package at.letto.lti.controller;

import at.letto.lti.model.dto.LoginInitiationDTO;
import at.letto.lti.model.lti.PlatformDeployment;
import at.letto.lti.repository.PlatformDeploymentRepository;
import at.letto.lti.service.LTIDataService;
import at.letto.lti.utils.LtiStrings;
import at.letto.lti.utils.TextConstants;
import at.letto.lti.utils.lti.LtiOidcUtils;
import com.google.common.hash.Hashing;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.batik.constants.XMLConstants;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.view.RedirectView;

@RequestMapping({"/oidc"})
@Scope("session")
@Controller
/* loaded from: input_file:BOOT-INF/classes/at/letto/lti/controller/OIDCController.class */
public class OIDCController {
    static final Logger log = LoggerFactory.getLogger((Class<?>) OIDCController.class);

    @Autowired
    PlatformDeploymentRepository platformDeploymentRepository;

    @Autowired
    LTIDataService ltiDataService;

    @RequestMapping({"/login_initiations"})
    public RedirectView loginInitiations(HttpServletRequest httpServletRequest, Model model) {
        LoginInitiationDTO loginInitiationDTO = new LoginInitiationDTO(httpServletRequest);
        String clientId = loginInitiationDTO.getClientId();
        String ltiDeploymentId = loginInitiationDTO.getLtiDeploymentId();
        List<PlatformDeployment> findByIss = this.platformDeploymentRepository.findByIss(loginInitiationDTO.getIss());
        if (findByIss.isEmpty()) {
            model.addAttribute(TextConstants.ERROR, "Not found any existing tool deployment with iss: " + loginInitiationDTO.getIss() + " clientId: " + clientId + " deploymentId: " + ltiDeploymentId);
            return new RedirectView(TextConstants.LTI3ERROR);
        }
        PlatformDeployment platformDeployment = findByIss.get(0);
        if (findByIss.size() == 1 && (clientId == null || ltiDeploymentId == null)) {
            if (clientId == null) {
                clientId = platformDeployment.getClientId();
            }
            if (ltiDeploymentId == null) {
                ltiDeploymentId = platformDeployment.getDeploymentId();
            }
        }
        try {
            Map<String, String> generateAuthRequestPayload = generateAuthRequestPayload(loginInitiationDTO, clientId, ltiDeploymentId, platformDeployment.getOidcEndpoint());
            HttpSession session = httpServletRequest.getSession();
            List arrayList = session.getAttribute("lti_state") != null ? (List) session.getAttribute("lti_state") : new ArrayList();
            String str = generateAuthRequestPayload.get("state");
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
            session.setAttribute("lti_state", arrayList);
            List arrayList2 = session.getAttribute("lti_nonce") != null ? (List) session.getAttribute("lti_nonce") : new ArrayList();
            String str2 = generateAuthRequestPayload.get("nonce");
            if (!arrayList2.contains(str2)) {
                arrayList2.add(str2);
            }
            session.setAttribute("lti_nonce", arrayList2);
            RedirectView redirectView = new RedirectView(generateAuthRequestPayload.get("oidcEndpointComplete"));
            redirectView.setExpandUriTemplateVariables(false);
            return redirectView;
        } catch (Exception e) {
            model.addAttribute(TextConstants.ERROR, ExceptionUtils.getStackTrace(e));
            return new RedirectView(TextConstants.LTI3ERROR);
        }
    }

    private Map<String, String> generateAuthRequestPayload(LoginInitiationDTO loginInitiationDTO, String str, String str2, String str3) throws GeneralSecurityException, IOException {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put("client_id", str);
        }
        hashMap.put(LtiStrings.OIDC_LOGIN_HINT, loginInitiationDTO.getLoginHint());
        hashMap.put(LtiStrings.OIDC_LTI_MESSAGE_HINT, loginInitiationDTO.getLtiMessageHint());
        String uuid = UUID.randomUUID().toString();
        String hashCode = Hashing.sha256().hashString(uuid, StandardCharsets.UTF_8).toString();
        hashMap.put("nonce", uuid);
        hashMap.put("nonce_hash", hashCode);
        hashMap.put("prompt", "none");
        hashMap.put("redirect_uri", loginInitiationDTO.getTargetLinkUri());
        hashMap.put("response_mode", LtiStrings.OIDC_FORM_POST);
        hashMap.put("response_type", "id_token");
        hashMap.put("scope", "openid");
        hashMap.put("state", LtiOidcUtils.generateState(this.ltiDataService, hashMap, loginInitiationDTO, str, str2));
        hashMap.put("oidcEndpoint", str3);
        hashMap.put("oidcEndpointComplete", generateCompleteUrl(hashMap));
        return hashMap;
    }

    private String generateCompleteUrl(Map<String, String> map) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        sb.append(map.get("oidcEndpoint"));
        return addParameter(addParameter(addParameter(addParameter(addParameter(addParameter(addParameter(addParameter(map.get("client_id") != null ? addParameter(addParameter(sb, "client_id", map.get("client_id"), true), LtiStrings.OIDC_LOGIN_HINT, map.get(LtiStrings.OIDC_LOGIN_HINT), false) : addParameter(sb, LtiStrings.OIDC_LOGIN_HINT, map.get(LtiStrings.OIDC_LOGIN_HINT), true), LtiStrings.OIDC_LTI_MESSAGE_HINT, map.get(LtiStrings.OIDC_LTI_MESSAGE_HINT), false), "nonce", map.get("nonce_hash"), false), "prompt", map.get("prompt"), false), "redirect_uri", map.get("redirect_uri"), false), "response_mode", map.get("response_mode"), false), "response_type", map.get("response_type"), false), "scope", map.get("scope"), false), "state", map.get("state"), false).toString();
    }

    private StringBuilder addParameter(StringBuilder sb, String str, String str2, boolean z) throws UnsupportedEncodingException {
        if (str2 != null) {
            if (z) {
                sb.append("?").append(str).append(XMLConstants.XML_EQUAL_SIGN);
            } else {
                sb.append(BeanFactory.FACTORY_BEAN_PREFIX).append(str).append(XMLConstants.XML_EQUAL_SIGN);
            }
            sb.append(str2);
        }
        return sb;
    }
}
