package org.n52.security.service.samlecp.client;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.util.List;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.commons.httpclient.ProxyHost;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.InputStreamRequestEntity;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.common.artifact.Payload;
import org.n52.security.common.artifact.ServiceException;
import org.n52.security.common.artifact.Transferable;
import org.n52.security.common.artifact.TransferableFactory;
import org.n52.security.common.xml.DOMSerializerException;
import org.n52.security.precondition.Precondition;
import org.n52.security.precondition.PreconditionContext;
import org.n52.security.precondition.PreconditionHandler;
import org.n52.security.precondition.PreconditionHandlingException;
import org.n52.security.service.facade.SecuritySystemClient;
import org.n52.security.support.net.ProxyManager;

/* loaded from: input_file:org/n52/security/service/samlecp/client/SAML2ECPSecurityClient.class */
public class SAML2ECPSecurityClient implements SecuritySystemClient {
    private static final Log LOG = LogFactory.getLog(SAML2ECPSecurityClient.class);
    private final URL m_enpointUrl;
    private HttpClient m_client;
    private PAOSResponse m_paosResponse;
    private boolean m_assertionsSentToConsumer = false;

    public SAML2ECPSecurityClient(URL url) {
        this.m_enpointUrl = url;
        initHttpClient();
    }

    private void initHttpClient() {
        this.m_client = new HttpClient();
        ProxyManager proxyManager = new ProxyManager();
        ProxyHost proxyHost = proxyManager.getProxyHost(getURL());
        if (proxyHost != null) {
            LOG.debug("for server " + getURL() + " using proxy: '" + proxyHost.getHostName() + "'");
        } else {
            LOG.debug("for server " + getURL() + " not using proxy!");
        }
        this.m_client.getHostConfiguration().setProxyHost(proxyHost);
        this.m_client.getState().setProxyCredentials(AuthScope.ANY, proxyManager.getProxyCredentials(getURL()));
    }

    @Override // org.n52.security.service.facade.SecuritySystemClient
    public void connect() throws ServiceException {
        this.m_paosResponse = requestPAOSResponse();
    }

    @Override // org.n52.security.service.facade.SecuritySystemClient
    public Transferable doRequest(Transferable transferable, String str, PreconditionContext preconditionContext) throws ServiceException {
        Transferable forwardPost;
        assertAssertionSentToConsumer(preconditionContext);
        if (str.equalsIgnoreCase("HTTP_GET")) {
            forwardPost = forwardGet(transferable);
        } else {
            if (!str.equalsIgnoreCase("HTTP_POST")) {
                throw new ServiceException("Unsupported DCP type <" + str + ">", "ServiceError");
            }
            forwardPost = forwardPost(transferable);
        }
        return forwardPost;
    }

    private void assertAssertionSentToConsumer(PreconditionContext preconditionContext) throws DOMSerializerException, ServiceException {
        SAML2ResponseSOAPMessagePrecondition findSaml2ResponsePrecondition;
        if (this.m_assertionsSentToConsumer || (findSaml2ResponsePrecondition = findSaml2ResponsePrecondition(preconditionContext)) == null) {
            return;
        }
        sendSamlResponseToAssertionConsumer(findSaml2ResponsePrecondition.getSaml2ResponseMessage());
    }

    private Transferable forwardPost(Transferable transferable) throws ServiceException {
        PostMethod postMethod = new PostMethod(getURL().toString());
        postMethod.setRequestEntity(new InputStreamRequestEntity(transferable.getPayload().getAsStream(), (String) transferable.getAttributeValue("Content-Type")));
        try {
            try {
                Transferable initBasicResponseTransferable = initBasicResponseTransferable(postMethod);
                postMethod.releaseConnection();
                return initBasicResponseTransferable;
            } catch (Exception e) {
                throw new ServiceException(String.format("Could not send basic GET request to <%s>.", getURL()), "ServiceError", e);
            }
        } catch (Throwable th) {
            postMethod.releaseConnection();
            throw th;
        }
    }

    private Transferable forwardGet(Transferable transferable) throws ServiceException {
        GetMethod getMethod = new GetMethod(getURL().toString());
        Payload payload = transferable.getPayload();
        String queryString = getMethod.getQueryString();
        getMethod.setQueryString((queryString == null || queryString.length() <= 0) ? payload.toString() : queryString + "&" + payload.toString());
        try {
            try {
                Transferable initBasicResponseTransferable = initBasicResponseTransferable(getMethod);
                getMethod.releaseConnection();
                return initBasicResponseTransferable;
            } catch (Exception e) {
                throw new ServiceException(String.format("Could not send basic GET request to <%s>.", getURL()), "ServiceError", e);
            }
        } catch (Throwable th) {
            getMethod.releaseConnection();
            throw th;
        }
    }

    private Transferable initBasicResponseTransferable(HttpMethodBase httpMethodBase) throws IOException, HttpException {
        this.m_client.executeMethod(httpMethodBase);
        Header responseHeader = httpMethodBase.getResponseHeader("Content-Type");
        return TransferableFactory.getInstance().createStreamTransferable(responseHeader != null ? responseHeader.getValue() : "", httpMethodBase.getResponseBodyAsStream(), httpMethodBase.getResponseCharSet());
    }

    public void sendSamlResponseToAssertionConsumer(SAML2ResponseMessage sAML2ResponseMessage) throws DOMSerializerException, ServiceException {
        SAML2ResponseMessage insertRelayState = sAML2ResponseMessage.insertRelayState(getPaosResponse().getRelayState());
        PostMethod postMethod = new PostMethod(getAssertionConsumerUrl());
        try {
            postMethod.setRequestEntity(new StringRequestEntity(insertRelayState.toString(), "application/vnd.paos+xml", insertRelayState.getXmlEncoding()));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        try {
            try {
                this.m_client.executeMethod(postMethod);
                postMethod.getResponseBodyAsString();
                this.m_assertionsSentToConsumer = true;
                postMethod.releaseConnection();
            } catch (Throwable th) {
                postMethod.releaseConnection();
                throw th;
            }
        } catch (Exception e2) {
            throw new ServiceException(String.format("Could not send basic GET request to <%s>.", getURL()), "ServiceError", e2);
        }
    }

    private SAML2ResponseSOAPMessagePrecondition findSaml2ResponsePrecondition(PreconditionContext preconditionContext) {
        SAML2ResponseSOAPMessagePrecondition sAML2ResponseSOAPMessagePrecondition = null;
        for (Precondition precondition : preconditionContext.getPreconditions()) {
            if (precondition instanceof SAML2ResponseSOAPMessagePrecondition) {
                sAML2ResponseSOAPMessagePrecondition = (SAML2ResponseSOAPMessagePrecondition) precondition;
            }
        }
        return sAML2ResponseSOAPMessagePrecondition;
    }

    @Override // org.n52.security.service.facade.SecuritySystemClient
    public List<Precondition> getPreconditions() {
        return null;
    }

    @Override // org.n52.security.service.facade.SecuritySystemClient
    public URL getURL() {
        return this.m_enpointUrl;
    }

    @Override // org.n52.security.service.facade.SecuritySystemClient
    public PreconditionContext processPreconditions(PreconditionHandler preconditionHandler) throws PreconditionHandlingException {
        return null;
    }

    private PAOSResponse requestPAOSResponse() throws ServiceException {
        GetMethod getMethod = new GetMethod(getURL().toString());
        getMethod.addRequestHeader(new Header("Accept", "application/vnd.paos+xml"));
        getMethod.addRequestHeader(new Header("PAOS", "ver='urn:liberty:paos:2003-08';'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'"));
        try {
            try {
                this.m_client.executeMethod(getMethod);
                PAOSResponse createFromXMLStream = PAOSResponse.createFromXMLStream(getMethod.getResponseBodyAsStream());
                getMethod.releaseConnection();
                return createFromXMLStream;
            } catch (Exception e) {
                throw new ServiceException(String.format("Could not send basic GET request to <%s>.", getURL()), "ServiceError", e);
            }
        } catch (Throwable th) {
            getMethod.releaseConnection();
            throw th;
        }
    }

    public PAOSResponse getPaosResponse() {
        return this.m_paosResponse;
    }

    private String getAssertionConsumerUrl() {
        return this.m_paosResponse.getAssertionConsumerUrl();
    }
}
