package org.n52.security.service.pap.binding.licman;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathException;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.axis.message.SOAPBodyElement;
import org.apache.axis.utils.Mapping;
import org.apache.log4j.Logger;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.n52.security.common.protocol.artifact.PolicyReference;
import org.n52.security.common.protocol.artifact.PolicyReferenceServiceException;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/n52/security/service/pap/binding/licman/LicenseManagerSoapFrontend.class */
public class LicenseManagerSoapFrontend {
    private static Logger sLogger;
    private static final String sSAMLAttributeNameLicManUrl = "urn:opengeospatial:ows4:geodrm:licenseManagerURL";
    private static final String sSAMLAttributeNameLicManRef = "urn:opengeospatial:ows4:geodrm:licenseID";
    private static final String sSAMLAttributeNamespace = "urn:opengeospatial:ows4:geodrm";
    private static DocumentBuilderFactory dbf;
    private static DocumentBuilder db;
    private static TransformerFactory sTransFac;
    private static Transformer sTransformer;
    private static XPathFactory sFactory;
    private static XPathExpression sGetLicenseReqType;
    private static XPathExpression sFirstLicenseId;
    private static LicenseManagerImpl mLicMan;
    private static LicenseFactory mLicFac;
    private static PrivateKey mPrivateKey;
    private static X509Certificate mCert;
    static Class class$org$n52$security$service$pap$binding$licman$LicenseManagerSoapFrontend;

    private static void init() {
        sLogger.info("Sarting LicenseManager SOAP frontend");
        dbf = DocumentBuilderFactory.newInstance();
        sTransFac = TransformerFactory.newInstance();
        dbf.setNamespaceAware(true);
        try {
            sFactory = XPathFactory.newInstance();
            db = dbf.newDocumentBuilder();
            sTransformer = sTransFac.newTransformer();
            sGetLicenseReqType = sFactory.newXPath().compile("/urn:ogc:ows4:licensemanager:GetLicense/*[1]");
            sFirstLicenseId = sFactory.newXPath().compile("//urn:ogc:ows4:licensemanager:LicenseId[1]/text()");
            mLicMan = new LicenseManagerImpl(ConfigProperties.getConfig("pap.file.savedir"), Long.parseLong(ConfigProperties.getConfig("prs.refs.max")), Long.parseLong(ConfigProperties.getConfig("prs.refs.invalidationCheckPeriod")), Boolean.valueOf("prs.refs.deleteCacheOnStartup").booleanValue(), ConfigProperties.getConfig("prs.refs.file"));
            mLicFac = LicenseFactory.getInstance();
            loadKeystore();
        } catch (ParserConfigurationException e) {
            sLogger.error("Could not create new document builder", e);
            throw new RuntimeException(e);
        } catch (TransformerException e2) {
            sLogger.error("Could not create new transformer", e2);
            throw new RuntimeException(e2);
        } catch (XPathException e3) {
            sLogger.error("Could not create XPath expression", e3);
            throw new RuntimeException(e3);
        }
    }

    public SOAPBodyElement[] GetLicense(SOAPBodyElement[] sOAPBodyElementArr) {
        if (sOAPBodyElementArr.length != 1) {
            return new SOAPBodyElement[]{new SOAPBodyElement(createException(new LicenseManagerException("GetLicense request shall contain exactly one SOAP body element")).getDocumentElement())};
        }
        try {
            SOAPBodyElement sOAPBodyElement = new SOAPBodyElement(GetLicense(sOAPBodyElementArr[0].getAsDocument()).getDocumentElement());
            sOAPBodyElement.addMapping(new Mapping("urn:oasis:names:tc:xacml:2.0:policy:schema:os", "xacml"));
            try {
                SOAPBodyElement signLicense = signLicense(sOAPBodyElement);
                if (sLogger.isDebugEnabled()) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        toStream(signLicense.getAsDocument(), byteArrayOutputStream);
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                    sLogger.debug(new String(byteArrayOutputStream.toByteArray()));
                }
                return new SOAPBodyElement[]{signLicense};
            } catch (LicenseManagerException e2) {
                return new SOAPBodyElement[]{new SOAPBodyElement(createException(e2).getDocumentElement())};
            }
        } catch (Exception e3) {
            return new SOAPBodyElement[]{new SOAPBodyElement(createException(new LicenseManagerException("Could not parse request")).getDocumentElement())};
        }
    }

    private SOAPBodyElement signLicense(SOAPBodyElement sOAPBodyElement) throws LicenseManagerException {
        try {
            Document asDocument = sOAPBodyElement.getAsDocument();
            try {
                Element element = (Element) sFactory.newXPath().evaluate("//urn:ogc:ows4:license:License", asDocument, XPathConstants.NODE);
                String stringBuffer = new StringBuffer().append("#").append(element.getAttribute("id")).toString();
                try {
                    XMLSignature xMLSignature = new XMLSignature(asDocument, "", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/10/xml-exc-c14n#");
                    element.appendChild(xMLSignature.getElement());
                    Transforms transforms = new Transforms(xMLSignature.getDocument());
                    transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
                    transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                    xMLSignature.addDocument(stringBuffer, transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
                    KeyInfo keyInfo = xMLSignature.getKeyInfo();
                    X509Data x509Data = new X509Data(asDocument);
                    x509Data.addCertificate(mCert);
                    x509Data.addIssuerSerial(mCert.getIssuerX500Principal().getName(), mCert.getSerialNumber());
                    keyInfo.add(x509Data);
                    xMLSignature.sign(mPrivateKey);
                } catch (XMLSecurityException e) {
                    e.printStackTrace();
                }
                return new SOAPBodyElement(asDocument.getDocumentElement());
            } catch (XPathExpressionException e2) {
                throw new LicenseManagerException("Could not get License element", e2);
            }
        } catch (Exception e3) {
            throw new LicenseManagerException("Could not get Soap body element as document", e3);
        }
    }

    private Document GetLicense(Document document) {
        License licenseByReference;
        try {
            try {
                Element element = (Element) sGetLicenseReqType.evaluate(document, XPathConstants.NODE);
                if (element.getLocalName().equals("LicenseId")) {
                    licenseByReference = mLicMan.getLicense(retrieveLicenseId(document));
                } else {
                    if (!element.getLocalName().equals("Assertion")) {
                        throw new LicenseManagerException("Expected element <LicenseId> or <Assertion> missing");
                    }
                    licenseByReference = mLicMan.getLicenseByReference(retrieveLicenseRefFromAssertion(element));
                }
                return createResponse(mLicFac.createLicenseDoc(licenseByReference), "GetLicenseResponse");
            } catch (XPathExpressionException e) {
                throw new LicenseManagerException("Could not determine exact request type: get license by license id or saml assertion");
            }
        } catch (LicenseManagerException e2) {
            sLogger.warn("", e2);
            return createException(e2);
        } catch (Exception e3) {
            sLogger.warn("", e3);
            return createException(e3);
        }
    }

    private String retrieveLicenseRefFromAssertion(Element element) throws LicenseManagerException {
        try {
            Iterator statements = new SAMLAssertion(element).getStatements();
            while (statements.hasNext()) {
                SAMLAttributeStatement sAMLAttributeStatement = (SAMLStatement) statements.next();
                if (sAMLAttributeStatement instanceof SAMLAttributeStatement) {
                    Iterator attributes = sAMLAttributeStatement.getAttributes();
                    while (attributes.hasNext()) {
                        SAMLAttribute sAMLAttribute = (SAMLAttribute) attributes.next();
                        if (sAMLAttribute.getName().equals(sSAMLAttributeNameLicManRef)) {
                            return (String) sAMLAttribute.getValues().next();
                        }
                    }
                }
            }
            return null;
        } catch (SAMLException e) {
            throw new LicenseManagerException("Could not process SAML Assertion", e);
        }
    }

    public Document CreateLicense(Document document) {
        License createLicense = mLicFac.createLicense(document.getDocumentElement());
        new StatusResponse("failed", "No info available", createLicense.getId());
        try {
            return createResponse(createStatus(mLicMan.createLicense(createLicense)), "CreateLicenseResponse");
        } catch (LicenseManagerException e) {
            sLogger.warn("", e);
            return createException(e);
        } catch (Exception e2) {
            sLogger.warn("", e2);
            return createException(e2);
        }
    }

    public Document ReplaceLicense(Document document) {
        License createLicense = mLicFac.createLicense(document.getDocumentElement());
        new StatusResponse("failed", "No info available", createLicense.getId());
        try {
            return createResponse(createStatus(mLicMan.replaceLicense(createLicense)), "ReplaceLicenseResponse");
        } catch (LicenseManagerException e) {
            sLogger.warn("", e);
            return createException(e);
        }
    }

    public Document DeleteLicense(Document document) {
        new StatusResponse("failed", "No info available", "");
        try {
            return createResponse(createStatus(mLicMan.deleteLicense(retrieveLicenseId(document))), "DeleteLicenseResponse");
        } catch (LicenseManagerException e) {
            sLogger.warn("", e);
            return createException(e);
        }
    }

    public Document CreateLicenseReference(Document document) {
        sLogger.debug("Processing 'CreateLicenseReference'");
        try {
            XPath newXPath = sFactory.newXPath();
            return createResponse(createLicenseReferenceResponse(mLicMan.createLicenseReference(newXPath.evaluate("//urn:ogc:ows4:licensemanager:LicenseId/text()", document.getDocumentElement()), DatatypeFactory.newInstance().newXMLGregorianCalendar(newXPath.evaluate("//urn:ogc:ows4:licensemanager:Expiration/text()", document.getDocumentElement())).toGregorianCalendar().getTime())), "CreateLicenseReferenceResponse");
        } catch (LicenseManagerException e) {
            sLogger.warn("", e);
            return createException(e);
        } catch (PolicyReferenceServiceException e2) {
            sLogger.warn("", e2);
            return createException(e2);
        } catch (Exception e3) {
            sLogger.warn("", e3);
            return createException(e3);
        }
    }

    private String retrieveLicenseId(Document document) throws LicenseManagerException {
        try {
            String str = (String) sFirstLicenseId.evaluate(document, XPathConstants.STRING);
            if (str == null || str.equals("")) {
                throw new LicenseManagerException("Request must contain at least one <LicenseId> element");
            }
            return str;
        } catch (XPathExpressionException e) {
            sLogger.error("", e);
            throw new LicenseManagerException("Could not retrieve License Id");
        }
    }

    private static void loadKeystore() {
        String config = ConfigProperties.getConfig("keystore.file");
        String config2 = ConfigProperties.getConfig("keystore.password");
        String config3 = ConfigProperties.getConfig("keystore.privatekey.alias");
        String config4 = ConfigProperties.getConfig("keystore.privatekey.password");
        String config5 = ConfigProperties.getConfig("keystore.certificate.alias");
        sLogger.debug(new StringBuffer().append("Reading keystore from ").append(config).toString());
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(config), config2.toCharArray());
            mPrivateKey = (PrivateKey) keyStore.getKey(config3, config4.toCharArray());
            mCert = (X509Certificate) keyStore.getCertificate(config5);
        } catch (Exception e) {
            throw new RuntimeException("Could not load private key and/or certificate from keystore", e);
        }
    }

    private Document createResponse(Document document, String str) {
        Document newDocument = db.newDocument();
        Element createElementNS = newDocument.createElementNS("urn:ogc:ows4:licensemanager", str);
        createElementNS.appendChild(newDocument.importNode(document.getDocumentElement(), true));
        newDocument.appendChild(createElementNS);
        if (sLogger.isDebugEnabled()) {
            toStream(newDocument, System.out);
        }
        return newDocument;
    }

    private Document createStatus(StatusResponse statusResponse) {
        Document newDocument = db.newDocument();
        Element createElementNS = newDocument.createElementNS("urn:ogc:ows4:licensemanager", "Status");
        createElementNS.setAttribute("status", statusResponse.getStatusCode());
        createElementNS.setAttribute("licenseId", statusResponse.getLicenseId());
        createElementNS.setTextContent(statusResponse.getStatusInfo());
        newDocument.appendChild(createElementNS);
        return newDocument;
    }

    private Document createLicenseReferenceResponse(PolicyReference policyReference) {
        try {
            createLicenseReference(policyReference).getDocumentElement();
            SAMLAssertion createSAMLAssertion = createSAMLAssertion(policyReference);
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(mCert);
            createSAMLAssertion.sign("http://www.w3.org/2000/09/xmldsig#rsa-sha1", mPrivateKey, arrayList);
            return createSAMLAssertion.toDOM().getOwnerDocument();
        } catch (Exception e) {
            sLogger.warn("Could not create license reference", e);
            return createException(e);
        }
    }

    private Document createException(Exception exc) {
        Document newDocument = db.newDocument();
        Element createElementNS = newDocument.createElementNS("urn:ogc:ows4:licensemanager", "Exception");
        createElementNS.setTextContent(exc.getMessage());
        newDocument.appendChild(createElementNS);
        return newDocument;
    }

    private Document createLicenseReference(PolicyReference policyReference) {
        Document newDocument = db.newDocument();
        Element createElement = newDocument.createElement("LicenseReference");
        Element createElement2 = newDocument.createElement("Issuer");
        createElement2.setAttribute("name", ConfigProperties.getConfig("licensemanager.name"));
        createElement2.setAttribute("uri", ConfigProperties.getConfig("licensemanager.uri"));
        Element createElement3 = newDocument.createElement("Reference");
        createElement3.setTextContent(policyReference.getReference());
        createElement.appendChild(createElement2);
        createElement.appendChild(createElement3);
        newDocument.appendChild(createElement);
        return newDocument;
    }

    private SAMLAssertion createSAMLAssertion(PolicyReference policyReference) throws SAMLException, LicenseManagerException {
        Calendar calendar = Calendar.getInstance();
        ArrayList arrayList = new ArrayList();
        arrayList.add("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
        SAMLSubject sAMLSubject = new SAMLSubject((SAMLNameIdentifier) null, arrayList, (Element) null, (Object) null);
        ArrayList arrayList2 = new ArrayList(3);
        try {
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(ConfigProperties.getConfig("licensemanager.uri"));
            SAMLAttribute sAMLAttribute = new SAMLAttribute(sSAMLAttributeNameLicManUrl, sSAMLAttributeNamespace, (QName) null, 0L, arrayList3);
            ArrayList arrayList4 = new ArrayList();
            arrayList4.add(policyReference.getReference());
            SAMLAttribute sAMLAttribute2 = new SAMLAttribute(sSAMLAttributeNameLicManRef, sSAMLAttributeNamespace, (QName) null, 0L, arrayList4);
            ArrayList arrayList5 = new ArrayList(2);
            arrayList5.add(sAMLAttribute);
            arrayList5.add(sAMLAttribute2);
            arrayList2.add(new SAMLAttributeStatement((SAMLSubject) sAMLSubject.clone(), arrayList5));
        } catch (CloneNotSupportedException e) {
            sLogger.error("Error during SAMLAuthentication Statement creation.", e);
        }
        return new SAMLAssertion(ConfigProperties.getConfig("licensemanager.name"), calendar.getTime(), policyReference.getExpiration(), (Collection) null, (Collection) null, arrayList2);
    }

    public static boolean toStream(Node node, OutputStream outputStream) {
        try {
            sTransformer.transform(new DOMSource(node), new StreamResult(outputStream));
            return true;
        } catch (TransformerException e) {
            sLogger.error("Could not transform node to stream", e);
            return false;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$pap$binding$licman$LicenseManagerSoapFrontend == null) {
            cls = class$("org.n52.security.service.pap.binding.licman.LicenseManagerSoapFrontend");
            class$org$n52$security$service$pap$binding$licman$LicenseManagerSoapFrontend = cls;
        } else {
            cls = class$org$n52$security$service$pap$binding$licman$LicenseManagerSoapFrontend;
        }
        sLogger = Logger.getLogger(cls);
        init();
    }
}
