package com.alfaariss.oa.profile.aselect.processor;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.api.IService;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.profile.IRequestorProfile;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.authentication.factory.IAuthenticationProfileFactory;
import com.alfaariss.oa.profile.aselect.ASelectErrors;
import com.alfaariss.oa.profile.aselect.ASelectException;
import com.alfaariss.oa.profile.aselect.binding.BindingFactory;
import com.alfaariss.oa.profile.aselect.binding.IBinding;
import com.alfaariss.oa.profile.aselect.binding.IRequest;
import com.alfaariss.oa.profile.aselect.logout.LogoutManager;
import com.alfaariss.oa.profile.aselect.processor.handler.BrowserHandler;
import com.alfaariss.oa.profile.aselect.processor.handler.idp.IDPHandler;
import com.alfaariss.oa.profile.aselect.processor.handler.sp.SPHandler;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Hashtable;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/aselect/processor/ASelectProcessor.class */
public class ASelectProcessor implements IRequestorProfile, IService {
    public static final String CHARSET = "UTF-8";
    public static final int CREDENTIALS_LENGTH = 256;
    public static final String AUTHORITY_NAME = "A-Select Profile";
    public static final String SESSION_REQUESTOR_URL = "requestor_url";
    public static final String SESSION_REQUIRED_LEVEL = "required_level";
    public static final String SESSION_CREDENTIALS = "credentials";
    public static final String PARAM_RID = "rid";
    public static final String PARAM_ASELECTSERVER = "a-select-server";
    public static final String PARAM_ASELECTSERVER_ALTERATIVE = "aselectserver";
    public static final String PARAM_APPID = "app_id";
    public static final String PARAM_REQUESTORID = "requestor";
    public static final String PARAM_APPURL = "app_url";
    public static final String PARAM_ASELECT_URL = "as_url";
    public static final String PARAM_UID = "uid";
    public static final String PARAM_COUNTRY = "country";
    public static final String PARAM_LANGUAGE = "language";
    public static final String PARAM_FORCED_LOGON = "forced_logon";
    public static final String PARAM_REMOTE_ORGANIZATION = "remote_organization";
    public static final String PARAM_ASELECT_CREDENTIALS = "aselect_credentials";
    public static final String PARAM_RESULT_CODE = "result_code";
    public static final String PARAM_ORGANIZATION = "organization";
    public static final String PARAM_AUTHSP = "authsp";
    public static final String PARAM_AUTHSP_LEVEL = "authsp_level";
    public static final String PARAM_ASP = "asp";
    public static final String PARAM_ASP_LEVEL = "asp_level";
    public static final String PARAM_APP_LEVEL = "app_level";
    public static final String PARAM_TGT_EXP_TIME = "tgt_exp_time";
    public static final String PARAM_ATTRIBUTES = "attributes";
    public static final String PARAM_SIGNATURE = "signature";
    public static final String PARAM_REQUIRED_LEVEL = "required_level";
    public static final String PARAM_LOCAL_IDP = "local_organization";
    public static final String PARAM_LOCAL_IDP_URL = "local_as_url";
    public static final String PARAM_REASON = "reason";
    public static final String PARAM_PASSIVE = "passive";
    public static final String VALUE_REASON_TIMEOUT = "timeout";
    private static final String DEFAULT_JSP_ERROR = "/ui/profiles/aselect/error.jsp";
    private static final String DEFAULT_SSO_PATH = "/sso";
    private static final String DEFAULT_JSP_REDIRECT = "/ui/profiles/aselect/redirectreset.jsp";
    private String _sID;
    private Log _logger = LogFactory.getLog(ASelectProcessor.class);
    private BindingFactory _bindingFactory = new BindingFactory();
    private SPHandler _oSPHandler;
    private IDPHandler _oIDPHandler;
    private BrowserHandler _oBrowserHandler;
    private LogoutManager _oLogoutHandler;
    private IConfigurationManager _configurationManager;
    private String _sJSPError;
    private String _sRedirectJspPath;
    private boolean _bLocalErrorHandling;
    private String _sWebSSOPath;
    private String _sWebSSOURL;

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        try {
            IBinding binding = this._bindingFactory.getBinding(httpServletRequest, httpServletResponse);
            if (binding == null) {
                this._logger.error("Invalid request sent from IP: " + httpServletRequest.getRemoteAddr());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            IRequest request = binding.getRequest();
            String str = (String) request.getParameter(PARAM_LOCAL_IDP);
            String str2 = (String) request.getParameter(PARAM_APPID);
            String str3 = (String) request.getParameter(PARAM_REQUESTORID);
            String str4 = (String) request.getParameter("aselect_credentials");
            String str5 = (String) request.getParameter(PARAM_RID);
            String str6 = (String) request.getParameter("request");
            if (str6 == null && str5 != null) {
                this._logger.debug("Performing Browser request initiated by the Web SSO sent from IP: " + httpServletRequest.getRemoteAddr());
                this._oBrowserHandler.authenticate(httpServletRequest, httpServletResponse, binding);
            } else if (str6 == null && str5 == null) {
                this._logger.debug("Performing user information Browser request sent from IP: " + httpServletRequest.getRemoteAddr());
                this._oBrowserHandler.userinformation(httpServletRequest, httpServletResponse);
            } else {
                if (str6 == null) {
                    this._logger.error("No request parameter found in sent from IP: " + httpServletRequest.getRemoteAddr());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
                if (str6.equals("authenticate") && this._oIDPHandler.isEnabled() && str != null) {
                    this._logger.debug("Performing 'authenticate' IDP request sent from IP: " + httpServletRequest.getRemoteAddr());
                    this._oIDPHandler.authenticate(httpServletRequest, binding);
                } else if (str6.equals("authenticate") && this._oSPHandler.isEnabled()) {
                    this._logger.debug("Performing 'authenticate' SP request sent from IP: " + httpServletRequest.getRemoteAddr());
                    this._oSPHandler.authenticate(httpServletRequest, binding);
                } else if (str6.equals("verify_credentials") && this._oIDPHandler.isEnabled() && str != null) {
                    this._logger.debug("Performing 'verify_credentials' IDP request sent from IP: " + httpServletRequest.getRemoteAddr());
                    this._oIDPHandler.verifyCredentials(httpServletRequest, binding);
                } else if (str6.equals("verify_credentials")) {
                    this._logger.debug("Performing 'verify_credentials' SP request sent from IP: " + httpServletRequest.getRemoteAddr());
                    this._oSPHandler.verifyCredentials(httpServletRequest, binding);
                } else if (str6.equals("login1")) {
                    this._logger.debug("Performing 'login1' Browser request sent from IP: " + httpServletRequest.getRemoteAddr());
                    this._oBrowserHandler.login1(httpServletRequest, httpServletResponse, binding);
                } else if (!str6.equals("logout") || str4 == null || str == null) {
                    if (!str6.equals("logout") || str4 == null || (str2 == null && str3 == null)) {
                        if (str6.equals("logout") && str5 != null) {
                            this._logger.debug("Performing 'asynchronous logout' Browser request sent from IP: " + httpServletRequest.getRemoteAddr());
                            this._oBrowserHandler.logout(httpServletRequest, httpServletResponse, binding);
                        } else if (!str6.equals("slo") || str == null) {
                            if (!str6.equals("slo")) {
                                if (this._logger.isDebugEnabled()) {
                                    if (this._oSPHandler != null) {
                                        this._logger.debug("SP Handler enabled: " + this._oSPHandler.isEnabled());
                                    }
                                    if (this._oIDPHandler != null) {
                                        this._logger.debug("IDP Handler enabled: " + this._oIDPHandler.isEnabled());
                                    }
                                }
                                StringBuffer stringBuffer = new StringBuffer("Invalid request with name: ");
                                stringBuffer.append(str6);
                                stringBuffer.append(", sent from IP: ");
                                stringBuffer.append(httpServletRequest.getRemoteAddr());
                                this._logger.error(stringBuffer.toString());
                                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                            }
                            if (this._oSPHandler.isEnabled()) {
                                this._logger.debug("Performing 'asynchronous init logout' SP request sent from IP: " + httpServletRequest.getRemoteAddr());
                                this._oSPHandler.slo(httpServletRequest, binding);
                            } else {
                                this._logger.debug("Could not process request: SP handler disabled");
                            }
                        } else if (this._oIDPHandler.isEnabled()) {
                            this._logger.debug("Performing 'asynchronous init logout' IDP request sent from IP: " + httpServletRequest.getRemoteAddr());
                            this._oIDPHandler.slo(httpServletRequest, binding);
                        } else {
                            this._logger.debug("Could not process request: IDP handler disabled");
                        }
                    } else if (this._oSPHandler.isEnabled()) {
                        this._logger.debug("Performing 'synchronous logout' request sent from IP: " + httpServletRequest.getRemoteAddr());
                        this._oSPHandler.doRequestorSynchronousLogout(httpServletRequest, binding, str3, str2, str4);
                    } else {
                        this._logger.debug("Could not process request: SP handler disabled");
                    }
                } else if (this._oIDPHandler.isEnabled()) {
                    this._logger.debug("Performing 'synchronous logout' request sent from IP: " + httpServletRequest.getRemoteAddr());
                    this._oIDPHandler.doOrganizationSynchronousLogout(httpServletRequest, binding, str, str4);
                } else {
                    this._logger.debug("Could not process request: IDP handler disabled");
                }
            }
        } catch (ASelectException e) {
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(400);
                }
            } catch (IOException e2) {
                this._logger.warn("Could not send response", e2);
            }
        } catch (Exception e3) {
            this._logger.fatal("Internal error during request process", e3);
            throw new OAException(1);
        }
    }

    public void init(ServletContext servletContext, IConfigurationManager iConfigurationManager, Element element) throws OAException {
        try {
            this._configurationManager = iConfigurationManager;
            this._sID = this._configurationManager.getParam(element, "id");
            if (this._sID == null) {
                this._logger.error("No 'id' parameter found in 'profile' section");
                throw new OAException(17);
            }
            String param = iConfigurationManager.getParam(element, "redirect_url");
            if (param == null) {
                this._logger.info("No optional 'redirect_url' parameter found in 'profile' section with id='aselect' in configuration");
            } else {
                try {
                    new URL(param);
                    this._logger.info("Using configured 'redirect_url' parameter: " + param);
                } catch (MalformedURLException e) {
                    this._logger.error("The supplied 'redirect_url' parameter isn't an URL: " + param, e);
                    throw new OAException(1);
                }
            }
            Element section = iConfigurationManager.getSection(element, "redirectreset_jsp");
            if (section == null) {
                this._logger.info("No optional 'redirectreset_jsp' parameter found in 'profile' section with id='aselect' in configuration, using default");
                this._sRedirectJspPath = DEFAULT_JSP_REDIRECT;
            } else {
                this._sRedirectJspPath = iConfigurationManager.getParam(section, "path");
                if (this._sRedirectJspPath == null) {
                    this._logger.error("No 'path' parameter found in 'redirectreset_jsp' section in configuration");
                    throw new OAException(17);
                }
                this._logger.info("Using configured redirect reset JSP: " + this._sRedirectJspPath);
            }
            readConfigError(iConfigurationManager, element);
            readConfigWebSSO(iConfigurationManager, element);
            this._oBrowserHandler = new BrowserHandler(param, this._sWebSSOPath, this._sWebSSOURL, this._sJSPError, this._bLocalErrorHandling, this._sID, this._sRedirectJspPath);
            Element section2 = iConfigurationManager.getSection(element, "authentication");
            if (section2 == null) {
                this._logger.error("No 'authentication' section found in 'profile' section with id='aselect' in configuration");
                throw new OAException(17);
            }
            String param2 = iConfigurationManager.getParam(section2, PARAM_AUTHSP_LEVEL);
            if (param2 == null) {
                this._logger.error("No default 'authsp_level' item in 'profile' section with id='aselect' found in configuration");
                throw new OAException(17);
            }
            try {
                int parseInt = Integer.parseInt(param2);
                this._logger.info("Configured default 'authsp_level': " + param2);
                Hashtable<String, Integer> readConfigAuthNLevels = readConfigAuthNLevels(iConfigurationManager, section2);
                Element section3 = this._configurationManager.getSection(element, "requesthandlers");
                if (section3 == null) {
                    this._logger.error("No 'requesthandlers' section found in 'profile' section with id='aselect' in configuration");
                    throw new OAException(17);
                }
                Element section4 = this._configurationManager.getSection(section3, "sp");
                if (section4 == null) {
                    this._logger.warn("No optional 'sp' section found in 'requesthandlers' section in configuration");
                }
                this._oSPHandler = new SPHandler(this._configurationManager, section4, param, readConfigAuthNLevels, parseInt, this._sID);
                Element section5 = this._configurationManager.getSection(section3, "idp");
                if (section5 == null) {
                    this._logger.warn("No optional 'idp' section found in 'requesthandlers' section in configuration");
                }
                this._oIDPHandler = new IDPHandler(this._configurationManager, section5, param, readConfigAuthNLevels, parseInt, this._sID);
                this._oLogoutHandler = new LogoutManager(this._sID, this._configurationManager, this._configurationManager.getSection(element, "logout"));
                if (this._oLogoutHandler.isEnabled()) {
                    Engine.getInstance().getTGTFactory().addListener(this._oLogoutHandler);
                    this._logger.info("Outgoing synchronous logout: enabled");
                } else {
                    this._logger.info("Outgoing synchronous logout: disabled");
                    this._oLogoutHandler = null;
                }
            } catch (NumberFormatException e2) {
                this._logger.error("Invalid default 'authsp_level' item found in configuration: " + param2, e2);
                throw new OAException(2);
            }
        } catch (OAException e3) {
            throw e3;
        } catch (Exception e4) {
            this._logger.fatal("Internal error during request process", e4);
            throw new OAException(1);
        }
    }

    public void destroy() {
        if (this._oLogoutHandler != null) {
            try {
                Engine.getInstance().getTGTFactory().removeListener(this._oLogoutHandler);
            } catch (OAException e) {
                this._logger.error("Could not remove the logout handler as TGT listener", e);
            }
        }
        this._oIDPHandler = null;
        this._oSPHandler = null;
        this._oBrowserHandler = null;
    }

    public String getID() {
        return this._sID;
    }

    private void readConfigError(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        this._bLocalErrorHandling = false;
        this._sJSPError = DEFAULT_JSP_ERROR;
        Element section = iConfigurationManager.getSection(element, "error");
        if (section == null) {
            this._logger.warn("No optional 'error' section found in 'profile' section with id='" + this._sID + "' in configuration, using defaults");
        } else {
            Element section2 = iConfigurationManager.getSection(section, "jsp");
            if (section2 == null) {
                this._logger.warn("No optional 'jsp' section found in 'error' section in configuration, using defaults");
            } else {
                this._sJSPError = iConfigurationManager.getParam(section2, "path");
                if (this._sJSPError == null) {
                    this._logger.error("No 'path' parameter found in 'jsp' section in configuration");
                    throw new OAException(17);
                }
            }
            Element section3 = iConfigurationManager.getSection(section, "handling");
            if (section3 != null) {
                String param = iConfigurationManager.getParam(section3, "local");
                if (param == null) {
                    this._logger.error("No 'local' parameter found in 'handling' section in configuration");
                    throw new OAException(17);
                }
                if (param.equalsIgnoreCase("true")) {
                    this._bLocalErrorHandling = true;
                } else if (!param.equalsIgnoreCase("false")) {
                    this._logger.error("Wrong 'local' parameter found in 'handling' section in configuration; must be TRUE or FALSE: " + param);
                    throw new OAException(17);
                }
            }
        }
        this._logger.info("Using local error handling: " + this._bLocalErrorHandling);
        this._logger.info("Using error handling: " + this._sJSPError);
    }

    private Hashtable<String, Integer> readConfigAuthNLevels(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        IAuthenticationProfileFactory authenticationProfileFactory = Engine.getInstance().getAuthenticationProfileFactory();
        Hashtable<String, Integer> hashtable = new Hashtable<>();
        Element section = iConfigurationManager.getSection(element, "profile");
        while (true) {
            Element element2 = section;
            if (element2 == null) {
                return hashtable;
            }
            String param = iConfigurationManager.getParam(element2, "id");
            if (param == null) {
                this._logger.error("No 'id' item in 'profile' section found in configuration");
                throw new OAException(17);
            }
            if (authenticationProfileFactory.getProfile(param) == null) {
                this._logger.error("The configured 'id' doesn't exist as an authentication profile: " + param);
                throw new OAException(2);
            }
            String param2 = iConfigurationManager.getParam(element2, PARAM_AUTHSP_LEVEL);
            if (param2 == null) {
                this._logger.error("No 'authsp_level' item in 'profile' section found in configuration for profile id: " + param);
                throw new OAException(17);
            }
            try {
                Integer valueOf = Integer.valueOf(Integer.parseInt(param2));
                if (hashtable.containsKey(param)) {
                    this._logger.warn("The configured authentication profile doesn't have an unique id: " + param);
                    throw new OAException(2);
                }
                hashtable.put(param, valueOf);
                StringBuffer stringBuffer = new StringBuffer("Configured: authsp_level=");
                stringBuffer.append(param2);
                stringBuffer.append(" for authentication profile with id: ");
                stringBuffer.append(param);
                this._logger.info(stringBuffer.toString());
                section = iConfigurationManager.getNextSection(element2);
            } catch (NumberFormatException e) {
                StringBuffer stringBuffer2 = new StringBuffer("Invalid 'authsp_level' item in 'profile' section found in configuration for profile id '");
                stringBuffer2.append(param);
                stringBuffer2.append("' level isn't a number: ");
                stringBuffer2.append(param2);
                this._logger.error(stringBuffer2.toString(), e);
                throw new OAException(2);
            }
        }
    }

    private void readConfigWebSSO(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        this._sWebSSOPath = DEFAULT_SSO_PATH;
        this._sWebSSOURL = null;
        Element section = iConfigurationManager.getSection(element, "websso");
        if (section == null) {
            this._logger.warn("No optional 'websso' section found in 'profile' section with id='" + this._sID + "' in configuration, using defaults");
        } else {
            if (iConfigurationManager.getParam(section, "path") == null) {
                this._logger.warn("No optional 'path' parameter found in 'websso' section in configuration, using default");
            }
            String param = iConfigurationManager.getParam(section, "url");
            if (param == null) {
                this._logger.warn("No optional 'url' parameter found in 'websso' section in configuration, only using forwards");
            } else {
                this._logger.info("Using configured WebSSO URL: " + param);
            }
        }
        this._logger.info("Using configured WebSSO path: " + this._sWebSSOPath);
    }
}
