package cn.com.jit.assp.ias.sp.saml11.compatible;

import cn.com.jit.assp.ias.constant.Constants;
import cn.com.jit.assp.ias.constant.Errors;
import cn.com.jit.assp.ias.http.HttpClientProvider;
import cn.com.jit.assp.ias.principal.BasicUserPrincipal;
import cn.com.jit.assp.ias.principal.UserPrincipal;
import cn.com.jit.assp.ias.saml.saml11.SAMLAttributes;
import cn.com.jit.assp.ias.saml.saml11.SAMLMessage;
import cn.com.jit.assp.ias.sdk.Assertion;
import cn.com.jit.assp.ias.sdk.AuthnRequest;
import cn.com.jit.assp.ias.sdk.AuthnRequestHandler;
import cn.com.jit.assp.ias.sdk.AuthnResponse;
import cn.com.jit.assp.ias.sdk.AuthnResponseHandler;
import cn.com.jit.assp.ias.sdk.AuthnStatus;
import cn.com.jit.assp.ias.sdk.HandlerFactory;
import cn.com.jit.assp.ias.sdk.InvalidityRequestException;
import cn.com.jit.assp.ias.sdk.InvalidityResponseException;
import cn.com.jit.assp.ias.sdk.X509CertRequestItems;
import cn.com.jit.assp.ias.sp.saml11.PrincipalSetter;
import cn.com.jit.assp.ias.sp.saml11.SPConst;
import cn.com.jit.assp.ias.sp.saml11.config.Configuration;
import cn.com.jit.cinas.commons.i18n.TextBundle;
import cn.com.jit.cinas.commons.session.Session;
import cn.com.jit.cinas.commons.session.SessionManagementException;
import cn.com.jit.cinas.commons.session.SessionManager;
import cn.com.jit.cinas.commons.util.RequestUtils;
import cn.com.jit.cinas.commons.util.StringUtils;
import cn.com.jit.cinas.commons.util.UrlUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.ByteArrayRequestEntity;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.log4j.Logger;

/* loaded from: input_file:cn/com/jit/assp/ias/sp/saml11/compatible/Compatible201.class */
public class Compatible201 {
    private static final Logger log = Logger.getLogger(Compatible201.class);
    protected static final TextBundle bundle = TextBundle.getInstance(Constants.ERROR_PROPERTIES);
    private String authnUrl;
    private String errorPageUri;
    private AuthnRequestHandler authnRequestHandler;
    private AuthnResponseHandler anthnResponseHandler;
    private HttpClient client;
    protected boolean useHttpSession;
    protected boolean cookieSecure;
    protected String cookieDomain;
    protected String cookiePath;
    protected int cookieMaxAge;
    protected SessionManager sessionManager;
    protected PrincipalSetter principalSetter;
    private X509CertRequestItems items = new X509CertRequestItems();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cn/com/jit/assp/ias/sp/saml11/compatible/Compatible201$Compatible201Exception.class */
    public static final class Compatible201Exception extends Exception {
        private static final long serialVersionUID = 589850918810344250L;
        private String errorCode;

        private Compatible201Exception() {
            this.errorCode = "";
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Compatible201Exception setErrorCode(String str) {
            this.errorCode = str;
            return this;
        }

        /* synthetic */ Compatible201Exception(Compatible201Exception compatible201Exception) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cn/com/jit/assp/ias/sp/saml11/compatible/Compatible201$UserPrincipalImpl.class */
    public static final class UserPrincipalImpl extends BasicUserPrincipal {
        private static final long serialVersionUID = -9072845249644063568L;

        private UserPrincipalImpl() {
        }

        /* synthetic */ UserPrincipalImpl(UserPrincipalImpl userPrincipalImpl) {
            this();
        }
    }

    public Compatible201(Configuration configuration) {
        this.useHttpSession = false;
        this.cookieSecure = false;
        this.cookieMaxAge = -1;
        this.errorPageUri = configuration.getJ2EEAgentSet().getErrorPage();
        this.authnUrl = (String) configuration.getGatewayList().getUsedGateway().getIdpQuery().iterator().next();
        this.sessionManager = configuration.getSessionManager();
        for (SAMLAttributes.SAMLAttributeName sAMLAttributeName : configuration.getWorkFlowSet().getQueryList()) {
            if (sAMLAttributeName.getNamespace().equals("http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509")) {
                if (sAMLAttributeName.getName().equals("X509Certificate.Base64")) {
                    this.items.setNeedEntity(true);
                }
                if (sAMLAttributeName.getName().equals("X509Certificate.IssuerDN")) {
                    this.items.setNeedIssuerDN(true);
                }
                if (sAMLAttributeName.getName().equals("X509Certificate.NotAfter")) {
                    this.items.setNeedNotAfter(true);
                }
                if (sAMLAttributeName.getName().equals("X509Certificate.NotBefore")) {
                    this.items.setNeedNotBefore(true);
                }
                if (sAMLAttributeName.getName().equals("X509Certificate.SerialNumber")) {
                    this.items.setNeedSerialNumber(true);
                }
                if (sAMLAttributeName.getName().equals("X509Certificate.SigAlgName")) {
                    this.items.setNeedSigAlgName(true);
                }
                if (sAMLAttributeName.getName().equals("X509Certificate.SubjectDN")) {
                    this.items.setNeedSubjectDN(true);
                }
                if (sAMLAttributeName.getName().equals("X509Certificate.Version")) {
                    this.items.setNeedVersion(true);
                }
            }
        }
        this.cookieSecure = configuration.getAgentSet().getCookie().isSecure();
        this.cookieDomain = configuration.getAgentSet().getCookie().getDomain();
        this.cookiePath = configuration.getAgentSet().getCookie().getPath();
        this.cookieMaxAge = -1;
        this.principalSetter = PrincipalSetterFactory.build();
        this.useHttpSession = configuration.isUseSessionScope();
        initialize();
    }

    private void initialize() {
        this.client = HttpClientProvider.getHttpClient();
        log.debug("initialize protocol handlers");
        try {
            this.authnRequestHandler = HandlerFactory.getAuthnRequestHandler();
            this.anthnResponseHandler = HandlerFactory.getAuthnResponseHandler();
            log.debug("initialize protocol handlers complete");
        } catch (Throwable th) {
            th.printStackTrace();
            log.error("initialize protocol handlers error !", th);
        }
    }

    public final boolean checkTicket(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(Constants.TICKET_ID);
        return parameter != null && parameter.trim().length() > 0;
    }

    public final void processTicket(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (log.isDebugEnabled()) {
            log.debug("processing ticket");
        }
        try {
            AuthnResponse verifyTicket = verifyTicket(httpServletRequest.getParameter(Constants.TICKET_ID), httpServletRequest.getRemoteAddr());
            AuthnStatus status = verifyTicket.getStatus();
            Assertion assertion = verifyTicket.getAssertion();
            if (!status.getCode().equalsIgnoreCase(Errors.SUCCESS)) {
                gotoErrorPage(httpServletRequest, httpServletResponse, status.getCode());
                return;
            }
            if (assertion == null) {
                log.debug("票据验证成功，但是没有返回用户信息");
                gotoErrorPage(httpServletRequest, httpServletResponse, Errors.MESSAGE_CODE_1300D0B5);
                return;
            }
            String tokenId = assertion.getTokenId();
            if (tokenId == null || tokenId.trim().equals("")) {
                return;
            }
            log.debug("票据验证成功");
            processToken(httpServletRequest, httpServletResponse, tokenId);
        } catch (Compatible201Exception e) {
            gotoErrorPage(httpServletRequest, httpServletResponse, e.errorCode);
        }
    }

    private void processToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Compatible201Exception, ServletException, IOException {
        AuthnResponse tokenInfo = getTokenInfo(str);
        AuthnStatus status = tokenInfo.getStatus();
        Assertion assertion = tokenInfo.getAssertion();
        if (!status.getCode().equalsIgnoreCase(Errors.SUCCESS)) {
            gotoErrorPage(httpServletRequest, httpServletResponse, status.getCode());
            return;
        }
        if (assertion == null) {
            gotoErrorPage(httpServletRequest, httpServletResponse, Errors.MESSAGE_CODE_1300D0B5);
            return;
        }
        UserPrincipal userPrincipal = getUserPrincipal(assertion);
        try {
            Session session = this.sessionManager.getSession();
            session.setAttribute("_saml_not_before", new Date());
            session.setAttribute("_saml_not_on_or_after", new Date(System.currentTimeMillis() + 60000));
            session.setAttribute(SPConst.KEY_SP_ATTR_USER_PRINCIPAL, userPrincipal);
            setCookie(session, httpServletResponse);
            setUserPrincipal(httpServletRequest, userPrincipal);
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(httpServletRequest.getRequestURI());
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null && queryString.trim().length() > 0) {
                stringBuffer.append("?");
                stringBuffer.append(queryString);
            }
            httpServletResponse.sendRedirect(UrlUtils.removeQueryString(stringBuffer.toString(), Constants.TICKET_ID));
        } catch (SessionManagementException e) {
            log.error("create local session failed");
            gotoErrorPage(httpServletRequest, httpServletResponse, Errors.MESSAGE_CODE_1300D0B6);
        }
    }

    private UserPrincipal getUserPrincipal(Assertion assertion) {
        UserPrincipalImpl userPrincipalImpl = new UserPrincipalImpl(null);
        userPrincipalImpl.setAttribute("_saml_id", assertion.getTokenId());
        SAMLAttributes sAMLAttributes = new SAMLAttributes();
        if (this.items.isNeedEntity()) {
            sAMLAttributes.setAttribute("X509Certificate.Base64", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", assertion.getEntity());
        }
        if (this.items.isNeedIssuerDN()) {
            sAMLAttributes.setAttribute("X509Certificate.IssuerDN", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", assertion.getIssuerDN());
        }
        if (this.items.isNeedNotAfter()) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(assertion.getNotAfter());
            sAMLAttributes.setAttribute("X509Certificate.NotAfter", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", arrayList);
        }
        if (this.items.isNeedNotBefore()) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(assertion.getNotBefore());
            sAMLAttributes.setAttribute("X509Certificate.NotBefore", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", arrayList2);
        }
        if (this.items.isNeedSerialNumber()) {
            sAMLAttributes.setAttribute("X509Certificate.SerialNumber", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", assertion.getSerialNumber());
        }
        if (this.items.isNeedSigAlgName()) {
            sAMLAttributes.setAttribute("X509Certificate.SigAlgName", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", assertion.getSigAlgName());
        }
        if (this.items.isNeedSubjectDN()) {
            sAMLAttributes.setAttribute("X509Certificate.SubjectDN", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", assertion.getSubjectDN());
        }
        if (this.items.isNeedVersion()) {
            sAMLAttributes.setAttribute("X509Certificate.Version", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509", new StringBuilder(String.valueOf(assertion.getVersion())).toString());
        }
        userPrincipalImpl.setAttribute("_saml_statement_attributes", sAMLAttributes);
        return userPrincipalImpl;
    }

    private AuthnResponse getTokenInfo(String str) throws Compatible201Exception {
        AuthnRequest authnRequest = new AuthnRequest();
        authnRequest.setAction(Constants.REQUEST_QUERY);
        authnRequest.setTokenID(str);
        authnRequest.setRequestItems(this.items);
        return doVerify(authnRequest);
    }

    private AuthnResponse verifyTicket(String str, String str2) throws Compatible201Exception {
        AuthnRequest authnRequest = new AuthnRequest();
        authnRequest.setAction(Constants.REQUEST_FEDERATION);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        stringBuffer.append("&");
        stringBuffer.append("00000000");
        authnRequest.setRelayState(stringBuffer.toString());
        return doVerify(authnRequest);
    }

    private AuthnResponse doVerify(AuthnRequest authnRequest) throws Compatible201Exception {
        PostMethod postMethod = new PostMethod(this.authnUrl);
        try {
            try {
                try {
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        this.authnRequestHandler.write(authnRequest, byteArrayOutputStream);
                        postMethod.setRequestEntity(new ByteArrayRequestEntity(byteArrayOutputStream.toByteArray(), "text/html; charset=UTF-8"));
                        if (log.isDebugEnabled()) {
                            log.debug("发起一个Post请求");
                            if (log.isTraceEnabled()) {
                                log.trace("请求地址：" + this.authnUrl);
                            }
                        }
                        int executeMethod = this.client.executeMethod(postMethod);
                        if (log.isDebugEnabled()) {
                            log.debug("响应代码：" + executeMethod);
                        }
                        if (executeMethod == 200) {
                            return this.anthnResponseHandler.parse(postMethod.getResponseBodyAsStream());
                        }
                        postMethod.releaseConnection();
                        throw new Compatible201Exception(null).setErrorCode(Errors.MESSAGE_CODE_1300D0B9);
                    } catch (IOException e) {
                        throw new Compatible201Exception(null).setErrorCode(Errors.MESSAGE_CODE_1300D0B8);
                    }
                } catch (InvalidityResponseException e2) {
                    throw new Compatible201Exception(null).setErrorCode(Errors.MESSAGE_CODE_1300D0C1);
                }
            } catch (HttpException e3) {
                throw new Compatible201Exception(null).setErrorCode(Errors.MESSAGE_CODE_1300D0B7);
            } catch (InvalidityRequestException e4) {
                throw new Compatible201Exception(null).setErrorCode(Errors.MESSAGE_CODE_1300D0C0);
            }
        } finally {
            postMethod.releaseConnection();
        }
    }

    private final void setCookie(Session session, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(SPConst.KEY_SP_TOKEN_NAME, session.getId());
        if (!StringUtils.isBlankOrNull(this.cookiePath)) {
            cookie.setPath(this.cookiePath);
        }
        cookie.setSecure(this.cookieSecure);
        cookie.setMaxAge(this.cookieMaxAge);
        if (!StringUtils.isBlankOrNull(this.cookieDomain)) {
            cookie.setDomain(this.cookieDomain);
        }
        httpServletResponse.addCookie(cookie);
        Cookie cookie2 = new Cookie(Constants.TOKEN_ID, session.getId());
        cookie2.setMaxAge(-1);
        cookie2.setPath("/");
        httpServletResponse.addCookie(cookie2);
    }

    protected final void setUserPrincipal(HttpServletRequest httpServletRequest, UserPrincipal userPrincipal) {
        if (this.useHttpSession) {
            if (log.isDebugEnabled()) {
                log.debug("set user information to HttpSession : " + userPrincipal.getName());
            }
            this.principalSetter.setUserPrincipal(httpServletRequest.getSession(true), userPrincipal);
        }
    }

    private final void gotoErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        SAMLMessage sAMLMessage = new SAMLMessage();
        sAMLMessage.setCode(str);
        sAMLMessage.setMessage(bundle.getText(str));
        sAMLMessage.setLocation("");
        httpServletRequest.setAttribute("_saml_action_error", sAMLMessage);
        if (log.isDebugEnabled()) {
            log.debug("forward to error page : " + this.errorPageUri);
        }
        RequestUtils.getRequestDispatcher(httpServletRequest, this.errorPageUri).forward(httpServletRequest, httpServletResponse);
    }
}
