package cn.com.jit.assp.ias.sp.saml11;

import cn.com.jit.assp.ias.constant.Constants;
import cn.com.jit.assp.ias.constant.Errors;
import cn.com.jit.assp.ias.pki.cert.X509Cert;
import cn.com.jit.assp.ias.pki.certext.SelfDefExtension;
import cn.com.jit.assp.ias.pki.exception.PKIException;
import cn.com.jit.assp.ias.pki.util.Parser;
import cn.com.jit.assp.ias.principal.UserPrincipal;
import cn.com.jit.assp.ias.saml.saml11.ReplayCache;
import cn.com.jit.assp.ias.saml.saml11.SAMLAssertion;
import cn.com.jit.assp.ias.saml.saml11.SAMLAttributes;
import cn.com.jit.assp.ias.saml.saml11.SAMLException;
import cn.com.jit.assp.ias.saml.saml11.SAMLMessage;
import cn.com.jit.assp.ias.saml.saml11.UnsupportedProfileException;
import cn.com.jit.assp.ias.saml.saml11.artifact.SAMLArtifactBrowserProfile;
import cn.com.jit.assp.ias.saml.saml11.artifact.SAMLArtifactMapper;
import cn.com.jit.assp.ias.sp.saml11.compatible.PrincipalSetterFactory;
import cn.com.jit.assp.ias.sp.saml11.config.XMLConfiguration;
import cn.com.jit.assp.ias.sp.saml11.config.bean.SelfExpOid;
import cn.com.jit.assp.ias.sp.saml11.config.bean.WorkFlowSet;
import cn.com.jit.cinas.commons.i18n.TextBundle;
import cn.com.jit.cinas.commons.session.Session;
import cn.com.jit.cinas.commons.session.SessionManagementException;
import cn.com.jit.cinas.commons.session.SessionManager;
import cn.com.jit.cinas.commons.util.RequestUtils;
import cn.com.jit.cinas.commons.util.StringUtils;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:cn/com/jit/assp/ias/sp/saml11/ArtifactProcessor.class */
public final class ArtifactProcessor {
    private static final Log logger = LogFactory.getLog(ArtifactProcessor.class);
    protected static final TextBundle bundle = TextBundle.getInstance(Constants.ERROR_PROPERTIES);
    protected SessionManager sessionManager;
    protected SAMLArtifactMapper mapper;
    protected String errorPageUrl;
    protected boolean useHttpSession;
    protected String userPrincipalKey;
    protected boolean cookieSecure;
    protected String cookieDomain;
    protected String cookiePath;
    protected int cookieMaxAge;
    protected ReplayCache replayCache;
    protected PrincipalSetter principalSetter;
    protected boolean checkAccessAuthority;
    protected SPArtifactProfile profile;
    protected WorkFlowSet workFlowSet;

    public ArtifactProcessor() {
        this.useHttpSession = false;
        this.cookieSecure = false;
        this.cookieMaxAge = -1;
        logger.info("Start initializing ArtifactProcessor");
        XMLConfiguration xMLConfiguration = XMLConfiguration.getInstance();
        this.mapper = xMLConfiguration.getArtifactMapper();
        this.errorPageUrl = xMLConfiguration.getJ2EEAgentSet().getErrorPage();
        this.useHttpSession = xMLConfiguration.isUseSessionScope();
        this.userPrincipalKey = xMLConfiguration.getJ2EEAgentSet().getUserInfoKeyName();
        this.sessionManager = xMLConfiguration.getSessionManager();
        this.replayCache = xMLConfiguration.getReplayCache();
        this.cookieSecure = xMLConfiguration.getAgentSet().getCookie().isSecure();
        this.cookieDomain = xMLConfiguration.getAgentSet().getCookie().getDomain();
        this.cookiePath = xMLConfiguration.getAgentSet().getCookie().getPath();
        this.cookieMaxAge = -1;
        this.principalSetter = PrincipalSetterFactory.build();
        this.checkAccessAuthority = xMLConfiguration.getWorkFlowSet().isCheckAccessAuthority();
        this.profile = new SPArtifactProfile(this.mapper, this.replayCache, this.checkAccessAuthority);
        this.workFlowSet = xMLConfiguration.getWorkFlowSet();
        logger.info("Initialize ArtifactProcessor complete");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("receive a new request with saml artifact");
        }
        try {
            SAMLArtifactBrowserProfile.SAMLArtifactBrowserRequest receive = this.profile.receive(httpServletRequest);
            String target = receive.getTarget();
            try {
                SAMLArtifactBrowserProfile.SAMLArtifactBrowserResponse receive2 = this.profile.receive(receive);
                if (!receive2.isSuccess()) {
                    SAMLMessage statusMessage = receive2.getStatusMessage();
                    logger.warn("forbidden access !");
                    if (logger.isDebugEnabled()) {
                        logger.debug(statusMessage.getMessage());
                    }
                    gotoErrorPage(httpServletRequest, httpServletResponse, statusMessage);
                    return;
                }
                SAMLAssertion assertion = receive2.getAssertion();
                PrincipalAdapter principalAdapter = new PrincipalAdapter(assertion);
                handleCertExpInfo(principalAdapter);
                try {
                    Session session = this.sessionManager.getSession();
                    session.setAttribute("_saml_not_before", assertion.getNotBefore());
                    session.setAttribute("_saml_not_on_or_after", assertion.getNotOnOrAfter());
                    session.setAttribute(SPConst.KEY_SP_ATTR_USER_PRINCIPAL, principalAdapter);
                    setCookie(session, httpServletResponse);
                    setUserPrincipal(httpServletRequest, principalAdapter);
                    if (logger.isDebugEnabled()) {
                        logger.debug("send redirect to : " + target);
                    }
                    httpServletResponse.sendRedirect(target);
                } catch (SessionManagementException e) {
                    logger.error("create local session failed");
                    gotoErrorPage(httpServletRequest, httpServletResponse, Errors.MESSAGE_CODE_1300D0B6, "ArtifactProcessor.handle()", "");
                }
            } catch (SAMLException e2) {
                e2.printStackTrace();
                logger.error("request assertion failed ! ", e2);
                gotoErrorPage(httpServletRequest, httpServletResponse, Errors.MESSAGE_CODE_1300D0A8, "ArtifactProcessor.handle()", (SAMLException) e2);
            }
        } catch (UnsupportedProfileException e3) {
            logger.error("rebuild BrowserProfileRequest failed");
            gotoErrorPage(httpServletRequest, httpServletResponse, Errors.MESSAGE_CODE_1300D0A7, "ArtifactProcessor.handle()", (SAMLException) e3);
        }
    }

    private final void setCookie(Session session, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("P3P", "CP=CAO PSA OUR");
        Cookie cookie = new Cookie(SPConst.KEY_SP_TOKEN_NAME, session.getId());
        if (!StringUtils.isBlankOrNull(this.cookiePath)) {
            cookie.setPath(this.cookiePath);
        }
        cookie.setSecure(this.cookieSecure);
        cookie.setMaxAge(this.cookieMaxAge);
        if (!StringUtils.isBlankOrNull(this.cookieDomain)) {
            cookie.setDomain(this.cookieDomain);
        }
        httpServletResponse.addCookie(cookie);
    }

    protected final void setUserPrincipal(HttpServletRequest httpServletRequest, UserPrincipal userPrincipal) {
        if (this.useHttpSession) {
            if (logger.isDebugEnabled()) {
                logger.debug("set user information to HttpSession : " + userPrincipal.getName());
            }
            this.principalSetter.setUserPrincipal(httpServletRequest.getSession(true), userPrincipal);
        }
    }

    private final void gotoErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SAMLMessage sAMLMessage) throws ServletException, IOException {
        httpServletRequest.setAttribute("_saml_action_error", sAMLMessage);
        if (logger.isDebugEnabled()) {
            logger.debug("forward to error page : " + this.errorPageUrl);
        }
        RequestUtils.getRequestDispatcher(httpServletRequest, this.errorPageUrl).forward(httpServletRequest, httpServletResponse);
    }

    private final void gotoErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SAMLException sAMLException) throws ServletException, IOException {
        if (sAMLException != null) {
            gotoErrorPage(httpServletRequest, httpServletResponse, str, str2, sAMLException.getMessage());
        } else {
            gotoErrorPage(httpServletRequest, httpServletResponse, str, str2, "");
        }
    }

    private final void gotoErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws ServletException, IOException {
        SAMLMessage sAMLMessage = new SAMLMessage();
        sAMLMessage.setCode(str);
        sAMLMessage.setMessage(bundle.getText(str));
        sAMLMessage.setLocation(str2);
        sAMLMessage.setDetail(str3);
        httpServletRequest.setAttribute("_saml_action_error", sAMLMessage);
        if (logger.isDebugEnabled()) {
            logger.debug("forward to error page : " + this.errorPageUrl);
        }
        RequestUtils.getRequestDispatcher(httpServletRequest, this.errorPageUrl).forward(httpServletRequest, httpServletResponse);
    }

    public void handleCertExpInfo(UserPrincipal userPrincipal) {
        SAMLAttributes sAMLAttributes;
        List attributeValue;
        if ((!this.workFlowSet.isInsuranceNumberParsing() && !this.workFlowSet.isICRegistrationNumberParsing() && !this.workFlowSet.isTaxationNumberParsing() && !this.workFlowSet.isOrganizationCodeParsing() && !this.workFlowSet.isIdentifyCodeParsing() && !this.workFlowSet.isParseSelfCertExp()) || (attributeValue = (sAMLAttributes = (SAMLAttributes) userPrincipal.getAttribute("_saml_statement_attributes")).getAttributeValue("X509Certificate.Base64", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509")) == null || attributeValue.get(0) == null) {
            return;
        }
        try {
            X509Cert x509Cert = new X509Cert(Parser.parseCertData(((String) attributeValue.get(0)).getBytes()));
            try {
                if (this.workFlowSet.isInsuranceNumberParsing() && x509Cert.getInsuranceNumber() != null) {
                    sAMLAttributes.setAttribute("X509Certificate.InsuranceNumber", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509/extensions", x509Cert.getInsuranceNumber().GetInsuranceNumber());
                }
            } catch (PKIException e) {
                logger.debug("parse cert's stantard extensions {InsuranceNumber} fail " + e);
            }
            try {
                if (this.workFlowSet.isICRegistrationNumberParsing() && x509Cert.getICRegistrationNumber() != null) {
                    sAMLAttributes.setAttribute("X509Certificate.ICRegistationNumber", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509/extensions", x509Cert.getICRegistrationNumber().GetICRegistationNumber());
                }
            } catch (PKIException e2) {
                logger.debug("parse cert's stantard extensions {ICRegistrationNumber} fail " + e2);
            }
            try {
                if (this.workFlowSet.isTaxationNumberParsing() && x509Cert.getTaxationNumber() != null) {
                    sAMLAttributes.setAttribute("X509Certificate.TaxationNumber", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509/extensions", x509Cert.getTaxationNumber().GetTaxationNumber());
                }
            } catch (PKIException e3) {
                logger.debug("parse cert's stantard extensions {TaxationNumber} fail " + e3);
            }
            try {
                if (this.workFlowSet.isOrganizationCodeParsing() && x509Cert.getOrganizationCode() != null) {
                    sAMLAttributes.setAttribute("X509Certificate.OrganizationCode", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509/extensions", x509Cert.getOrganizationCode().GetOrganizationCode());
                }
            } catch (PKIException e4) {
                logger.debug("parse cert's stantard extensions {OrganizationCode} fail " + e4);
            }
            try {
                if (this.workFlowSet.isIdentifyCodeParsing() && x509Cert.getIdentifyCode() != null) {
                    String passportNumber = x509Cert.getIdentifyCode().getPassportNumber();
                    if (passportNumber != null) {
                        sAMLAttributes.setAttribute("X509Certificate.PassportNumber", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509/extensions", passportNumber);
                    }
                    String residenterCardNumber = x509Cert.getIdentifyCode().getResidenterCardNumber();
                    if (residenterCardNumber != null) {
                        sAMLAttributes.setAttribute("X509Certificate.ResidenterCardNumber", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509/extensions", residenterCardNumber);
                    }
                    String militaryOfficerCardNumber = x509Cert.getIdentifyCode().getMilitaryOfficerCardNumber();
                    if (militaryOfficerCardNumber != null) {
                        sAMLAttributes.setAttribute("X509Certificate.MilitaryOfficerCardNumber", "http://www.jit.com.cn/cinas/ias/ns/saml/saml11/X.509/extensions", militaryOfficerCardNumber);
                    }
                }
            } catch (PKIException e5) {
                logger.debug("parse cert's stantard extensions {IdentifyCode} fail " + e5);
            }
            if (this.workFlowSet.isParseSelfCertExp()) {
                for (SelfExpOid selfExpOid : this.workFlowSet.getSelfExpOids()) {
                    try {
                        SelfDefExtension selfDefExtension = x509Cert.getSelfDefExtension(selfExpOid.getValue());
                        if (selfDefExtension != null) {
                            sAMLAttributes.setAttribute(selfExpOid.getName(), selfExpOid.getNameSpace(), selfDefExtension.getExtensionValue());
                        }
                    } catch (PKIException e6) {
                        logger.debug("parse cert's self extensions fail " + e6);
                    }
                }
            }
        } catch (Exception e7) {
            logger.debug("parse cert fail " + e7);
        }
    }
}
