package nl.gezondheidsmeter.saml;

import java.io.IOException;
import java.security.Principal;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import nl.buildersenperformers.securityfilter.SamlInterface.SAMLHandler;
import nl.buildersenperformers.securityfilter.SamlInterface.SAMLUtil;
import nl.gezondheidsmeter.SSO.Caregiver;
import nl.gezondheidsmeter.SSO.Patient;
import nl.gezondheidsmeter.SSO.Role;
import nl.knowledgeplaza.securityfilter.SavedRequest;
import nl.knowledgeplaza.securityfilter.SecurityFilter;
import nl.knowledgeplaza.securityfilter.SecurityFilterPrincipal;
import nl.knowledgeplaza.util.JdbcUtil;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnStatement;

/* loaded from: input_file:nl/gezondheidsmeter/saml/StandardSAMLHandler.class */
public class StandardSAMLHandler extends SAMLHandler {
    private static final String ATTRIBUTE_SSO_CONFIG = "configname";
    private static final String GZM_SSO_ROLE = "GZM_SSO_ROLE";
    private static final String GZM_SSO_EXT_ID = "GZM_SSO_EXT_ID";
    private static final String GZM_CAREGIVER_OBJECT = "GZM_CAREGIVER_OBJECT";
    private static final String GZM_PATIENT_OBJECT = "GZM_PATIENT_OBJECT";
    private static final String SSO_SAVEDREQUEST = "SSO_SAVEDREQUEST";
    private static final String GZM_SIGNUP = "GZM_SIGNUP";
    private static final String GZM_SIGNUP_TRIES = "GZM_SIGNUP_TRIES";
    private static final String GZM_SSO_CONFIG = "SAML_CONFIG";
    private String iUserIdIdentifier;
    private String iPersAgbIdentifier;
    private String iInstAgbIdentifier;
    private String iBigIdentifier;
    private String iUziIdentifier;
    private String iBsnIdentifier;
    private String iGivenNameIdentifier;
    private String iInitialsIdentifier;
    private String iFamilyNameIdentifier;
    private String iFamilyNamePrefixIdentifier;
    private String iBirthdateIdentifier;
    private String iGenderIdentifier;
    private String iOnUnkownUser;

    public Principal authenticate(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal, Assertion assertion) throws ServletException {
        String value;
        if (log4j.isDebugEnabled()) {
            log4j.debug("Checking NotOnOrAfter condition");
        }
        DateTime notOnOrAfter = assertion.getConditions().getNotOnOrAfter();
        if (notOnOrAfter == null && assertion.getAuthnStatements().get(0) != null) {
            notOnOrAfter = ((AuthnStatement) assertion.getAuthnStatements().get(0)).getSessionNotOnOrAfter();
        }
        if (notOnOrAfter != null && !notOnOrAfter.toGregorianCalendar().toZonedDateTime().isAfter(ZonedDateTime.now())) {
            throw new ServletException("NotOnOrAfter condition failed");
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("NotOnOrAfter condition passed");
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Checking OneTimeUse condition");
        }
        checkOneTimeUse(httpServletRequest, assertion);
        if (log4j.isDebugEnabled()) {
            log4j.debug("OneTimeUse condition passed");
        }
        SAMLUtil sAMLUtil = new SAMLUtil(assertion);
        if (this.iUserIdIdentifier != null) {
            value = sAMLUtil.getAttribute(this.iUserIdIdentifier);
            if (log4j.isDebugEnabled()) {
                log4j.debug("Using " + this.iUserIdIdentifier + " to fetch user ID");
                log4j.debug(this.iUserIdIdentifier + "=" + value);
            }
        } else {
            value = assertion.getSubject().getNameID().getValue();
            if (log4j.isDebugEnabled()) {
                log4j.debug("Using subject to fetch user ID");
                log4j.debug("subject=" + value);
            }
        }
        HashMap hashMap = new HashMap();
        if (this.iPersAgbIdentifier != null) {
            hashMap.put("persAgb", sAMLUtil.getAttribute(this.iPersAgbIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("persAgb: " + this.iPersAgbIdentifier + "=" + ((String) hashMap.get("persAgb")));
            }
        }
        if (this.iInstAgbIdentifier != null) {
            hashMap.put("orgAgb", sAMLUtil.getAttribute(this.iInstAgbIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("instAgb: " + this.iInstAgbIdentifier + "=" + ((String) hashMap.get("orgAgb")));
            }
        }
        if (this.iBigIdentifier != null) {
            hashMap.put("big", sAMLUtil.getAttribute(this.iBigIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("big: " + this.iBigIdentifier + "=" + ((String) hashMap.get("big")));
            }
        }
        if (this.iUziIdentifier != null) {
            hashMap.put("uzi", sAMLUtil.getAttribute(this.iUziIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("uzi: " + this.iUziIdentifier + "=" + ((String) hashMap.get("uzi")));
            }
        }
        Caregiver caregiver = new Caregiver(hashMap);
        HashMap hashMap2 = new HashMap();
        if (this.iBsnIdentifier != null) {
            hashMap2.put("bsn", sAMLUtil.getAttribute(this.iBsnIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("bsn: " + this.iBsnIdentifier + "=" + ((String) hashMap2.get("bsn")));
            }
        }
        if (this.iInitialsIdentifier != null) {
            hashMap2.put("initials", sAMLUtil.getAttribute(this.iInitialsIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("initials: " + this.iInitialsIdentifier + "=" + ((String) hashMap2.get("initials")));
            }
        }
        if (this.iGivenNameIdentifier != null) {
            hashMap2.put("givenName", sAMLUtil.getAttribute(this.iGivenNameIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("givenName: " + this.iGivenNameIdentifier + "=" + ((String) hashMap2.get("givenName")));
            }
        }
        if (this.iFamilyNamePrefixIdentifier != null) {
            hashMap2.put("familyNamePrefix", sAMLUtil.getAttribute(this.iFamilyNamePrefixIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("fameliyNamePrefix: " + this.iFamilyNamePrefixIdentifier + "=" + ((String) hashMap2.get("familyNamePrefix")));
            }
        }
        if (this.iFamilyNameIdentifier != null) {
            hashMap2.put("familyName", sAMLUtil.getAttribute(this.iFamilyNameIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("familyName: " + this.iFamilyNameIdentifier + "=" + ((String) hashMap2.get("familyName")));
            }
        }
        if (this.iGenderIdentifier != null) {
            hashMap2.put("gender", sAMLUtil.getAttribute(this.iGenderIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("gender: " + this.iGenderIdentifier + "=" + ((String) hashMap2.get("gender")));
            }
        }
        if (this.iBirthdateIdentifier != null) {
            hashMap2.put("birthdate", sAMLUtil.getAttribute(this.iBirthdateIdentifier));
            if (log4j.isDebugEnabled()) {
                log4j.debug("birthdate: " + this.iBirthdateIdentifier + "=" + ((String) hashMap2.get("birthdate")));
            }
        }
        Patient patient = new Patient(hashMap2);
        if (log4j.isDebugEnabled()) {
            log4j.debug("Fetching internal user");
        }
        String extUserID = getExtUserID(httpServletRequest, value, Role.CAREGIVER);
        if (log4j.isDebugEnabled()) {
            log4j.debug("internal user = " + extUserID);
        }
        HttpSession session = httpServletRequest.getSession();
        session.setAttribute(GZM_SSO_EXT_ID, value);
        session.setAttribute(GZM_SSO_ROLE, Role.CAREGIVER.toString());
        session.setAttribute(GZM_SSO_CONFIG, getConfig().get(ATTRIBUTE_SSO_CONFIG));
        if (!caregiver.isEmpty()) {
            session.setAttribute(GZM_CAREGIVER_OBJECT, caregiver);
        }
        if (!patient.isEmpty()) {
            session.setAttribute(GZM_PATIENT_OBJECT, patient);
        }
        if (log4j.isDebugEnabled()) {
            log4j.debug("Constructing principal");
        }
        SecurityFilterPrincipal securityFilterPrincipal = extUserID != null ? new SecurityFilterPrincipal(extUserID, (String) null) : handleUnknownPrincipal(securityFilter, httpServletRequest, httpServletResponse, principal);
        SavedRequest savedRequest = (SavedRequest) session.getAttribute(SSO_SAVEDREQUEST);
        if (savedRequest != null) {
            if (log4j.isDebugEnabled()) {
                log4j.debug("removing ssoconfig parameter from request");
                log4j.debug("- URL before: " + savedRequest.getURL());
            }
            savedRequest.removeParameter("ssoconfig");
            if (log4j.isDebugEnabled()) {
                log4j.debug("- URL after: " + savedRequest.getURL());
            }
            session.setAttribute(SSO_SAVEDREQUEST, savedRequest);
        }
        return securityFilterPrincipal;
    }

    private void checkOneTimeUse(HttpServletRequest httpServletRequest, Assertion assertion) throws ServletException {
        if (assertion.getConditions().getOneTimeUse() != null) {
            if (log4j.isDebugEnabled()) {
                log4j.debug(" SELECT id FROM saml_used_ids WHERE id = ? ");
            }
            Connection connection = null;
            PreparedStatement preparedStatement = null;
            ResultSet resultSet = null;
            try {
                try {
                    connection = getConnection(httpServletRequest);
                    preparedStatement = connection.prepareStatement(" SELECT id FROM saml_used_ids WHERE id = ? ");
                    preparedStatement.setString(1, assertion.getID());
                    resultSet = preparedStatement.executeQuery();
                    if (resultSet.next()) {
                        throw new ServletException("OneTimeUse condition failed");
                    }
                    JdbcUtil.close(resultSet);
                    JdbcUtil.close(preparedStatement);
                    releaseConnection(httpServletRequest, connection);
                } catch (SQLException e) {
                    log4j.error("Could not lookup SAML ID", e);
                    JdbcUtil.close(resultSet);
                    JdbcUtil.close(preparedStatement);
                    releaseConnection(httpServletRequest, connection);
                }
            } catch (Throwable th) {
                JdbcUtil.close(resultSet);
                JdbcUtil.close(preparedStatement);
                releaseConnection(httpServletRequest, connection);
                throw th;
            }
        }
    }

    private String getExtUserID(HttpServletRequest httpServletRequest, String str, Role role) throws ServletException {
        if (log4j.isInfoEnabled()) {
            log4j.info("getExtUserID called, user=" + str);
        }
        if (role == null) {
            return null;
        }
        String str2 = (String) getConfig().get(ATTRIBUTE_SSO_CONFIG);
        try {
            try {
                Connection connection = getConnection(httpServletRequest);
                if (connection == null) {
                    throw new ServletException("No JDBC Connection");
                }
                if (log4j.isDebugEnabled()) {
                    log4j.debug("SQL:  SELECT   p.prs_init FROM   prs_persoon p   INNER JOIN prs_sso_config c       ON p.prs_persoon_nr = c.prs_persoon_nr       AND c.ext_user_id = ?      AND c.ssoconfig = ? WHERE   p.ref_prs_type = ?");
                }
                PreparedStatement prepareStatement = connection.prepareStatement(" SELECT   p.prs_init FROM   prs_persoon p   INNER JOIN prs_sso_config c       ON p.prs_persoon_nr = c.prs_persoon_nr       AND c.ext_user_id = ?      AND c.ssoconfig = ? WHERE   p.ref_prs_type = ?");
                prepareStatement.setString(1, str);
                prepareStatement.setString(2, str2);
                prepareStatement.setString(3, role.toString());
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Statement: " + prepareStatement.toString());
                }
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    if (log4j.isDebugEnabled()) {
                        log4j.debug("Authenticating user '" + str + "', user not found");
                    }
                    if (log4j.isInfoEnabled()) {
                        log4j.info("getExtUserID returned, value=null");
                    }
                    JdbcUtil.close(executeQuery);
                    JdbcUtil.close(prepareStatement);
                    if (connection != null) {
                        releaseConnection(httpServletRequest, connection);
                    }
                    return null;
                }
                String string = executeQuery.getString(1);
                if (log4j.isDebugEnabled()) {
                    log4j.debug("Authenticating user '" + str + "', user found: " + string);
                }
                JdbcUtil.close(executeQuery);
                JdbcUtil.close(prepareStatement);
                if (connection != null) {
                    releaseConnection(httpServletRequest, connection);
                }
                if (log4j.isInfoEnabled()) {
                    log4j.info("getExtUserID returned, value=" + string);
                }
                return string;
            } catch (SQLException e) {
                throw new ServletException("Could not execute query", e);
            }
        } catch (Throwable th) {
            JdbcUtil.close((ResultSet) null);
            JdbcUtil.close((PreparedStatement) null);
            if (0 != 0) {
                releaseConnection(httpServletRequest, null);
            }
            throw th;
        }
    }

    public Principal handleUnknownPrincipal(SecurityFilter securityFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) throws ServletException {
        log4j.info("Handling unknown principal...");
        try {
            httpServletRequest.getSession().setAttribute(SecurityFilter.SESSIONATTRIBUTE_REASON, "User not found");
            log4j.debug("Forwarding to OnUnkownUser:" + this.iOnUnkownUser);
            httpServletRequest.getSession().setAttribute(GZM_SIGNUP, "true");
            httpServletRequest.getSession().setAttribute(GZM_SIGNUP_TRIES, 0);
            httpServletRequest.getRequestDispatcher(this.iOnUnkownUser).forward(httpServletRequest, httpServletResponse);
            log4j.info("Unknown principle handled.");
            return SecurityFilter.AUTHENTICATION_IN_PROGRESS;
        } catch (IOException e) {
            throw new ServletException(e);
        }
    }

    public void setConfig(Map map) {
        log4j.info("setConfig called");
        super.setConfig(map);
        this.iUserIdIdentifier = (String) map.get("UserIdIdentifier");
        this.iPersAgbIdentifier = (String) map.get("PersAgbIdentifier");
        this.iInstAgbIdentifier = (String) map.get("InstAgbIdentifier");
        this.iBigIdentifier = (String) map.get("BigIdentifier");
        this.iUziIdentifier = (String) map.get("UziIdentifier");
        this.iBsnIdentifier = (String) map.get("BsnIdentifier");
        this.iGivenNameIdentifier = (String) map.get("GivenNameIdentifier");
        this.iInitialsIdentifier = (String) map.get("InitialsIdentifier");
        this.iFamilyNameIdentifier = (String) map.get("FamilyNameIdentifier");
        this.iFamilyNamePrefixIdentifier = (String) map.get("FamilyNamePrefixIdentifier");
        this.iBirthdateIdentifier = (String) map.get("BirthdateIdentifier");
        this.iGenderIdentifier = (String) map.get("GenderIdentifier");
        this.iOnUnkownUser = (String) map.get("OnUnkownUser");
        if (log4j.isDebugEnabled()) {
            log4j.debug("UserIdIdentifier=" + this.iUserIdIdentifier);
            log4j.debug("PersAgbIdentifier=" + this.iPersAgbIdentifier);
            log4j.debug("InstAgbIdentifier=" + this.iInstAgbIdentifier);
            log4j.debug("BigIdentifier=" + this.iBigIdentifier);
            log4j.debug("UziIdentifier=" + this.iUziIdentifier);
            log4j.debug("BsnIdentifier=" + this.iBsnIdentifier);
            log4j.debug("GivenNameIdentifier=" + this.iGivenNameIdentifier);
            log4j.debug("InitialsIdentifier=" + this.iInitialsIdentifier);
            log4j.debug("FamilyNameIdentifier=" + this.iFamilyNameIdentifier);
            log4j.debug("FamilyNamePrefixIdentifier=" + this.iFamilyNamePrefixIdentifier);
            log4j.debug("BirthdateIdentifier=" + this.iBirthdateIdentifier);
            log4j.debug("GenderIdentifier=" + this.iGenderIdentifier);
            log4j.debug("OnUnkownUser=" + this.iOnUnkownUser);
        }
        log4j.info("setConfig returns");
    }

    protected String getUserIdIdentifier() {
        return this.iUserIdIdentifier;
    }

    protected void setUserIdIdentifier(String str) {
        this.iUserIdIdentifier = str;
    }

    protected String getPersAgbIdentifier() {
        return this.iPersAgbIdentifier;
    }

    protected void setPersAgbIdentifier(String str) {
        this.iPersAgbIdentifier = str;
    }

    protected String getInstAgbIdentifier() {
        return this.iInstAgbIdentifier;
    }

    protected void setInstAgbIdentifier(String str) {
        this.iInstAgbIdentifier = str;
    }

    protected String getBigIdentifier() {
        return this.iBigIdentifier;
    }

    protected void setBigIdentifier(String str) {
        this.iBigIdentifier = str;
    }

    protected String getUziIdentifier() {
        return this.iUziIdentifier;
    }

    protected void setUziIdentifier(String str) {
        this.iUziIdentifier = str;
    }

    protected String getBsnIdentifier() {
        return this.iBsnIdentifier;
    }

    protected void setBsnIdentifier(String str) {
        this.iBsnIdentifier = str;
    }

    protected String getGivenNameIdentifier() {
        return this.iGivenNameIdentifier;
    }

    protected void setGivenNameIdentifier(String str) {
        this.iGivenNameIdentifier = str;
    }

    protected String getInitialsIdentifier() {
        return this.iInitialsIdentifier;
    }

    protected void setInitialsIdentifier(String str) {
        this.iInitialsIdentifier = str;
    }

    protected String getFamilyNameIdentifier() {
        return this.iFamilyNameIdentifier;
    }

    protected void setFamilyNameIdentifier(String str) {
        this.iFamilyNameIdentifier = str;
    }

    protected String getFamilyNamePrefixIdentifier() {
        return this.iFamilyNamePrefixIdentifier;
    }

    protected void setFamilyNamePrefixIdentifier(String str) {
        this.iFamilyNamePrefixIdentifier = str;
    }

    protected String getBirthdateIdentifier() {
        return this.iBirthdateIdentifier;
    }

    protected void setBirthdateIdentifier(String str) {
        this.iBirthdateIdentifier = str;
    }

    protected String getGenderIdentifier() {
        return this.iGenderIdentifier;
    }

    protected void setGenderIdentifier(String str) {
        this.iGenderIdentifier = str;
    }

    protected String getOnUnkownUser() {
        return this.iOnUnkownUser;
    }

    protected void setOnUnkownUser(String str) {
        this.iOnUnkownUser = str;
    }
}
