package org.apache.openmeetings.web.pages.auth;

import com.github.openjson.JSONException;
import com.github.openjson.JSONObject;
import de.agilecoders.wicket.core.markup.html.bootstrap.dialog.Modal;
import de.agilecoders.wicket.core.markup.html.bootstrap.dialog.TextContentModal;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.server.OAuth2Dao;
import org.apache.openmeetings.db.dao.user.IUserManager;
import org.apache.openmeetings.db.dto.user.OAuthUser;
import org.apache.openmeetings.db.entity.server.OAuthServer;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.util.OmException;
import org.apache.openmeetings.util.OpenmeetingsVariables;
import org.apache.openmeetings.web.app.Application;
import org.apache.openmeetings.web.app.WebSession;
import org.apache.openmeetings.web.common.OmModalCloseButton;
import org.apache.openmeetings.web.pages.BaseInitedPage;
import org.apache.openmeetings.web.room.IconTextModal;
import org.apache.wicket.Component;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.core.request.handler.IPartialPageRequestHandler;
import org.apache.wicket.markup.head.IHeaderResponse;
import org.apache.wicket.markup.head.OnDomReadyHeaderItem;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.ResourceModel;
import org.apache.wicket.request.IRequestParameters;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.flow.RedirectToUrlException;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.spring.injection.annot.SpringBean;
import org.apache.wicket.util.string.StringValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/openmeetings/web/pages/auth/SignInPage.class */
public class SignInPage extends BaseInitedPage {
    private static final long serialVersionUID = 1;
    private static final Logger log = LoggerFactory.getLogger(SignInPage.class);
    public static final String TOKEN_PARAM = "token";
    private SignInDialog signin;
    private final Modal<String> kick;
    private final Modal<String> forgetInfoDialog;
    private final ForgetPasswordDialog forget;
    private final Modal<String> registerInfoDialog;
    RegisterDialog r;

    @SpringBean
    private ConfigurationDao cfgDao;

    @SpringBean
    private IUserManager userManager;

    @SpringBean
    private OAuth2Dao oauthDao;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/openmeetings/web/pages/auth/SignInPage$AuthInfo.class */
    public static class AuthInfo {
        final String accessToken;
        final String refreshToken;
        final String tokenType;
        final String userId;
        final long expiresIn;

        AuthInfo(String str) {
            SignInPage.log.debug("AuthInfo={}", str);
            JSONObject jSONObject = new JSONObject(str);
            this.accessToken = jSONObject.optString("access_token");
            this.refreshToken = jSONObject.optString("refresh_token");
            this.tokenType = jSONObject.optString("token_type");
            this.userId = jSONObject.optString("user_id");
            this.expiresIn = jSONObject.optLong("expires_in");
        }

        public String toString() {
            return "AuthInfo [accessToken=" + this.accessToken + ", refreshToken=" + this.refreshToken + ", tokenType=" + this.tokenType + ", userId=" + this.userId + ", expiresIn=" + this.expiresIn + "]";
        }
    }

    public SignInPage() {
        this(new PageParameters());
    }

    public SignInPage(PageParameters pageParameters) {
        this.kick = new IconTextModal("kick") { // from class: org.apache.openmeetings.web.pages.auth.SignInPage.1
            private static final long serialVersionUID = 1;

            {
                withLabel((IModel<String>) new ResourceModel("606"));
                withErrorIcon();
                setCloseOnEscapeKey(false);
                show(true);
                setUseCloseHandler(true);
                addButton(OmModalCloseButton.of("54"));
            }

            protected void onClose(IPartialPageRequestHandler iPartialPageRequestHandler) {
                WebSession.setKickedByAdmin(false);
                Application.get().restartResponseAtSignInPage();
            }
        };
        this.forgetInfoDialog = new TextContentModal("forgetInfo", new ResourceModel("321")) { // from class: org.apache.openmeetings.web.pages.auth.SignInPage.2
            private static final long serialVersionUID = 1;

            protected void onClose(IPartialPageRequestHandler iPartialPageRequestHandler) {
                SignInPage.this.signin.show(iPartialPageRequestHandler);
            }
        };
        this.forget = new ForgetPasswordDialog("forget", this.forgetInfoDialog);
        this.registerInfoDialog = new TextContentModal("registerInfo", Model.of("")) { // from class: org.apache.openmeetings.web.pages.auth.SignInPage.3
            private static final long serialVersionUID = 1;

            protected void onInitialize() {
                super.onInitialize();
                setModelObject(getString("warn.notverified"));
                get("content").setOutputMarkupId(true);
            }

            public Modal<String> setModelObject(String str) {
                super.setModelObject(str);
                get("content").setDefaultModelObject(str);
                return this;
            }

            protected void onClose(IPartialPageRequestHandler iPartialPageRequestHandler) {
                SignInPage.this.signin.show(iPartialPageRequestHandler);
            }
        };
        this.r = new RegisterDialog("register", this.registerInfoDialog);
        WebSession.get().checkToken(pageParameters.get(TOKEN_PARAM));
        if (WebSession.get().isSignedIn()) {
            setResponsePage(Application.get().getHomePage());
        }
        StringValue stringValue = pageParameters.get("oauthid");
        if (!stringValue.isEmpty()) {
            try {
                long j = stringValue.toLong(-1L);
                OAuthServer oAuthServer = (OAuthServer) this.oauthDao.get(j);
                log.debug("OAuthServer={}", oAuthServer);
                if (oAuthServer == null) {
                    log.warn("OAuth server id={} not found", Long.valueOf(j));
                    return;
                }
                if (pageParameters.get("code").isNull()) {
                    showAuth(oAuthServer);
                } else {
                    String stringValue2 = pageParameters.get("code").toString();
                    log.debug("OAuth response code={}", stringValue2);
                    AuthInfo token = getToken(stringValue2, oAuthServer);
                    if (token == null) {
                        return;
                    }
                    log.debug("OAuthInfo={}", token);
                    loginViaOAuth2(getAuthParams(token, stringValue2, oAuthServer), j);
                }
            } catch (IOException | NoSuchAlgorithmException | JSONException e) {
                log.error("OAuth2 login error", e);
            }
        }
        IRequestParameters postParameters = RequestCycle.get().getRequest().getPostParameters();
        StringValue parameterValue = postParameters.getParameterValue("login");
        StringValue parameterValue2 = postParameters.getParameterValue("password");
        if (parameterValue.isEmpty() || parameterValue2.isEmpty()) {
            return;
        }
        try {
            if (WebSession.get().signIn(parameterValue.toString(), parameterValue2.toString(), User.Type.USER, null)) {
                setResponsePage(Application.get().getHomePage());
            } else {
                log.error("Failed to login using POST parameters passed");
            }
        } catch (OmException e2) {
            log.error("Exception while login with POST parameters passed", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.openmeetings.web.pages.BasePage
    public void onInitialize() {
        super.onInitialize();
        this.signin = new SignInDialog("signin");
        this.signin.setRegisterDialog(this.r);
        this.signin.setForgetPasswordDialog(this.forget);
        this.r.setSignInDialog(this.signin);
        this.forget.setSignInDialog(this.signin);
        Component[] componentArr = new Component[4];
        componentArr[0] = this.signin.setVisible(!WebSession.get().isKickedByAdmin());
        componentArr[1] = this.r.setVisible(allowRegister());
        componentArr[2] = this.forget;
        componentArr[3] = this.kick.setVisible(WebSession.get().isKickedByAdmin());
        add(componentArr);
        add(new Component[]{this.forgetInfoDialog.header(new ResourceModel("312")).addButton(OmModalCloseButton.of("54")).setUseCloseHandler(true)});
        add(new Component[]{this.registerInfoDialog.header(new ResourceModel("235")).addButton(OmModalCloseButton.of("54")).setUseCloseHandler(true)});
    }

    @Override // org.apache.openmeetings.web.pages.BasePage
    public void renderHead(IHeaderResponse iHeaderResponse) {
        super.renderHead(iHeaderResponse);
        iHeaderResponse.render(OnDomReadyHeaderItem.forScript("$('#signin-dialog, #register-dialog, #forget-dialog').on('shown.bs.modal', function () {\n\t$(this).find('.auto-focus').trigger('focus');\n})"));
    }

    boolean allowRegister() {
        return OpenmeetingsVariables.isAllowRegisterFrontend();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean allowOAuthLogin() {
        return !this.oauthDao.getActive().isEmpty();
    }

    protected void onParameterArrival(IRequestParameters iRequestParameters, AjaxRequestTarget ajaxRequestTarget) {
        WebSession.get().setArea(getUrlFragment(iRequestParameters));
    }

    private static Map<String, String> getInitParams(OAuthServer oAuthServer) {
        HashMap hashMap = new HashMap();
        hashMap.put("{$client_id}", oAuthServer.getClientId());
        hashMap.put("{$redirect_uri}", getRedirectUri(oAuthServer));
        return hashMap;
    }

    public static void showAuth(OAuthServer oAuthServer) {
        String prepareUrl = prepareUrl(oAuthServer.getRequestKeyUrl(), getInitParams(oAuthServer));
        log.debug("redirectUrl={}", prepareUrl);
        throw new RedirectToUrlException(prepareUrl);
    }

    private static String prepareUrl(String str, Map<String, String> map) {
        String str2 = str;
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getValue() != null) {
                try {
                    str2 = str2.replace(entry.getKey(), URLEncoder.encode(entry.getValue(), StandardCharsets.UTF_8.name()));
                } catch (UnsupportedEncodingException e) {
                    log.error("Unexpected exception while encoding URI param {}", entry, e);
                }
            }
        }
        return str2;
    }

    public static String getRedirectUri(OAuthServer oAuthServer) {
        String str = "";
        if (oAuthServer.getId() != null) {
            str = Application.urlForPage(SignInPage.class, new PageParameters().add("oauthid", oAuthServer.getId()), OpenmeetingsVariables.getBaseUrl());
        }
        return str;
    }

    private void prepareConnection(URLConnection uRLConnection) {
        if ((uRLConnection instanceof HttpsURLConnection) && this.cfgDao.getBool("oauth2.ignore.bad.ssl", false)) {
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.apache.openmeetings.web.pages.auth.SignInPage.4
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
            try {
                HttpsURLConnection httpsURLConnection = (HttpsURLConnection) uRLConnection;
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                httpsURLConnection.setHostnameVerifier((str, sSLSession) -> {
                    return true;
                });
            } catch (Exception e) {
                log.error("[prepareConnection]", e);
            }
        }
    }

    private static Map<String, String> getParams(OAuthServer oAuthServer, String str, AuthInfo authInfo) {
        Map<String, String> initParams = getInitParams(oAuthServer);
        initParams.put("{$client_id}", oAuthServer.getClientId());
        initParams.put("{$client_secret}", oAuthServer.getClientSecret());
        if (authInfo != null) {
            initParams.put("{$access_token}", authInfo.accessToken);
            initParams.put("{$user_id}", authInfo.userId);
        }
        if (str != null) {
            initParams.put("{$code}", str);
        }
        return initParams;
    }

    private AuthInfo getToken(String str, OAuthServer oAuthServer) throws IOException {
        String requestTokenUrl = oAuthServer.getRequestTokenUrl();
        String prepareUrl = prepareUrl(oAuthServer.getRequestTokenAttributes(), getParams(oAuthServer, str, null));
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(requestTokenUrl).openConnection();
        prepareConnection(httpURLConnection);
        httpURLConnection.setRequestMethod(oAuthServer.getRequestTokenMethod().name());
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("charset", StandardCharsets.UTF_8.name());
        httpURLConnection.setRequestProperty("Content-Length", String.valueOf(prepareUrl.length()));
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setUseCaches(false);
        DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
        dataOutputStream.writeBytes(prepareUrl);
        dataOutputStream.flush();
        String iOUtils = IOUtils.toString(httpURLConnection.getInputStream(), StandardCharsets.UTF_8);
        AuthInfo authInfo = new AuthInfo(iOUtils);
        if (authInfo.accessToken != null) {
            return authInfo;
        }
        log.error("Response doesn't contain access_token field:\n {}", iOUtils);
        return null;
    }

    private OAuthUser getAuthParams(AuthInfo authInfo, String str, OAuthServer oAuthServer) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(prepareUrl(oAuthServer.getRequestInfoUrl(), getParams(oAuthServer, str, authInfo))).openConnection();
        if (oAuthServer.getRequestInfoMethod() == OAuthServer.RequestInfoMethod.HEADER) {
            httpURLConnection.setRequestProperty("Authorization", String.format("Bearer %s", authInfo.accessToken));
        } else {
            httpURLConnection.setRequestMethod(oAuthServer.getRequestInfoMethod().name());
        }
        prepareConnection(httpURLConnection);
        String iOUtils = IOUtils.toString(httpURLConnection.getInputStream(), StandardCharsets.UTF_8);
        log.debug("User info={}", iOUtils);
        return new OAuthUser(iOUtils, oAuthServer);
    }

    private void loginViaOAuth2(OAuthUser oAuthUser, long j) throws IOException, NoSuchAlgorithmException {
        User loginOAuth = this.userManager.loginOAuth(oAuthUser, j);
        if (loginOAuth == null || !WebSession.get().signIn(loginOAuth)) {
            log.error("Failed to login via OAuth2!");
        } else {
            setResponsePage(Application.get().getHomePage());
        }
    }
}
