package org.openslx.dozmod.authentication;

import com.formdev.flatlaf.FlatClientProperties;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonSyntaxException;
import edu.kit.scc.dei.ecplean.ECPAuthenticationException;
import edu.kit.scc.dei.ecplean.ECPAuthenticator;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import org.apache.hc.client5.http.ClientProtocolException;
import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import org.apache.hc.core5.http.ParseException;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.xalan.templates.Constants;
import org.openslx.bwlp.thrift.iface.AuthorizationError;
import org.openslx.bwlp.thrift.iface.TAuthorizationException;
import org.openslx.dozmod.Branding;
import org.openslx.dozmod.util.ProxyConfigurator;

/* loaded from: input_file:org/openslx/dozmod/authentication/ShibbolethEcp.class */
public class ShibbolethEcp {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) ShibbolethEcp.class);
    private static final Gson GSON = new GsonBuilder().create();
    private static ServiceProviderResponse lastResponse = null;
    private static URL registrationUrl = null;
    public static final URI BWLP_SP;

    /* loaded from: input_file:org/openslx/dozmod/authentication/ShibbolethEcp$ReturnCode.class */
    public enum ReturnCode {
        NO_ERROR(0, "Authentication against the identity provider and request of the service provider resource worked."),
        IDENTITY_PROVIDER_ERROR(1, "Authentication against the identity provider failed."),
        UNREGISTERED_ERROR(2, "User not registered to use " + Branding.getServiceName() + Constants.ATTRVAL_THIS),
        SERVICE_PROVIDER_ERROR(3, "Invalid resource of the service provider."),
        INVALID_URL_ERROR(4, "Invalid URL received from master server."),
        GENERIC_ERROR(5, "Internal error.");

        private final int id;
        private final String msg;

        ReturnCode(int i, String str) {
            this.id = i;
            this.msg = str;
        }

        public int getId() {
            return this.id;
        }

        public String getMsg() {
            return this.msg;
        }
    }

    public static ServiceProviderResponse getResponse() {
        return lastResponse;
    }

    public static ReturnCode doLogin(String str, String str2, String str3) throws TAuthorizationException, URISyntaxException, ClientProtocolException, IOException, ParseException, JsonSyntaxException, MalformedURLException {
        if (BWLP_SP == null) {
            LOGGER.error("URI to service provider is not set. Check the initialization of 'BWLP_SP'.");
            return ReturnCode.GENERIC_ERROR;
        }
        if (str == null) {
            LOGGER.error("Identity provider is not set, did you initialize this class correctly?");
            return ReturnCode.GENERIC_ERROR;
        }
        if (str2 == null) {
            LOGGER.error("No username given, aborting...");
            return ReturnCode.GENERIC_ERROR;
        }
        if (str3 == null) {
            LOGGER.error("No password given, aborting...");
            return ReturnCode.GENERIC_ERROR;
        }
        ECPAuthenticator eCPAuthenticator = new ECPAuthenticator(ProxyConfigurator.getClient(), str2, str3, new URI(str), BWLP_SP);
        eCPAuthenticator.setRetryWithoutAt(true);
        try {
            CloseableHttpResponse authenticate = eCPAuthenticator.authenticate();
            if (authenticate.getCode() != 200) {
                LOGGER.error("SP does not return HTTP status code 200");
                throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, "SP says: " + authenticate.getReasonPhrase());
            }
            LOGGER.debug("Login complete, getting body");
            String entityUtils = EntityUtils.toString(authenticate.getEntity());
            try {
                lastResponse = (ServiceProviderResponse) GSON.fromJson(entityUtils, ServiceProviderResponse.class);
                if (lastResponse.status.equals("unregistered")) {
                    registrationUrl = new URL(lastResponse.url);
                    return ReturnCode.UNREGISTERED_ERROR;
                }
                if (lastResponse.status.equals(FlatClientProperties.OUTLINE_ERROR)) {
                    LOGGER.error("Server side error: " + lastResponse.error);
                    return ReturnCode.GENERIC_ERROR;
                }
                if (!lastResponse.status.equals("anonymous")) {
                    return lastResponse.status.equals("ok") ? ReturnCode.NO_ERROR : ReturnCode.GENERIC_ERROR;
                }
                LOGGER.error("IdP did not forward user account information to SP. Contact developer.");
                lastResponse.error = "Ihr Identity-Provider hat dem " + Branding.getServiceName() + "-System Ihre E-Mail oder Ihren Namen nicht mitgeteilt";
                return ReturnCode.GENERIC_ERROR;
            } catch (JsonSyntaxException e) {
                LOGGER.warn("Json data from Service Provider malformed", (Throwable) e);
                LOGGER.warn("Response was:\n" + entityUtils);
                throw e;
            }
        } catch (ECPAuthenticationException e2) {
            LOGGER.error("ECP Authentication Exception, see trace: ", (Throwable) e2);
            throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, e2.getMessage());
        }
    }

    public static URL getRegistrationUrl() {
        return registrationUrl;
    }

    static {
        URI uri;
        try {
            uri = new URI("https://" + Branding.getMasterServerAddress() + "/webif/shib/api.php");
        } catch (URISyntaxException e) {
            LOGGER.error("Bad URI syntax of the service provider, see trace: ", (Throwable) e);
            uri = null;
        }
        BWLP_SP = uri;
    }
}
