package org.n52.security.service.was;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.log4j.Logger;
import org.n52.security.authentication.Credential;
import org.n52.security.authentication.SAMLCredential;
import org.n52.security.authentication.SAMLResponse;
import org.n52.security.authentication.SAMLTicket;
import org.n52.security.authentication.SessionIDCredential;
import org.n52.security.authentication.SubjectUtil;
import org.n52.security.authentication.UsernamePasswordCredential;
import org.n52.security.authentication.callbacks.CredentialCallback;
import org.n52.security.authentication.loginmodule.AbstractLoginModule;
import org.n52.security.authentication.loginmodule.CredentialCache;
import org.n52.security.common.crypto.DigestUtil;
import org.n52.security.common.util.StringUtils;
import org.n52.security.service.authentication.token.TokenCredential;
import org.n52.security.service.base.ServiceException;
import org.opensaml.SAMLException;

/* loaded from: input_file:org/n52/security/service/was/WASLoginModule.class */
public class WASLoginModule extends AbstractLoginModule {
    private static final String DESCRIPTION = "WASLoginModule";
    private static final long serialVersionUID = 7535428693883868993L;
    private static final Logger LOG;
    private static final boolean LOG_IS_DEBUG;
    private static final String OPTION_TOKEN_CACHE = "tokenCache";
    private static final String OPTION_DEFAULT_WAS_URL = "defaultWasUrl";
    private static final String OPTION_FORCE_WAS_SESSION = "forceWasSession";
    private static final char[] EMPTY_CHAR_ARRAY;
    private CredentialCache m_cache;
    private String m_wasUrl;
    private SAMLCredential m_samlCred;
    private Credential m_cacheIdProvidingCredential;
    private TokenCredential m_tokenCredential;
    private WAS1_1Adapter m_wasAdapter;
    private boolean m_forceSession;
    static Class class$org$n52$security$service$was$WASLoginModule;
    static Class class$org$n52$security$service$authentication$token$TokenCredential;

    protected void clearAuthenticationState() throws LoginException {
        this.m_tokenCredential = null;
    }

    protected String getDescription() {
        return DESCRIPTION;
    }

    protected void initialize() {
        this.m_cache = (CredentialCache) getOptions().get(OPTION_TOKEN_CACHE);
        if (this.m_cache == null) {
            LOG.warn("Couldn't get credential cache instance. All login requests require WAS access.");
        }
        this.m_wasUrl = getOptions().getAsString(OPTION_DEFAULT_WAS_URL, (String) null);
        if (this.m_wasUrl == null) {
            LOG.error("Option 'defaultWasUrl' is not set. Login using this module will fail.");
        }
        this.m_forceSession = Boolean.valueOf(getOptions().getAsString(OPTION_FORCE_WAS_SESSION, "false")).booleanValue();
        this.m_wasAdapter = new WAS1_1Adapter(this.m_wasUrl);
        this.m_samlCred = null;
    }

    protected boolean performLogin() throws LoginException {
        Class cls;
        CredentialCallback[] credentialCallbackArr = new Callback[3];
        credentialCallbackArr[0] = new NameCallback("user name: ");
        credentialCallbackArr[1] = new PasswordCallback("password: ", false);
        if (class$org$n52$security$service$authentication$token$TokenCredential == null) {
            cls = class$("org.n52.security.service.authentication.token.TokenCredential");
            class$org$n52$security$service$authentication$token$TokenCredential = cls;
        } else {
            cls = class$org$n52$security$service$authentication$token$TokenCredential;
        }
        credentialCallbackArr[2] = new CredentialCallback(cls);
        handleCallbacks(credentialCallbackArr);
        String name = ((NameCallback) credentialCallbackArr[0]).getName();
        char[] password = ((PasswordCallback) credentialCallbackArr[1]).getPassword();
        this.m_tokenCredential = (TokenCredential) credentialCallbackArr[2].getCredential();
        if (name == null && password == null) {
            if (!LOG.isInfoEnabled()) {
                return false;
            }
            LOG.info(new StringBuffer().append("No credentials for module <").append(getClass().getName()).append("> available, skip login.").toString());
            return false;
        }
        if (name == null) {
            name = "";
        }
        if (password == null) {
            password = EMPTY_CHAR_ARRAY;
        }
        return performLogin(new UsernamePasswordCredential(name, password), "urn:opengeospatial:authNMethod:OWS:1.0:password");
    }

    private boolean performLogin(Credential credential, String str) throws LoginException {
        SAMLResponse ticket;
        if (LOG_IS_DEBUG) {
            LOG.debug(new StringBuffer().append("Logging in user at WAS: ").append(this.m_wasUrl).toString());
        }
        try {
            CredentialCache.SAMLCredentialCacheEntry sAMLCredentialCacheEntry = null;
            String str2 = null;
            if (this.m_cache != null) {
                str2 = digest(credential);
                sAMLCredentialCacheEntry = (CredentialCache.SAMLCredentialCacheEntry) this.m_cache.get(str2);
            }
            if (sAMLCredentialCacheEntry == null) {
                try {
                    ticket = getTicket(credential, str, this.m_forceSession);
                } catch (ServiceException e) {
                    if (this.m_forceSession || !e.getErrorCode().equals(ServiceException.INVALID_SESSION)) {
                        throw e;
                    }
                    if (LOG_IS_DEBUG) {
                        LOG.debug("Direct authentication at WAS failed. Retrying with preceeding GetSession request.");
                    }
                    ticket = getTicket(credential, str, true);
                }
                try {
                    this.m_samlCred = new SAMLCredential(new SAMLTicket(StringUtils.decodeBase64(ticket.getTicket())));
                } catch (SAMLException e2) {
                    LOG.warn(new StringBuffer().append("Invalid SAML Ticket. Ticket was: <").append(ticket.getTicket()).append(">").toString(), e2);
                    throw new FailedLoginException("Got invalid SAML ticket (before signature validation) from WAS");
                }
            } else {
                if (LOG_IS_DEBUG) {
                    LOG.debug(new StringBuffer().append("Using copy of cached SAML Ticket cached by ").append(str2).toString());
                }
                this.m_samlCred = (SAMLCredential) sAMLCredentialCacheEntry.getCredentialCopy();
            }
            getSubject().getPublicCredentials().add(this.m_samlCred);
            return true;
        } catch (ServiceException e3) {
            throw new FailedLoginException(new StringBuffer().append("WAS authentication failed with code <").append(e3.getErrorCode()).append("> and message <").append(e3.getMessage()).append(">.").toString());
        }
    }

    private SAMLResponse getTicket(Credential credential, String str, boolean z) throws ServiceException {
        String str2 = str;
        Credential credential2 = credential;
        if (z) {
            credential2 = new SessionIDCredential(this.m_wasAdapter.getSession("1.1", credential).getId());
            str2 = "urn:opengeospatial:authNMethod:OWS:1.0:session";
        }
        SAMLResponse sAMLResponse = this.m_wasAdapter.getSAMLResponse("1.1", str2, credential2, false);
        if (z) {
            this.m_wasAdapter.closeSession("1.1", ((SessionIDCredential) credential2).getSessionId());
        }
        return sAMLResponse;
    }

    protected void prepareCommitState() throws LoginException {
        String digest;
        if (this.m_cache == null || (digest = digest(this.m_cacheIdProvidingCredential)) == null) {
            return;
        }
        this.m_cache.put(new CredentialCache.SAMLCredentialCacheEntry(digest, this.m_samlCred));
        if (LOG_IS_DEBUG) {
            LOG.debug(new StringBuffer().append("Stored SAML Ticket at ").append(digest).toString());
        }
    }

    private String digest(Credential credential) throws LoginException {
        String stringBuffer;
        if (this.m_tokenCredential != null) {
            stringBuffer = SubjectUtil.getUsername(this.m_tokenCredential.getToken().toSubject());
            this.m_cacheIdProvidingCredential = this.m_tokenCredential;
        } else {
            if (!(credential instanceof UsernamePasswordCredential)) {
                return null;
            }
            UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
            stringBuffer = new StringBuffer().append(usernamePasswordCredential.getUsername()).append(new String(usernamePasswordCredential.getPassword())).toString();
            this.m_cacheIdProvidingCredential = credential;
        }
        try {
            return getMessageDigest(stringBuffer.toString().getBytes("utf-8"));
        } catch (UnsupportedEncodingException e) {
            LOG.warn("Could not create digest", e);
            return null;
        }
    }

    private String getMessageDigest(byte[] bArr) throws LoginException {
        try {
            return DigestUtil.digestToString(MessageDigest.getInstance("MD5").digest(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new LoginException(new StringBuffer().append("MD5 Algorithm not supported. Cause: ").append(e).toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$was$WASLoginModule == null) {
            cls = class$("org.n52.security.service.was.WASLoginModule");
            class$org$n52$security$service$was$WASLoginModule = cls;
        } else {
            cls = class$org$n52$security$service$was$WASLoginModule;
        }
        LOG = Logger.getLogger(cls);
        LOG_IS_DEBUG = LOG.isDebugEnabled();
        EMPTY_CHAR_ARRAY = new char[0];
    }
}
