package com.supermap.services.rest.resources.impl;

import com.gargoylesoftware.htmlunit.HttpHeader;
import com.supermap.server.api.Server;
import com.supermap.server.common.ServerContainer;
import com.supermap.server.config.ComponentSetting;
import com.supermap.server.config.ComponentSettingSet;
import com.supermap.server.config.InstanceInfo;
import com.supermap.server.config.OAuthConfig;
import com.supermap.server.config.ServerConfiguration;
import com.supermap.services.rest.HttpError;
import com.supermap.services.rest.HttpException;
import com.supermap.services.rest.MethodResult;
import com.supermap.services.rest.Template;
import com.supermap.services.rest.resources.JaxrsResourceBase;
import com.supermap.services.rest.resources.SecurityResource;
import com.supermap.services.rest.util.HttpUtil;
import com.supermap.services.security.CasRealm;
import com.supermap.services.security.ExtendedOAuthManager;
import com.supermap.services.security.LdapRealm;
import com.supermap.services.security.LoginPostParameter;
import com.supermap.services.security.Manager;
import com.supermap.services.security.OAuth2Client;
import com.supermap.services.security.ProfileContent;
import com.supermap.services.security.SecurityConstants;
import com.supermap.services.security.SecurityResourceUtils;
import com.supermap.services.security.SecurityUtility;
import com.supermap.services.security.ShiroUtil;
import com.supermap.services.security.UpdatePasswordUser;
import com.supermap.services.security.User;
import com.supermap.services.util.LogUtil;
import com.supermap.services.util.ResourceManager;
import com.supermap.services.util.Tool;
import com.supermap.services.util.TypedResourceManager;
import io.buji.pac4j.subject.Pac4jPrincipal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Context;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.credential.PasswordService;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.subject.Subject;
import org.pac4j.core.profile.CommonProfile;
import org.restlet.data.Status;
import org.slf4j.cal10n.LocLogger;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;
import org.springframework.jdbc.datasource.init.ScriptUtils;

@Path("/")
/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/rest/resources/impl/SecurityApplicationResource.class */
public class SecurityApplicationResource extends JaxrsResourceBase {
    Manager a = Manager.getInstance();
    private static ResourceManager b = new TypedResourceManager(SecurityResource.class);
    private static LocLogger c = LogUtil.getLocLogger(SecurityApplicationResource.class, b);

    @GET
    @Path("login")
    @Template(name = "login_security.ftl")
    public Map<String, Object> getLoginPage(@Context HttpServletRequest httpServletRequest) {
        int indexOf;
        if (StringUtils.isBlank(ShiroUtil.getReferer(httpServletRequest))) {
            String header = httpServletRequest.getHeader(HttpHeader.REFERER_LC);
            String contextPath = httpServletRequest.getContextPath();
            if (StringUtils.isNotBlank(header) && StringUtils.isNotBlank(contextPath) && (indexOf = header.indexOf(contextPath)) != -1) {
                httpServletRequest.getSession().setAttribute(ShiroUtil.SHIRO_REQUEST_REFERER, header.substring(indexOf));
            }
        }
        HashMap hashMap = new HashMap();
        CasRealm casRealm = ShiroUtil.getCasRealm();
        if (casRealm != null && casRealm.isEnabled() && StringUtils.isNotBlank(casRealm.getLoginURL(httpServletRequest))) {
            hashMap.put("casRealmEnabled", "true");
            hashMap.put("casLoginURL", Tool.encodeURLWithUTF8(casRealm.getLoginURL(httpServletRequest)));
        } else {
            hashMap.put("casRealmEnabled", "false");
        }
        a(hashMap, httpServletRequest);
        return hashMap;
    }

    private static void a(Map<String, Object> map, HttpServletRequest httpServletRequest) {
        Server current = ServerContainer.getCurrent();
        if (current == null) {
            return;
        }
        List<OAuthConfig> oAuthConfigs = current.getConfig().getOAuthConfigs();
        String a = a(httpServletRequest);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        for (OAuthConfig oAuthConfig : oAuthConfigs) {
            if (oAuthConfig.enabled && !StringUtils.isBlank(oAuthConfig.loginType)) {
                String upperCase = oAuthConfig.loginType.toUpperCase();
                if (!arrayList4.contains(upperCase)) {
                    arrayList2.add(oAuthConfig);
                    arrayList4.add(upperCase);
                }
                if (!arrayList3.contains(upperCase) && oAuthConfig.redirectDomain.toLowerCase().contains(a)) {
                    arrayList.add(oAuthConfig);
                    arrayList3.add(upperCase);
                }
            }
        }
        if (!arrayList.isEmpty()) {
            map.put("oAuthConfigs", arrayList);
        }
        if (arrayList2.isEmpty()) {
            return;
        }
        map.put("oAuthStatus", arrayList2);
    }

    private static String a(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getServerName().toLowerCase();
    }

    @POST
    @Path("login")
    @Template(name = "login_security.ftl")
    public Object getLoginFailPage(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, LoginPostParameter loginPostParameter) {
        return SecurityResourceUtils.doLogin(httpServletRequest, httpServletResponse, this.a, loginPostParameter);
    }

    @Path("tokens")
    public TokenServiceResource getTokenService() {
        return new TokenServiceResource();
    }

    @GET
    @Path(DefaultBeanDefinitionDocumentReader.PROFILE_ATTRIBUTE)
    @Template(name = "profile.ftl")
    public ProfileContent getCurrentProfile(@Context HttpServletRequest httpServletRequest) {
        Collection roles;
        Collection roles2;
        User user = null;
        ServerConfiguration serverConfiguration = (ServerConfiguration) getServletConfig().getServletContext().getAttribute("com.supermap.server.ServerConfiguration");
        List<InstanceInfo> allInstanceInfos = serverConfiguration.getAllInstanceInfos();
        ArrayList arrayList = new ArrayList(allInstanceInfos.size());
        Iterator<InstanceInfo> it = allInstanceInfos.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().name);
        }
        List<String> filterAccessAllowedServices = SecurityUtility.filterAccessAllowedServices(arrayList, httpServletRequest);
        String[] strArr = (String[]) filterAccessAllowedServices.toArray(new String[filterAccessAllowedServices.size()]);
        List<ComponentSetting> listComponentSettings = serverConfiguration.listComponentSettings();
        List<ComponentSettingSet> listComponentSettingSets = serverConfiguration.listComponentSettingSets();
        ArrayList arrayList2 = new ArrayList();
        for (ComponentSetting componentSetting : listComponentSettings) {
            if (componentSetting != null && componentSetting.name != null) {
                arrayList2.add(componentSetting.name + ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER);
            }
        }
        for (ComponentSettingSet componentSettingSet : listComponentSettingSets) {
            if (componentSettingSet != null && componentSettingSet.name != null) {
                arrayList2.add(componentSettingSet.name + ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER);
            }
        }
        String[] strArr2 = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
        String currentUserName = HttpUtil.getCurrentUserName(httpServletRequest);
        boolean z = true;
        if (currentUserName == null) {
            user = User.newAnonymousUser();
            z = false;
        } else {
            Subject subject = SecurityUtils.getSubject();
            Collection fromRealm = subject.getPrincipals().fromRealm(SecurityConstants.USERNAME_PW_REALM);
            if (fromRealm != null && !fromRealm.isEmpty()) {
                user = this.a.getUser(currentUserName);
                if (user == null) {
                    user = new User();
                    user.name = currentUserName;
                    user.roles = new String[0];
                    z = false;
                }
            } else if (ShiroUtil.isCasRealmEnabled()) {
                user = new User();
                user.name = currentUserName;
                AuthorizationInfo doGetAuthorizationInfo = ShiroUtil.getCasRealm().doGetAuthorizationInfo(SecurityUtils.getSubject().getPrincipals(), null);
                if (doGetAuthorizationInfo != null && (roles2 = doGetAuthorizationInfo.getRoles()) != null) {
                    user.roles = (String[]) roles2.toArray(new String[roles2.size()]);
                }
                user.description = "cas user.";
                z = false;
            } else if (ShiroUtil.isLdapRealmEnabled()) {
                user = new User();
                user.name = currentUserName;
                LdapRealm ldapRealm = ShiroUtil.getLdapRealm();
                AuthorizationInfo authorizationInfo = null;
                try {
                    authorizationInfo = ldapRealm.doQueryForAuthorizationInfo(SecurityUtils.getSubject().getPrincipals(), null, ldapRealm.getContextFactory());
                } catch (NamingException e) {
                    c.debug(e.getMessage(), e);
                }
                if (authorizationInfo != null && (roles = authorizationInfo.getRoles()) != null) {
                    user.roles = (String[]) roles.toArray(new String[roles.size()]);
                }
                user.description = "ldap user.";
                z = false;
            }
            if (subject.getPrincipals() != null && subject.getPrincipals().oneByType(Pac4jPrincipal.class) != null) {
                user = new User();
                user.name = currentUserName;
                CommonProfile profile = ((Pac4jPrincipal) subject.getPrincipals().oneByType(Pac4jPrincipal.class)).getProfile();
                user.roles = (String[]) profile.getRoles().toArray(new String[profile.getRoles().size()]);
                user.description = "Keycloak user.";
                z = false;
            }
        }
        return new ProfileContent(user, strArr, strArr2, z);
    }

    @Path(DefaultBeanDefinitionDocumentReader.PROFILE_ATTRIBUTE)
    @PUT
    @Template(name = "profile.ftl")
    public MethodResult updateCurrentProfile(@Context HttpServletRequest httpServletRequest, UpdatePasswordUser updatePasswordUser) {
        MethodResult methodResult = new MethodResult();
        PasswordService passwordService = this.a.getPasswordService();
        if (this.a.getUser(updatePasswordUser.name) == null) {
            HttpError httpError = new HttpError(400, b.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCE_USER_NOTEXIST, updatePasswordUser.name));
            methodResult.setSucceed(false);
            methodResult.setError(httpError);
        } else if (passwordService.passwordsMatch(updatePasswordUser.oldPassword, this.a.getUser(updatePasswordUser.name).password)) {
            User copy = this.a.getUser(updatePasswordUser.name).copy();
            copy.password = updatePasswordUser.password;
            this.a.alterUser(copy.name, copy);
            methodResult.setSucceed(true);
        } else {
            HttpError httpError2 = new HttpError(401, b.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCE_INITIALPASSWORD_INCORRECT, new Object[0]));
            methodResult.setSucceed(false);
            methodResult.setError(httpError2);
        }
        return methodResult;
    }

    @GET
    @Path("error")
    @Template(name = "authorizeFail.ftl")
    public String showSSOError(@Context HttpServletRequest httpServletRequest) {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        return stringBuffer.substring(0, stringBuffer.length() - 5) + "logout";
    }

    @Path("login/{loginType}")
    public OAuthLoginResource oAuthLogin(@PathParam("loginType") String str) {
        OAuth2Client oAuth2Client = ExtendedOAuthManager.getInstance().getOAuth2Client(str);
        if (oAuth2Client != null) {
            return new OAuthLoginResource(oAuth2Client);
        }
        HttpException httpException = new HttpException();
        httpException.setErrorStatus(Status.CLIENT_ERROR_NOT_FOUND);
        throw httpException;
    }

    @Path("login/{loginType}/callback")
    public OAuthLoginCallbackResource loginCallBack(@PathParam("loginType") String str) {
        OAuth2Client oAuth2Client = ExtendedOAuthManager.getInstance().getOAuth2Client(str);
        if (oAuth2Client != null && !StringUtils.isBlank(str)) {
            return new OAuthLoginCallbackResource(oAuth2Client, str);
        }
        HttpException httpException = new HttpException();
        httpException.setErrorStatus(Status.CLIENT_ERROR_NOT_FOUND);
        throw httpException;
    }

    @Path("login/{loginType}/first")
    public OAuthFirstTimeLoginResource first(@PathParam("loginType") String str) {
        OAuth2Client oAuth2Client = ExtendedOAuthManager.getInstance().getOAuth2Client(str);
        if (oAuth2Client != null && !StringUtils.isBlank(str)) {
            return new OAuthFirstTimeLoginResource(oAuth2Client, str);
        }
        HttpException httpException = new HttpException();
        httpException.setErrorStatus(Status.CLIENT_ERROR_NOT_FOUND);
        throw httpException;
    }

    @Path("login/notfirst")
    public OAuthNotFirstTimeLoginResource notFirst() {
        return new OAuthNotFirstTimeLoginResource();
    }

    @Path("login/bind")
    public BindOAuth2UserResource bindUser() {
        return new BindOAuth2UserResource();
    }

    @Path("/oauth2")
    public OAuth2Resource getOAuthResource() {
        return new OAuth2Resource();
    }
}
