package org.ametys.plugins.mobileapp.action;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import org.ametys.core.authentication.CredentialProvider;
import org.ametys.core.authentication.token.AuthenticationTokenManager;
import org.ametys.core.cocoon.JSonReader;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.population.PopulationContextHelper;
import org.ametys.core.user.population.UserPopulation;
import org.ametys.core.user.population.UserPopulationDAO;
import org.ametys.core.util.JSONUtils;
import org.ametys.core.util.URIUtils;
import org.ametys.plugins.core.impl.authentication.FormCredentialProvider;
import org.apache.avalon.framework.parameters.ParameterException;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/ametys/plugins/mobileapp/action/GetTokenAction.class */
public class GetTokenAction extends ServiceableAction {
    protected AuthenticationTokenManager _authenticationTokenManager;
    protected UserPopulationDAO _userPopulationDAO;
    protected PopulationContextHelper _populationContextHelper;
    protected CurrentUserProvider _currentUserProvider;
    protected JSONUtils _jsonUtils;

    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._authenticationTokenManager = (AuthenticationTokenManager) serviceManager.lookup(AuthenticationTokenManager.ROLE);
        this._userPopulationDAO = (UserPopulationDAO) serviceManager.lookup(UserPopulationDAO.ROLE);
        this._populationContextHelper = (PopulationContextHelper) serviceManager.lookup(PopulationContextHelper.ROLE);
        this._currentUserProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
        this._jsonUtils = (JSONUtils) serviceManager.lookup(JSONUtils.ROLE);
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        HashMap hashMap = new HashMap();
        Request request = ObjectModelHelper.getRequest(map);
        if (this._currentUserProvider.getUser() != null) {
            String generateToken = this._authenticationTokenManager.generateToken(0L, "mobileapp", "Token for the mobile app");
            hashMap.put("code", 200);
            hashMap.put("token", generateToken);
        } else {
            ServletInputStream inputStream = ((HttpServletRequest) map.get("httprequest")).getInputStream();
            try {
                String str2 = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
                if (inputStream != null) {
                    inputStream.close();
                }
                Map convertJsonToMap = this._jsonUtils.convertJsonToMap(str2);
                String parameter = convertJsonToMap.containsKey("login") ? (String) convertJsonToMap.get("login") : request.getParameter("login");
                String parameter2 = convertJsonToMap.containsKey("password") ? (String) convertJsonToMap.get("password") : request.getParameter("password");
                boolean z = false;
                if (StringUtils.isNotBlank(parameter)) {
                    z = authenticate(parameter, parameter2, request, sourceResolver, parameters);
                }
                if (z) {
                    String generateToken2 = this._authenticationTokenManager.generateToken(0L, "mobileapp", "Token for the mobile app");
                    hashMap.put("code", 200);
                    hashMap.put("token", generateToken2);
                    this._currentUserProvider.logout();
                } else {
                    hashMap.put("code", 401);
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        request.setAttribute(JSonReader.OBJECT_TO_READ, hashMap);
        return EMPTY_MAP;
    }

    private boolean authenticate(String str, String str2, Request request, SourceResolver sourceResolver, Parameters parameters) throws ParameterException {
        String parameter = parameters.getParameter("site");
        boolean z = false;
        for (String str3 : List.of("/sites/" + parameter, "/sites-fo/" + parameter)) {
            Stream stream = this._populationContextHelper.getUserPopulationsOnContexts(List.of(str3), false, false).stream();
            UserPopulationDAO userPopulationDAO = this._userPopulationDAO;
            Objects.requireNonNull(userPopulationDAO);
            for (Map.Entry entry : ((Map) stream.map(userPopulationDAO::getUserPopulation).collect(Collectors.toMap(Function.identity(), userPopulation -> {
                return userPopulation.getCredentialProviders();
            }))).entrySet()) {
                UserPopulation userPopulation2 = (UserPopulation) entry.getKey();
                List list = (List) entry.getValue();
                for (int i = 0; i < list.size(); i++) {
                    if (((CredentialProvider) list.get(i)) instanceof FormCredentialProvider) {
                        try {
                            request.setAttribute("Runtime:RequestAuthenticated", "false");
                            z = true;
                            sourceResolver.resolveURI("cocoon:/authenticate?" + ((((("Username=" + URIUtils.encodeParameter(str)) + "&Password=" + URIUtils.encodeParameter(str2)) + "&UserPopulation=" + URIUtils.encodeParameter(userPopulation2.getId())) + "&CredentialProviderIndex=" + i) + "&context=" + URIUtils.encodeParameter(str3)));
                            if (this._currentUserProvider.getUser() != null) {
                                break;
                            }
                        } catch (IOException e) {
                            getLogger().error("Impossible to test logins on population '" + userPopulation2.getId() + "' using credential provider at position '" + i + "'");
                        }
                    }
                }
            }
            if (!z) {
                getLogger().error("Error while logging-in from the mobile application to the '" + parameter + "' site. At least one population should be configured with a form credential provider.");
            }
        }
        return this._currentUserProvider.getUser() != null;
    }
}
