package org.n52.security.service.enforcement;

import java.io.BufferedInputStream;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.AuthenticationFailedException;
import org.n52.security.authentication.AuthenticationServiceNotAvailableException;
import org.n52.security.enforcement.artifact.HttpHeaderAttribute;
import org.n52.security.enforcement.artifact.QueryStringPayload;
import org.n52.security.enforcement.artifact.SimpleTransferAttribute;
import org.n52.security.enforcement.artifact.TextualPayload;
import org.n52.security.enforcement.artifact.TransferAttribute;
import org.n52.security.enforcement.artifact.Transferable;
import org.n52.security.enforcement.artifact.TransferableFactory;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.chain.impl.HttpGetRequestForward;
import org.n52.security.enforcement.chain.impl.HttpPostRequestForward;
import org.n52.security.enforcement.chain.impl.SecuredServiceHttpRequest;
import org.n52.security.service.authentication.servlet.AuthenticationProcessorFactory;
import org.n52.security.service.authentication.servlet.NoAuthAuthenticationProcessorFactory;
import org.n52.security.service.base.ServiceException;
import org.n52.security.service.config.SecurityConfig;
import org.n52.security.service.config.SecurityConfigListener;
import org.n52.security.service.config.ServiceConfig;
import org.n52.security.service.config.support.AbstractSecurityServiceServlet;
import org.n52.security.service.wss.PolicyEnforcementService;
import org.n52.security.service.wss.PolicyEnforcementServiceImpl;
import org.n52.security.service.wss.PolicyEnforcementServiceLocator;
import org.n52.security.service.wss.SecurityConfigPolicyEnforcementServiceLocator;
import org.n52.security.service.wss.WSSServiceInterfaceAdapter;

/* loaded from: input_file:org/n52/security/service/enforcement/EnforcementServiceServlet.class */
public class EnforcementServiceServlet extends AbstractSecurityServiceServlet implements SecurityConfigListener {
    private static final long serialVersionUID = 9085866663075970881L;
    private static final Log LOG = LogFactory.getLog(EnforcementServiceServlet.class);
    private Map m_authProcessorFactories;
    private PolicyEnforcementServiceLocator m_locator;
    private boolean m_authenticationSchemeInServletPath = false;
    private String m_noauthAuthScheme = null;

    public PolicyEnforcementServiceLocator getEnforcementServiceLocator() {
        return this.m_locator;
    }

    public boolean isAuthenticationSchemeInServletPath() {
        return this.m_authenticationSchemeInServletPath;
    }

    protected void init(ServletConfig servletConfig, ServiceConfig serviceConfig, SecurityConfig securityConfig) {
        this.m_authProcessorFactories = (Map) serviceConfig.getProperties().get("authenticationProcessorFactories");
        if (this.m_authProcessorFactories == null) {
            this.m_authProcessorFactories = (Map) securityConfig.getPreConfiguredInstance("authenticationProcessorFactories");
        }
        if (this.m_authProcessorFactories == null) {
            throw new IllegalStateException("property <authenticationProcessorFactories> not configured at service <" + getServiceName() + ">");
        }
        this.m_noauthAuthScheme = null;
        for (Map.Entry entry : this.m_authProcessorFactories.entrySet()) {
            if (!(entry.getValue() instanceof AuthenticationProcessorFactory)) {
                throw new IllegalStateException("configured AuthenticationProcessorFactory <" + entry.getKey() + "> of type <" + (entry.getValue() == null ? "null" : entry.getValue().getClass().getName()) + "> is not an AuthenticationProcessorFactory. Please check configuration.");
            }
            if (entry.getValue() instanceof NoAuthAuthenticationProcessorFactory) {
                this.m_noauthAuthScheme = (String) entry.getKey();
            }
        }
        if (serviceConfig.getInstance() instanceof PolicyEnforcementServiceLocator) {
            this.m_locator = (PolicyEnforcementServiceLocator) serviceConfig.getInstance();
        }
        if (this.m_locator == null) {
            this.m_locator = (PolicyEnforcementServiceLocator) serviceConfig.getProperties().get("policyEnforcementServiceLocator");
        }
        if (this.m_locator == null) {
            SecurityConfigPolicyEnforcementServiceLocator securityConfigPolicyEnforcementServiceLocator = new SecurityConfigPolicyEnforcementServiceLocator();
            securityConfigPolicyEnforcementServiceLocator.setServiceConfig(serviceConfig);
            this.m_locator = securityConfigPolicyEnforcementServiceLocator;
        }
        this.m_authenticationSchemeInServletPath = "true".equalsIgnoreCase(servletConfig.getInitParameter("authenticationSchemeInServletPath"));
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String servletUrlString = getServletUrlString(httpServletRequest);
        List pathInfoParts = getPathInfoParts(httpServletRequest.getPathInfo());
        String extractAuthenticationScheme = extractAuthenticationScheme(pathInfoParts, httpServletRequest.getServletPath());
        String extractEnforcementPointId = extractEnforcementPointId(pathInfoParts);
        String buildServiceURL = buildServiceURL(servletUrlString, extractAuthenticationScheme, extractEnforcementPointId);
        String buildEnforcementPointPathInfo = buildEnforcementPointPathInfo(pathInfoParts);
        String buildNoAuthUrl = buildNoAuthUrl(servletUrlString, extractEnforcementPointId);
        try {
            PolicyEnforcementService findPEP = findPEP(httpServletResponse, extractAuthenticationScheme, extractEnforcementPointId);
            if (findPEP == null) {
                return;
            }
            if ("WSS".equalsIgnoreCase(extractAuthenticationScheme)) {
                writeTransferable(handleWSSInterface(httpServletRequest, httpServletResponse, getServletContext(), findPEP, buildServiceURL, buildEnforcementPointPathInfo), httpServletResponse);
                return;
            }
            AuthenticationContext authenticate = authenticate(httpServletRequest, httpServletResponse, findPEP, extractAuthenticationScheme, extractEnforcementPointId);
            if (authenticate == null || !authenticate.isAuthenticated()) {
                throw new AuthenticationFailedException("Authentication via <" + extractAuthenticationScheme + "> failed.");
            }
            Transferable buildSecuredServiceRequest = buildSecuredServiceRequest(httpServletRequest, httpServletResponse, (PolicyEnforcementServiceImpl) findPEP, buildServiceURL, buildEnforcementPointPathInfo);
            if (buildNoAuthUrl != null) {
                buildSecuredServiceRequest.addAttribute(new SimpleTransferAttribute("noauth.url", buildNoAuthUrl));
            }
            writeTransferable(((PolicyEnforcementServiceImpl) findPEP).doService("1.1", buildSecuredServiceRequest, authenticate), httpServletResponse);
        } catch (ServiceException e) {
            writeTransferable(e.getAsTransferable(), httpServletResponse);
        } catch (AuthenticationFailedException e2) {
            if (LOG.isWarnEnabled()) {
                LOG.warn(e2.getMessage());
            }
            writeTransferable(new ServiceException(e2.getMessage(), "ServiceError").getAsTransferable(), httpServletResponse);
        } catch (Exception e3) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Unexpected Exception occured :" + e3, e3);
            }
            writeTransferable(new ServiceException(e3.getMessage(), "ServiceError").getAsTransferable(), httpServletResponse);
        }
    }

    private AuthenticationContext authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PolicyEnforcementService policyEnforcementService, String str, String str2) throws IOException, AuthenticationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authentication by <" + str + "> requested.");
        }
        AuthenticationProcessorFactory authenticationProcessorFactory = (AuthenticationProcessorFactory) this.m_authProcessorFactories.get(str);
        if (authenticationProcessorFactory == null) {
            throw new AuthenticationServiceNotAvailableException("Authentication scheme <" + str + "> not defined for service <" + str2 + ">");
        }
        return authenticationProcessorFactory.getProcessor().authenticate(httpServletRequest, httpServletResponse, ((PolicyEnforcementServiceImpl) policyEnforcementService).getAuthenticationService());
    }

    private Transferable handleWSSInterface(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext, PolicyEnforcementService policyEnforcementService, String str, String str2) throws Exception {
        String method = httpServletRequest.getMethod();
        return "GET".equalsIgnoreCase(method) ? new WSSServiceInterfaceAdapter().doGet(httpServletRequest, httpServletResponse, servletContext, policyEnforcementService, str, str2) : "POST".equalsIgnoreCase(method) ? new WSSServiceInterfaceAdapter().doPost(httpServletRequest, httpServletResponse, servletContext, policyEnforcementService, str, str2) : TransferableFactory.getInstance().createTextualTransferable("text/plain;charset=utf-8", "unsupported method <" + method + ">", "UTF-8");
    }

    private PolicyEnforcementService findPEP(HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        PolicyEnforcementService locate = getEnforcementServiceLocator().locate(str2, str);
        if (locate == null) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("No enforcementpoint configuration for id <").append(str2).append("> and authentication scheme <").append(str).append("> found");
            LOG.warn(stringBuffer.toString());
            httpServletResponse.sendError(404, stringBuffer.toString());
        }
        return locate;
    }

    private SecuredServiceRequest buildSecuredServiceRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PolicyEnforcementServiceImpl policyEnforcementServiceImpl, String str, String str2) throws IOException {
        TextualPayload fullQueryString;
        HttpPostRequestForward httpGetRequestForward;
        String contentType = httpServletRequest.getContentType();
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null || characterEncoding.equals("")) {
            characterEncoding = "utf-8";
        }
        String queryString = httpServletRequest.getQueryString();
        URL url = new URL(policyEnforcementServiceImpl.getEndpoint());
        String method = httpServletRequest.getMethod();
        if ("POST".equalsIgnoreCase(method)) {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(httpServletRequest.getInputStream());
            bufferedInputStream.mark(2);
            if (bufferedInputStream != null && bufferedInputStream.read() > -1) {
                bufferedInputStream.reset();
                fullQueryString = new TextualPayload(bufferedInputStream, characterEncoding);
            } else if (contentType == null || contentType.contains("x-www-form-urlencoded") || contentType.contains("x-www-form-encoded")) {
                queryString = null;
                fullQueryString = getFullQueryString(httpServletRequest);
            } else {
                fullQueryString = new TextualPayload("", characterEncoding);
            }
            httpGetRequestForward = new HttpPostRequestForward(url, str);
        } else {
            if (!"GET".equalsIgnoreCase(method)) {
                throw new IllegalArgumentException("HTTP method of request must either be 'POST' or 'GET'");
            }
            fullQueryString = getFullQueryString(httpServletRequest);
            httpGetRequestForward = new HttpGetRequestForward(url, str);
        }
        if (httpGetRequestForward.getFacadeUrl() == null || httpGetRequestForward.getFacadeUrl().length() == 0) {
            httpGetRequestForward.setFacadeUrl(str);
        }
        SecuredServiceHttpRequest securedServiceHttpRequest = new SecuredServiceHttpRequest(fullQueryString, httpGetRequestForward);
        if (str2 != null) {
            securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.pathinfo", str2));
        }
        if (queryString != null && !"GET".equalsIgnoreCase(method)) {
            securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.querystring", queryString));
        }
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str3 = (String) headerNames.nextElement();
            securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute(str3, httpServletRequest.getHeader(str3)));
        }
        if (contentType != null) {
            securedServiceHttpRequest.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute("Content-Type", contentType));
        }
        securedServiceHttpRequest.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute("Content-Charset", characterEncoding));
        securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.ip", httpServletRequest.getRemoteAddr()));
        securedServiceHttpRequest.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute("X-Forwarded-For", httpServletRequest.getRemoteAddr()));
        String header = httpServletRequest.getHeader("Referer");
        if (header != null && header.length() > 0) {
            securedServiceHttpRequest.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute("Referer", header));
        }
        securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.service.baseurl", str));
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null && cookies.length > 0) {
            securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.cookies", cookies));
        }
        securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.httpservletrequest", httpServletRequest));
        securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.httpservletresponse", httpServletResponse));
        securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.httpservletcontext", getServletContext()));
        return securedServiceHttpRequest;
    }

    private QueryStringPayload getFullQueryString(HttpServletRequest httpServletRequest) {
        QueryStringPayload queryStringPayload = new QueryStringPayload();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            queryStringPayload.addParameter(str, httpServletRequest.getParameter(str));
        }
        return queryStringPayload;
    }

    private List getPathInfoParts(String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null && str.length() > 0) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "/");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.length() > 0) {
                    arrayList.add(nextToken);
                }
            }
        }
        return arrayList;
    }

    private String buildEnforcementPointPathInfo(List list) {
        int i = isAuthenticationSchemeInServletPath() ? 1 : 2;
        StringBuffer stringBuffer = new StringBuffer(list.size() * 10);
        for (int i2 = i; i2 < list.size(); i2++) {
            stringBuffer.append("/").append(list.get(i2));
        }
        return stringBuffer.toString();
    }

    private String extractEnforcementPointId(List list) {
        return list.size() > 0 ? (String) list.get(0) : "";
    }

    private String extractAuthenticationScheme(List list, String str) {
        if (!isAuthenticationSchemeInServletPath()) {
            return list.size() > 1 ? (String) list.get(1) : "";
        }
        int indexOf = str.indexOf("/", 1);
        return str.substring(1, indexOf > -1 ? indexOf : str.length());
    }

    private String buildServiceURL(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder(str.length() + str2.length() + str3.length());
        if (!isAuthenticationSchemeInServletPath() || str.endsWith(str2)) {
            sb.append(str);
        } else {
            int lastIndexOf = str.lastIndexOf("/");
            if (lastIndexOf > -1) {
                sb.append(str.substring(0, lastIndexOf + 1));
            } else {
                sb.append("/");
            }
            sb.append(str2);
        }
        sb.append("/");
        sb.append(str3);
        if (!isAuthenticationSchemeInServletPath()) {
            sb.append("/").append(str2);
        }
        return sb.toString();
    }

    private String buildNoAuthUrl(String str, String str2) {
        if (this.m_noauthAuthScheme == null || getEnforcementServiceLocator().locate(str2, this.m_noauthAuthScheme) == null) {
            return null;
        }
        return buildServiceURL(str, this.m_noauthAuthScheme, str2);
    }

    private void writeTransferable(Transferable transferable, HttpServletResponse httpServletResponse) {
        addHeader(httpServletResponse, transferable.getAttribute("Content-Type"));
        TransferAttribute attribute = transferable.getAttribute("Content-Encoding");
        boolean z = attribute != null && "gzip".equalsIgnoreCase((String) attribute.getValue());
        if (z) {
            addHeader(httpServletResponse, attribute);
            if (LOG.isDebugEnabled()) {
                LOG.debug("enable <gzip> compression!");
            }
        }
        addHeader(httpServletResponse, transferable.getAttribute("Cookie"));
        writeStream(httpServletResponse, transferable, z);
    }

    private void addHeader(HttpServletResponse httpServletResponse, TransferAttribute transferAttribute) {
        if (transferAttribute == null) {
            return;
        }
        httpServletResponse.addHeader(transferAttribute.getName(), (String) transferAttribute.getValue());
    }

    /* JADX WARN: Removed duplicated region for block: B:40:0x00a4 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:58:0x00cc A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void writeStream(javax.servlet.http.HttpServletResponse r6, org.n52.security.enforcement.artifact.Transferable r7, boolean r8) {
        /*
            r5 = this;
            r0 = 0
            r9 = r0
            r0 = 0
            r10 = r0
            r0 = r8
            if (r0 == 0) goto L1d
            java.util.zip.GZIPOutputStream r0 = new java.util.zip.GZIPOutputStream     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            r1 = r0
            r2 = r6
            javax.servlet.ServletOutputStream r2 = r2.getOutputStream()     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            r3 = 1024(0x400, float:1.435E-42)
            r1.<init>(r2, r3)     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            goto L23
        L1d:
            r0 = r6
            javax.servlet.ServletOutputStream r0 = r0.getOutputStream()     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
        L23:
            r9 = r0
            r0 = r7
            org.n52.security.enforcement.artifact.Payload r0 = r0.getPayload()     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            java.io.InputStream r0 = r0.getAsStream()     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            r10 = r0
            r0 = 1024(0x400, float:1.435E-42)
            byte[] r0 = new byte[r0]     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            r11 = r0
            r0 = -1
            r12 = r0
        L3c:
            r0 = r10
            r1 = r11
            int r0 = r0.read(r1)     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            r1 = r0
            r12 = r1
            r1 = -1
            if (r0 == r1) goto L57
            r0 = r9
            r1 = r11
            r2 = 0
            r3 = r12
            r0.write(r1, r2, r3)     // Catch: java.io.IOException -> L7d java.lang.Throwable -> Lb1
            goto L3c
        L57:
            r0 = r9
            if (r0 == 0) goto L66
            r0 = r9
            r0.flush()     // Catch: java.io.IOException -> L69
            r0 = r9
            r0.close()     // Catch: java.io.IOException -> L69
        L66:
            goto L6b
        L69:
            r11 = move-exception
        L6b:
            r0 = r10
            if (r0 == 0) goto L75
            r0 = r10
            r0.close()     // Catch: java.io.IOException -> L78
        L75:
            goto Ld9
        L78:
            r11 = move-exception
            goto Ld9
        L7d:
            r11 = move-exception
            org.apache.commons.logging.Log r0 = org.n52.security.service.enforcement.EnforcementServiceServlet.LOG     // Catch: java.lang.Throwable -> Lb1
            java.lang.String r1 = "Error while writing service response to stream"
            r2 = r11
            r0.error(r1, r2)     // Catch: java.lang.Throwable -> Lb1
            r0 = r9
            if (r0 == 0) goto L9a
            r0 = r9
            r0.flush()     // Catch: java.io.IOException -> L9d
            r0 = r9
            r0.close()     // Catch: java.io.IOException -> L9d
        L9a:
            goto L9f
        L9d:
            r11 = move-exception
        L9f:
            r0 = r10
            if (r0 == 0) goto La9
            r0 = r10
            r0.close()     // Catch: java.io.IOException -> Lac
        La9:
            goto Ld9
        Lac:
            r11 = move-exception
            goto Ld9
        Lb1:
            r13 = move-exception
            r0 = r9
            if (r0 == 0) goto Lc2
            r0 = r9
            r0.flush()     // Catch: java.io.IOException -> Lc5
            r0 = r9
            r0.close()     // Catch: java.io.IOException -> Lc5
        Lc2:
            goto Lc7
        Lc5:
            r14 = move-exception
        Lc7:
            r0 = r10
            if (r0 == 0) goto Ld1
            r0 = r10
            r0.close()     // Catch: java.io.IOException -> Ld4
        Ld1:
            goto Ld6
        Ld4:
            r14 = move-exception
        Ld6:
            r0 = r13
            throw r0
        Ld9:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.n52.security.service.enforcement.EnforcementServiceServlet.writeStream(javax.servlet.http.HttpServletResponse, org.n52.security.enforcement.artifact.Transferable, boolean):void");
    }

    public void destroy() {
        super.destroy();
        this.m_authProcessorFactories = null;
        this.m_locator = null;
        this.m_noauthAuthScheme = null;
    }
}
