package org.n52.security.service.enforcement;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.util.Enumeration;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.enforcement.artifact.HttpHeaderAttribute;
import org.n52.security.enforcement.artifact.SimpleTransferAttribute;
import org.n52.security.enforcement.artifact.TextualPayload;
import org.n52.security.enforcement.artifact.TransferAttribute;
import org.n52.security.enforcement.artifact.Transferable;
import org.n52.security.enforcement.chain.RequestForward;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.chain.impl.HttpGetRequestForward;
import org.n52.security.enforcement.chain.impl.HttpPostRequestForward;
import org.n52.security.enforcement.chain.impl.HttpRequestForward;
import org.n52.security.enforcement.chain.impl.SecuredServiceHttpRequest;
import org.n52.security.service.authentication.servlet.AuthenticationProcessingException;
import org.n52.security.service.authentication.servlet.AuthenticationProcessorFactory;
import org.n52.security.service.base.ServiceException;
import org.n52.security.service.config.EnforcementPointConfig;
import org.n52.security.service.config.SecurityConfig;
import org.n52.security.service.config.SecurityConfigListener;
import org.n52.security.service.config.ServiceConfig;
import org.n52.security.service.config.support.WebSecurityConfigUtil;
import org.n52.security.service.wss.PolicyEnforcementServiceImpl;

/* loaded from: input_file:org/n52/security/service/enforcement/EnforcementServiceServlet.class */
public class EnforcementServiceServlet extends HttpServlet implements SecurityConfigListener {
    private static final String NOAUTH = "noauth";
    private static final long serialVersionUID = 9085866663075970881L;
    private static final Logger LOG;
    private static final boolean LOG_IS_DEBUG;
    private SecurityConfig m_securityConfig;
    private String m_enfPointConfig;
    private Map m_authProcessorFactories;
    static Class class$org$n52$security$service$enforcement$EnforcementServiceServlet;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.m_securityConfig = WebSecurityConfigUtil.getSecurityConfig(servletConfig.getServletContext());
        this.m_enfPointConfig = servletConfig.getInitParameter("defaultEnforcementServiceConfig");
        if (this.m_enfPointConfig == null || this.m_enfPointConfig.equals("")) {
            this.m_enfPointConfig = "WSS";
        }
        if (getServiceConfig() == null) {
            throw new ServletException("Unable to retrieve service configuration to be used by EnforcementServiceServlet. Neither valid 'defaulEnforcementServiceConfig' servlet init parameter found nor a valid service configuration for default value 'WSS'. EnforcementServiceServlet will be unavailable.");
        }
        if (LOG.isInfoEnabled()) {
            LOG.info(new StringBuffer().append("Initialized generic EnforcementServiceServlet. Using '").append(this.m_enfPointConfig).append("' as config.").toString());
        }
        this.m_authProcessorFactories = (Map) this.m_securityConfig.getPreConfiguredInstance("authenticationProcessorFactories");
        this.m_securityConfig.addSecurityConfigListener(this);
    }

    private ServiceConfig getServiceConfig() {
        return this.m_securityConfig.getServiceConfig(this.m_enfPointConfig);
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Transferable asTransferable;
        String extractAuthenticationScheme = extractAuthenticationScheme(httpServletRequest);
        String extractEnforcementPointId = extractEnforcementPointId(httpServletRequest);
        try {
            AuthenticationProcessorFactory authenticationProcessorFactory = (AuthenticationProcessorFactory) this.m_authProcessorFactories.get(extractAuthenticationScheme);
            if (authenticationProcessorFactory == null) {
                StringBuffer stringBuffer = new StringBuffer();
                if (LOG.isInfoEnabled()) {
                    stringBuffer.append("Authentication scheme '").append(extractAuthenticationScheme).append("' not defined for this service.");
                    LOG.info(stringBuffer.toString());
                }
                httpServletResponse.sendError(404, stringBuffer.toString());
                return;
            }
            if (LOG_IS_DEBUG) {
                LOG.debug(new StringBuffer().append("Authentication by '").append(extractAuthenticationScheme).append("' requested.").toString());
            }
            EnforcementPointConfig enforcementPointConfig = getServiceConfig().getEnforcementPointConfig(extractEnforcementPointId);
            if (enforcementPointConfig == null) {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("No enforcementpoint configuration for id <");
                stringBuffer2.append(extractEnforcementPointId);
                stringBuffer2.append("> found");
                LOG.warn(stringBuffer2.toString());
                httpServletResponse.sendError(404, stringBuffer2.toString());
                return;
            }
            PolicyEnforcementServiceImpl policyEnforcementServiceImpl = (PolicyEnforcementServiceImpl) enforcementPointConfig.getInstance();
            Set set = (Set) enforcementPointConfig.getProperties().get("authenticationSchemes");
            if (set == null || !set.contains(extractAuthenticationScheme)) {
                StringBuffer stringBuffer3 = new StringBuffer();
                stringBuffer3.append("Requested authentication scheme '").append(extractAuthenticationScheme).append("' not supported by enforcement point '").append(extractEnforcementPointId).append("'. Request rejected.");
                LOG.warn(stringBuffer3.toString());
                httpServletResponse.sendError(404, stringBuffer3.toString());
                return;
            }
            if (set.contains(NOAUTH)) {
                String stringBuffer4 = new StringBuffer().append(getServletUrlString(httpServletRequest)).append("/").append(extractEnforcementPointId).toString();
                if (!extractAuthenticationScheme.equals(NOAUTH)) {
                    stringBuffer4 = stringBuffer4.replaceFirst(extractAuthenticationScheme, NOAUTH);
                }
                policyEnforcementServiceImpl.getServiceScopeAttributes().put("noauth.url", stringBuffer4);
            }
            try {
                AuthenticationContext authenticate = authenticationProcessorFactory.getProcessor().authenticate(httpServletRequest, httpServletResponse, getServiceConfig().getAuthenticationService());
                if (!authenticate.isAuthenticated()) {
                    httpServletResponse.sendError(500);
                    throw new AuthenticationProcessingException("AuthenticationProcessor returned AuthenticationContext in state 'not logged in'.");
                }
                try {
                    asTransferable = enforce(httpServletRequest, authenticate, policyEnforcementServiceImpl);
                } catch (ServiceException e) {
                    asTransferable = e.getAsTransferable();
                }
                writeTransferable(asTransferable, httpServletResponse);
            } catch (AuthenticationProcessingException e2) {
                if (LOG.isInfoEnabled()) {
                    LOG.info(new StringBuffer().append("Error processing authentication information: ").append(e2.getMessage()).toString());
                }
            }
        } catch (ClassCastException e3) {
            LOG.warn(new StringBuffer().append("AuthenticationProcessorFactory found under key '").append(extractAuthenticationScheme).append("' has invalid type. Please check configuration.").toString(), e3);
            httpServletResponse.sendError(500);
        }
    }

    private Transferable enforce(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, PolicyEnforcementServiceImpl policyEnforcementServiceImpl) throws ServiceException, IOException {
        return policyEnforcementServiceImpl.doService("1.1", buildSecuredServiceRequest(httpServletRequest, policyEnforcementServiceImpl), authenticationContext);
    }

    private SecuredServiceRequest buildSecuredServiceRequest(HttpServletRequest httpServletRequest, PolicyEnforcementServiceImpl policyEnforcementServiceImpl) throws IOException {
        TextualPayload textualPayload;
        RequestForward httpGetRequestForward;
        String method = httpServletRequest.getMethod();
        if (!method.equals("GET") && !method.equals("POST")) {
            throw new IllegalArgumentException("HTTP method of request must either be 'POST' or 'GET'");
        }
        URL url = new URL(policyEnforcementServiceImpl.getEndpoint());
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null || characterEncoding.equals("")) {
            characterEncoding = "utf-8";
        }
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            try {
                queryString = URLDecoder.decode(queryString, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                LOG.warn("Could not decode query string parameter as UTF-8. Setting query string to empty string", e);
                queryString = "";
            }
        }
        if (method.equals("POST")) {
            textualPayload = new TextualPayload(httpServletRequest.getInputStream(), characterEncoding);
            httpGetRequestForward = new HttpPostRequestForward(url, "");
        } else {
            textualPayload = new TextualPayload(queryString, characterEncoding);
            httpGetRequestForward = new HttpGetRequestForward(url, "");
        }
        SecuredServiceHttpRequest securedServiceHttpRequest = new SecuredServiceHttpRequest(textualPayload, httpGetRequestForward);
        String enforcementPointPathInfo = getEnforcementPointPathInfo(httpServletRequest);
        if (enforcementPointPathInfo != null) {
            securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.pathinfo", enforcementPointPathInfo));
        }
        if (queryString != null && !method.equals("GET")) {
            securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.querystring", queryString));
        }
        securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute("request.ip", httpServletRequest.getRemoteAddr()));
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            securedServiceHttpRequest.addAttribute(new SimpleTransferAttribute(str, httpServletRequest.getHeader(str)));
        }
        String contentType = httpServletRequest.getContentType();
        if (contentType != null) {
            securedServiceHttpRequest.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute("Content-Type", contentType));
        }
        securedServiceHttpRequest.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute("Content-Encoding", characterEncoding));
        securedServiceHttpRequest.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute("X-Forwarded-For", httpServletRequest.getRemoteAddr()));
        setFacadeUrlToServletUrl(securedServiceHttpRequest, httpServletRequest);
        return securedServiceHttpRequest;
    }

    private void setFacadeUrlToServletUrl(SecuredServiceRequest securedServiceRequest, HttpServletRequest httpServletRequest) {
        String servletUrlString = getServletUrlString(httpServletRequest);
        String stringBuffer = new StringBuffer().append(servletUrlString).append("/").append(extractEnforcementPointId(httpServletRequest)).toString();
        HttpRequestForward httpRequestForward = (HttpRequestForward) securedServiceRequest.getForward();
        if (httpRequestForward.getFacadeUrl() == null || httpRequestForward.getFacadeUrl().length() == 0) {
            httpRequestForward.setFacadeUrl(stringBuffer);
        }
        securedServiceRequest.addAttribute(new SimpleTransferAttribute("request.service.baseurl", stringBuffer));
    }

    protected String getServletUrlString(HttpServletRequest httpServletRequest) {
        return getServletUrl(httpServletRequest).toExternalForm();
    }

    protected URL getServletUrl(HttpServletRequest httpServletRequest) {
        try {
            return new URL(httpServletRequest.getScheme(), httpServletRequest.getServerName(), httpServletRequest.getServerPort(), new StringBuffer().append(httpServletRequest.getContextPath()).append(httpServletRequest.getServletPath()).toString());
        } catch (MalformedURLException e) {
            throw new IllegalStateException(new StringBuffer().append("Servlet URL can't be created: ").append(e).toString());
        }
    }

    private String getEnforcementPointPathInfo(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer(pathInfo);
        int i = 0;
        while (stringBuffer.charAt(i) == '/' && i < stringBuffer.length()) {
            i++;
        }
        int indexOf = stringBuffer.indexOf("/", i + 1);
        if (indexOf <= 1) {
            return "";
        }
        if (indexOf > stringBuffer.length()) {
            return null;
        }
        return stringBuffer.substring(indexOf);
    }

    private String extractEnforcementPointId(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer(pathInfo);
        while (stringBuffer.charAt(0) == '/') {
            stringBuffer.deleteCharAt(0);
        }
        int indexOf = stringBuffer.indexOf("/");
        return indexOf > 1 ? stringBuffer.substring(0, indexOf) : stringBuffer.toString();
    }

    private String extractAuthenticationScheme(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getServletPath());
        while (stringBuffer.charAt(0) == '/') {
            stringBuffer.deleteCharAt(0);
        }
        int indexOf = stringBuffer.indexOf("/");
        return indexOf != -1 ? stringBuffer.substring(0, indexOf) : stringBuffer.toString();
    }

    private void writeTransferable(Transferable transferable, HttpServletResponse httpServletResponse) {
        addHeader(httpServletResponse, transferable.getAttribute("Content-Type"));
        addHeader(httpServletResponse, transferable.getAttribute("Content-Encoding"));
        addHeader(httpServletResponse, transferable.getAttribute("Cookie"));
        writeStream(httpServletResponse, transferable);
    }

    private void addHeader(HttpServletResponse httpServletResponse, TransferAttribute transferAttribute) {
        if (transferAttribute == null) {
            return;
        }
        httpServletResponse.addHeader(transferAttribute.getName(), (String) transferAttribute.getValue());
    }

    private void writeStream(HttpServletResponse httpServletResponse, Transferable transferable) {
        OutputStream outputStream = null;
        InputStream inputStream = null;
        try {
            try {
                outputStream = httpServletResponse.getOutputStream();
                inputStream = transferable.getPayload().getAsStream();
                byte[] bArr = new byte[256];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        outputStream.write(bArr, 0, read);
                    }
                }
                try {
                    outputStream.flush();
                    outputStream.close();
                } catch (IOException e) {
                }
                try {
                    inputStream.close();
                } catch (IOException e2) {
                }
            } catch (IOException e3) {
                LOG.error("Error !!!", e3);
                try {
                    outputStream.flush();
                    outputStream.close();
                } catch (IOException e4) {
                }
                try {
                    inputStream.close();
                } catch (IOException e5) {
                }
            }
        } catch (Throwable th) {
            try {
                outputStream.flush();
                outputStream.close();
            } catch (IOException e6) {
            }
            try {
                inputStream.close();
            } catch (IOException e7) {
            }
            throw th;
        }
    }

    @Override // org.n52.security.service.config.SecurityConfigListener
    public synchronized void configurationChanged(SecurityConfig securityConfig) {
        this.m_securityConfig = securityConfig;
        this.m_authProcessorFactories = (Map) this.m_securityConfig.getPreConfiguredInstance("authenticationProcessorFactories");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$enforcement$EnforcementServiceServlet == null) {
            cls = class$("org.n52.security.service.enforcement.EnforcementServiceServlet");
            class$org$n52$security$service$enforcement$EnforcementServiceServlet = cls;
        } else {
            cls = class$org$n52$security$service$enforcement$EnforcementServiceServlet;
        }
        LOG = Logger.getLogger(cls);
        LOG_IS_DEBUG = LOG.isDebugEnabled();
    }
}
