package it.eng.rdlab.soa3.authn.rest.jaxrs;

import com.sun.jersey.api.core.HttpContext;
import it.eng.rdlab.soa3.assertion.manager.AssertionValidationFactory;
import it.eng.rdlab.soa3.assertion.manager.SAMLUtils;
import it.eng.rdlab.soa3.assertion.manager.SamlConstants;
import it.eng.rdlab.soa3.assertion.validation.IAssertionValidator;
import it.eng.rdlab.soa3.authn.rest.bean.AuthenticateResponseBean;
import it.eng.rdlab.soa3.authn.rest.exceptions.JSONParserException;
import it.eng.rdlab.soa3.authn.rest.impl.AuthenticationServiceImpl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.codehaus.jackson.JsonGenerationException;
import org.codehaus.jackson.map.JsonMappingException;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.codehaus.jackson.xc.JaxbAnnotationIntrospector;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.metadata.Organization;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;

@Path("/authenticate")
/* loaded from: input_file:WEB-INF/classes/it/eng/rdlab/soa3/authn/rest/jaxrs/AuthenticationService.class */
public class AuthenticationService {
    private Log logger;

    public AuthenticationService() {
        this.logger = LogFactory.getLog(AuthenticationService.class);
        this.logger = LogFactory.getLog(getClass());
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    public String isUserAuthenticated(@Context HttpContext httpContext) {
        String headerValue = httpContext.getRequest().getHeaderValue("Authorization");
        String headerValue2 = httpContext.getRequest().getHeaderValue(Organization.DEFAULT_ELEMENT_LOCAL_NAME);
        ObjectMapper objectMapper = new ObjectMapper();
        JaxbAnnotationIntrospector jaxbAnnotationIntrospector = new JaxbAnnotationIntrospector();
        objectMapper.getDeserializationConfig().setAnnotationIntrospector(jaxbAnnotationIntrospector);
        objectMapper.getSerializationConfig().setAnnotationIntrospector(jaxbAnnotationIntrospector);
        IAssertionValidator currentInstance = AssertionValidationFactory.getCurrentInstance();
        if (headerValue == null) {
            this.logger.error("authentication unsuccessful for user as the authorization header is null  ");
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(" Missing or invalid request contents ").build());
        }
        this.logger.debug("Auth header = " + headerValue);
        if (!headerValue.contains(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR)) {
            this.logger.error("check the if the \"Authorization\" header has a value of the format : Basic Base64encoded{username:password}");
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(" Missing or invalid request contents ").build());
        }
        String[] split = headerValue.split(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
        String str = new String(Base64.decodeBase64(split[1].getBytes()));
        if (!split[0].contains("FED")) {
            if (headerValue2 != null) {
                headerValue2 = headerValue2.trim();
            }
            return usernamePasswordAuthentication(str, headerValue2, objectMapper);
        }
        this.logger.debug("The Authorization string is a SAML Assertion id");
        this.logger.debug("Loading the assertion");
        String loadSAMLAssertion = loadSAMLAssertion(str);
        if (loadSAMLAssertion == null) {
            this.logger.error("Unable to find a valid saml assertion associated with provided ID");
            throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Wrong credentials: invalid assertion ").build());
        }
        this.logger.debug("Assertion loaded");
        return samlAssertionAuthentication(currentInstance.getAssertionObject(loadSAMLAssertion), currentInstance, objectMapper);
    }

    private String loadSAMLAssertion(String str) {
        this.logger.debug("Loading actual assertion from Service Provider");
        String[] split = str.substring(1).split(":");
        String str2 = null;
        if (split.length == 2) {
            String generateAssertionUrl = SAMLUtils.generateAssertionUrl(split[0], split[1]);
            HttpClient httpClient = new HttpClient();
            GetMethod getMethod = new GetMethod(generateAssertionUrl);
            try {
                try {
                    int executeMethod = httpClient.executeMethod(getMethod);
                    if (executeMethod < 200 || executeMethod >= 300) {
                        this.logger.error("Received a response code " + executeMethod);
                        this.logger.error("The operation cannot be completed");
                    } else {
                        str2 = getMethod.getResponseBodyAsString();
                        this.logger.debug("Assertion = " + str2);
                    }
                    getMethod.releaseConnection();
                } catch (Exception e) {
                    this.logger.error("Unable to get the assertion", e);
                    getMethod.releaseConnection();
                }
            } catch (Throwable th) {
                getMethod.releaseConnection();
                throw th;
            }
        } else {
            this.logger.error("Invalid information sent");
        }
        return str2;
    }

    private String samlAssertionAuthentication(Assertion assertion, IAssertionValidator iAssertionValidator, ObjectMapper objectMapper) {
        this.logger.debug("Validating assertion...");
        this.logger.debug("Time interval validation");
        boolean validateTimeInterval = iAssertionValidator.validateTimeInterval(assertion);
        this.logger.debug("Time interval validation result = " + validateTimeInterval);
        if (!validateTimeInterval) {
            this.logger.debug("Invalid time interval");
            throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid assertion: the time interval doesn't match").build());
        }
        try {
            boolean validateSignature = iAssertionValidator.validateSignature(assertion);
            this.logger.debug("Signature validation result = " + validateSignature);
            if (!validateSignature) {
                this.logger.debug("Invalid assertion: invalid signature");
                throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid assertion: invalid signature").build());
            }
            Map<String, List<String>> parseAttributes = parseAttributes(assertion);
            List<String> remove = parseAttributes.remove(SamlConstants.USERNAME_ATTRIBUTE);
            List<String> remove2 = parseAttributes.remove("role");
            String str = (remove == null || remove.size() <= 0) ? MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR : remove.get(0);
            try {
                AuthenticateResponseBean authenticateResponseBean = new AuthenticateResponseBean();
                authenticateResponseBean.setUserName(str);
                if (remove2 == null || remove2.size() <= 0) {
                    authenticateResponseBean.getRoles().add(SamlConstants.EXTERNAL_ROLE_NAME);
                } else {
                    authenticateResponseBean.getRoles().addAll(remove2);
                }
                return objectMapper.writeValueAsString(authenticateResponseBean);
            } catch (Exception e) {
                this.logger.error("Unable to send the correct response");
                throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Unable to send the correct response").build());
            }
        } catch (ConfigurationException e2) {
            this.logger.error("Unable to validate assertion signature", e2);
            throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Unable to validate the assertion due to an internal error").build());
        }
    }

    private String usernamePasswordAuthentication(String str, String str2, ObjectMapper objectMapper) {
        AuthenticationServiceImpl authenticationServiceImpl = new AuthenticationServiceImpl();
        if (!str.contains(":")) {
            this.logger.error("check the if the \"Authorization\" header has a value of the format : Basic Base64encoded{username:password}");
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(" Missing or invalid request contents ").build());
        }
        String str3 = str.split(":")[0];
        this.logger.debug("UserName = " + str3);
        this.logger.debug("Organization Name = " + str2);
        try {
            String str4 = str.split(":")[1];
            this.logger.error("user to be authenticated is " + str3);
            try {
                boolean isUserAuthenticated = authenticationServiceImpl.isUserAuthenticated(str3, str2, str4);
                this.logger.debug("Adding ldap information...");
                this.logger.debug("Ldap information added");
                if (!isUserAuthenticated) {
                    this.logger.error("authentication unsuccessful for user " + str3);
                    throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Wrong credentials, check username and password ").build());
                }
                try {
                    this.logger.debug("authentication successful for user " + str3);
                    AuthenticateResponseBean authenticateResponseBean = new AuthenticateResponseBean();
                    authenticateResponseBean.setUserName(str3);
                    return objectMapper.writeValueAsString(authenticateResponseBean);
                } catch (JsonGenerationException e) {
                    this.logger.error("get data unsuccessful due to json parse error  ");
                    throw new JSONParserException("Unable to generate JSON ", e);
                } catch (JsonMappingException e2) {
                    this.logger.error("get data unsuccessful due to json parse error  ");
                    throw new JSONParserException("Unable to map JSON ", e2);
                } catch (IOException e3) {
                    this.logger.error("get data unsuccessful due to json parse error  ");
                    throw new JSONParserException("IO Exception while parsing JSON ", e3);
                }
            } catch (Exception e4) {
                this.logger.error(" user does not exist ");
                throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("user " + str3 + "  does not exist").build());
            }
        } catch (ArrayIndexOutOfBoundsException e5) {
            this.logger.error("Password field is empty, please provide a password");
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(" Password field is empty, please provide a password ").build());
        }
    }

    private Map<String, List<String>> parseAttributes(Assertion assertion) {
        this.logger.debug("Getting  attributes...");
        HashMap hashMap = new HashMap();
        try {
            Iterator<AttributeStatement> it2 = assertion.getAttributeStatements().iterator();
            while (it2.hasNext()) {
                for (Attribute attribute : it2.next().getAttributes()) {
                    String friendlyName = attribute.getFriendlyName();
                    this.logger.debug("Attribute Name = " + friendlyName);
                    List<XMLObject> attributeValues = attribute.getAttributeValues();
                    ArrayList arrayList = new ArrayList();
                    Iterator<XMLObject> it3 = attributeValues.iterator();
                    while (it3.hasNext()) {
                        String textContent = it3.next().getDOM().getTextContent();
                        this.logger.debug("Value = " + textContent);
                        arrayList.add(textContent);
                    }
                    hashMap.put(friendlyName, arrayList);
                }
            }
        } catch (Exception e) {
            this.logger.warn("No attributes found", e);
            this.logger.warn("No tenant name found, using default");
        }
        return hashMap;
    }

    public static void main(String[] strArr) throws JsonGenerationException, JsonMappingException, IOException {
        ObjectMapper objectMapper = new ObjectMapper();
        JaxbAnnotationIntrospector jaxbAnnotationIntrospector = new JaxbAnnotationIntrospector();
        objectMapper.getDeserializationConfig().setAnnotationIntrospector(jaxbAnnotationIntrospector);
        objectMapper.getSerializationConfig().setAnnotationIntrospector(jaxbAnnotationIntrospector);
        AuthenticateResponseBean authenticateResponseBean = new AuthenticateResponseBean();
        authenticateResponseBean.setUserName("ciro");
        System.out.println(objectMapper.writeValueAsString(authenticateResponseBean));
    }
}
