Response createResponseApplyingActivation = createResponseApplyingActivation();
        if (createResponseApplyingActivation != null) {
            return createResponseApplyingActivation;
        }
        Response oAuth2Wso2 = oAuth2Wso2();
        if (oAuth2Wso2 != null) {
            return oAuth2Wso2;
        }
        Response createResponseOauth2OpenIdIdentityServer = createResponseOauth2OpenIdIdentityServer();
        if (createResponseOauth2OpenIdIdentityServer != null) {
            return createResponseOauth2OpenIdIdentityServer;
        }
        if (Igrp.getInstance().getRequest().getMethod().equalsIgnoreCase("POST")) {
            login.load();
            Response mainAuthentication = mainAuthentication(login.getUser(), login.getPassword());
            return mainAuthentication != null ? mainAuthentication : redirect("igrp", "login", "login", queryString());
        }
        String property = this.settings.getProperty(ConfigCommonMainConstants.IGRP_AUTHENTICATION_GOVCV_ENABLED.value());
        boolean equals = getConfig().getAutenticationType().equals("db");
        if ((property != null && !property.isEmpty() && property.equals("true")) || equals) {
            loginView.user.setLabel("Username");
            loginView.user.propertie().setProperty("type", "text");
        }
        return renderView(loginView, true);
    }

    public Response actionLogout() throws IOException {
        String requestedSessionId = Igrp.getInstance().getRequest().getRequestedSessionId();
        User currentUser = Core.getCurrentUser();
        String oidcIdToken = currentUser.getOidcIdToken();
        String oidcState = currentUser.getOidcState();
        currentUser.setIsAuthenticated(0);
        User update = currentUser.update();
        if (!Igrp.getInstance().getUser().logout() || update == null || update.hasError()) {
            Igrp.getInstance().getFlashMessage().addMessage(FlashMessage.ERROR, Translator.gt("Ocorreu um erro no logout."));
        } else if (!Session.afterLogout(requestedSessionId)) {
            Igrp.getInstance().getFlashMessage().addMessage(FlashMessage.ERROR, Translator.gt("Ooops !!! Ocorreu um erro com registo session ..."));
        }
        for (Cookie cookie : Igrp.getInstance().getRequest().getCookies()) {
            if (!cookie.getName().equals("igrp_lang")) {
                cookie.setMaxAge(0);
                cookie.setValue((String) null);
                Igrp.getInstance().getResponse().addCookie(cookie);
            }
        }
        String property = this.settings.getProperty(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE.value());
        if (property == null || !property.equalsIgnoreCase(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE_OAUTH2_OPENID.value())) {
            return redirect("igrp", "login", "login");
        }
        String property2 = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_LOGOUT.value());
        if (property2 == null || property2.isEmpty()) {
            return redirectToUrl(createUrlForOAuth2OpenIdRequest());
        }
        String str = property2 + "?id_token_hint=" + oidcIdToken + "&state=" + oidcState;
        String property3 = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_REDIRECT_URI.value());
        return redirectToUrl((property3 == null || property3.isEmpty()) ? str : str + "&post_logout_redirect_uri=" + property3);
    }

    public Response actionGoToLogin() throws IOException {
        return redirect("igrp", "login", "login");
    }

    private Response createResponseIfIsAuthenticated() {
        if (!Igrp.getInstance().getUser().isAuthenticated()) {
            return null;
        }
        if (Core.getCurrentUser().getIsAuthenticated().intValue() == 0) {
            try {
                return redirect("igrp", "login", "logout");
            } catch (IOException e) {
            }
        }
        try {
            String param = Core.getParam("state");
            if (param != null && !param.isEmpty()) {
                addQueryString("dad", param);
            }
            return redirect("igrp", "home", "index", queryString());
        } catch (Exception e2) {
            return null;
        }
    }

    public Response createResponseApplyingActivation() {
        String parameter = Igrp.getInstance().getRequest().getParameter("activation_key");
        if (parameter == null || parameter.trim().isEmpty()) {
            return null;
        }
        try {
            User one = new User().find().andWhere("activation_key", "=", parameter).one();
            String str = new String(Base64.getUrlDecoder().decode(parameter));
            if (one == null || str.compareTo(System.currentTimeMillis() + "") <= 0 || one.getStatus() != 0) {
                Core.setMessageError("Ooops !!! Ocorreu um erro na activação.");
            } else {
                one.setStatus(1);
                one.update();
                Core.setMessageSuccess("Ativação bem sucedida. Faça o login !!!");
            }
        } catch (Exception e) {
            Core.setMessageError("Ooops !!! Ocorreu um erro na activação.");
        }
        try {
            String property = this.settings.getProperty("ids.wso2.oauth2-openid.enabled");
            return (property == null || !property.equalsIgnoreCase("true")) ? redirect("igrp", "login", "login", queryString()) : redirectToUrl(createUrlForOAuth2OpenIdRequest());
        } catch (Exception e2) {
            return null;
        }
    }

    private Response mainAuthentication(String str, String str2) {
        String autenticationType = getConfig().getAutenticationType();
        if (autenticationType.equals(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE_DATABASE.value())) {
            if (!loginWithDb(str, str2)) {
                return null;
            }
            try {
                return redirect("igrp", "home", "index");
            } catch (Exception e) {
                return null;
            }
        }
        if (!autenticationType.equals(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE_LDAP.value()) || !loginWithLdap(str, str2)) {
            return null;
        }
        try {
            return redirect("igrp", "home", "index");
        } catch (Exception e2) {
            return null;
        }
    }

    private boolean loginWithDb(String str, String str2) {
        boolean z = false;
        User findIdentityByUsername = new User().findIdentityByUsername(str);
        if (findIdentityByUsername == null) {
            findIdentityByUsername = new User().findIdentityByEmail(str);
            if (findIdentityByUsername != null) {
                str = findIdentityByUsername.getUser_name();
            }
        }
        if (findIdentityByUsername == null || !findIdentityByUsername.validate(nosi.core.webapp.User.encryptToHash(str + "" + str2, "SHA-256")) || !userIsAuthenticatedFlag(findIdentityByUsername)) {
            Core.setMessageError("A sua conta ou palavra-passe está incorreta. Se não se lembra da sua palavra-passe, contacte o Administrador.");
        } else if (findIdentityByUsername.getStatus() == 1) {
            Profile byUser = new Profile().getByUser(findIdentityByUsername.getId());
            if (byUser == null || !Igrp.getInstance().getUser().login(findIdentityByUsername, -1)) {
                Core.setMessageError("Ooops !!! Ocorreu um INTERNAL_ERROR ... Login inválido.");
            } else {
                if (!Session.afterLogin(byUser)) {
                    Core.setMessageError("Ooops !!! Error no registo session ...");
                }
                z = true;
            }
        } else {
            Core.setMessageError("Utilizador desativado. Por favor contacte o Administrador.");
        }
        return z;
    }

    private boolean loginWithLdap(String str, String str2) {
        ArrayList<LdapPerson> arrayList = new ArrayList<>();
        String property = this.settings.getProperty(ConfigCommonMainConstants.IDS_AUTENTIKA_ENABLED.value());
        boolean authenticateDirectlyToLDAPServer = (property == null || !property.equalsIgnoreCase("true")) ? authenticateDirectlyToLDAPServer(str, str2, arrayList) : authenticateThroughIdentityServerAutentika(str, str2, arrayList);
        if (authenticateDirectlyToLDAPServer) {
            User findIdentityByUsername = new User().findIdentityByUsername(str);
            if (findIdentityByUsername != null) {
                authenticateDirectlyToLDAPServer = createSessionLdapAuthentication(findIdentityByUsername) && userIsAuthenticatedFlag(findIdentityByUsername);
                sso(str, str2, findIdentityByUsername);
            } else if (getConfig().getEnvironment().equals(ConfigCommonMainConstants.IGRP_ENV_DEV.value())) {
                User user = new User();
                user.setUser_name(str.trim().toLowerCase());
                if (arrayList != null && !arrayList.isEmpty()) {
                    for (int i = 0; i < arrayList.size(); i++) {
                        LdapPerson ldapPerson = arrayList.get(i);
                        if (ldapPerson.getName() != null && !ldapPerson.getName().isEmpty()) {
                            user.setName(ldapPerson.getName());
                        } else if (ldapPerson.getDisplayName() == null || ldapPerson.getDisplayName().isEmpty()) {
                            user.setName(ldapPerson.getFullName());
                        } else {
                            user.setName(ldapPerson.getDisplayName());
                        }
                        user.setEmail(ldapPerson.getMail().toLowerCase());
                    }
                }
                user.setStatus(1);
                user.setCreated_at(System.currentTimeMillis());
                user.setUpdated_at(System.currentTimeMillis());
                user.setAuth_key(nosi.core.webapp.User.generateAuthenticationKey());
                user.setActivation_key(nosi.core.webapp.User.generateActivationKey());
                user.setIsAuthenticated(1);
                User insert = user.insert();
                if (insert != null) {
                    sso(str, str2, insert);
                    if (createPerfilWhenAutoInvite(insert)) {
                        return createSessionLdapAuthentication(insert);
                    }
                }
            } else {
                authenticateDirectlyToLDAPServer = false;
                Core.setMessageError(Translator.gt("Esta conta não tem acesso ao IGRP. Por favor, contacte o Administrador."));
            }
        } else {
            Core.setMessageError(Translator.gt("A sua conta ou palavra-passe está incorreta."));
        }
        return authenticateDirectlyToLDAPServer;
    }

    private boolean authenticateDirectlyToLDAPServer(String str, String str2, ArrayList<LdapPerson> arrayList) {
        return new NosiLdapAPI(this.settings.getProperty(ConfigCommonMainConstants.LDAP_AD_URL.value()), this.settings.getProperty(ConfigCommonMainConstants.LDAP_AD_USERNAME.value()), this.settings.getProperty(ConfigCommonMainConstants.LDAP_AD_PASSWORD.value()), this.settings.getProperty(ConfigCommonMainConstants.LDAP_AD_BASE.value()), this.settings.getProperty(ConfigCommonMainConstants.LDAP_AD_AUTHENTICATION_FILTER.value()), this.settings.getProperty(ConfigCommonMainConstants.LDAP_AD_ENTRY_DN.value())).validateLogin(str, str2, arrayList);
    }

    private boolean authenticateThroughIdentityServerAutentika(String str, String str2, List<LdapPerson> list) {
        boolean z = false;
        String property = this.settings.getProperty(ConfigCommonMainConstants.IDS_AUTENTIKA_REMOTE_USER_STORE_MANAGER_SERVICE_WSDL_URL.value());
        String property2 = this.settings.getProperty(ConfigCommonMainConstants.IDS_AUTENTIKA_ADMIN_USN.value());
        String property3 = this.settings.getProperty(ConfigCommonMainConstants.IDS_AUTENTIKA_ADMIN_PWD.value());
        String property4 = this.settings.getProperty(ConfigCommonMainConstants.IGRP_AUTHENTICATION_GOVCV_ENABLED.value());
        String str3 = (property4 == null || !property4.equalsIgnoreCase("true")) ? str : "gov.cv/" + str;
        RemoteUserStoreManagerServiceSoapClient remoteUserStoreManagerServiceSoapClient = new RemoteUserStoreManagerServiceSoapClient(property, property2, property3);
        AuthenticateRequestDTO authenticateRequestDTO = new AuthenticateRequestDTO();
        authenticateRequestDTO.setUserName(str3);
        authenticateRequestDTO.setCredential(str2);
        if (remoteUserStoreManagerServiceSoapClient.authenticate(authenticateRequestDTO)) {
            UserClaimValuesRequestDTO userClaimValuesRequestDTO = new UserClaimValuesRequestDTO();
            userClaimValuesRequestDTO.setUserName(str3);
            UserClaimValuesResponseDTO userClaimValues = remoteUserStoreManagerServiceSoapClient.getUserClaimValues(userClaimValuesRequestDTO);
            if (userClaimValues != null) {
                List<ClaimDTO> claimDTOs = userClaimValues.getClaimDTOs();
                claimDTOs.forEach(claimDTO -> {
                    LdapPerson ldapPerson = new LdapPerson();
                    String claimUri = claimDTO.getClaimUri();
                    boolean z2 = -1;
                    switch (claimUri.hashCode()) {
                        case -2090111631:
                            if (claimUri.equals(RemoteUserStoreManagerServiceConstants.LASTNAME_CLAIM_URI)) {
                                z2 = 4;
                                break;
                            }
                            break;
                        case -925550024:
                            if (claimUri.equals(RemoteUserStoreManagerServiceConstants.GIVENNAME_CLAIM_URI)) {
                                z2 = true;
                                break;
                            }
                            break;
                        case 700340458:
                            if (claimUri.equals(RemoteUserStoreManagerServiceConstants.FULLNAME_CLAIM_URI)) {
                                z2 = 3;
                                break;
                            }
                            break;
                        case 904969256:
                            if (claimUri.equals(RemoteUserStoreManagerServiceConstants.EMAIL_CLAIM_URI)) {
                                z2 = 2;
                                break;
                            }
                            break;
                        case 1693038877:
                            if (claimUri.equals(RemoteUserStoreManagerServiceConstants.DISPLAYNAME_CLAIM_URI)) {
                                z2 = false;
                                break;
                            }
                            break;
                    }
                    switch (z2) {
                        case false:
                            ldapPerson.setDisplayName(claimDTO.getValue());
                            break;
                        case true:
                            ldapPerson.setGivenName(claimDTO.getValue());
                            break;
                        case true:
                            ldapPerson.setUid(claimDTO.getValue());
                            ldapPerson.setMail(claimDTO.getValue());
                            break;
                        case true:
                            ldapPerson.setFullName(claimDTO.getValue());
                            break;
                        case true:
                            ldapPerson.setLastName(claimDTO.getValue());
                            break;
                    }
                    list.add(ldapPerson);
                });
                z = !claimDTOs.isEmpty();
            }
        }
        return z;
    }

    private boolean sso(String str, String str2, User user) {
        String property = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_CLIENT_ID.value());
        String property2 = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_CLIENT_SECRET.value());
        String str3 = "grant_type=password&username=" + str + "&password=" + str2 + "&client_id=" + property + "&client_secret=" + property2 + "&scope=openid";
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) URI.create(this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_TOKEN.value())).toURL().openConnection();
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setDoInput(true);
            httpURLConnection.setInstanceFollowRedirects(false);
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            httpURLConnection.setRequestProperty("charset", "utf-8");
            httpURLConnection.setRequestProperty("Content-Length", str3.length() + "");
            httpURLConnection.setUseCaches(false);
            httpURLConnection.getOutputStream().write(str3.getBytes());
            httpURLConnection.connect();
            if (httpURLConnection.getResponseCode() != 200) {
                return false;
            }
            user.setValid_until((String) new JSONObject((String) new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8)).lines().collect(Collectors.joining())).get("access_token"));
            user.update();
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    private boolean createSessionLdapAuthentication(User user) {
        boolean z = true;
        if (user.getStatus() == 1) {
            Profile byUser = new Profile().getByUser(user.getId());
            if (byUser == null || !Igrp.getInstance().getUser().login(user, -1)) {
                z = false;
                Core.setMessageError(Translator.gt("Ooops !!! Login inválido. "));
            } else if (!Session.afterLogin(byUser)) {
                z = false;
                Core.setMessageError(Translator.gt("Ooops !!! Error no registo session. "));
            }
        } else {
            z = false;
            Core.setMessageError("Utilizador desativado. Por favor contacte o Administrador.");
        }
        return z;
    }

    private Response createResponseForRetrieveAccount() {
        String parameter;
        if (Igrp.getInstance().getRequest().getMethod().equalsIgnoreCase("POST") && (parameter = Igrp.getInstance().getRequest().getParameter("p_button2")) != null && parameter.equals("p_button2")) {
            return redirectToUrl(Igrp.getInstance().getRequest().getRequestURL().toString() + "?r=igrp/Resetbyemail/index&target=_blank&isPublic=1");
        }
        return null;
    }

    public Map<String, String> oAuth2Wso2Swap() {
        try {
            String param = Core.getParam("code");
            String param2 = Core.getParam("session_state");
            if (param == null || param.isEmpty()) {
                return null;
            }
            String property = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_CLIENT_ID.value());
            String property2 = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_CLIENT_SECRET.value());
            String property3 = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_TOKEN.value());
            String replace = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_REDIRECT_URI.value()).replace("IGRP", Core.getDeployedWarName());
            Form form = new Form();
            form.param("grant_type", "authorization_code");
            form.param("code", param);
            form.param("redirect_uri", replace);
            form.param("scope", "openid email profile");
            Client newClient = ClientBuilder.newClient();
            Invocation.Builder request = newClient.target(property3).request(new String[]{"application/x-www-form-urlencoded"});
            request.header("Accept", "application/json");
            request.header("Authorization", "Basic " + Base64.getEncoder().encodeToString((property + ":" + property2).getBytes()));
            javax.ws.rs.core.Response response = (javax.ws.rs.core.Response) request.post(Entity.form(form), javax.ws.rs.core.Response.class);
            String str = (String) response.readEntity(String.class);
            newClient.close();
            if (response.getStatus() != 200) {
                return null;
            }
            JSONObject jSONObject = new JSONObject(str);
            String str2 = (String) jSONObject.get("access_token");
            String str3 = (String) jSONObject.get("id_token");
            String str4 = (String) jSONObject.get("refresh_token");
            HashMap hashMap = new HashMap();
            hashMap.put("access_token", str2);
            hashMap.put("id_token", str3);
            hashMap.put("session_state", param2);
            hashMap.put("refresh_token", str4);
            return hashMap;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private Map<String, String> oAuth2Wso2GetUserInfoByToken(String str) {
        Client newClient;
        javax.ws.rs.core.Response response;
        HashMap hashMap = null;
        try {
            String property = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_USER.value());
            newClient = ClientBuilder.newClient();
            response = (javax.ws.rs.core.Response) newClient.target(property).request().header("Accept", "application/json").header("Authorization", "Bearer " + str).get(javax.ws.rs.core.Response.class);
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (response.getStatus() != 200) {
            return null;
        }
        String str2 = (String) response.readEntity(String.class);
        newClient.close();
        JSONObject jSONObject = new JSONObject(str2);
        hashMap = new HashMap();
        hashMap.put("sub", getAttributeStringValue(jSONObject, "sub"));
        hashMap.put("email", getAttributeStringValue(jSONObject, "email"));
        hashMap.put("birthdate", getAttributeStringValue(jSONObject, "birthdate"));
        hashMap.put("name", getAttributeStringValue(jSONObject, "name"));
        hashMap.put("phone_number", getAttributeStringValue(jSONObject, "phone_number"));
        return hashMap;
    }

    private String getAttributeStringValue(JSONObject jSONObject, String str) {
        String str2;
        log.info("[obj]= %s", jSONObject);
        try {
            str2 = jSONObject.getString(str);
        } catch (JSONException e) {
            log.warn(e);
            str2 = null;
        }
        return str2;
    }

    public Response oAuth2Wso2() {
        String param = Core.getParam(FlashMessage.ERROR);
        String property = this.settings.getProperty(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE.value());
        String param2 = Core.getParam("code");
        String param3 = Core.getParam("state");
        if (property == null || !property.equalsIgnoreCase(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE_OAUTH2_OPENID.value())) {
            return null;
        }
        if (param != null && !param.isEmpty() && !param.equalsIgnoreCase("null")) {
            Core.setMessageError("Ocorreu o seguinte erro: (" + param + ").");
            return redirectToUrl(createUrlForOAuth2OpenIdRequest());
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        Map<String, String> oAuth2Wso2Swap = oAuth2Wso2Swap();
        if (oAuth2Wso2Swap != null) {
            str = oAuth2Wso2Swap.get("access_token");
            str2 = oAuth2Wso2Swap.get("id_token");
            str3 = oAuth2Wso2Swap.get("session_state");
            str4 = oAuth2Wso2Swap.get("refresh_token");
            Core.addToSession("_oidcIdToken", str2);
            Core.addToSession("_oidcState", str3);
        }
        if (str != null) {
            Map<String, String> oAuth2Wso2GetUserInfoByToken = oAuth2Wso2GetUserInfoByToken(str);
            if (oAuth2Wso2GetUserInfoByToken != null && oAuth2Wso2GetUserInfoByToken.containsKey("email") && oAuth2Wso2GetUserInfoByToken.containsKey("sub")) {
                String lowerCase = oAuth2Wso2GetUserInfoByToken.get("email") != null ? oAuth2Wso2GetUserInfoByToken.get("email").trim().toLowerCase() : "";
                log.info("email= %s", lowerCase);
                String str5 = oAuth2Wso2GetUserInfoByToken.get("sub");
                String str6 = oAuth2Wso2GetUserInfoByToken.get("name");
                String str7 = oAuth2Wso2GetUserInfoByToken.get("phone_number");
                addQueryString("dad", param3);
                User user = new User();
                if (str5 != null && Pattern.matches("^\\d{8}[MmFf]{1}\\d{3}[a-zA-Z]{1}$", str5)) {
                    try {
                        log.info("GET USER BY cni");
                        user = new User().find().andWhere("cni", "=", str5.toUpperCase()).one();
                        if (Core.isNullOrZero(user)) {
                            log.info("GET USER BY email = cni");
                            user = new User().find().andWhere("email", "=", str5.toUpperCase()).one();
                        }
                    } catch (Exception e) {
                        log.warn(e);
                        user = new User();
                        if (lowerCase != null) {
                            user = new User().find().andWhere("email", "=", lowerCase).one();
                        }
                    }
                } else if (lowerCase != null) {
                    user = new User().find().andWhere("email", "=", lowerCase).one();
                }
                if (user != null) {
                    if (user.getStatus() != 1) {
                        Core.setMessageWarning("Este utilizador " + user.getName() + " encontra-se desativado.");
                        return redirectToUrl(createUrlForOAuth2OpenIdRequest());
                    }
                    afterLogin(user);
                    if (createSessionLdapAuthentication(user)) {
                        try {
                            user.setValid_until(str);
                            user.setOidcIdToken(str2);
                            user.setOidcState(str3);
                            user.setIsAuthenticated(1);
                            user.setRefreshToken(str4);
                            user.update();
                            return redirect("igrp", "home", "index", queryString());
                        } catch (Exception e2) {
                            log.error("User update error");
                        }
                    }
                } else {
                    if (!new Config().getEnvironment().equalsIgnoreCase(ConfigCommonMainConstants.IGRP_ENV_DEV.value())) {
                        Core.setMessageWarning("Utilizador com o e-mail: " + lowerCase + ", não está convidado.");
                        return redirectToUrl(createUrlForOAuth2OpenIdRequest());
                    }
                    try {
                        User user2 = new User();
                        user2.setUser_name(str5);
                        if (Core.isNotNullOrZero(lowerCase)) {
                            user2.setEmail(lowerCase);
                        } else if (Pattern.matches("^\\d{8}[MmFf]{1}\\d{3}[a-zA-Z]{1}$", str5)) {
                            user2.setEmail(str5.toUpperCase());
                        }
                        user2.setName(str6);
                        user2.setPhone(str7);
                        user2.setStatus(1);
                        user2.setIsAuthenticated(1);
                        user2.setCreated_at(System.currentTimeMillis());
                        user2.setUpdated_at(System.currentTimeMillis());
                        user2.setAuth_key(nosi.core.webapp.User.generateAuthenticationKey());
                        user2.setActivation_key(nosi.core.webapp.User.generateActivationKey());
                        user2.setCni(Pattern.matches("^\\d{8}[MmFf]{1}\\d{3}[a-zA-Z]{1}$", str5) ? str5.toUpperCase() : null);
                        User insert = user2.insert();
                        afterLogin(user);
                        if (insert != null && createPerfilWhenAutoInvite(insert) && createSessionLdapAuthentication(insert)) {
                            insert.setValid_until(str);
                            insert.setOidcIdToken(str2);
                            insert.setOidcState(str3);
                            insert.setRefreshToken(str4);
                            insert.update();
                            return redirect("igrp", "home", "index", queryString());
                        }
                    } catch (Exception e3) {
                        e3.printStackTrace();
                        Core.setMessageError("Ocorreu um erro no auto-invite.");
                        return redirectToUrl(createUrlForOAuth2OpenIdRequest());
                    }
                }
            } else if (param2 != null && !param2.trim().isEmpty()) {
                Core.setMessageError("Ocorreu o seguinte erro: (Uid não encontrado).");
                return redirectToUrl(createUrlForOAuth2OpenIdRequest());
            }
        } else if (param2 != null && !param2.trim().isEmpty()) {
            Core.setMessageError("Ocorreu o seguinte erro: (Token não encontrado).");
            return redirectToUrl(createUrlForOAuth2OpenIdRequest());
        }
        if (param != null && !param.isEmpty()) {
            return null;
        }
        if ((param2 == null || param2.isEmpty()) && property != null && property.equalsIgnoreCase("true")) {
            return createResponseOauth2OpenIdIdentityServer();
        }
        return null;
    }

    private void afterLogin(User user) {
        String param = Core.getParam("dad");
        if (!Core.isNotNull(param) || param.equalsIgnoreCase("igrp") || param.equalsIgnoreCase("igrp_studio") || param.equalsIgnoreCase("tutorial")) {
            return;
        }
        try {
            Class<?> cls = Class.forName("nosi.webapps." + param.trim() + ".AfterLogin");
            if (cls != null) {
                cls.getMethod("afterLogin", User.class).invoke(cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]), user);
            }
        } catch (Exception e) {
            log.error("AfterLogin implementation error");
        }
    }

    private Response createResponseOauth2OpenIdIdentityServer() {
        String property = this.settings.getProperty(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE.value());
        String property2 = this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_AUTHORIZE.value());
        if (property == null || !property.equalsIgnoreCase(ConfigCommonMainConstants.IGRP_AUTHENTICATION_TYPE_OAUTH2_OPENID.value()) || property2 == null || property2.isEmpty()) {
            return null;
        }
        return redirectToUrl(property2 + "?response_type=code&client_id=" + this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_CLIENT_ID.value()) + "&scope=openid+email+profile&state=igrp&redirect_uri=" + this.settings.getProperty(ConfigCommonMainConstants.IDS_OAUTH2_OPENID_ENDPOINT_REDIRECT_URI.value()).replace("IGRP", Core.getDeployedWarName()));
    }

    private String createUrlForOAuth2OpenIdRequest() {
        return Igrp.getInstance().getRequest().getRequestURL().toString() + "?r=igrp/Oauth2openidwso2/index&target=_blank&isPublic=1&lang=pt_PT";
    }

    private boolean createPerfilWhenAutoInvite(User user) {
        Profile profile = new Profile();
        profile.setUser(user);
        profile.setOrganization(new Organization().findOne((Object) 3));
        profile.setProfileType(new ProfileType().findOne((Object) 4));
        profile.setType("PROF");
        profile.setType_fk(4);
        Profile profile2 = new Profile();
        profile2.setUser(user);
        profile2.setOrganization(new Organization().findOne((Object) 3));
        profile2.setProfileType(new ProfileType().findOne((Object) 4));
        profile2.setType("ENV");
        profile2.setType_fk(3);
        Profile profile3 = new Profile();
        profile3.setUser(user);
        profile3.setOrganization(new Organization().findOne((Object) 2));
        profile3.setProfileType(new ProfileType().findOne((Object) 3));
        profile3.setType("ENV");
        profile3.setType_fk(2);
        return (profile.insert() == null || profile2.insert() == null || profile3.insert() == null) ? false : true;
    }

    private boolean userIsAuthenticatedFlag(User user) {
        user.setIsAuthenticated(1);
        User update = user.update();
        return (update == null || update.hasError()) ? false : true;
    }
}
