package org.n52.security.service.gatekeeper.loginmodule.signaturelogin;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.log4j.Logger;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.n52.security.authentication.principals.UsernameIDPrincipal;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/n52/security/service/gatekeeper/loginmodule/signaturelogin/SignatureLoginModule.class */
public class SignatureLoginModule implements LoginModule {
    private Subject subject;
    private Map options;
    private Logger sLogger;
    private HashSet principals;
    private CallbackHandler callbackHandler;
    private Vector verifiedResults;
    static Class class$org$n52$security$service$gatekeeper$loginmodule$signaturelogin$SignatureLoginModule;

    public SignatureLoginModule() {
        Class cls;
        if (class$org$n52$security$service$gatekeeper$loginmodule$signaturelogin$SignatureLoginModule == null) {
            cls = class$("org.n52.security.service.gatekeeper.loginmodule.signaturelogin.SignatureLoginModule");
            class$org$n52$security$service$gatekeeper$loginmodule$signaturelogin$SignatureLoginModule = cls;
        } else {
            cls = class$org$n52$security$service$gatekeeper$loginmodule$signaturelogin$SignatureLoginModule;
        }
        this.sLogger = Logger.getLogger(cls.getName());
    }

    public boolean abort() throws LoginException {
        this.subject = null;
        this.options = null;
        this.principals = null;
        this.callbackHandler = null;
        this.verifiedResults = null;
        return true;
    }

    public boolean commit() throws LoginException {
        this.subject.getPrincipals().addAll(this.principals);
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.options = map2;
        this.principals = new HashSet();
    }

    public boolean login() throws LoginException {
        WSSecurityEngine wSSecurityEngine = WSSecurityEngine.getInstance();
        String obj = this.options.get("cryptoPropertiesPath").toString();
        Properties properties = new Properties();
        try {
            InputStream openStream = new URL(obj).openStream();
            try {
                properties.load(openStream);
                Crypto cryptoFactory = CryptoFactory.getInstance(properties.getProperty("org.apache.ws.security.crypto.provider"), properties);
                Document envelope = ((SOAPCredential) this.subject.getPublicCredentials().iterator().next()).getEnvelope();
                try {
                    this.verifiedResults = wSSecurityEngine.processSecurityHeader(envelope, "", this.callbackHandler, cryptoFactory);
                    if (this.verifiedResults == null) {
                        throw new LoginException("Request omits security information.");
                    }
                    try {
                        String licenseID = getLicenseID(envelope);
                        if (!licenseID.equalsIgnoreCase("") && licenseID != null) {
                            this.principals.add(new LicensePrincipal(getLicenseAssertion(envelope)));
                        }
                        String subjectName = getSubjectName(envelope);
                        if (!subjectName.equalsIgnoreCase("") && subjectName != null) {
                            this.principals.add(new UsernameIDPrincipal(subjectName));
                        }
                        return true;
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw new LoginException(e.getLocalizedMessage());
                    }
                } catch (Exception e2) {
                    this.sLogger.warn("Verification failed.");
                    throw new LoginException("Verification failed.");
                }
            } finally {
                try {
                    openStream.close();
                } catch (IOException e3) {
                }
            }
        } catch (MalformedURLException e4) {
            this.sLogger.warn("Verification failed. Could not load Properties.", e4);
            throw new LoginException("Verification failed. Could not load Properties.");
        } catch (IOException e5) {
            this.sLogger.warn("Verification failed. Could not load Properties.", e5);
            throw new LoginException("Verification failed. Could not load Properties.");
        }
    }

    private Document getLicenseAssertion(Document document) throws ParserConfigurationException {
        Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
        Node firstChild = document.getFirstChild().getFirstChild().getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node.getNextSibling() == null) {
                return newDocument;
            }
            newDocument.appendChild(newDocument.importNode((Element) node.getNextSibling(), true));
            firstChild = node.getNextSibling();
        }
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().clear();
        return true;
    }

    private String getLicenseID(Document document) throws XPathExpressionException, LoginException {
        return getValue("//Attribute[@Name='urn:opengeospatial:ows4:geodrm:licenseID']/AttributeValue", document);
    }

    private String getSubjectName(Document document) throws XPathExpressionException, LoginException {
        return getValue("//Subject/NameIdentifier", document);
    }

    private String getValue(String str, Document document) throws XPathExpressionException, LoginException {
        XPathExpression compile = XPathFactory.newInstance().newXPath().compile(str);
        try {
            DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("indent", "yes");
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(new DOMSource(document), new StreamResult(stringWriter));
            return compile.evaluate(newDocumentBuilder.parse(new ByteArrayInputStream(stringWriter.toString().getBytes("UTF-8"))));
        } catch (IOException e) {
            this.sLogger.error("Error while getting License/Subject", e);
            throw new RuntimeException(e);
        } catch (ParserConfigurationException e2) {
            this.sLogger.error("Error while getting License/Subject", e2);
            throw new RuntimeException(e2);
        } catch (TransformerException e3) {
            this.sLogger.error("Error while getting License/Subject", e3);
            throw new RuntimeException(e3);
        } catch (SAXException e4) {
            this.sLogger.error("Error while getting License/Subject", e4);
            throw new RuntimeException(e4);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
