package nl.knowledgeplaza.securityfilter.SSO.Siam;

import java.io.IOException;
import java.security.Principal;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Calendar;
import java.util.Collections;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import nl.knowledgeplaza.securityfilter.SSO.SSOContext;
import nl.knowledgeplaza.securityfilter.SSO.SSOHandler;
import nl.knowledgeplaza.securityfilter.SecurityFilter;
import nl.knowledgeplaza.securityfilter.SecurityFilterPrincipal;
import nl.knowledgeplaza.util.CalendarUtil;
import nl.knowledgeplaza.util.ExceptionUtil;
import nl.knowledgeplaza.util.Log4jUtil;
import nl.knowledgeplaza.util.pool.JdbcConnectionPoolFactoryServletUtils;
import nl.knowledgeplaza.util.pool.ObjectPool;
import org.apache.log4j.Logger;

/* loaded from: input_file:nl/knowledgeplaza/securityfilter/SSO/Siam/SiamHandler.class */
public abstract class SiamHandler extends SSOHandler {
    public static final String SOURCECODE_VERSION = "$Revision: 1.6 $";
    private static Logger log4j = Log4jUtil.createLogger();
    static final String SIAM_CONTEXT = "SIAM_CONTEXT";
    static final String SESSION_ATTRIBUTE_SIAM_USER = "SIAM_USER";
    protected static final String SESSION_ATTRIBUTE_SSO_CONTEXT = "SSO_CONTEXT";
    static final String SIAM_TIMESTAMP = "SIAM_TIMESTAMP";
    static final String GZM_SIGNUP = "GZM_SIGNUP";
    static final String GZM_AUTH_CODE = "GZM_AUTH_CODE";
    static final String GZM_SSO_ROLE = "GZM_SSO_ROLE";
    static final String GZM_STORED_PRINCIPAL = "GZM_STORED_PRINCIPAL";
    static final String GZM_ON_ERROR = "GZM_ON_ERROR";
    static final String GZM_ON_LOGOUT = "lRedirOnLogout";
    static final long MINUTE5INMILISEC = 300000;
    private String iSharedSecret = null;
    private String iASelectServer = null;
    private String iAppId = null;
    private String iAppUrl = null;
    private String iProtocol = null;
    private String iHost = null;
    private int iPort = 0;
    private String iPath = null;
    private String iOnUnkownUser = null;
    private String iOnSignUp = null;
    private String iOnError = null;
    private String iOnLogout = null;
    private String iJdbcPoolName = null;
    private final Map<Connection, ObjectPool> iConnectionToPool = Collections.synchronizedMap(new HashMap());

    protected abstract String getUser(String str, SSOContext sSOContext);

    protected abstract nl.gezondheidsmeter.SSO.Role getRole(SSOContext sSOContext);

    protected abstract String getExtUserID(HttpSession httpSession, Connection connection, String str, nl.gezondheidsmeter.SSO.Role role) throws ServletException;

    public void setConfig(Map<String, String> map) {
        logDebug("Loading configuration file...");
        super.setConfig(map);
        this.iSharedSecret = map.get("SharedSecret");
        this.iASelectServer = map.get("aSelectServer");
        this.iAppId = map.get("ApplicationID");
        this.iAppUrl = map.get("ApllicationURL");
        this.iProtocol = map.get("Protocol");
        this.iHost = map.get("Host");
        String str = map.get("Port");
        try {
            this.iPort = Integer.parseInt(str);
        } catch (NumberFormatException e) {
            log4j.error(ExceptionUtil.getStacktrace(e));
        }
        this.iPath = map.get("Path");
        this.iJdbcPoolName = map.get("JdbcPoolName");
        this.iOnUnkownUser = map.get("OnUnkownUser");
        this.iOnSignUp = map.get("OnSignUp");
        this.iOnError = map.get("OnError");
        this.iOnLogout = map.get("RedirOnLogout");
        if (log4j.isDebugEnabled()) {
            log4j.debug("SharedSecret=" + this.iJdbcPoolName);
            log4j.debug("aSelectServer=" + this.iASelectServer);
            log4j.debug("ApplicationID=" + this.iAppId);
            log4j.debug("ApllicationURL=" + this.iAppUrl);
            log4j.debug("Protocol=" + this.iProtocol);
            log4j.debug("Host=" + this.iHost);
            log4j.debug("Port(String)=" + str);
            log4j.debug("Port(Integer)=" + this.iPort);
            log4j.debug("Path=" + this.iPath);
            log4j.debug("JdbcPoolName=" + this.iJdbcPoolName);
            log4j.debug("OnUnkownUser=" + this.iOnUnkownUser);
            log4j.debug("OnSignUp=" + this.iOnSignUp);
            log4j.debug("OnError=" + this.iOnError);
            log4j.debug("OnLogout=" + this.iOnLogout);
        }
        logDebug("Configuration file loaded.");
    }

    public void announce(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws ServletException {
        logDebug("Announcing...");
        HttpSession session = httpServletRequest.getSession();
        session.setAttribute(GZM_ON_ERROR, this.iOnError);
        session.setAttribute(GZM_ON_LOGOUT, this.iOnLogout);
        String parameter = httpServletRequest.getParameter("authcode");
        if (parameter != null) {
            session.setAttribute(GZM_SIGNUP, "true");
            session.setAttribute(GZM_AUTH_CODE, parameter);
            log4j.debug("Got sign-up code: " + parameter);
        } else {
            session.setAttribute(GZM_SIGNUP, "false");
        }
        logDebug("GZM_SIGNUP=" + session.getAttribute(GZM_SIGNUP));
        SSOContext sSOContext = getSSOContext();
        sSOContext.setServerProtocol(this.iProtocol);
        sSOContext.setServerHost(this.iHost);
        sSOContext.setServerPort(this.iPort);
        sSOContext.setServerPath(this.iPath);
        sSOContext.setSharedSecret(this.iSharedSecret);
        sSOContext.setASelectServer(this.iASelectServer);
        sSOContext.setAppUrl(this.iAppUrl);
        sSOContext.setAppId(this.iAppId);
        logDebug("Announcing SSO to SIAM server");
        String siamClientAnnounce = siamClientAnnounce(sSOContext);
        logDebug("Announce returned RID: " + sSOContext.getRID());
        logDebug("Redirecting user to:" + siamClientAnnounce);
        session.setAttribute(SIAM_CONTEXT, sSOContext);
        try {
            httpServletResponse.sendRedirect(siamClientAnnounce);
            logDebug("Finished announcing.");
        } catch (IOException e) {
            log4j.error("Could not redirect user to SSO login", e);
            throw new ServletException("Could not redirect user to SSO login", e);
        }
    }

    public abstract String siamClientAnnounce(SSOContext sSOContext);

    public abstract String siamClientVerify(SSOContext sSOContext);

    public abstract void siamClientLogout(SSOContext sSOContext);

    public abstract void siamClientResetTimeout(SSOContext sSOContext);

    public Principal verify(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws ServletException {
        logDebug("Verifying...");
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute(SIAM_CONTEXT) == null) {
            log4j.error("Verify Single Sign On without Siam Context.");
            throw new ServletException("Verify Single Sign On without Siam Context.");
        }
        SSOContext sSOContextFromSession = getSSOContextFromSession(session);
        if (httpServletRequest.getParameter("aselect_credentials") == null) {
            log4j.error("Verify Single Sign On got no credentials from siam.");
            throw new ServletException("Verify Single Sign On  got no credentials from siam.");
        }
        sSOContextFromSession.setCredentials(httpServletRequest.getParameter("aselect_credentials"));
        String siamClientVerify = siamClientVerify(sSOContextFromSession);
        updateTimestamp(session);
        try {
            Principal authenticate = authenticate(httpServletRequest, httpServletResponse, siamClientVerify);
            logDebug("Finished verifying...");
            return authenticate;
        } catch (Throwable th) {
            logDebug("Finished verifying...");
            throw th;
        }
    }

    public Principal handleUnknownPrincipal(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws ServletException {
        logDebug("Handling unknown principal...");
        try {
            httpServletRequest.getSession().setAttribute(SecurityFilter.SESSIONATTRIBUTE_REASON, "BSN not found");
            logDebug("Forwarding to OnUnkownUser:" + this.iOnUnkownUser);
            httpServletRequest.getRequestDispatcher(this.iOnUnkownUser).forward(httpServletRequest, httpServletResponse);
            logDebug("Unknown principle handled.");
            return SecurityFilter.AUTHENTICATION_IN_PROGRESS;
        } catch (IOException e) {
            throw new ServletException(e);
        }
    }

    public void logout(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        logDebug("Logging out...");
        HttpSession session = httpServletRequest.getSession();
        try {
            if (session.getAttribute(SIAM_CONTEXT) == null) {
                log4j.error("Logout Single Sign On without Siam Context.");
                throw new ServletException("Logout Single Sign On without Siam Context.");
            }
            siamClientLogout(getSSOContextFromSession(session));
            logDebug("Logged out of Siam client.");
            session.invalidate();
            logDebug("Session invalided.");
        } catch (Throwable th) {
            session.invalidate();
            logDebug("Session invalided.");
            throw th;
        }
    }

    public void updateTimeout(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        logDebug("Updating timeout...");
        HttpSession session = httpServletRequest.getSession();
        SSOContext sSOContextFromSession = getSSOContextFromSession(session);
        if (sSOContextFromSession == null) {
            log4j.warn("Update Timeout Single Sign On without Siam Context.");
            return;
        }
        Calendar timestamp = getTimestamp(session);
        long j = 0;
        if (timestamp != null) {
            j = new GregorianCalendar().getTimeInMillis() - timestamp.getTimeInMillis();
        }
        if (timestamp == null || j < MINUTE5INMILISEC) {
            logDebug("Timeout updated not necessary.");
            return;
        }
        siamClientResetTimeout(sSOContextFromSession);
        updateTimestamp(session);
        logDebug("Timeout updated.");
    }

    Principal authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException {
        logDebug("Authenticating...");
        HttpSession session = httpServletRequest.getSession();
        SSOContext sSOContextFromSession = getSSOContextFromSession(session);
        String user = getUser(str, sSOContextFromSession);
        logDebug("bsnHash: " + user);
        try {
            try {
                if (user == null) {
                    httpServletRequest.getRequestDispatcher(this.iOnError).forward(httpServletRequest, httpServletResponse);
                    Principal principal = SecurityFilter.AUTHENTICATION_IN_PROGRESS;
                    releaseConnection(httpServletRequest, null);
                    logDebug("Authenticating finished.");
                    return principal;
                }
                session.setAttribute(SESSION_ATTRIBUTE_SIAM_USER, user);
                nl.gezondheidsmeter.SSO.Role role = getRole(sSOContextFromSession);
                logDebug("Role: " + role);
                session.setAttribute(GZM_SSO_ROLE, role);
                Connection connection = getConnection(httpServletRequest);
                if (connection == null) {
                    throw new ServletException("No JDBC Connection");
                }
                Principal principalToReturnByUserAndRole = getPrincipalToReturnByUserAndRole(httpServletRequest, httpServletResponse, session, user, role, connection);
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Check for PRS_SSO update, principal: " + principalToReturnByUserAndRole + ", princiap is auth_in_progress: " + (principalToReturnByUserAndRole != SecurityFilter.AUTHENTICATION_IN_PROGRESS) + ", role: " + role);
                }
                if (principalToReturnByUserAndRole != null && principalToReturnByUserAndRole != SecurityFilter.AUTHENTICATION_IN_PROGRESS && role == nl.gezondheidsmeter.SSO.Role.PATIENT) {
                    updateUserSSO(connection, principalToReturnByUserAndRole.getName(), session);
                }
                releaseConnection(httpServletRequest, connection);
                logDebug("Authenticating finished.");
                return principalToReturnByUserAndRole;
            } catch (IOException e) {
                throw new ServletException("Could not redirect", e);
            } catch (SQLException e2) {
                throw new ServletException("Could not get JDBC Connection", e2);
            }
        } catch (Throwable th) {
            releaseConnection(httpServletRequest, null);
            logDebug("Authenticating finished.");
            throw th;
        }
    }

    private void updateUserSSO(Connection connection, String str, HttpSession httpSession) throws ServletException {
        log4j.debug("updateUserSSO called for user:" + str);
        try {
            String obj = httpSession.getAttribute("SSO_CONFIG").toString();
            if (log4j.isDebugEnabled()) {
                log4j.debug("SQL: UPDATE PRS_PERSOON SET PRS_SSO=? WHERE PRS_INIT= ?");
            }
            CallableStatement prepareCall = connection.prepareCall("UPDATE PRS_PERSOON SET PRS_SSO=? WHERE PRS_INIT= ?");
            prepareCall.setString(1, obj);
            prepareCall.setString(2, str);
            prepareCall.executeUpdate();
            prepareCall.close();
            connection.commit();
            log4j.debug("end updateUserSSO");
        } catch (SQLException e) {
            log4j.error("Error updating PRS_SSO for user: " + str, e);
            throw new ServletException(e);
        }
    }

    private Principal getPrincipalToReturnByUserAndRole(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, String str, nl.gezondheidsmeter.SSO.Role role, Connection connection) throws ServletException, IOException {
        String extUserID = getExtUserID(httpSession, connection, str, role);
        logDebug("siamUserID: " + extUserID);
        String str2 = (String) httpSession.getAttribute(GZM_SIGNUP);
        logDebug("SignUp: " + str2);
        if (extUserID == null && !"true".equals(str2)) {
            return null;
        }
        SecurityFilterPrincipal securityFilterPrincipal = new SecurityFilterPrincipal(extUserID, (String) null);
        return str2.equals("true") ? handleSignUp(httpServletRequest, httpServletResponse, securityFilterPrincipal, httpSession) : securityFilterPrincipal;
    }

    protected SSOContext getSSOContextFromSession(HttpSession httpSession) throws ServletException {
        if (httpSession.getAttribute(SIAM_CONTEXT) != null) {
            return (SSOContext) httpSession.getAttribute(SIAM_CONTEXT);
        }
        logError("Authenticate Single Sign On without Siam Context.");
        throw new ServletException("Authenticate Single Sign On without Siam Context.");
    }

    protected Principal handleSignUp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal, HttpSession httpSession) throws ServletException, IOException {
        logDebug("Handling sign up...");
        httpSession.setAttribute(GZM_STORED_PRINCIPAL, principal);
        forwardToSignupPage(httpServletRequest, httpServletResponse);
        logDebug("Sign up handled.");
        return SecurityFilter.AUTHENTICATION_IN_PROGRESS;
    }

    private void forwardToSignupPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logDebug("Forwarding to OnSignUp:" + this.iOnSignUp + "...");
        if (httpServletRequest == null) {
            throw new ServletException("no request found");
        }
        RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(this.iOnSignUp);
        if (requestDispatcher == null) {
            throw new ServletException("no requestDispatcher found on request");
        }
        requestDispatcher.forward(httpServletRequest, httpServletResponse);
        logDebug("Forwarded.");
    }

    protected Connection getConnection(HttpServletRequest httpServletRequest) throws ServletException, SQLException {
        logDebug("Retrieving connection");
        logDebug("JdbcPool: " + this.iJdbcPoolName);
        if (this.iJdbcPoolName == null) {
            logDebug("No connection retrieved.");
            return null;
        }
        logDebug("Using JdbcPool " + this.iJdbcPoolName);
        ObjectPool connectionPool = JdbcConnectionPoolFactoryServletUtils.getConnectionPool(httpServletRequest.getSession().getServletContext(), this.iJdbcPoolName);
        Connection connection = (Connection) connectionPool.borrowObject();
        this.iConnectionToPool.put(connection, connectionPool);
        logDebug("Connection retrieved.");
        return connection;
    }

    protected void releaseConnection(HttpServletRequest httpServletRequest, Connection connection) {
        logDebug("Releasing connection...");
        if (this.iConnectionToPool == null || !this.iConnectionToPool.containsKey(connection)) {
            return;
        }
        try {
            ObjectPool objectPool = this.iConnectionToPool.get(connection);
            if (objectPool != null) {
                objectPool.returnObject(connection);
                logDebug("Connection returned to pool.");
            }
        } finally {
            this.iConnectionToPool.remove(connection);
        }
    }

    public void updateTimestamp(HttpSession httpSession) {
        logDebug("Updating timestamp...");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        logDebug("Setting the timestamp: " + CalendarUtil.quickFormatCalendar(gregorianCalendar));
        httpSession.setAttribute(SIAM_TIMESTAMP, gregorianCalendar);
        logDebug("Timestamp updated.");
    }

    public Calendar getTimestamp(HttpSession httpSession) {
        if (httpSession.getAttribute(SIAM_TIMESTAMP) != null) {
            return (Calendar) httpSession.getAttribute(SIAM_TIMESTAMP);
        }
        return null;
    }

    public String getiOnSignUp() {
        return this.iOnSignUp;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void logDebug(String str) {
        if (log4j.isDebugEnabled()) {
            log4j.debug(str);
        }
    }

    protected void logError(String str) {
        log4j.error(str);
    }

    public abstract SSOContext getSSOContext();

    public boolean shouldAuthenticate(HttpServletRequest httpServletRequest) {
        return true;
    }
}
