package org.fenixedu.bennu.cas.client.api;

import com.google.common.base.Strings;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Locale;
import java.util.Optional;
import java.util.concurrent.Callable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.fenixedu.bennu.cas.client.CASClientConfiguration;
import org.fenixedu.bennu.core.domain.User;
import org.fenixedu.bennu.core.domain.UserProfile;
import org.fenixedu.bennu.core.domain.exceptions.AuthorizationException;
import org.fenixedu.bennu.core.security.Authenticate;
import org.fenixedu.bennu.portal.servlet.PortalLoginServlet;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pt.ist.esw.advice.Advice;
import pt.ist.esw.advice.pt.ist.fenixframework.AtomicInstance;
import pt.ist.fenixframework.Atomic;
import pt.ist.fenixframework.atomic.AtomicContextFactory;

@Path("/cas-client/login")
/* loaded from: input_file:org/fenixedu/bennu/cas/client/api/CASResource.class */
public class CASResource {
    private final TicketValidator validator = new Cas20ServiceTicketValidator(CASClientConfiguration.getConfiguration().casServerUrl());
    public static final Advice advice$attemptBootstrapUser = AtomicContextFactory.getInstance().newAdvice(new AtomicInstance(Atomic.TxMode.WRITE, true));
    private static final Logger logger = LoggerFactory.getLogger(CASResource.class);

    @GET
    @Path("/{callback}")
    public Response returnFromCAS(@QueryParam("ticket") String str, @PathParam("callback") String str2, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws UnsupportedEncodingException, URISyntaxException {
        if (!CASClientConfiguration.getConfiguration().casEnabled().booleanValue()) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        if (Strings.isNullOrEmpty(str)) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Optional<String> filter = decode(str2).filter(PortalLoginServlet::validateCallback);
        if (!filter.isPresent()) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        String str3 = filter.get();
        try {
            Authenticate.logout(httpServletRequest, httpServletResponse);
            String name = this.validator.validate(str, URLDecoder.decode(httpServletRequest.getRequestURL().toString(), "UTF-8")).getPrincipal().getName();
            Authenticate.login(httpServletRequest, httpServletResponse, getUser(name), "CAS Authentication");
            logger.trace("Logged in user {}, redirecting to {}", name, str3);
        } catch (TicketValidationException | AuthorizationException e) {
            logger.debug(e.getMessage(), e);
            str3 = str3 + (str3.contains("?") ? "&" : "?") + "login_failed=true";
        }
        return Response.status(Response.Status.FOUND).location(new URI(str3)).build();
    }

    private static Optional<String> decode(String str) {
        try {
            return Optional.of(new String(Base64.getUrlDecoder().decode(str), StandardCharsets.UTF_8));
        } catch (IllegalArgumentException e) {
            return Optional.empty();
        }
    }

    private User getUser(String str) {
        User findByUsername = User.findByUsername(str);
        if (findByUsername == null) {
            findByUsername = attemptBootstrapUser(str);
        }
        return findByUsername;
    }

    private static User attemptBootstrapUser(final String str) {
        return (User) advice$attemptBootstrapUser.perform(new Callable<User>(str) { // from class: org.fenixedu.bennu.cas.client.api.CASResource$callable$attemptBootstrapUser
            private final String arg0;

            {
                this.arg0 = str;
            }

            @Override // java.util.concurrent.Callable
            public User call() {
                return CASResource.advised$attemptBootstrapUser(this.arg0);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ User advised$attemptBootstrapUser(String str) {
        User findByUsername = User.findByUsername(str);
        if (findByUsername != null) {
            return findByUsername;
        }
        logger.info("Created new user for {}", str);
        return new User(str, new UserProfile("Unknown", "User", (String) null, (String) null, (Locale) null));
    }
}
