package org.n52.security.service.samlecp.client;

import java.io.InputStreamReader;
import java.net.URL;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.ProxyHost;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.n52.security.authentication.UsernamePasswordCredential;
import org.n52.security.common.artifact.ServiceException;
import org.n52.security.common.xml.DOMSerializer;
import org.n52.security.common.xml.DOMSerializerOptions;
import org.n52.security.support.net.ProxyManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/samlecp/client/SAML2IdPConnector.class */
public class SAML2IdPConnector {
    private static final Logger LOG = LoggerFactory.getLogger(SAML2IdPConnector.class);
    private static final String XML_CHARSET = "utf-8";
    private static final String ASSERTION_SOAP_REQUEST_TEMPLATE = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<S:Envelope xmlns:S=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n  <S:Header>\r\n  </S:Header>\r\n  <S:Body>\r\n    %s\r\n  </S:Body>\r\n</S:Envelope>";
    private HttpClient m_client;
    private final URL m_endpointUrl;

    public SAML2IdPConnector(URL url) {
        this.m_endpointUrl = url;
        initHttpClient();
    }

    private void initHttpClient() {
        this.m_client = new HttpClient();
        ProxyManager proxyManager = new ProxyManager();
        ProxyHost proxyHost = proxyManager.getProxyHost(this.m_endpointUrl);
        if (proxyHost != null) {
            LOG.debug("for server " + getURL() + " using proxy: '" + proxyHost.getHostName() + "'");
        } else {
            LOG.debug("for server " + getURL() + " not using proxy!");
        }
        this.m_client.getHostConfiguration().setProxyHost(proxyHost);
        this.m_client.getState().setProxyCredentials(AuthScope.ANY, proxyManager.getProxyCredentials(getURL()));
    }

    public boolean hasSession() {
        return false;
    }

    public SAML2ResponseMessage requestAssertion(UsernamePasswordCredential usernamePasswordCredential, PAOSResponse pAOSResponse) throws ServiceException {
        return requestAssertion(usernamePasswordCredential, pAOSResponse, getURL().toString());
    }

    private SAML2ResponseMessage requestAssertion(UsernamePasswordCredential usernamePasswordCredential, PAOSResponse pAOSResponse, String str) throws ServiceException {
        String format = String.format(ASSERTION_SOAP_REQUEST_TEMPLATE, DOMSerializer.createNew(DOMSerializerOptions.getDefaultOptions().omitXMLDeclaration()).serializeToString(pAOSResponse.getAuthnRequest()));
        PostMethod postMethod = new PostMethod(str);
        try {
            SAML2ResponseMessage sendAssertionRequest = sendAssertionRequest(usernamePasswordCredential, format, postMethod);
            if (postMethod.getStatusCode() == 301 || postMethod.getStatusCode() == 302 || postMethod.getStatusCode() == 303) {
                sendAssertionRequest = requestAssertion(usernamePasswordCredential, pAOSResponse, postMethod.getResponseHeader("Location").getValue());
            }
            return sendAssertionRequest;
        } finally {
            postMethod.releaseConnection();
        }
    }

    private SAML2ResponseMessage sendAssertionRequest(UsernamePasswordCredential usernamePasswordCredential, String str, PostMethod postMethod) throws ServiceException {
        this.m_client.getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(usernamePasswordCredential.getUsername(), new String(usernamePasswordCredential.getPassword())));
        this.m_client.getParams().setAuthenticationPreemptive(true);
        postMethod.setDoAuthentication(true);
        try {
            try {
                postMethod.setRequestEntity(new StringRequestEntity(str, "application/vnd.paos+xml", XML_CHARSET));
                this.m_client.executeMethod(postMethod);
                SAML2ResponseMessage createFromSOAPMessage = SAML2ResponseMessage.createFromSOAPMessage(new InputStreamReader(postMethod.getResponseBodyAsStream(), postMethod.getResponseCharSet()));
                postMethod.releaseConnection();
                return createFromSOAPMessage;
            } catch (Exception e) {
                throw new ServiceException("Could not request SAML response", "ServiceError", e);
            }
        } catch (Throwable th) {
            postMethod.releaseConnection();
            throw th;
        }
    }

    public URL getURL() {
        return this.m_endpointUrl;
    }
}
