package io.gravitee.am.management.handlers.management.api.authentication.controller;

import io.gravitee.am.common.crypto.CryptoUtils;
import io.gravitee.am.common.jwt.Claims;
import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.common.utils.SecureRandomString;
import io.gravitee.am.identityprovider.api.social.SocialAuthenticationProvider;
import io.gravitee.am.jwt.JWTBuilder;
import io.gravitee.am.management.handlers.management.api.authentication.manager.idp.IdentityProviderManager;
import io.gravitee.am.management.handlers.management.api.authentication.provider.generator.RedirectCookieGenerator;
import io.gravitee.am.management.handlers.management.api.utils.RedirectUtils;
import io.gravitee.am.service.OrganizationService;
import io.gravitee.am.service.ReCaptchaService;
import io.reactivex.rxjava3.core.Single;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Key;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.util.UriComponentsBuilder;

@Controller
/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/authentication/controller/LoginController.class */
public class LoginController {
    public static final String ORGANIZATION_PARAMETER_NAME = "org";
    private static final String LOGIN_VIEW = "login";

    @Autowired
    private OrganizationService organizationService;

    @Autowired
    private IdentityProviderManager identityProviderManager;

    @Autowired
    private ReCaptchaService reCaptchaService;

    @Autowired
    @Qualifier("managementJwtBuilder")
    private JWTBuilder jwtBuilder;

    @Autowired
    @Qualifier("managementSecretKey")
    private Key key;

    @Value("${security.socialProviderStateExpirationSeconds:900}")
    private int socialIdpStateExpirationSeconds;
    private static final Logger LOGGER = LoggerFactory.getLogger(LoginController.class);
    private static final Map<String, String> socialProviderTypes = Map.of("github-am-idp", "github", "google-am-idp", "google", "twitter-am-idp", "twitter", "facebook-am-idp", "facebook", "franceconnect-am-idp", "franceconnect", "azure-ad-am-idp", "microsoft", "linkedin-am-idp", "linkedin");

    private Duration getSocialIdpStateExpiration() {
        return Duration.ofSeconds(this.socialIdpStateExpirationSeconds);
    }

    @RequestMapping({"/login"})
    public ModelAndView login(HttpServletRequest httpServletRequest, @RequestParam(value = "org", defaultValue = "DEFAULT") String str) {
        HashMap hashMap = new HashMap();
        List list = null;
        try {
            list = ((List) this.organizationService.findById(str).map(organization -> {
                return (List) Optional.ofNullable(organization.getIdentities()).orElse(Collections.emptyList());
            }).blockingGet()).stream().map(str2 -> {
                return this.identityProviderManager.getIdentityProvider(str2);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter((v0) -> {
                return v0.isExternal();
            }).toList();
        } catch (Exception e) {
            LOGGER.error("An error has occurred while loading the organization social providers. It probably means that a social provider is not well started", e);
        }
        if (list != null && !list.isEmpty()) {
            Set set = (Set) list.stream().map(identityProvider -> {
                identityProvider.setType(socialProviderTypes.getOrDefault(identityProvider.getType(), identityProvider.getType()));
                return identityProvider;
            }).collect(Collectors.toSet());
            HashMap hashMap2 = new HashMap();
            list.forEach(identityProvider2 -> {
                String id = identityProvider2.getId();
                SocialAuthenticationProvider socialAuthenticationProvider = this.identityProviderManager.get(id);
                if (socialAuthenticationProvider != null) {
                    Instant now = Instant.now();
                    ((Optional) socialAuthenticationProvider.asyncSignInUrl(buildRedirectUri(httpServletRequest, id), new JWT(Map.of("nonce", SecureRandomString.generate(), "iat", Long.valueOf(now.getEpochSecond()), "exp", Long.valueOf(now.plus((TemporalAmount) getSocialIdpStateExpiration()).getEpochSecond()))), this::processState).map((v0) -> {
                        return Optional.ofNullable(v0);
                    }).blockingGet()).ifPresent(request -> {
                        hashMap2.put(id, request.getUri());
                    });
                }
            });
            hashMap.put("oauth2Providers", set);
            hashMap.put("socialProviders", set);
            hashMap.put("authorizeUrls", hashMap2);
        }
        hashMap.put("reCaptchaEnabled", Boolean.valueOf(this.reCaptchaService.isEnabled()));
        hashMap.put("reCaptchaSiteKey", this.reCaptchaService.getSiteKey());
        hashMap.put("org", str);
        return new ModelAndView(str + "#login", hashMap);
    }

    private Single<String> processState(JWT jwt) {
        for (String str : Claims.requireEncryption()) {
            if (jwt.containsKey(str)) {
                jwt.put(str, CryptoUtils.encrypt((String) jwt.get(str), this.key));
            }
        }
        return Single.just(this.jwtBuilder.sign(jwt));
    }

    @RequestMapping({"/login/callback"})
    public void loginCallback(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect((String) httpServletRequest.getAttribute(RedirectCookieGenerator.DEFAULT_REDIRECT_COOKIE_NAME));
    }

    private String buildRedirectUri(HttpServletRequest httpServletRequest, String str) {
        UriComponentsBuilder preBuildLocationHeader = RedirectUtils.preBuildLocationHeader(httpServletRequest);
        preBuildLocationHeader.path(httpServletRequest.getContextPath());
        preBuildLocationHeader.pathSegment(new String[]{"auth/login/callback"});
        preBuildLocationHeader.queryParam("provider", new Object[]{str});
        return preBuildLocationHeader.build().toUriString();
    }
}
