package org.n52.security.service.authentication.servlet;

import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.AuthenticationService;
import org.n52.security.authentication.AuthenticationTerminationException;
import org.n52.security.authentication.Credential;
import org.n52.security.authentication.CredentialFactory;
import org.n52.security.authentication.SessionIDCredential;
import org.n52.security.authentication.callbacks.CredentialsCallbackHandler;
import org.n52.security.common.artifact.ServiceException;
import org.n52.security.common.artifact.TransferableFactory;
import org.n52.security.common.util.TransferableServletWriter;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMParserException;
import org.n52.security.common.xml.DocumentTraverser;
import org.n52.security.common.xml.DocumentVisitorAdapter;
import org.n52.security.service.enforcement.EnforcementServiceRequest;
import org.n52.security.service.enforcement.WSSRequestUrlFactory;
import org.n52.security.service.session.SessionClosedException;
import org.n52.security.service.session.SessionException;
import org.n52.security.service.session.SessionExpiredException;
import org.n52.security.service.session.SessionInfo;
import org.n52.security.service.session.SessionService;
import org.n52.security.service.session.UnknownSessionException;
import org.n52.security.service.wss.PolicyEnforcementServiceImpl;
import org.n52.security.service.wss.PolicyEnforcementServiceLocator;
import org.n52.security.service.wss.WSSCapabilitiesDocument;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.CDATASection;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/service/authentication/servlet/WSSAuthenticationProcessor.class */
public class WSSAuthenticationProcessor implements AuthenticationProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(WSSAuthenticationProcessor.class);
    private HttpServletRequest m_servletRequest;
    private HttpServletResponse m_servletResponse;
    private Map<String, String> m_wssParams;
    private String m_wssParamOperation;
    private String m_wssParamService;
    private String m_wssParamVersion;
    private AuthenticationService m_authenticationService;
    private SessionService m_sessionService;
    private WSSCapabilitiesDocument m_wssCapabilities;
    private PolicyEnforcementServiceLocator m_policyEnforcementServiceLocator;
    private EnforcementServiceRequest m_wssRequestUrl;
    private WSSRequestUrlFactory m_wssRequestUrlFactory;

    public AuthenticationContext authenticate(ServletRequestResponseContext servletRequestResponseContext, AuthenticationService authenticationService) throws AuthenticationException {
        this.m_servletRequest = servletRequestResponseContext.getRequest();
        this.m_servletResponse = servletRequestResponseContext.getResponse();
        this.m_wssRequestUrl = getWssRequestUrlFactory().getInstance(this.m_servletRequest);
        this.m_authenticationService = authenticationService;
        try {
            assertMatchingEnforcementService();
            assertHttpPostOrGet();
            initWSSProtocolParameters();
            extractWssParamOperation();
            extractWssParamService();
            extractWssParamVersion();
            if (wssParamOperationNotNull()) {
                LOG.debug("Missing REQUEST parameter");
                return this.m_authenticationService.createAuthenticationContext();
            }
            AuthenticationContext handleWSSOperation = handleWSSOperation();
            servletRequestResponseContext.setRequest(wrapServletRequest(this.m_servletRequest));
            return handleWSSOperation;
        } catch (ServiceException e) {
            new TransferableServletWriter(e.getAsTransferable()).write(this.m_servletResponse);
            return null;
        }
    }

    public void assertMatchingEnforcementService() {
        if (getPolicyEnforcementService() == null) {
            String format = String.format("No enforcement point configuration for id <%s> found", this.m_wssRequestUrl.getEnforcementPointId());
            try {
                this.m_servletResponse.sendError(404, format);
                throw new AuthenticationTerminationException(format);
            } catch (IOException e) {
                throw new IllegalStateException(e);
            }
        }
    }

    private WSSHttpServletRequest wrapServletRequest(HttpServletRequest httpServletRequest) {
        return WSSHttpServletRequest.build(httpServletRequest, this.m_wssParams);
    }

    private void assertHttpPostOrGet() throws ServiceException {
        String method = this.m_servletRequest.getMethod();
        if (!"GET".equalsIgnoreCase(method) && !"POST".equalsIgnoreCase(method)) {
            throw new ServiceException("HTTP Method <" + method + " > not allowed. Use <POST> or <GET>.", method);
        }
    }

    private AuthenticationContext handleWSSOperation() throws ServiceException {
        if ("GetCapabilities".equalsIgnoreCase(this.m_wssParamOperation)) {
            this.m_wssCapabilities.setSecuredServiceType(getPolicyEnforcementService().getEndpointType());
            this.m_wssCapabilities.setLicensePrecondition(getPolicyEnforcementService().getLicensePrecondition());
            this.m_wssCapabilities.changeOperationUrls(this.m_wssRequestUrl.buildServiceUrl());
            try {
                new TransferableServletWriter(TransferableFactory.getInstance().createStreamTransferable("text/xml", this.m_wssCapabilities.getStream(), "utf-8")).write(this.m_servletResponse);
                throw new AuthenticationTerminationException("Returning WSS GetCapabilities response.");
            } catch (IOException e) {
                throw new ServiceException("Could not create capabilities document", "ServiceError", e);
            }
        }
        if ("GetSession".equalsIgnoreCase(this.m_wssParamOperation)) {
            String authMethodParam = getAuthMethodParam();
            String str = this.m_wssParams.get(WSSRequestContext.PARAM_CREDENTIALS);
            if (authMethodParam == null || str == null) {
                throw new ServiceException("CREDENTIALS and AUTHMETHOD (v1.1) must be provided.", "InvalidFormat");
            }
            new TransferableServletWriter(this.m_sessionService.createSession(login(CredentialFactory.getDefaultFactory().decode(authMethodParam, str))).getAsTransferable()).write(this.m_servletResponse);
            throw new AuthenticationTerminationException("Returning WSS GetSession response.");
        }
        if (!"CloseSession".equalsIgnoreCase(this.m_wssParamOperation)) {
            if (!"DoService".equalsIgnoreCase(this.m_wssParamOperation)) {
                throw new ServiceException("Operation <" + this.m_wssParamOperation + "> unknown. Please use one of <GetCapabilities>, <GetSession>, <CloseSession>, <DoService>.", "InvalidFormat");
            }
            String str2 = this.m_wssParams.get(WSSRequestContext.PARAM_SESSIONID);
            String str3 = this.m_wssParams.get(WSSRequestContext.PARAM_CREDENTIALS);
            String authMethodParam2 = getAuthMethodParam();
            return login((authMethodParam2 != null || str2 == null) ? CredentialFactory.getDefaultFactory().decode(authMethodParam2, str3) : CredentialFactory.getDefaultFactory().decode("urn:opengeospatial:authNMethod:OWS:1.0:session", str2));
        }
        String str4 = this.m_wssParams.get(WSSRequestContext.PARAM_SESSIONID);
        if (str4 == null || str4.length() == 0) {
            throw new ServiceException("Parameter SESSIONID must be specified.", "InvalidFormat");
        }
        sessionLogout(str4);
        new TransferableServletWriter(TransferableFactory.getInstance().createTextualTransferable("text/plain", "success", "UTF-8")).write(this.m_servletResponse);
        throw new AuthenticationTerminationException("Returning WSS CloseSession response.");
    }

    public String getAuthMethodParam() {
        String str = this.m_wssParams.get(WSSRequestContext.PARAM_AUTHMETHOD);
        return str == null ? this.m_wssParams.get(WSSRequestContext.PARAM_METHOD) : str;
    }

    private boolean wssParamOperationNotNull() {
        return this.m_wssParamOperation == null || this.m_wssParamOperation.length() == 0;
    }

    private void extractWssParamVersion() {
        this.m_wssParamVersion = this.m_wssParams.get(WSSRequestContext.PARAM_VERSION);
    }

    private void extractWssParamService() throws ServiceException {
        this.m_wssParamService = this.m_wssParams.get(WSSRequestContext.PARAM_SERVICE);
        if (this.m_wssParamService == null) {
            LOG.warn("Missing SERVICE parameter. Assuming 'WSS'.");
        } else if (!"WSS".equalsIgnoreCase(this.m_wssParamService)) {
            throw new ServiceException("Invalid SERVICE parameter <" + this.m_wssParamService + ">.", "InvalidFormat");
        }
    }

    private void extractWssParamOperation() {
        this.m_wssParamOperation = this.m_wssParams.get(WSSRequestContext.PARAM_REQUEST);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Processing WSS operation  <" + this.m_wssParamOperation + ">");
        }
    }

    private void initWSSProtocolParameters() throws DOMParserException, ServiceException {
        try {
            this.m_wssParams = initWSSRequestContext(this.m_servletRequest);
        } catch (IOException e) {
            LOG.error("Error reading WSS request", e);
            throw new ServiceException("Error processing WSS request", "ServiceError");
        }
    }

    private AuthenticationContext login(Credential credential) throws ServiceException {
        AuthenticationContext login;
        if (credential instanceof SessionIDCredential) {
            login = loginSessionId((SessionIDCredential) credential);
        } else {
            try {
                login = this.m_authenticationService.login(new CredentialsCallbackHandler().add(credential));
            } catch (AuthenticationException e) {
                LOG.warn("Login failed for credentials " + credential);
                throw new ServiceException(e.getMessage(), "AuthenticationFailed");
            }
        }
        return login;
    }

    private AuthenticationContext loginSessionId(SessionIDCredential sessionIDCredential) throws ServiceException {
        try {
            SessionInfo session = this.m_sessionService.getSession(sessionIDCredential.getSessionId());
            AuthenticationContext authenticationContext = session.getAuthenticationContext();
            if (authenticationContext != null && authenticationContext.isAuthenticated()) {
                this.m_sessionService.touchSession(session.getId());
            }
            return authenticationContext;
        } catch (SessionExpiredException e) {
            throw new ServiceException("Session expired, please reauthenticate.", "SessionExpired");
        } catch (SessionClosedException e2) {
            throw new ServiceException("Session already closed.", "InvalidSessionID");
        } catch (UnknownSessionException e3) {
            throw new ServiceException("No matching session found. Session may already be closed.", "InvalidSessionID");
        }
    }

    private void sessionLogout(String str) throws ServiceException {
        try {
            try {
                AuthenticationContext authenticationContext = this.m_sessionService.closeSession(str).getAuthenticationContext();
                if (authenticationContext != null) {
                    this.m_authenticationService.logout(authenticationContext);
                }
            } catch (AuthenticationException e) {
                LOG.warn("logout failed during close session request", e);
            }
        } catch (SessionException e2) {
            throw new ServiceException("Invalid Session. Session may already be closed.", "InvalidSessionID", e2);
        }
    }

    private Map<String, String> initWSSRequestContext(HttpServletRequest httpServletRequest) throws DOMParserException, IOException {
        String method = httpServletRequest.getMethod();
        String contentType = httpServletRequest.getContentType();
        if ("GET".equalsIgnoreCase(method)) {
            return readParamsFromForm();
        }
        if ("POST".equalsIgnoreCase(method)) {
            return (contentType == null || !contentType.contains("x-www-form")) ? readParamsFromXML() : readParamsFromForm();
        }
        throw new RuntimeException("Unsupported HTTP request method <" + method + ">");
    }

    private Map<String, String> readParamsFromForm() {
        HashMap hashMap = new HashMap();
        Enumeration parameterNames = this.m_servletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            hashMap.put(str.toUpperCase(), this.m_servletRequest.getParameter(str));
        }
        return hashMap;
    }

    private Map<String, String> readParamsFromXML() throws DOMParserException, IOException {
        final HashMap hashMap = new HashMap();
        final Element documentElement = DOMParser.createNew().parse(new InputSource((InputStream) this.m_servletRequest.getInputStream())).getDocumentElement();
        hashMap.put(WSSRequestContext.PARAM_REQUEST, documentElement.getLocalName());
        new DocumentTraverser().traverseDepthFirst(documentElement, new DocumentVisitorAdapter() { // from class: org.n52.security.service.authentication.servlet.WSSAuthenticationProcessor.1
            public void visit(Text text) {
                if (text.getParentNode().equals(documentElement)) {
                    return;
                }
                hashMap.put(text.getParentNode().getLocalName().toUpperCase(), text.getNodeValue());
            }

            public void visit(CDATASection cDATASection) {
                hashMap.put(cDATASection.getParentNode().getLocalName().toUpperCase(), cDATASection.getWholeText());
            }

            public void visit(Attr attr) {
                if (attr.getPrefix() == null || !attr.getPrefix().equals("xmlns")) {
                    String localName = attr.getLocalName();
                    hashMap.put(localName.toUpperCase(), attr.getNodeValue());
                }
            }
        });
        return hashMap;
    }

    public void setSessionService(SessionService sessionService) {
        this.m_sessionService = sessionService;
    }

    public SessionService getSessionService() {
        return this.m_sessionService;
    }

    public void setWssCapabilities(WSSCapabilitiesDocument wSSCapabilitiesDocument) {
        this.m_wssCapabilities = wSSCapabilitiesDocument;
    }

    public WSSCapabilitiesDocument getWssCapabilities() {
        return this.m_wssCapabilities;
    }

    private PolicyEnforcementServiceImpl getPolicyEnforcementService() {
        return getPolicyEnforcementServiceLocator().locate(this.m_wssRequestUrl.getEnforcementPointId());
    }

    public void setPolicyEnforcementServiceLocator(PolicyEnforcementServiceLocator policyEnforcementServiceLocator) {
        this.m_policyEnforcementServiceLocator = policyEnforcementServiceLocator;
    }

    public PolicyEnforcementServiceLocator getPolicyEnforcementServiceLocator() {
        return this.m_policyEnforcementServiceLocator;
    }

    public void setWssRequestUrlFactory(WSSRequestUrlFactory wSSRequestUrlFactory) {
        this.m_wssRequestUrlFactory = wSSRequestUrlFactory;
    }

    public WSSRequestUrlFactory getWssRequestUrlFactory() {
        return this.m_wssRequestUrlFactory;
    }
}
