package org.n52.security.apps.wscweb.struts;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.n52.security.apps.wscweb.FacadeGlobals;
import org.n52.security.authentication.LicenseReference;
import org.n52.security.authentication.SAMLCredential;
import org.n52.security.authentication.SAMLTicket;
import org.n52.security.authentication.principals.UsernameIDPrincipal;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMSerializer;
import org.n52.security.service.base.ServiceException;
import org.n52.security.service.facade.ExpirationConstraint;
import org.n52.security.service.facade.Facade;
import org.n52.security.service.facade.FacadeDispatcher;
import org.n52.security.service.facade.FacadeTools;
import org.n52.security.service.facade.IPFilterConstraint;
import org.n52.security.service.facade.ip.IPRangeStringUtils;
import org.n52.security.service.wss.capabilities.SupportedAuthenticationMethod;
import org.n52.security.service.wss.client.WSSSecurityClient;
import org.n52.security.service.wss.precondition.IdentifyPreconditionHandler;
import org.n52.security.service.wss.precondition.LicenseReferencePreconditionHandler;
import org.safehaus.uuid.UUIDGenerator;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/apps/wscweb/struts/SSOLoginAction.class */
public class SSOLoginAction extends FacadeAction {
    private static Logger sLogger;
    static Class class$org$n52$security$apps$wscweb$struts$SSOLoginAction;
    static Class class$org$n52$security$authentication$principals$UsernameIDPrincipal;

    private Element sendRequest(String str, String str2) throws IOException, ServiceException {
        URLConnection openConnection = new URL(str).openConnection();
        openConnection.setDoOutput(true);
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(openConnection.getOutputStream());
        outputStreamWriter.write(str2);
        outputStreamWriter.flush();
        return createDocumentFromInputStream(openConnection.getInputStream());
    }

    private Element createDocumentFromInputStream(InputStream inputStream) throws ServiceException {
        try {
            return DOMParser.createNew().parse(new InputSource(inputStream)).getDocumentElement();
        } catch (Exception e) {
            throw new ServiceException("ServiceError", e.getMessage());
        }
    }

    private String getLicenseReferencesAsString(Element element) {
        StringBuffer stringBuffer = new StringBuffer();
        NodeList childNodes = element.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            if (childNodes.item(0).getNodeType() == 1) {
                stringBuffer.append(DOMSerializer.createNew().serializeToString(childNodes.item(i)));
                if (i < childNodes.getLength() - 1) {
                    stringBuffer.append("\n");
                }
            }
        }
        return stringBuffer.toString();
    }

    private void checkForErrors(Element element) throws ServiceException {
        try {
            String str = "undefined";
            if (element.getNodeName().equals("ExceptionReport")) {
                NodeList childNodes = element.getChildNodes();
                int i = 0;
                while (true) {
                    if (i >= childNodes.getLength()) {
                        break;
                    }
                    if (childNodes.item(i).getNodeType() == 1) {
                        NodeList childNodes2 = childNodes.item(i).getChildNodes();
                        int i2 = 0;
                        while (true) {
                            if (i2 >= childNodes2.getLength()) {
                                break;
                            }
                            if (childNodes2.item(i2).getNodeType() == 1) {
                                str = childNodes2.item(i2).getTextContent();
                                break;
                            }
                            i2++;
                        }
                    } else {
                        i++;
                    }
                }
                throw new ServiceException(str, "ServiceError");
            }
        } catch (Exception e) {
            throw new ServiceException(e.getMessage(), "ServiceError");
        }
    }

    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        Class cls;
        String name;
        WSSSecurityClient wSSSecurityClient;
        SSOLoginForm sSOLoginForm = (SSOLoginForm) actionForm;
        FacadeDispatcher facadeService = getFacadeService();
        String wssURL = sSOLoginForm.getWssURL();
        String str = "";
        if (wssURL != null && wssURL.length() > 0 && wssURL.indexOf("/WSS/") > -1) {
            int lastIndexOf = wssURL.lastIndexOf("/WSS/") + 4;
            str = wssURL.substring(lastIndexOf);
            wssURL = wssURL.substring(0, lastIndexOf);
        }
        String ticket = sSOLoginForm.getTicket();
        String facadeName = sSOLoginForm.getFacadeName();
        String iPFilter = sSOLoginForm.getIPFilter();
        String licenseReference = sSOLoginForm.getLicenseReference();
        boolean z = (iPFilter == null || iPFilter.equals("")) ? false : true;
        SAMLTicket sAMLTicket = new SAMLTicket(new String(Base64.decodeBase64(ticket.getBytes()), "UTF-8"));
        SAMLCredential sAMLCredential = new SAMLCredential(sAMLTicket);
        Subject asSubject = sAMLTicket.asSubject();
        if (class$org$n52$security$authentication$principals$UsernameIDPrincipal == null) {
            cls = class$("org.n52.security.authentication.principals.UsernameIDPrincipal");
            class$org$n52$security$authentication$principals$UsernameIDPrincipal = cls;
        } else {
            cls = class$org$n52$security$authentication$principals$UsernameIDPrincipal;
        }
        Set principals = asSubject.getPrincipals(cls);
        if (principals.size() < 1) {
            sLogger.warn("Could not get username from SAML ticket.");
            name = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
        } else {
            if (principals.size() > 1) {
                sLogger.warn("Found more than one username attribute in saml ticket. Selection will be undetermined");
            }
            name = ((UsernameIDPrincipal) principals.iterator().next()).getName();
        }
        if (sLogger.isDebugEnabled()) {
            sLogger.debug(new StringBuffer().append("Prepending ").append(name).append(" to facade name").toString());
        }
        String stringBuffer = new StringBuffer().append(name).append("-").append(facadeName).toString();
        PrintWriter writer = httpServletResponse.getWriter();
        try {
            SupportedAuthenticationMethod selectAuthenticationMethod = FacadeTools.selectAuthenticationMethod(new URL(wssURL), "urn:opengeospatial:authNMethod:OWS:1.0:wauthns", sAMLCredential, "urn:opengeospatial:authNMethod:OWS:1.0:samlresponse");
            wSSSecurityClient = new WSSSecurityClient(new URL(wssURL));
            IdentifyPreconditionHandler identifyPreconditionHandler = wSSSecurityClient.getIdentifyPreconditionHandler();
            identifyPreconditionHandler.setCredential(sAMLCredential);
            identifyPreconditionHandler.setSelectedAuthnMethod(selectAuthenticationMethod);
            identifyPreconditionHandler.setCredentialFormat("urn:opengeospatial:authNMethod:OWS:1.0:samlresponse");
        } catch (ServiceException e) {
            sLogger.info(new StringBuffer().append("Facade creation failed for WSS ").append(wssURL).append(", gatename ").append(stringBuffer).append(" SAML ticket ").append(ticket).toString(), e);
            writer.write(new StringBuffer().append("<SSOLoginResponse status=\"failed\">").append(e.getErrorCode()).append(": ").append(e.getMessage()).append("</SSOLoginResponse>").toString());
            writer.flush();
            writer.close();
            httpServletResponse.flushBuffer();
            return null;
        }
        if (wSSSecurityClient.hasLicensePrecondition()) {
            LicenseReferencePreconditionHandler licenseReferencePreconditionHandler = wSSSecurityClient.getLicenseReferencePreconditionHandler();
            if (licenseReference == null || licenseReference.length() == 0) {
                String obj = licenseReferencePreconditionHandler.getPrecondition().getParams().get("wss.license.sso.url").toString();
                try {
                    Element sendRequest = sendRequest(obj, new StringBuffer().append(new StringBuffer().append(URLEncoder.encode("WSS", "UTF-8")).append("=").append(URLEncoder.encode(wssURL, "UTF-8")).toString()).append("&").append(URLEncoder.encode("ticket", "UTF-8")).append("=").append(URLEncoder.encode(sAMLTicket.asBase64String().replaceAll("\r\n", "").trim(), "UTF-8")).toString());
                    checkForErrors(sendRequest);
                    String licenseReferencesAsString = getLicenseReferencesAsString(sendRequest);
                    StringBuffer stringBuffer2 = new StringBuffer();
                    stringBuffer2.append("<SSOLoginResponse ").append("xmlns=\"http://tempuri.org/52north/facade/response\" status=\"license_required\">");
                    stringBuffer2.append(licenseReferencesAsString);
                    stringBuffer2.append("</SSOLoginResponse>");
                    writer.write(stringBuffer2.toString());
                    writer.flush();
                    writer.close();
                    httpServletResponse.flushBuffer();
                    return null;
                } catch (MalformedURLException e2) {
                    sLogger.error(new StringBuffer().append("Error while retrieving license references from ").append(obj).append("!").toString(), e2);
                    throw new ServiceException(e2.getMessage(), "ServiceError", e2);
                } catch (IOException e3) {
                    sLogger.error(new StringBuffer().append("Error while retrieving license references from ").append(obj).append("!").toString(), e3);
                    throw new ServiceException(e3.getMessage(), "ServiceError", e3);
                }
            }
            try {
                licenseReferencePreconditionHandler.setLicenseReference(LicenseReference.createFrom(licenseReference));
            } catch (Exception e4) {
                sLogger.error("Error while creating license reference from Base64 encoded String!", e4);
                throw new ServiceException(e4.getMessage(), "ServiceError", e4);
            }
            sLogger.info(new StringBuffer().append("Facade creation failed for WSS ").append(wssURL).append(", gatename ").append(stringBuffer).append(" SAML ticket ").append(ticket).toString(), e);
            writer.write(new StringBuffer().append("<SSOLoginResponse status=\"failed\">").append(e.getErrorCode()).append(": ").append(e.getMessage()).append("</SSOLoginResponse>").toString());
            writer.flush();
            writer.close();
            httpServletResponse.flushBuffer();
            return null;
        }
        Facade facade = new Facade(stringBuffer, wSSSecurityClient);
        facade.addFacadeConstraint(new ExpirationConstraint(facadeService.getDefaultFacadeTimeout()));
        if (str != null && str.length() > 0) {
            facade.setPathInfo(str);
        }
        IPFilterConstraint iPFilterConstraint = new IPFilterConstraint(z);
        iPFilterConstraint.addIPRanges(IPRangeStringUtils.parseRanges(iPFilter, ","));
        facade.addFacadeConstraint(iPFilterConstraint);
        facadeService.addFacade(facade);
        String stringBuffer3 = new StringBuffer().append(httpServletRequest.getRequestURL().substring(0, httpServletRequest.getRequestURL().lastIndexOf("/"))).append(getServlet().getServletContext().getInitParameter(FacadeGlobals.FACADE_SERVLET_PATH)).append("/").toString();
        sLogger.info(new StringBuffer().append("Successfully created facade ").append(facade).toString());
        String stringBuffer4 = new StringBuffer().append(stringBuffer3).append(facade.getFacadeName()).toString();
        if (str != null && str.length() > 0) {
            stringBuffer4 = new StringBuffer().append(stringBuffer4).append(str).toString();
        }
        httpServletRequest.getSession(true).setAttribute(FacadeGlobals.USERNAME, "identified by SAML ticket");
        httpServletRequest.getSession(true).setAttribute(FacadeGlobals.FACADE_NAME, facade.getFacadeName());
        writer.write(new StringBuffer().append("<SSOLoginResponse status=\"ok\">").append(stringBuffer4).append("</SSOLoginResponse>").toString());
        writer.flush();
        writer.close();
        httpServletResponse.flushBuffer();
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$apps$wscweb$struts$SSOLoginAction == null) {
            cls = class$("org.n52.security.apps.wscweb.struts.SSOLoginAction");
            class$org$n52$security$apps$wscweb$struts$SSOLoginAction = cls;
        } else {
            cls = class$org$n52$security$apps$wscweb$struts$SSOLoginAction;
        }
        sLogger = Logger.getLogger(cls);
    }
}
