package cn.com.jit.assp.ias.sp.saml11;

import cn.com.jit.assp.ias.constant.Constants;
import cn.com.jit.assp.ias.constant.Errors;
import cn.com.jit.assp.ias.saml.saml11.ReplayCache;
import cn.com.jit.assp.ias.saml.saml11.SAMLAction;
import cn.com.jit.assp.ias.saml.saml11.SAMLAssertion;
import cn.com.jit.assp.ias.saml.saml11.SAMLAttributeDesignator;
import cn.com.jit.assp.ias.saml.saml11.SAMLAttributeQuery;
import cn.com.jit.assp.ias.saml.saml11.SAMLAttributeStatement;
import cn.com.jit.assp.ias.saml.saml11.SAMLAttributes;
import cn.com.jit.assp.ias.saml.saml11.SAMLAuthenticationStatement;
import cn.com.jit.assp.ias.saml.saml11.SAMLAuthorizationDecisionQuery;
import cn.com.jit.assp.ias.saml.saml11.SAMLAuthorizationDecisionStatement;
import cn.com.jit.assp.ias.saml.saml11.SAMLConstants;
import cn.com.jit.assp.ias.saml.saml11.SAMLDecision;
import cn.com.jit.assp.ias.saml.saml11.SAMLException;
import cn.com.jit.assp.ias.saml.saml11.SAMLMessage;
import cn.com.jit.assp.ias.saml.saml11.SAMLQueryClient;
import cn.com.jit.assp.ias.saml.saml11.SAMLRequest;
import cn.com.jit.assp.ias.saml.saml11.SAMLResponse;
import cn.com.jit.assp.ias.saml.saml11.SAMLSubject;
import cn.com.jit.assp.ias.saml.saml11.SAMLUtils;
import cn.com.jit.assp.ias.saml.saml11.artifact.Artifact;
import cn.com.jit.assp.ias.saml.saml11.artifact.SAMLArtifactBrowserProfile;
import cn.com.jit.assp.ias.saml.saml11.artifact.SAMLArtifactBrowserProfileSupport;
import cn.com.jit.assp.ias.saml.saml11.artifact.SAMLArtifactMapper;
import cn.com.jit.assp.ias.sp.saml11.config.Configuration;
import cn.com.jit.assp.ias.sp.saml11.config.XMLConfiguration;
import cn.com.jit.assp.ias.sp.saml11.config.bean.WorkFlowSet;
import cn.com.jit.assp.ias.sp.saml11.sslclient.SAM11SSLQueryClient;
import cn.com.jit.cinas.commons.i18n.TextBundle;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:cn/com/jit/assp/ias/sp/saml11/SPArtifactProfile.class */
public class SPArtifactProfile extends SAMLArtifactBrowserProfileSupport {
    private static final Log logger = LogFactory.getLog(SPArtifactProfile.class);
    private static final String LOCATION = String.valueOf(SPArtifactProfile.class.getPackage().getName()) + ".SPArtifactProfile";
    protected static final TextBundle bundle = TextBundle.getInstance(Constants.ERROR_PROPERTIES);
    private boolean checkAuthority;
    private Configuration config;

    public SPArtifactProfile(SAMLArtifactMapper sAMLArtifactMapper, ReplayCache replayCache, boolean z) {
        super(sAMLArtifactMapper, replayCache);
        this.checkAuthority = false;
        this.checkAuthority = z;
        this.config = XMLConfiguration.getInstance();
    }

    public final SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse receive(SAMLArtifactBrowserProfile.SAMLArtifactBrowserRequest sAMLArtifactBrowserRequest) throws SAMLException {
        checkSAMLArtifactBrowserRequest(sAMLArtifactBrowserRequest);
        Artifact parseArtifact = parseArtifact(sAMLArtifactBrowserRequest.getArtifact());
        String sourceUrl = this.mapper.getSourceUrl(parseArtifact);
        SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse authentication = getAuthentication(parseArtifact, sourceUrl);
        if (!authentication.isSuccess()) {
            return authentication;
        }
        if (this.checkAuthority) {
            authentication = getAuthorization(authentication, sourceUrl, sAMLArtifactBrowserRequest.getTarget());
            if (!authentication.isSuccess()) {
                return authentication;
            }
        }
        return !WorkFlowSet.UserAttributesQuery.USER_ATTR_NONE.equals(this.config.getWorkFlowSet().getQuery()) ? getAttributes(authentication, sourceUrl, sAMLArtifactBrowserRequest.getTarget()) : authentication;
    }

    private SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse getAuthentication(Artifact artifact, String str) throws SAMLException {
        SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse sAMLArtifactBrowserResponse = new SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse();
        SAMLRequest sAMLRequest = new SAMLRequest(Arrays.asList(artifact));
        sAMLRequest.setMinorVersion(1);
        sAMLRequest.addRespondWith(SAMLConstants.STATEMENT_AUTHENTICATION);
        if (logger.isDebugEnabled()) {
            logger.debug("sending authenciation request");
        }
        SAMLResponse sAMLResponse = null;
        if (str.startsWith("http://") && str.indexOf("http://") == 0) {
            sAMLResponse = SAMLQueryClient.query(str, sAMLRequest);
        }
        if (str.startsWith("https://") && str.indexOf("https://") == 0) {
            sAMLResponse = SAM11SSLQueryClient.query(str, sAMLRequest);
        }
        SAMLException status = sAMLResponse.getStatus();
        if (!((QName) status.getCodes().next()).equals(SAMLException.SUCCESS)) {
            logger.error("response status error : " + status);
            sAMLArtifactBrowserResponse.setSuccess(false);
            sAMLArtifactBrowserResponse.setStatusMessage(buildSAMLMessage(Errors.MESSAGE_CODE_1300D0A9));
            return sAMLArtifactBrowserResponse;
        }
        SAMLAssertion sAMLAssertion = (SAMLAssertion) sAMLResponse.getAssertions().next();
        checkSAMLAssertionWithAuthn(sAMLAssertion);
        SAMLUtils.debugSAMLObject(sAMLAssertion);
        sAMLArtifactBrowserResponse.setAssertion(sAMLAssertion);
        sAMLArtifactBrowserResponse.setSuccess(true);
        return sAMLArtifactBrowserResponse;
    }

    private SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse getAttributes(SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse sAMLArtifactBrowserResponse, String str, String str2) throws SAMLException {
        Iterator it;
        if (logger.isDebugEnabled()) {
            logger.debug("query user's attributes");
        }
        SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse sAMLArtifactBrowserResponse2 = new SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse();
        SAMLAttributeQuery sAMLAttributeQuery = new SAMLAttributeQuery(getSubject(sAMLArtifactBrowserResponse), str2, (Collection) null);
        if (!WorkFlowSet.UserAttributesQuery.USER_ATTR_ALL.equals(this.config.getWorkFlowSet().getQuery()) && (it = this.config.getWorkFlowSet().getQueryList().iterator()) != null && it.hasNext()) {
            while (it.hasNext()) {
                SAMLAttributes.SAMLAttributeName sAMLAttributeName = (SAMLAttributes.SAMLAttributeName) it.next();
                sAMLAttributeQuery.addDesignator(new SAMLAttributeDesignator(sAMLAttributeName.getName(), sAMLAttributeName.getNamespace()));
            }
        }
        SAMLRequest sAMLRequest = new SAMLRequest(sAMLAttributeQuery);
        sAMLRequest.setMinorVersion(1);
        sAMLRequest.addRespondWith(SAMLConstants.STATEMENT_ATTRIBUTE);
        if (logger.isDebugEnabled()) {
            logger.debug("sending attribute request");
        }
        SAMLResponse query = SAMLQueryClient.query(str, sAMLRequest);
        SAMLException status = query.getStatus();
        if (!((QName) status.getCodes().next()).equals(SAMLException.SUCCESS)) {
            logger.error("response status error : " + status);
            sAMLArtifactBrowserResponse2.setSuccess(false);
            sAMLArtifactBrowserResponse2.setStatusMessage(buildSAMLMessage(Errors.MESSAGE_CODE_1300D0A9));
            return sAMLArtifactBrowserResponse2;
        }
        SAMLAssertion sAMLAssertion = (SAMLAssertion) query.getAssertions().next();
        checkSAMLAssertion(sAMLAssertion);
        SAMLAssertion assertion = sAMLArtifactBrowserResponse.getAssertion();
        Iterator statements = sAMLAssertion.getStatements();
        while (statements.hasNext()) {
            Object next = statements.next();
            if (next instanceof SAMLAttributeStatement) {
                try {
                    assertion.addStatement((SAMLAttributeStatement) ((SAMLAttributeStatement) next).clone());
                } catch (CloneNotSupportedException e) {
                    logger.error("", e);
                    throw new SAMLException(e.getMessage(), e);
                }
            }
        }
        SAMLUtils.debugSAMLObject(assertion);
        sAMLArtifactBrowserResponse2.setAssertion(assertion);
        sAMLArtifactBrowserResponse2.setSuccess(true);
        return sAMLArtifactBrowserResponse2;
    }

    private SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse getAuthorization(SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse sAMLArtifactBrowserResponse, String str, String str2) throws SAMLException {
        if (logger.isDebugEnabled()) {
            logger.debug("query user's authorization decision and attributes");
        }
        SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse sAMLArtifactBrowserResponse2 = new SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse();
        SAMLAuthorizationDecisionQuery sAMLAuthorizationDecisionQuery = new SAMLAuthorizationDecisionQuery();
        SAMLSubject subject = getSubject(sAMLArtifactBrowserResponse);
        SAMLAssertion assertion = sAMLArtifactBrowserResponse.getAssertion();
        sAMLAuthorizationDecisionQuery.setSubject(subject);
        SAMLAction sAMLAction = new SAMLAction("urn:oasis:names:tc:SAML:1.0:action:ghpp", "GET");
        SAMLAction sAMLAction2 = new SAMLAction("urn:oasis:names:tc:SAML:1.0:action:ghpp", "POST");
        sAMLAuthorizationDecisionQuery.addAction(sAMLAction);
        sAMLAuthorizationDecisionQuery.addAction(sAMLAction2);
        sAMLAuthorizationDecisionQuery.setResource(str2);
        SAMLRequest sAMLRequest = new SAMLRequest(sAMLAuthorizationDecisionQuery);
        sAMLRequest.setMinorVersion(1);
        sAMLRequest.addRespondWith(SAMLConstants.STATEMENT_AUTHORIZATION_DECISION);
        if (logger.isDebugEnabled()) {
            logger.debug("checking request validity");
            try {
                sAMLRequest.checkValidity();
            } catch (SAMLException e) {
                logger.error("", e);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("sending authorization decision request");
        }
        SAMLResponse query = SAMLQueryClient.query(str, sAMLRequest);
        SAMLException status = query.getStatus();
        if (!((QName) status.getCodes().next()).equals(SAMLException.SUCCESS)) {
            logger.error("response status error : " + status);
            sAMLArtifactBrowserResponse2.setSuccess(false);
            sAMLArtifactBrowserResponse2.setStatusMessage(buildSAMLMessage(Errors.MESSAGE_CODE_1300D0B0));
            return sAMLArtifactBrowserResponse2;
        }
        SAMLAssertion sAMLAssertion = (SAMLAssertion) query.getAssertions().next();
        checkSAMLAssertion(sAMLAssertion);
        String decision = getDecisionStmt(sAMLAssertion.getStatements()).getDecision();
        if (logger.isDebugEnabled()) {
            logger.debug("AuthorizationDecisionQuery result is : [" + decision + "]");
        }
        if (!decision.equals(SAMLDecision.PERMIT.toString())) {
            sAMLArtifactBrowserResponse2.setSuccess(false);
            sAMLArtifactBrowserResponse2.setStatusMessage(buildSAMLMessage(Errors.MESSAGE_CODE_1300D0B2));
            return sAMLArtifactBrowserResponse2;
        }
        SAMLUtils.debugSAMLObject(assertion);
        sAMLArtifactBrowserResponse2.setAssertion(assertion);
        sAMLArtifactBrowserResponse2.setSuccess(true);
        return sAMLArtifactBrowserResponse2;
    }

    private SAMLSubject getSubject(SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse sAMLArtifactBrowserResponse) throws SAMLException {
        try {
            return (SAMLSubject) getAuthnStmt(sAMLArtifactBrowserResponse.getAssertion().getStatements()).getSubject().clone();
        } catch (CloneNotSupportedException e) {
            logger.error("", e);
            throw new SAMLException(e.getMessage(), e);
        }
    }

    private SAMLAuthenticationStatement getAuthnStmt(Iterator it) throws SAMLException {
        while (it.hasNext()) {
            Object next = it.next();
            if (next instanceof SAMLAuthenticationStatement) {
                return (SAMLAuthenticationStatement) next;
            }
        }
        throw new SAMLException(bundle.getText(Errors.MESSAGE_CODE_1300D0B3));
    }

    private SAMLAuthorizationDecisionStatement getDecisionStmt(Iterator it) throws SAMLException {
        while (it.hasNext()) {
            Object next = it.next();
            if (next instanceof SAMLAuthorizationDecisionStatement) {
                return (SAMLAuthorizationDecisionStatement) next;
            }
        }
        throw new SAMLException(bundle.getText(Errors.MESSAGE_CODE_1300D0B1));
    }

    private SAMLMessage buildSAMLMessage(String str) {
        return buildSAMLMessage(str, "");
    }

    private SAMLMessage buildSAMLMessage(String str, String str2) {
        SAMLMessage sAMLMessage = new SAMLMessage();
        sAMLMessage.setCode(str);
        sAMLMessage.setMessage(bundle.getText(str));
        sAMLMessage.setLocation(LOCATION);
        sAMLMessage.setDetail(str2);
        return sAMLMessage;
    }
}
