package com.alfaariss.oa.authentication.remote.saml2.idp.storage.config;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.engine.core.idp.storage.IIDP;
import com.alfaariss.oa.engine.idp.storage.configuration.AbstractConfigurationStorage;
import com.alfaariss.oa.util.saml2.idp.SAML2IDP;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.asimba.util.saml2.metadata.provider.management.MdMgrManager;
import org.asimba.util.saml2.metadata.provider.management.MetadataProviderManagerUtil;
import org.asimba.utility.filesystem.PathTranslator;
import org.joda.time.format.ISODateTimeFormat;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/authentication/remote/saml2/idp/storage/config/IDPConfigStorage.class */
public class IDPConfigStorage extends AbstractConfigurationStorage {
    public static final String EL_MPMANAGER = "mp_manager";
    private static Log _oLogger = LogFactory.getLog(IDPConfigStorage.class);
    private static final String DEFAULT_ID = "saml2";
    protected String _sId;
    protected String _sMPMId;
    protected boolean _bOwnMPM;
    private Map<SourceID, SAML2IDP> _mapIDPsOnSourceID = new Hashtable();

    public void start(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        this._sId = iConfigurationManager.getParam(element, "id");
        if (this._sId == null) {
            _oLogger.info("No optional 'id' item for storage configured, using default");
            this._sId = DEFAULT_ID;
        }
        Element section = iConfigurationManager.getSection(element, "mp_manager");
        if (section == null) {
            _oLogger.info("Using MetadataProviderManager Id from IDPStorage@id: '" + this._sId + "'");
            this._sMPMId = this._sId;
        } else {
            this._sMPMId = iConfigurationManager.getParam(section, "id");
            if (this._sMPMId == null) {
                _oLogger.error("Missing @id attribute for 'mp_manager' configuration");
                throw new OAException(17);
            }
            _oLogger.info("Using MetadataProviderManager Id from configuration: '" + this._sMPMId + "'");
        }
        boolean establishMPM = MetadataProviderManagerUtil.establishMPM(this._sMPMId, iConfigurationManager, section);
        if (section == null) {
            this._bOwnMPM = establishMPM;
        } else {
            String param = iConfigurationManager.getParam(section, "primary");
            if (param == null) {
                this._bOwnMPM = establishMPM;
            } else if ("false".equalsIgnoreCase(param)) {
                this._bOwnMPM = false;
            } else {
                if (!"true".equalsIgnoreCase(param)) {
                    _oLogger.error("Invalid value for '@primary': '" + param + "'");
                    throw new OAException(17);
                }
                this._bOwnMPM = true;
            }
        }
        super.start(iConfigurationManager, element);
        Enumeration elements = this._htIDPs.elements();
        while (elements.hasMoreElements()) {
            SAML2IDP saml2idp = (SAML2IDP) elements.nextElement();
            this._mapIDPsOnSourceID.put(new SourceID(saml2idp.getSourceID()), saml2idp);
        }
        _oLogger.info("Started storage with id: " + this._sId);
    }

    public String getID() {
        return this._sId;
    }

    public IIDP getIDP(Object obj, String str) throws OAException {
        if (str.equals("id") && (obj instanceof String)) {
            return getIDP((String) obj);
        }
        if (str.equals("sourceid") && (obj instanceof byte[])) {
            return getIDPBySourceID((byte[]) obj);
        }
        return null;
    }

    public void stop() {
        if (this._mapIDPsOnSourceID != null) {
            this._mapIDPsOnSourceID.clear();
        }
        if (this._bOwnMPM) {
            _oLogger.info("Cleaning up MetadataProviderManager '" + this._sMPMId + "'");
            MdMgrManager.getInstance().deleteMetadataProviderManager(this._sMPMId);
        }
        super.stop();
    }

    protected IIDP createIDP(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        try {
            String param = iConfigurationManager.getParam(element, "id");
            if (param == null) {
                _oLogger.error("No 'id' item found in 'organization' section in configuration");
                throw new OAException(17);
            }
            byte[] generateSHA1 = generateSHA1(param);
            String param2 = iConfigurationManager.getParam(element, "friendlyname");
            if (param2 == null) {
                _oLogger.error("No 'friendlyname' item found in 'organization' section in configuration");
                throw new OAException(17);
            }
            String param3 = iConfigurationManager.getParam(element, "lastmodified");
            Date date = null;
            if (param3 != null) {
                try {
                    date = ISODateTimeFormat.dateTimeNoMillis().parseDateTime(param3).toDate();
                } catch (IllegalArgumentException e) {
                    _oLogger.info("Invalid 'lastmodified' timestamp provided: " + param3 + "; ignoring.");
                    date = null;
                }
            }
            String str = null;
            int i = -1;
            String str2 = null;
            Element section = iConfigurationManager.getSection(element, "metadata");
            if (section == null) {
                _oLogger.warn("No optional 'metadata' section found in configuration for organization with id: " + param);
            } else {
                Element section2 = iConfigurationManager.getSection(section, "http");
                if (section2 == null) {
                    _oLogger.warn("No optional 'http' section in 'metadata' section found in configuration for organization with id: " + param);
                } else {
                    str = iConfigurationManager.getParam(section2, "url");
                    if (str == null) {
                        _oLogger.error("No 'url' item in 'http' section found in configuration for organization with id: " + param);
                        throw new OAException(17);
                    }
                    try {
                        URL url = new URL(str);
                        StringBuffer stringBuffer = new StringBuffer("Organization '");
                        stringBuffer.append(param);
                        stringBuffer.append("' uses metadata from url: ");
                        stringBuffer.append(str);
                        _oLogger.info(stringBuffer.toString());
                        try {
                            URLConnection openConnection = url.openConnection();
                            openConnection.setConnectTimeout(3000);
                            openConnection.setReadTimeout(3000);
                            openConnection.connect();
                        } catch (IOException e2) {
                            _oLogger.warn("Could not connect to 'url' item in 'http' section found in configuration: " + str, e2);
                        }
                        String param4 = iConfigurationManager.getParam(section2, "timeout");
                        if (param4 != null) {
                            try {
                                i = Integer.parseInt(param4);
                                if (i < 0) {
                                    _oLogger.error("Invalid 'timeout' item in 'http' section found in configuration: " + param4);
                                    throw new OAException(2);
                                }
                            } catch (NumberFormatException e3) {
                                _oLogger.error("Invalid 'timeout' item in 'http' section found in configuration (must be a number): " + param4, e3);
                                throw new OAException(2);
                            }
                        }
                    } catch (MalformedURLException e4) {
                        _oLogger.error("Invalid 'url' item in 'http' section found in configuration: " + str, e4);
                        throw new OAException(2);
                    }
                }
                str2 = iConfigurationManager.getParam(section, "file");
                if (str2 == null) {
                    _oLogger.warn("No optional 'file' item in 'metadata' section found in configuration for organization with id: " + param);
                } else {
                    str2 = PathTranslator.getInstance().map(str2);
                    if (!new File(str2).exists()) {
                        _oLogger.error("Configured metadata 'file' doesn't exist: " + str2);
                        throw new OAException(2);
                    }
                    StringBuffer stringBuffer2 = new StringBuffer("Organization '");
                    stringBuffer2.append(param);
                    stringBuffer2.append("' uses metadata in file: ");
                    stringBuffer2.append(str2);
                    _oLogger.info(stringBuffer2.toString());
                }
            }
            Boolean bool = new Boolean(true);
            String param5 = iConfigurationManager.getParam(element, "acs_index");
            if (param5 != null) {
                if (param5.equalsIgnoreCase("FALSE")) {
                    bool = new Boolean(false);
                } else if (!param5.equalsIgnoreCase("TRUE")) {
                    _oLogger.error("Invalid 'acs_index' item value found in configuration: " + param5);
                    throw new OAException(2);
                }
            }
            Boolean bool2 = new Boolean(true);
            String param6 = iConfigurationManager.getParam(element, "scoping");
            if (param6 != null) {
                if (param6.equalsIgnoreCase("FALSE")) {
                    bool2 = new Boolean(false);
                } else if (!param6.equalsIgnoreCase("TRUE")) {
                    _oLogger.error("Invalid 'scoping' item value found in configuration: " + param6);
                    throw new OAException(2);
                }
            }
            Boolean bool3 = new Boolean(true);
            String str3 = null;
            Boolean bool4 = null;
            Element section3 = iConfigurationManager.getSection(element, "nameidpolicy");
            if (section3 != null) {
                String param7 = iConfigurationManager.getParam(section3, "enabled");
                if (param7 != null) {
                    if (param7.equalsIgnoreCase("FALSE")) {
                        bool3 = new Boolean(false);
                    } else if (!param7.equalsIgnoreCase("TRUE")) {
                        _oLogger.error("Invalid 'enabled' item value in 'nameidpolicy' section found in configuration: " + param7);
                        throw new OAException(2);
                    }
                }
                if (bool3.booleanValue()) {
                    String param8 = iConfigurationManager.getParam(section3, "allow_create");
                    if (param8 != null) {
                        if (param8.equalsIgnoreCase("TRUE")) {
                            bool4 = new Boolean(true);
                        } else {
                            if (!param8.equalsIgnoreCase("FALSE")) {
                                _oLogger.error("Invalid 'allow_create' item value found in configuration: " + param8);
                                throw new OAException(2);
                            }
                            bool4 = new Boolean(false);
                        }
                    }
                    str3 = iConfigurationManager.getParam(section3, "nameidformat");
                }
            }
            Boolean bool5 = new Boolean(false);
            String param9 = iConfigurationManager.getParam(element, "avoid_subjectconfirmation");
            if (param9 != null) {
                if (param9.equalsIgnoreCase("TRUE")) {
                    bool5 = new Boolean(true);
                } else if (!param9.equalsIgnoreCase("FALSE")) {
                    _oLogger.error("Invalid 'avoid_subjectconfirmation' item value found in configuration: " + param9);
                    throw new OAException(2);
                }
            }
            Boolean bool6 = new Boolean(false);
            String param10 = iConfigurationManager.getParam(element, "disable_sso");
            if (param10 != null) {
                if (param10.equalsIgnoreCase("TRUE")) {
                    bool6 = new Boolean(true);
                } else if (!param10.equalsIgnoreCase("FALSE")) {
                    _oLogger.error("Invalid 'disable_sso' item value found in configuration: " + param10);
                    throw new OAException(2);
                }
            }
            return new SAML2IDP(param, generateSHA1, param2, str2, str, i, bool, bool4, bool2, bool3, str3, bool5, bool6, date, this._sMPMId);
        } catch (OAException e5) {
            throw e5;
        } catch (Exception e6) {
            _oLogger.fatal("Internal error while reading organization configuration", e6);
            throw new OAException(1);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAML2IDP getIDPBySourceID(byte[] bArr) {
        return this._mapIDPsOnSourceID.get(new SourceID(bArr));
    }

    private byte[] generateSHA1(String str) throws OAException {
        try {
            return MessageDigest.getInstance("SHA-1").digest(str.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            _oLogger.error("UTF-8 not supported", e);
            throw new OAException(1);
        } catch (NoSuchAlgorithmException e2) {
            _oLogger.error("SHA-1 not supported", e2);
            throw new OAException(1);
        }
    }
}
