package edu.kit.scc.dei.ecplean;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.Observable;
import java.util.concurrent.TimeUnit;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathException;
import javax.xml.xpath.XPathFactory;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.Credentials;
import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.config.ConnectionConfig;
import org.apache.hc.client5.http.impl.auth.BasicScheme;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.BasicHttpClientConnectionManager;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.HttpHeaders;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.ParseException;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.w3c.dom.Document;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.class */
public abstract class ECPAuthenticatorBase extends Observable {
    protected static Logger logger = LogManager.getLogger((Class<?>) ECPAuthenticatorBase.class);
    protected ECPAuthenticationInfo authInfo;
    protected CloseableHttpClient client;
    protected DocumentBuilderFactory documentBuilderFactory;
    protected XPathFactory xpathFactory;
    protected NamespaceResolver namespaceResolver;
    protected TransformerFactory transformerFactory;
    protected boolean retryWithoutAt;

    public ECPAuthenticatorBase(CloseableHttpClient closeableHttpClient) {
        this.client = closeableHttpClient == null ? defaultClient() : closeableHttpClient;
        this.documentBuilderFactory = DocumentBuilderFactory.newInstance();
        this.documentBuilderFactory.setNamespaceAware(true);
        this.xpathFactory = XPathFactory.newInstance();
        this.namespaceResolver = new NamespaceResolver();
        this.namespaceResolver.addNamespace("ecp", "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp");
        this.namespaceResolver.addNamespace("S", "http://schemas.xmlsoap.org/soap/envelope/");
        this.namespaceResolver.addNamespace("paos", "urn:liberty:paos:2003-08");
        this.transformerFactory = TransformerFactory.newInstance();
    }

    public ECPAuthenticatorBase() {
        this(null);
    }

    private static CloseableHttpClient defaultClient() {
        ConnectionConfig build = ConnectionConfig.custom().setConnectTimeout(4000L, TimeUnit.MILLISECONDS).setSocketTimeout(10000, TimeUnit.MILLISECONDS).build();
        BasicHttpClientConnectionManager basicHttpClientConnectionManager = new BasicHttpClientConnectionManager();
        basicHttpClientConnectionManager.setConnectionConfig(build);
        return HttpClientBuilder.create().setConnectionManager(basicHttpClientConnectionManager).build();
    }

    private CloseableHttpResponse exec(Document document, String str, String str2) throws ECPAuthenticationException {
        HttpHost create = HttpHost.create(this.authInfo.getSpUrl());
        Credentials usernamePasswordCredentials = new UsernamePasswordCredentials(str, str2.toCharArray());
        BasicScheme basicScheme = new BasicScheme();
        basicScheme.initPreemptive(usernamePasswordCredentials);
        HttpClientContext create2 = HttpClientContext.create();
        create2.resetAuthExchange(create, basicScheme);
        HttpPost httpPost = new HttpPost(this.authInfo.getIdpEcpEndpoint().toString());
        try {
            httpPost.setEntity(new StringEntity(documentToString(document)));
            httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
            try {
                httpPost.setHeader(HttpHeaders.AUTHORIZATION, basicScheme.generateAuthResponse(create, httpPost, create2));
                try {
                    return this.client.execute((ClassicHttpRequest) httpPost, (HttpContext) create2);
                } catch (Exception e) {
                    httpPost.reset();
                    logger.error("Could not submit PAOS request to IdP");
                    throw new ECPAuthenticationException(e);
                }
            } catch (AuthenticationException e2) {
                logger.warn("Error setting Authentication header for IdP POST");
                throw new ECPAuthenticationException(e2);
            }
        } catch (TransformerException e3) {
            logger.warn("Error setting XML payload of IdP POST");
            throw new ECPAuthenticationException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Document authenticateIdP(Document document) throws ECPAuthenticationException {
        boolean z;
        logger.info("Sending initial IdP Request");
        CloseableHttpResponse closeableHttpResponse = null;
        String username = this.authInfo.getUsername();
        String password = this.authInfo.getPassword();
        int lastIndexOf = username.lastIndexOf(64);
        try {
            closeableHttpResponse = exec(document, username, password);
            z = closeableHttpResponse.getCode() == 401;
        } catch (ECPAuthenticationException e) {
            logger.debug("Could not submit PAOS request to IdP");
            if (lastIndexOf == -1) {
                throw new ECPAuthenticationException(e);
            }
            z = true;
        }
        if (lastIndexOf != -1 && z && this.retryWithoutAt) {
            try {
                closeableHttpResponse = exec(document, username.substring(0, lastIndexOf), password);
            } catch (ECPAuthenticationException e2) {
                logger.debug("Could not submit PAOS request to IdP");
                throw new ECPAuthenticationException(e2);
            }
        }
        try {
            String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity());
            try {
                return buildDocumentFromString(entityUtils);
            } catch (IOException | RuntimeException | ParserConfigurationException | SAXException e3) {
                logger.debug("Could not parse XML response from IdP:\n" + entityUtils);
                throw new ECPAuthenticationException(e3);
            }
        } catch (IOException | RuntimeException | ParseException e4) {
            logger.debug("Could not read response from IdP");
            throw new ECPAuthenticationException(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Document buildDocumentFromString(String str) throws IOException, ParserConfigurationException, SAXException {
        DocumentBuilder newDocumentBuilder = this.documentBuilderFactory.newDocumentBuilder();
        newDocumentBuilder.setEntityResolver(new EntityResolver() { // from class: edu.kit.scc.dei.ecplean.ECPAuthenticatorBase.1
            @Override // org.xml.sax.EntityResolver
            public InputSource resolveEntity(String str2, String str3) throws SAXException, IOException {
                return new InputSource(new StringReader(""));
            }
        });
        return newDocumentBuilder.parse(new InputSource(new StringReader(str)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object queryDocument(Document document, String str, QName qName) throws XPathException {
        XPath newXPath = this.xpathFactory.newXPath();
        newXPath.setNamespaceContext(this.namespaceResolver);
        return newXPath.compile(str).evaluate(document, qName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String documentToString(Document document) throws TransformerConfigurationException, TransformerException {
        Transformer newTransformer = this.transformerFactory.newTransformer();
        StreamResult streamResult = new StreamResult(new StringWriter());
        newTransformer.transform(new DOMSource(document), streamResult);
        return streamResult.getWriter().toString();
    }

    public CloseableHttpClient getHttpClient() {
        return this.client;
    }

    public void setRetryWithoutAt(boolean z) {
        this.retryWithoutAt = z;
    }
}
