package nl.gezondheidsmeter.saml;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl.buildersenperformers.securityfilter.SamlInterface.SAMLHandler;
import nl.buildersenperformers.securityfilter.SamlInterface.SAMLInterface;
import nl.buildersenperformers.securityfilter.SamlInterface.SAMLValidator;
import nl.knowledgeplaza.securityfilter.SecurityFilter;
import nl.knowledgeplaza.util.ConfigurationProperties;
import nl.knowledgeplaza.util.Log4jUtil;
import nl.knowledgeplaza.util.StringUtil;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.Response;
import org.opensaml.xml.ConfigurationException;

/* loaded from: input_file:nl/gezondheidsmeter/saml/GZMSamlInterface.class */
public class GZMSamlInterface extends SAMLInterface {
    private static Logger log4j = Log4jUtil.createLogger();
    private static final String GZM_SSO_CONFIG = "SSO_CONFIG";
    private Map<String, SAMLDecrypter> iCrypterCache;
    private SAMLValidator iValidator;

    /* JADX WARN: Multi-variable type inference failed */
    public GZMSamlInterface(ConfigurationProperties configurationProperties, SecurityFilter securityFilter) throws ServletException {
        super(configurationProperties, securityFilter);
        this.iCrypterCache = null;
        this.iValidator = null;
        log4j.debug("Setup SAML Decrypters");
        this.iValidator = new SAMLValidator();
        try {
            this.iValidator.init();
            this.iCrypterCache = new HashMap();
            for (Map.Entry entry : this.iSamlHandlers.entrySet()) {
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Handler: " + ((String) entry.getKey()));
                }
                SAMLHandler sAMLHandler = (SAMLHandler) entry.getValue();
                String str = (String) sAMLHandler.getConfig().get("requireEncryptedAssertion");
                String str2 = (String) sAMLHandler.getConfig().get("keystore");
                String str3 = (String) sAMLHandler.getConfig().get("keystorePassword");
                String str4 = (String) sAMLHandler.getConfig().get("keyAlias");
                String str5 = (String) sAMLHandler.getConfig().get("keyPassword");
                if (log4j.isDebugEnabled()) {
                    log4j.debug("requireEncryptedAssertion: " + str + "=" + StringUtil.equalsTrueInSomeForm(str));
                    log4j.debug("keystore: " + str2);
                    log4j.debug("keystorePassword: " + str3);
                    log4j.debug("keyAlias: " + str4);
                    log4j.debug("keyPassword: " + str5);
                }
                boolean z = (str2 == null || str3 == null || str4 == null || str5 == null) ? false : true;
                if (log4j.isDebugEnabled()) {
                    log4j.debug("keystore config complete? " + z);
                }
                if (str != null && StringUtil.equalsTrueInSomeForm(str) && !z) {
                    log4j.error("Handler keystore configuration for samlhandler " + ((String) entry.getKey()) + " not compleet");
                    throw new ServletException("Handler keystore configuration for samlhandler " + ((String) entry.getKey()) + " not compleet");
                }
                if (z) {
                    try {
                        this.iCrypterCache.put(entry.getKey(), new SAMLDecrypter(str2, str3, str4, str5));
                    } catch (GeneralSecurityException e) {
                        log4j.error("Can not load decrypter for samlhandler" + ((String) entry.getKey()));
                        throw new ServletException("Can not load decrypter for samlhandler " + ((String) entry.getKey()));
                    }
                }
            }
        } catch (ConfigurationException e2) {
            throw new ServletException("Could not init saml", e2);
        }
    }

    public Principal authenticate(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws ServletException {
        Assertion assertion;
        SAMLValidator sAMLValidator = new SAMLValidator();
        if (httpServletRequest.getParameter("saml_id") == null) {
        }
        SAMLHandler samlHandlerByOrigin = getSamlHandlerByOrigin(httpServletRequest.getHeader("Referer"));
        if (samlHandlerByOrigin == null) {
            return null;
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Using handler: " + samlHandlerByOrigin.getConfig().get("configname"));
        }
        String str = (String) samlHandlerByOrigin.getConfig().get("publicKeyFile");
        sAMLValidator.setPublicKey(str);
        try {
            Response responseFromRequest = sAMLValidator.getResponseFromRequest(httpServletRequest);
            if (responseFromRequest.getEncryptedAssertions().size() > 0) {
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Decrypting assertion");
                }
                EncryptedAssertion encryptedAssertion = (EncryptedAssertion) responseFromRequest.getEncryptedAssertions().get(0);
                String str2 = (String) samlHandlerByOrigin.getConfig().get("configname");
                if (!this.iCrypterCache.containsKey(str2)) {
                    log4j.error("No decryptor loaded for handler " + str2);
                    throw new ServletException("No decryptor loaded for handler " + str2);
                }
                assertion = this.iCrypterCache.get(str2).decrypt(encryptedAssertion);
            } else {
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Using unencrypted assertion ");
                }
                if (StringUtil.equalsTrueInSomeForm((String) samlHandlerByOrigin.getConfig().get("requireEncryptedAssertion"))) {
                    log4j.error("Assertion not encrypted");
                    throw new ServletException("Assertion not encrypted");
                }
                assertion = sAMLValidator.getAssertion(responseFromRequest);
            }
            String str3 = (String) samlHandlerByOrigin.getConfig().get("skipSignature");
            if (assertion.isSigned() && !StringUtil.equalsTrueInSomeForm(str3)) {
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Checking assertion signature, cert: " + str);
                }
                assertion = sAMLValidator.checkAssertionSignature(assertion);
            }
            if (assertion == null) {
                try {
                    httpServletRequest.getRequestDispatcher((String) samlHandlerByOrigin.getConfig().get("onError")).forward(httpServletRequest, httpServletResponse);
                    return SecurityFilter.AUTHENTICATION_IN_PROGRESS;
                } catch (IOException e) {
                    throw new ServletException(e);
                }
            }
            if (log4j.isDebugEnabled()) {
                log4j.debug("Subject: " + assertion.getSubject().getNameID().getValue());
                log4j.debug("Issuer: " + assertion.getIssuer().getValue());
                log4j.debug("Asserion ID " + assertion.getID());
                DateTime notOnOrAfter = assertion.getConditions().getNotOnOrAfter();
                if (notOnOrAfter == null && assertion.getAuthnStatements().get(0) != null) {
                    notOnOrAfter = ((AuthnStatement) assertion.getAuthnStatements().get(0)).getSessionNotOnOrAfter();
                }
                log4j.debug("NotOnOrAfter: " + notOnOrAfter);
                log4j.debug("OneTimeUse: " + assertion.getConditions().getOneTimeUse());
            }
            Principal authenticate = samlHandlerByOrigin.authenticate(securityFilter, httpServletRequest, httpServletResponse, principal, assertion);
            if (log4j.isDebugEnabled()) {
                log4j.debug("returned princiap by handler.authenticate: " + authenticate.toString());
            }
            if (authenticate == null) {
                authenticate = samlHandlerByOrigin.handleUnknownPrincipal(securityFilter, httpServletRequest, httpServletResponse, principal);
            }
            return (authenticate == null || authenticate == SecurityFilter.AUTHENTICATION_IN_PROGRESS) ? authenticate : authenticate;
        } catch (Exception e2) {
            throw new ServletException("Error checking assertion", e2);
        }
    }

    public boolean canHandleAuthication(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        log4j.info("Can handle by SAML? Origin:" + httpServletRequest.getHeader("Origin") + " SAMLResp:" + httpServletRequest.getParameter("SAMLResponse"));
        if (httpServletRequest.getParameter("SAMLResponse") != null && httpServletRequest.getHeader("Referer") != null) {
            return true;
        }
        String str = (String) httpServletRequest.getSession().getAttribute(GZM_SSO_CONFIG);
        log4j.info("Can handle by SSO CONFIG: " + str);
        if (httpServletRequest.getSession().getAttribute(GZM_SSO_CONFIG) == null) {
            return false;
        }
        SAMLHandler samlHandler = getSamlHandler(str);
        log4j.info("SSO CONFIG SAML HANDLER: " + samlHandler);
        return samlHandler != null;
    }
}
