package be.ehealth.technicalconnector.service.sso.impl;

import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.config.ConfigValidator;
import be.ehealth.technicalconnector.enumeration.Charset;
import be.ehealth.technicalconnector.enumeration.SsoProfile;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.handler.SchemaValidatorHandler;
import be.ehealth.technicalconnector.idgenerator.IdGenerator;
import be.ehealth.technicalconnector.idgenerator.IdGeneratorFactory;
import be.ehealth.technicalconnector.service.sso.BrowserHandler;
import be.ehealth.technicalconnector.service.sso.SingleSignOnService;
import be.ehealth.technicalconnector.service.sts.utils.SAMLHelper;
import be.ehealth.technicalconnector.session.AbstractSessionServiceWithCache;
import be.ehealth.technicalconnector.shutdown.DeleteFileOnExitShutdownHook;
import be.ehealth.technicalconnector.utils.ConfigurableFactoryHelper;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import be.ehealth.technicalconnector.utils.ConnectorXmlUtils;
import be.ehealth.technicalconnector.ws.ServiceFactory;
import be.ehealth.technicalconnector.ws.domain.GenericRequest;
import be.ehealth.technicalconnector.ws.domain.TokenType;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URI;
import java.net.URISyntaxException;
import javax.xml.soap.SOAPException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.bouncycastle.util.encoders.Base64;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:be/ehealth/technicalconnector/service/sso/impl/SingleSignOnServiceImpl.class */
public class SingleSignOnServiceImpl extends AbstractSessionServiceWithCache implements SingleSignOnService {
    private static final String PROP_SSO_AUTODISCOVERY_ENABLED = "be.ehealth.technicalconnector.service.sso.autodiscovery.enabled";
    public static final String PROP_ENDPOINT_STS_SSO = "endpoint.sts.sso";
    public static final String PROP_ENDPOINT_IDP_SAML2_POST = "endpoint.idp.saml2.post";
    public static final String PROP_ENDPOINT_IDP_SAML2_ARTIFACT = "endpoint.idp.saml2.artifact";
    public static final String PROP_DEFAULT_BROWSER_HANDLER = "be.ehealth.technicalconnector.service.sso.browserhandler.default";
    private static final Logger LOG = LoggerFactory.getLogger(SingleSignOnServiceImpl.class);
    private IdGenerator idGenerator;
    private ConfigValidator config;
    private BrowserHandler browserHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: be.ehealth.technicalconnector.service.sso.impl.SingleSignOnServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:be/ehealth/technicalconnector/service/sso/impl/SingleSignOnServiceImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$be$ehealth$technicalconnector$enumeration$SsoProfile = new int[SsoProfile.values().length];

        static {
            try {
                $SwitchMap$be$ehealth$technicalconnector$enumeration$SsoProfile[SsoProfile.SAML2_ARTIFACT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$enumeration$SsoProfile[SsoProfile.SAML2_POST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public SingleSignOnServiceImpl() {
        try {
            this.idGenerator = IdGeneratorFactory.getIdGenerator(IdGeneratorFactory.XSID);
            this.config = ConfigFactory.getConfigValidator();
            this.browserHandler = (BrowserHandler) new ConfigurableFactoryHelper(PROP_DEFAULT_BROWSER_HANDLER, DefaultBrowserHandler.class.getName()).getImplementation();
        } catch (TechnicalConnectorException e) {
            throw new IllegalArgumentException(e);
        }
    }

    @Override // be.ehealth.technicalconnector.service.sso.SingleSignOnService
    public void signin(SsoProfile ssoProfile) throws TechnicalConnectorException {
        signin(ssoProfile, null);
    }

    @Override // be.ehealth.technicalconnector.service.sso.SingleSignOnService
    public void setHandler(BrowserHandler browserHandler) {
        this.browserHandler = browserHandler;
    }

    @Override // be.ehealth.technicalconnector.service.sso.SingleSignOnService
    public void signin(SsoProfile ssoProfile, String str) throws TechnicalConnectorException {
        switch (AnonymousClass1.$SwitchMap$be$ehealth$technicalconnector$enumeration$SsoProfile[ssoProfile.ordinal()]) {
            case SchemaValidatorHandler.VERIFY_INBOUND /* 1 */:
                signinWithSAML2Artifact(str);
                return;
            case SchemaValidatorHandler.VERIFY_OUTBOUND /* 2 */:
                signinWithSAML2POST(str);
                return;
            default:
                throw new IllegalArgumentException("Unsupported SSO profile [" + ssoProfile + "]");
        }
    }

    private void signinWithSAML2Artifact(String str) throws TechnicalConnectorException {
        try {
            NodeList elementsByTagNameNS = invokeSecureTokenService(ConnectorXmlUtils.flatten(StringUtils.replaceEach(ConnectorIOUtils.getResourceAsString("/sso/SSORequestSTSSAML2Artifact.xml"), new String[]{"${reqId}", "${endpoint.idp.saml2.artifact}"}, new String[]{this.idGenerator.generateId(), getSAML2Artifact()}))).getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Reference");
            Validate.notNull(elementsByTagNameNS);
            Validate.isTrue(elementsByTagNameNS.getLength() == 1);
            String attribute = ((Element) elementsByTagNameNS.item(0)).getAttribute("URI");
            if (StringUtils.isNotBlank(str)) {
                attribute = attribute + "&RelayState=" + str;
            }
            LOG.debug("Launching browser with url [" + attribute + "]");
            this.browserHandler.browse(new URI(attribute));
        } catch (URISyntaxException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.CORE_TECHNICAL, e, e.getMessage());
        }
    }

    private String getSAML2Post() {
        String host = this.config.getURLProperty(PROP_ENDPOINT_STS_SSO).getHost();
        if (Boolean.TRUE.toString().equalsIgnoreCase(this.config.getProperty(PROP_SSO_AUTODISCOVERY_ENABLED, Boolean.TRUE.toString()))) {
            if ("services-acpt.ehealth.fgov.be".equals(host)) {
                return "https://wwwacc.ehealth.fgov.be/idp/profile/SAML2/Bearer/POST";
            }
            if ("services.ehealth.fgov.be".equals(host)) {
                return "https://www.ehealth.fgov.be/idp/profile/SAML2/Bearer/POST";
            }
        }
        return this.config.getProperty(PROP_ENDPOINT_IDP_SAML2_POST);
    }

    private String getSAML2Artifact() {
        String host = this.config.getURLProperty(PROP_ENDPOINT_STS_SSO).getHost();
        if (Boolean.TRUE.toString().equalsIgnoreCase(this.config.getProperty(PROP_SSO_AUTODISCOVERY_ENABLED, Boolean.TRUE.toString()))) {
            if ("services-acpt.ehealth.fgov.be".equals(host)) {
                return "https://wwwacc.ehealth.fgov.be/idp/profile/SAML2/Bearer/Artifact";
            }
            if ("services.ehealth.fgov.be".equals(host)) {
                return "https://www.ehealth.fgov.be/idp/profile/SAML2/Bearer/Artifact";
            }
        }
        return this.config.getProperty(PROP_ENDPOINT_IDP_SAML2_ARTIFACT);
    }

    private void signinWithSAML2POST(String str) throws TechnicalConnectorException {
        FileWriter fileWriter = null;
        try {
            try {
                NodeList elementsByTagNameNS = invokeSecureTokenService(ConnectorXmlUtils.flatten(StringUtils.replaceEach(ConnectorIOUtils.getResourceAsString("/sso/SSORequestSTSSAML2POST.xml"), new String[]{"${reqId}", "${endpoint.idp.saml2.post}"}, new String[]{this.idGenerator.generateId(), getSAML2Post()}))).getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", SAMLHelper.SAML_ASSERTION);
                Validate.notNull(elementsByTagNameNS);
                Validate.isTrue(elementsByTagNameNS.getLength() == 1);
                String replaceEachRepeatedly = StringUtils.replaceEachRepeatedly(StringUtils.isNotBlank(str) ? ConnectorIOUtils.getResourceAsString("/sso/bindingTemplate-Form.html") : ConnectorIOUtils.getResourceAsString("/sso/bindingTemplate-FormNoRelayState.html"), new String[]{"${endpoint.idp.saml2.post}", "${relayState}", "${SAMLResponse}"}, new String[]{getSAML2Post(), str, new String(Base64.encode(ConnectorIOUtils.toBytes(ConnectorXmlUtils.flatten(StringUtils.replaceEachRepeatedly(ConnectorIOUtils.getResourceAsString("/sso/bindingTemplate-SAMLResponse.xml"), new String[]{"${SAMLResponseID}", "${SAMLResponseIssueInstant}", "${SAMLAssertion}"}, new String[]{IdGeneratorFactory.getIdGenerator(IdGeneratorFactory.XSID).generateId(), new DateTime().toString(), toXMLString((Element) elementsByTagNameNS.item(0))})), Charset.UTF_8)))});
                File createTempFile = File.createTempFile("sso-", "post.html");
                DeleteFileOnExitShutdownHook.deleteOnExit(createTempFile);
                URI uri = createTempFile.toURI();
                fileWriter = new FileWriter(createTempFile);
                IOUtils.write(replaceEachRepeatedly, fileWriter);
                fileWriter.flush();
                this.browserHandler.browse(uri);
                ConnectorIOUtils.closeQuietly(fileWriter);
            } catch (IOException e) {
                throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.CORE_TECHNICAL, e, e.getMessage());
            }
        } catch (Throwable th) {
            ConnectorIOUtils.closeQuietly(fileWriter);
            throw th;
        }
    }

    private String toXMLString(Element element) throws TechnicalConnectorException {
        try {
            StreamResult streamResult = new StreamResult(new StringWriter());
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("encoding", "utf8");
            newTransformer.setOutputProperty("indent", "no");
            newTransformer.setOutputProperty("media-type", "text/xml");
            newTransformer.setOutputProperty("omit-xml-declaration", "yes");
            newTransformer.transform(new DOMSource(element), streamResult);
            return streamResult.getWriter().toString();
        } catch (TransformerException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.CORE_TECHNICAL, e, e.getMessage());
        }
    }

    private Element invokeSecureTokenService(String str) throws TechnicalConnectorException {
        try {
            GenericRequest genericRequest = new GenericRequest();
            genericRequest.setEndpoint(this.config.getProperty(PROP_ENDPOINT_STS_SSO));
            genericRequest.setCredential(getSamlToken(), TokenType.SAML);
            genericRequest.setSoapAction("urn:be:fgov:ehealth:sts:protocol:v1:RequestSecurityToken");
            genericRequest.setPayload(str);
            return (Element) ServiceFactory.getGenericWsSender().send(genericRequest).asNode();
        } catch (SOAPException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_WS, (Throwable) e, e.getMessage());
        }
    }
}
