package org.n52.security.apps.wscweb.struts;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.n52.security.authentication.Credential;
import org.n52.security.authentication.SAMLCredential;
import org.n52.security.authentication.SAMLTicket;
import org.n52.security.common.artifact.ServiceException;
import org.n52.security.common.subject.SubjectPrincipalAnalyzer;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMParserException;
import org.n52.security.common.xml.DOMSerializer;
import org.n52.security.common.xml.DOMSerializerOptions;
import org.n52.security.licensing.LicensePrecondition;
import org.n52.security.licensing.LicenseReference;
import org.n52.security.precondition.PreconditionContext;
import org.n52.security.service.facade.Facade;
import org.n52.security.service.facade.FacadeCreator;
import org.n52.security.service.facade.FacadeProperties;
import org.n52.security.service.facade.IdentifyPrecondition;
import org.n52.security.service.facade.SecuritySystemClient;
import org.n52.security.service.facade.SecuritySystemClientFactory;
import org.n52.security.service.facade.SelectiveUniquePreconditionHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/apps/wscweb/struts/SSOLoginAction.class */
public class SSOLoginAction extends FacadeAction {
    private static final Logger sLogger = LoggerFactory.getLogger(SSOLoginAction.class);
    public static final String FACADE_SERVLET_PATH = "facadeServletPath";

    private String convertLicenseReferencesToString(Element element) {
        StringBuffer stringBuffer = new StringBuffer();
        NodeList childNodes = element.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            if (childNodes.item(0).getNodeType() == 1) {
                stringBuffer.append(DOMSerializer.createNew(DOMSerializerOptions.getDefaultOptions().omitXMLDeclaration()).serializeToString(childNodes.item(i)));
                if (i < childNodes.getLength() - 1) {
                    stringBuffer.append("\n");
                }
            }
        }
        return stringBuffer.toString();
    }

    private void checkForErrors(Element element) throws ServiceException {
        if (element.getNodeName().equals("ExceptionReport")) {
            try {
                String str = "undefined";
                NodeList childNodes = element.getChildNodes();
                int i = 0;
                while (true) {
                    if (i >= childNodes.getLength()) {
                        break;
                    }
                    if (childNodes.item(i).getNodeType() == 1) {
                        NodeList childNodes2 = childNodes.item(i).getChildNodes();
                        int i2 = 0;
                        while (true) {
                            if (i2 >= childNodes2.getLength()) {
                                break;
                            }
                            if (childNodes2.item(i2).getNodeType() == 1) {
                                str = childNodes2.item(i2).getTextContent();
                                break;
                            }
                            i2++;
                        }
                    } else {
                        i++;
                    }
                }
                throw new ServiceException(str, "ServiceError");
            } catch (Exception e) {
                throw new ServiceException(e.getMessage(), "ServiceError");
            }
        }
    }

    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        SSOLoginForm sSOLoginForm = (SSOLoginForm) actionForm;
        FacadeCreator facadeCreator = new FacadeCreator();
        FacadeProperties facadeProperties = facadeCreator.getFacadeProperties();
        SecuritySystemClient create = SecuritySystemClientFactory.getInstance(getHttpClientFactory()).create(new URL(sSOLoginForm.getWssURL()));
        String facadeName = sSOLoginForm.getFacadeName();
        String iPFilter = sSOLoginForm.getIPFilter();
        String referrerAcceptPattern = sSOLoginForm.getReferrerAcceptPattern();
        boolean z = (iPFilter == null || iPFilter.equals("")) ? false : true;
        String ticket = sSOLoginForm.getTicket();
        SAMLTicket sAMLTicket = new SAMLTicket(new String(Base64.decodeBase64(ticket.getBytes()), "UTF-8"));
        String pathExtension = create.getPathExtension();
        facadeProperties.setPathInfo(pathExtension);
        facadeProperties.setName(facadeName);
        facadeProperties.setClientIPs(iPFilter);
        facadeProperties.setReferrerAcceptPattern(referrerAcceptPattern);
        facadeProperties.setIpFilterEnabled(z);
        facadeProperties.setFacadeTimeoutSeconds(getFacadeManagerService().getDefaultFacadeTimeout());
        facadeProperties.setAddNamePrefix(true);
        facadeProperties.setNamePrefix(getUsername(sAMLTicket));
        String licenseReference = sSOLoginForm.getLicenseReference();
        SAMLCredential sAMLCredential = new SAMLCredential(sAMLTicket);
        create.connect();
        PreconditionContext preconditionContext = create.getPreconditionContext();
        facadeProperties.setPreconditionContext(preconditionContext);
        facadeProperties.setSecurityClient(create);
        SelectiveUniquePreconditionHandler selectiveUniquePreconditionHandler = new SelectiveUniquePreconditionHandler();
        selectiveUniquePreconditionHandler.process(preconditionContext.getPreconditions());
        processIdentifyPrecondition(selectiveUniquePreconditionHandler, sAMLCredential);
        if (selectiveUniquePreconditionHandler.hasPreconditionOfType(LicensePrecondition.class)) {
            if (licenseReference == null || licenseReference.length() == 0) {
                try {
                    writeToServletResponse(httpServletResponse, createSSOLoginResponse(convertLicenseReferencesToString(requestAvailableLicenseRefs(create.getURL().toString(), sAMLTicket, (LicensePrecondition) selectiveUniquePreconditionHandler.getPrecondition(LicensePrecondition.class)))));
                    return null;
                } catch (ServiceException e) {
                    sLogger.info("Facade creation failed for WSS " + create.toString() + ", gatename " + facadeName + " SAML ticket " + ticket, e);
                    writeToServletResponse(httpServletResponse, String.format("<SSOLoginResponse status=\"failed\">%s: %s</SSOLoginResponse>", e.getErrorCode(), e.getMessage()));
                    return null;
                }
            }
            selectiveUniquePreconditionHandler.getPrecondition(LicensePrecondition.class).setLicenseReference(LicenseReference.createFrom(licenseReference));
        }
        Facade createFacade = facadeCreator.createFacade();
        getFacadeManagerService().addFacade(createFacade);
        String str = httpServletRequest.getRequestURL().substring(0, httpServletRequest.getRequestURL().lastIndexOf("/")) + getServlet().getServletContext().getInitParameter(FACADE_SERVLET_PATH) + "/";
        sLogger.info("Successfully created facade " + createFacade);
        String str2 = str + createFacade.getFacadeName();
        if (pathExtension != null && pathExtension.length() > 0) {
            str2 = str2 + pathExtension;
        }
        writeToServletResponse(httpServletResponse, String.format("<SSOLoginResponse status=\"ok\">%s</SSOLoginResponse>", str2));
        return null;
    }

    private void writeToServletResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(str);
        writer.flush();
        writer.close();
        httpServletResponse.flushBuffer();
    }

    private String createSSOLoginResponse(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<SSOLoginResponse ").append("xmlns=\"http://tempuri.org/52north/facade/response\" status=\"license_required\">");
        stringBuffer.append(str);
        stringBuffer.append("</SSOLoginResponse>");
        return stringBuffer.toString();
    }

    private Element requestAvailableLicenseRefs(String str, SAMLTicket sAMLTicket, LicensePrecondition licensePrecondition) throws UnsupportedEncodingException, DOMParserException, ServiceException {
        String ssoGetUrl = licensePrecondition.getSsoGetUrl();
        try {
            Element documentElement = DOMParser.createNew().parse(new InputSource(postData(ssoGetUrl, (URLEncoder.encode("WSS", "UTF-8") + "=" + URLEncoder.encode(str, "UTF-8")) + "&" + URLEncoder.encode("ticket", "UTF-8") + "=" + URLEncoder.encode(sAMLTicket.asBase64String().replaceAll("\r\n", "").trim(), "UTF-8")))).getDocumentElement();
            checkForErrors(documentElement);
            return documentElement;
        } catch (MalformedURLException e) {
            sLogger.error("Error while retrieving license references from " + ssoGetUrl + "!", e);
            throw new ServiceException(e.getMessage(), "ServiceError", e);
        } catch (IOException e2) {
            sLogger.error("Error while retrieving license references from " + ssoGetUrl + "!", e2);
            throw new ServiceException(e2.getMessage(), "ServiceError", e2);
        }
    }

    private void processIdentifyPrecondition(SelectiveUniquePreconditionHandler selectiveUniquePreconditionHandler, Credential credential) throws ServiceException {
        if (selectiveUniquePreconditionHandler.hasPreconditionOfType(IdentifyPrecondition.class)) {
            selectiveUniquePreconditionHandler.getPrecondition(IdentifyPrecondition.class).setCredential(credential);
        }
    }

    private String getUsername(SAMLTicket sAMLTicket) {
        String username = new SubjectPrincipalAnalyzer(sAMLTicket.asSubject("")).getUsername();
        if (username == null) {
            sLogger.warn("SAML ticket doesn't cointain any proncipals. Prependig random UUID.");
            username = UUID.randomUUID().toString();
        }
        return username;
    }

    private InputStream postData(String str, String str2) throws IOException {
        URLConnection openConnection = new URL(str).openConnection();
        openConnection.setDoOutput(true);
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(openConnection.getOutputStream());
        outputStreamWriter.write(str2);
        outputStreamWriter.flush();
        return openConnection.getInputStream();
    }
}
