package eu.dnetlib.functionality.modular.ui.users;

import com.google.gson.Gson;
import java.net.URLDecoder;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/dnet-modular-uis-1.0.0-20211119.084646-42.jar:eu/dnetlib/functionality/modular/ui/users/SimpleSSOAuthorizationManager.class */
public class SimpleSSOAuthorizationManager implements AuthorizationManager {
    private static final Log log = LogFactory.getLog(SimpleSSOAuthorizationManager.class);
    private Resource pubKeyFile = new ClassPathResource("/eu/dnetlib/functionality/modular/ui/users/pubkey.der");
    private String pubKeyAlgo = "RSA";
    private String signatureAlgo = "SHA1withRSA";
    private PublicKey publicKey;
    private AuthorizationDAO authorizationDAO;
    private String defaultSuperAdmin;

    @Override // eu.dnetlib.functionality.modular.ui.users.AuthorizationManager
    public User obtainUserDetails(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getCookies() == null) {
            return null;
        }
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (cookie.getName().equalsIgnoreCase("rinfra-user")) {
                try {
                    return processCookie(cookie.getValue());
                } catch (Exception e) {
                    log.error("Error processing cookie: " + cookie.getValue(), e);
                    return null;
                }
            }
        }
        return null;
    }

    private User processCookie(String str) throws Exception {
        if (str == null || str.isEmpty()) {
            return null;
        }
        Gson gson = new Gson();
        Map map = (Map) gson.fromJson(new String(Base64.decodeBase64(URLDecoder.decode(str.trim(), "UTF-8"))), Map.class);
        String str2 = (String) map.get("payload");
        if (!isValidMessage(str2, (String) map.get("signature"))) {
            return null;
        }
        Map map2 = (Map) gson.fromJson(str2, Map.class);
        if (!map2.containsKey("uid")) {
            return null;
        }
        String str3 = (String) map2.get("uid");
        User user = new User(str3);
        user.setEmail((String) map2.get("email"));
        user.setFullname(map2.containsKey("fullname") ? (String) map2.get("fullname") : str3);
        user.setPermissionLevels(this.authorizationDAO.getPermissionLevels(str3));
        if (isDefaultSuperAdmin(str3)) {
            user.getPermissionLevels().add(PermissionLevel.SUPER_ADMIN);
        }
        return user;
    }

    private boolean isDefaultSuperAdmin(String str) {
        return (str == null || str.isEmpty() || !str.equals(getDefaultSuperAdmin())) ? false : true;
    }

    protected boolean isValidMessage(String str, String str2) {
        log.info("checking message " + str + " with sig " + str2);
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            log.error("Null  or empty values in message or signature");
            return false;
        }
        try {
            Signature signature = Signature.getInstance(getSignatureAlgo());
            signature.initVerify(getPublicKey());
            signature.update(str.getBytes());
            return signature.verify(Hex.decodeHex(str2.toCharArray()));
        } catch (Exception e) {
            log.error("Error verifyng signature", e);
            return false;
        }
    }

    public void init() throws Exception {
        setPublicKey(KeyFactory.getInstance(getPubKeyAlgo()).generatePublic(new X509EncodedKeySpec(IOUtils.toByteArray(getPubKeyFile().getInputStream()))));
    }

    public Resource getPubKeyFile() {
        return this.pubKeyFile;
    }

    @Required
    public void setPubKeyFile(Resource resource) {
        this.pubKeyFile = resource;
    }

    public String getPubKeyAlgo() {
        return this.pubKeyAlgo;
    }

    @Required
    public void setPubKeyAlgo(String str) {
        this.pubKeyAlgo = str;
    }

    public String getSignatureAlgo() {
        return this.signatureAlgo;
    }

    @Required
    public void setSignatureAlgo(String str) {
        this.signatureAlgo = str;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public AuthorizationDAO getAuthorizationDAO() {
        return this.authorizationDAO;
    }

    @Required
    public void setAuthorizationDAO(AuthorizationDAO authorizationDAO) {
        this.authorizationDAO = authorizationDAO;
    }

    public String getDefaultSuperAdmin() {
        return this.defaultSuperAdmin;
    }

    @Required
    public void setDefaultSuperAdmin(String str) {
        this.defaultSuperAdmin = str;
    }
}
