package org.n52.security.service.authentication.servlet;

import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.AuthenticationFailedException;
import org.n52.security.authentication.AuthenticationService;
import org.n52.security.authentication.SAML2Credential;
import org.n52.security.authentication.callbacks.CredentialsCallbackHandler;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMParserException;
import org.n52.security.common.xml.DOMParserOptions;
import org.n52.security.common.xml.XMLPathCtx;
import org.safehaus.uuid.UUIDGenerator;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/service/authentication/servlet/SAMLECPAuthenticationProcessor.class */
public class SAMLECPAuthenticationProcessor implements AuthenticationProcessor {
    private SessionService sessionService;
    private final String SAML_ECP_MIMETYPE = "application/vnd.paos+xml";
    private final String PAOS_VERSION = "urn:liberty:paos:2003-08";
    private final String SAML_ECP_URI = "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
    private XMLPathCtx xmlCtx = XMLPathCtx.createNew().addNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol").addNamespace("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/").addNamespace("paos", "urn:liberty:paos:2003-08");

    public SAMLECPAuthenticationProcessor(SessionService sessionService) {
        this.sessionService = sessionService;
    }

    public AuthenticationContext authenticate(ServletRequestResponseContext servletRequestResponseContext, AuthenticationService authenticationService) throws AuthenticationException {
        String header;
        HttpServletRequest request = servletRequestResponseContext.getRequest();
        HttpServletResponse response = servletRequestResponseContext.getResponse();
        HttpSession session = request.getSession();
        if (session.isNew()) {
            String id = session.getId();
            String header2 = request.getHeader("Accept");
            if (header2 != null && header2.contains("application/vnd.paos+xml") && (header = request.getHeader("PAOS")) != null && header.contains("urn:liberty:paos:2003-08") && header.contains("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp")) {
                this.sessionService.addSession(new Session(id, request));
                setResponse(buildAuthRequest(request, id), response);
                throw new AuthenticationFailedException("Initial ECP request");
            }
        } else if (this.sessionService.getSession(session.getId()) != null) {
            try {
                Node sAMLResponse = getSAMLResponse(request.getInputStream());
                if (sAMLResponse == null) {
                    return authenticationService.createAuthenticationContext();
                }
                AuthenticationContext login = authenticationService.login(new CredentialsCallbackHandler().add(new SAML2Credential((Element) sAMLResponse)));
                this.sessionService.getSession(request.getSession().getId()).getRequest();
                return login;
            } catch (IOException e) {
                throw new AuthenticationFailedException("can't get servlet InputStream");
            }
        }
        return authenticationService.createAuthenticationContext();
    }

    private Node getSAMLResponse(InputStream inputStream) {
        try {
            return this.xmlCtx.findIn(DOMParser.createNew(DOMParserOptions.getDefault()).parse(new InputSource(inputStream))).node("/SOAP-ENV:Envelope/SOAP-ENV:Body/samlp:Response").get();
        } catch (DOMParserException e) {
            return null;
        }
    }

    private void setResponse(String str, HttpServletResponse httpServletResponse) {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            writer.append((CharSequence) str);
            writer.flush();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private String buildAuthRequest(HttpServletRequest httpServletRequest, String str) {
        String servletPath = httpServletRequest.getServletPath();
        return "<S:Envelope xmlns:S=\"http://schemas.xmlsoap.org/soap/envelope/\"> <S:Header> <paos:Request xmlns:paos=\"urn:liberty:paos:2003-08\"          S:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"    S:mustUnderstand=\"1\"      responseConsumerURL=\" " + servletPath + "\"      service=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\" />   <ecp:Request xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"            IsPassive=\"0\"        S:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"        S:mustUnderstand=\"1\">    <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">   https://esdin.edina.ac.uk/sp/shibboleth</saml:Issuer>  </ecp:Request>  <ecp:RelayState xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"            S:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"       S:mustUnderstand=\"1\">           cookie:" + str + "</ecp:RelayState>  </S:Header>  <S:Body>  <samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"                  AssertionConsumerServiceURL=\" " + servletPath + "\"         ID=\"_ " + UUIDGenerator.getInstance().generateRandomBasedUUID().toString() + "\"        IssueInstant=\"2010-10-14T10:01:30Z\"      ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:PAOS\"        Version=\"2.0\">    <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">     https://esdin.edina.ac.uk/sp/shibboleth</saml:Issuer>   <samlp:NameIDPolicy AllowCreate=\"1\" />    </samlp:AuthnRequest>  </S:Body> </S:Envelope> ";
    }
}
