package org.n52.security.service.was;

import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.DocumentException;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.AuthenticationMethod;
import org.n52.security.authentication.Credential;
import org.n52.security.authentication.IP4AddressCredential;
import org.n52.security.authentication.SAMLResponse;
import org.n52.security.authentication.SAMLTicket;
import org.n52.security.authentication.SessionIDCredential;
import org.n52.security.authentication.UsernamePasswordCredential;
import org.n52.security.authentication.callbacks.CredentialsCallbackHandler;
import org.n52.security.authentication.principals.UsernameIDPrincipal;
import org.n52.security.common.crypto.KeyPair;
import org.n52.security.common.util.FileFinder;
import org.n52.security.service.base.ServiceException;
import org.n52.security.service.session.SessionClosedException;
import org.n52.security.service.session.SessionException;
import org.n52.security.service.session.SessionExpiredException;
import org.n52.security.service.session.SessionInfo;
import org.n52.security.service.session.SessionService;
import org.n52.security.service.session.UnknownSessionException;
import org.safehaus.uuid.UUIDGenerator;

/* loaded from: input_file:org/n52/security/service/was/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl implements AuthenticationService {
    private static final Log LOG;
    private SessionService m_sessionService;
    private org.n52.security.authentication.AuthenticationService m_authenticationService;
    private String m_capabilitiesFileName;
    private KeyPair m_signingKeyPair;
    private String m_anonymousUserName;
    private String m_anonymousPassword;
    private String m_SAMLIssuerName;
    private int m_SAMLAssertionTimeOut;
    private String m_SAMLRoleAttributeName;
    private String m_SAMLAttributeNamespace;
    static Class class$org$n52$security$service$was$AuthenticationServiceImpl;
    static Class class$org$n52$security$authentication$principals$UsernameIDPrincipal;
    private Collection m_authenticationMethods = Collections.EMPTY_LIST;
    private String m_anonymousIdPrefix = "anonymous-";
    private Set m_SAMLAttributeNames = new HashSet();
    private boolean m_signSAMLResponseElement = true;

    public UsernamePasswordCredential getAnonymousCredentials() {
        if (getAnonymousUserName() != null) {
            return new UsernamePasswordCredential(getAnonymousUserName(), getAnonymousPassword());
        }
        return null;
    }

    public Collection getAuthenticationMethods() {
        if (this.m_authenticationMethods == null) {
            throw new IllegalStateException("property <authenticationMethods> not configured properly");
        }
        return this.m_authenticationMethods;
    }

    public void setAuthenticationMethods(Collection collection) {
        this.m_authenticationMethods = collection;
    }

    public String getAnonymousUserName() {
        return this.m_anonymousUserName;
    }

    public void setAnonymousUserName(String str) {
        this.m_anonymousUserName = str;
    }

    public String getAnonymousPassword() {
        return this.m_anonymousPassword;
    }

    public void setAnonymousPassword(String str) {
        this.m_anonymousPassword = str;
    }

    public String getAnonymousIdPrefix() {
        return this.m_anonymousIdPrefix;
    }

    public void setAnonymousIdPrefix(String str) {
        this.m_anonymousIdPrefix = str;
    }

    public org.n52.security.authentication.AuthenticationService getAuthenticationService() {
        if (this.m_authenticationService == null) {
            throw new IllegalStateException("property <authenticationService> not configured properly");
        }
        return this.m_authenticationService;
    }

    public void setAuthenticationService(org.n52.security.authentication.AuthenticationService authenticationService) {
        this.m_authenticationService = authenticationService;
    }

    protected AuthenticationServiceCapabilities getAuthnServiceCaps() {
        try {
            AuthenticationServiceCapabilities authenticationServiceCapabilities = new AuthenticationServiceCapabilities(new FileFinder(getCapabilitiesFileName()).getInputStream());
            authenticationServiceCapabilities.addAuthenticationMethods((AuthenticationMethod[]) getAuthenticationMethods().toArray(new AuthenticationMethod[getAuthenticationMethods().size()]));
            return authenticationServiceCapabilities;
        } catch (IOException e) {
            throw new IllegalStateException(new StringBuffer().append("Capabilities can't be read").append(e).toString());
        } catch (DocumentException e2) {
            throw new IllegalStateException(new StringBuffer().append("Capabilities can't be read: ").append(e2).toString());
        }
    }

    public String getCapabilitiesFileName() {
        if (this.m_capabilitiesFileName == null) {
            throw new IllegalStateException("property <capabilitiesFileName> not configured properly");
        }
        return this.m_capabilitiesFileName;
    }

    public void setCapabilitiesFileName(String str) {
        this.m_capabilitiesFileName = str;
    }

    public int getSAMLAssertionTimeOut() {
        if (this.m_SAMLAssertionTimeOut <= 0) {
            throw new IllegalStateException("property <SAMLAssertionTimeOut> not configured properly");
        }
        return this.m_SAMLAssertionTimeOut;
    }

    public void setSAMLAssertionTimeOut(int i) {
        this.m_SAMLAssertionTimeOut = i;
    }

    public String getSAMLIssuerName() {
        if (this.m_SAMLIssuerName == null || this.m_SAMLIssuerName.length() == 0) {
            throw new IllegalStateException("property <SAMLIssuerName> not configured properly");
        }
        return this.m_SAMLIssuerName;
    }

    public void setSAMLIssuerName(String str) {
        this.m_SAMLIssuerName = str;
    }

    public String getSAMLRoleAttributeName() {
        if (this.m_SAMLRoleAttributeName == null || this.m_SAMLRoleAttributeName.length() == 0) {
            throw new IllegalStateException("property <SAMLRoleAttributeName> not configured properly");
        }
        return this.m_SAMLRoleAttributeName;
    }

    public void setSAMLRoleAttributeName(String str) {
        this.m_SAMLRoleAttributeName = str;
    }

    public Set getSAMLAttributeNames() {
        return this.m_SAMLAttributeNames;
    }

    public void setSAMLAttributeNames(Set set) {
        this.m_SAMLAttributeNames = set;
    }

    private String getSAMLAttributeNamespace() {
        return this.m_SAMLAttributeNamespace;
    }

    public boolean isSignSAMLResponseElement() {
        return this.m_signSAMLResponseElement;
    }

    public void setSignSAMLResponseElement(boolean z) {
        this.m_signSAMLResponseElement = z;
    }

    public void setSAMLAttributeNamespace(String str) {
        this.m_SAMLAttributeNamespace = str;
    }

    public SessionService getSessionService() {
        if (this.m_sessionService == null) {
            throw new IllegalStateException("property <sessionService> not configured properly");
        }
        return this.m_sessionService;
    }

    public void setSessionService(SessionService sessionService) {
        this.m_sessionService = sessionService;
    }

    public KeyPair getSigningKeyPair() {
        return this.m_signingKeyPair;
    }

    public void setSigningKeyPair(KeyPair keyPair) {
        this.m_signingKeyPair = keyPair;
        if (this.m_signingKeyPair != null) {
            if (!this.m_signingKeyPair.isPrivateKeySet()) {
                throw new IllegalArgumentException("the KeyPair must contain a private key");
            }
            if (!this.m_signingKeyPair.isCertificateSet()) {
                throw new IllegalArgumentException("the KeyPair must contain a certificate");
            }
        }
    }

    @Override // org.n52.security.service.was.AuthenticationService
    public AuthenticationServiceCapabilities getCapabilities(String str) throws ServiceException {
        return getAuthnServiceCaps();
    }

    @Override // org.n52.security.service.was.AuthenticationService
    public void closeSession(String str, String str2) throws ServiceException {
        try {
            try {
                AuthenticationContext authenticationContext = getSessionService().closeSession(str2).getAuthenticationContext();
                if (authenticationContext != null) {
                    getAuthenticationService().logout(authenticationContext);
                }
            } catch (AuthenticationException e) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("logout failed during close session request", e);
                }
            }
        } catch (SessionException e2) {
            throw new ServiceException("Invalid Session. Session may already be closed.", ServiceException.INVALID_SESSION, e2);
        }
    }

    @Override // org.n52.security.service.was.AuthenticationService
    public SAMLResponse getSAMLResponse(String str, String str2, Credential credential, boolean z) throws ServiceException {
        try {
            return new SAMLResponse(SAMLTicket.createSAMLResponseFromPrincipals(login(credential, z), getSAMLRoleAttributeName(), getSAMLAttributeNamespace(), getSAMLIssuerName(), "", getSAMLAssertionTimeOut(), "urn:oasis:names:tc:SAML:1.0:am:password", getSigningKeyPair() != null ? getSigningKeyPair().getPrivateKey() : null, getSigningKeyPair() != null ? getSigningKeyPair().getCertificate() : null, true, isSignSAMLResponseElement(), getSAMLAttributeNames()));
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            throw new ServiceException("Internal service error. Please contact the service administrator.", ServiceException.SERVICE_ERROR);
        }
    }

    private AuthenticationContext login(Credential credential, boolean z) throws ServiceException {
        Credential anonymousCredentials;
        AuthenticationContext login;
        Class cls;
        if (credential instanceof SessionIDCredential) {
            login = loginViaSessionId((SessionIDCredential) credential);
        } else {
            if (z) {
                try {
                    anonymousCredentials = getAnonymousCredentials();
                } catch (AuthenticationException e) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Login failed", e);
                    } else if (LOG.isWarnEnabled()) {
                        LOG.warn(new StringBuffer().append("Login failed: ").append(e.getMessage()).toString());
                    }
                    throw new ServiceException(e.getMessage(), ServiceException.AUTHENTICATION_FAILED);
                }
            } else {
                anonymousCredentials = credential;
            }
            CredentialsCallbackHandler add = new CredentialsCallbackHandler().add(anonymousCredentials);
            addRequestIPAddress(add);
            login = getAuthenticationService().login(add);
            if (z && (credential instanceof UsernamePasswordCredential)) {
                String username = ((UsernamePasswordCredential) credential).getUsername();
                String stringBuffer = new StringBuffer().append(getAnonymousIdPrefix() != null ? getAnonymousIdPrefix() : "").append((username == null || username.length() <= 0) ? UUIDGenerator.getInstance().generateRandomBasedUUID().toString() : username).toString();
                Subject subject = login.getSubject();
                if (class$org$n52$security$authentication$principals$UsernameIDPrincipal == null) {
                    cls = class$("org.n52.security.authentication.principals.UsernameIDPrincipal");
                    class$org$n52$security$authentication$principals$UsernameIDPrincipal = cls;
                } else {
                    cls = class$org$n52$security$authentication$principals$UsernameIDPrincipal;
                }
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (UsernameIDPrincipal usernameIDPrincipal : subject.getPrincipals(cls)) {
                    hashSet2.add(usernameIDPrincipal);
                    hashSet.add(new UsernameIDPrincipal(stringBuffer, usernameIDPrincipal.getScope()));
                }
                login.getSubject().getPrincipals().removeAll(hashSet2);
                login.getSubject().getPrincipals().addAll(hashSet);
            }
        }
        return login;
    }

    private void addRequestIPAddress(CredentialsCallbackHandler credentialsCallbackHandler) {
        String currentRequestIPAddress = AuthenticationServiceServlet.getCurrentRequestIPAddress();
        if (currentRequestIPAddress == null || currentRequestIPAddress.equals("")) {
            return;
        }
        credentialsCallbackHandler.add(new IP4AddressCredential(currentRequestIPAddress));
    }

    private AuthenticationContext loginViaSessionId(SessionIDCredential sessionIDCredential) throws ServiceException {
        try {
            SessionInfo session = getSessionService().getSession(sessionIDCredential.getSessionId());
            AuthenticationContext authenticationContext = session.getAuthenticationContext();
            if (authenticationContext != null && authenticationContext.isAuthenticated()) {
                getSessionService().touchSession(session.getId());
            }
            return authenticationContext;
        } catch (SessionClosedException e) {
            throw new ServiceException("Session already closed.", ServiceException.INVALID_SESSION);
        } catch (SessionExpiredException e2) {
            throw new ServiceException("Session expired, please reauthenticate.", ServiceException.SESSION_EXPIRED);
        } catch (UnknownSessionException e3) {
            throw new ServiceException("No matching session found. Session may already be closed.", ServiceException.INVALID_SESSION);
        }
    }

    @Override // org.n52.security.service.was.AuthenticationService
    public SessionInfo getSession(String str, String str2, Credential credential, boolean z) throws ServiceException {
        return getSessionService().createSession(login(credential, z));
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$was$AuthenticationServiceImpl == null) {
            cls = class$("org.n52.security.service.was.AuthenticationServiceImpl");
            class$org$n52$security$service$was$AuthenticationServiceImpl = cls;
        } else {
            cls = class$org$n52$security$service$was$AuthenticationServiceImpl;
        }
        LOG = LogFactory.getLog(cls);
    }
}
