package com.hazelcast.webmonitor.controller.internal;

import ch.qos.logback.classic.spi.CallerData;
import com.hazelcast.webmonitor.repositories.sql.GroupedSettingsDAO;
import com.hazelcast.webmonitor.security.CustomAuthenticationFailureHandler;
import com.hazelcast.webmonitor.security.UserHasNoRolesException;
import com.hazelcast.webmonitor.security.spi.SecurityConfigApiException;
import com.hazelcast.webmonitor.security.spi.impl.AuthenticationManagerImpl;
import com.hazelcast.webmonitor.security.spi.impl.oidc.OidcConfig;
import com.hazelcast.webmonitor.security.spi.impl.oidc.OidcHelper;
import com.hazelcast.webmonitor.security.spi.impl.oidc.OidcSecurityProvider;
import com.hazelcast.webmonitor.security.spi.impl.oidc.PersistentOidcConfig;
import com.nimbusds.oauth2.sdk.ParseException;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/com/hazelcast/webmonitor/controller/internal/OidcController.class
 */
@Controller
/* loaded from: input_file:com/hazelcast/webmonitor/controller/internal/OidcController.class */
public class OidcController {
    public static final String AUTH_CODE_ENDPOINT = "/oidc/auth";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcController.class);
    private final AuthenticationManagerImpl authenticationManager;
    private final PersistentOidcConfig oidcConfig;

    public OidcController(AuthenticationManagerImpl authenticationManagerImpl, GroupedSettingsDAO groupedSettingsDAO) {
        this.authenticationManager = authenticationManagerImpl;
        this.oidcConfig = new PersistentOidcConfig(groupedSettingsDAO);
    }

    @PostMapping(value = {"/oidc/sso"}, produces = {"text/html; charset=utf-8"})
    public void sso(HttpServletResponse httpServletResponse, HttpSession httpSession) throws IOException {
        ensureOidcConfigured();
        String generateAuthenticationRequestURL = OidcHelper.generateAuthenticationRequestURL(httpSession, this.oidcConfig.get());
        LOGGER.debug("Redirecting user to authentication request URL {}.", generateAuthenticationRequestURL);
        httpServletResponse.sendRedirect(generateAuthenticationRequestURL);
    }

    @GetMapping(value = {AUTH_CODE_ENDPOINT}, produces = {"text/html; charset=utf-8"})
    public void handleAuthCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws ParseException, URISyntaxException, IOException {
        ensureOidcConfigured();
        URI uri = new URI(httpServletRequest.getRequestURL().toString() + CallerData.NA + httpServletRequest.getQueryString());
        OidcConfig oidcConfig = this.oidcConfig.get();
        OidcHelper.User completeAuthentication = OidcHelper.completeAuthentication(httpSession, uri, oidcConfig);
        try {
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(completeAuthentication.getName(), null, OidcHelper.mapGroupsToRoles(completeAuthentication, oidcConfig)));
            LOGGER.debug("Authenticated user {} via OpenID Connect.", completeAuthentication);
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/");
        } catch (UserHasNoRolesException e) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + CustomAuthenticationFailureHandler.USER_HAS_NO_ROLES_PAGE_URL);
        }
    }

    private void ensureOidcConfigured() {
        if (!(this.authenticationManager.getCurrentSecurityProvider() instanceof OidcSecurityProvider)) {
            throw new SecurityConfigApiException("To use single sign-on, you need to configure OpenID Connect security provider first.");
        }
    }
}
