package com.wikidsystems.google;

import com.mchange.v2.c3p0.subst.C3P0Substitutions;
import com.mchange.v2.sql.SqlUtils;
import com.wikidsystems.client.wClient;
import com.wikidsystems.crypto.JksKeyStore;
import com.wikidsystems.util.Config;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Properties;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/wikidsystems/google/GoogleSSOServlet.class */
public class GoogleSSOServlet extends HttpServlet {
    private wClient wc;
    private String loginFormHTML;
    private String contextRealPath;
    private String localhostpw;
    private String googleSsoKeysPw;
    private static boolean GSSOEnabled = false;
    private static boolean refreshNCs = false;
    private static boolean debug = false;
    private final Logger log = Logger.getLogger(getClass());
    private final HashMap<String, String> acsurlToNameMap = new HashMap<>();
    private final HashMap<String, String> acsurlToNameDomain = new HashMap<>();
    private final HashMap<String, KeyPair> acsurlToKeysMap = new HashMap<>();

    /* loaded from: input_file:com/wikidsystems/google/GoogleSSOServlet$SSODataHolder.class */
    private class SSODataHolder {
        String SAMLRequest;
        String relayStateURL;

        private SSODataHolder(String str, String str2) {
            this.SAMLRequest = str;
            this.relayStateURL = str2;
        }

        public String getSAMLRequest() {
            return this.SAMLRequest;
        }

        public void setSAMLRequest(String str) {
            this.SAMLRequest = str;
        }

        public String getRelayStateURL() {
            return this.relayStateURL;
        }

        public void setRelayStateURL(String str) {
            this.relayStateURL = str;
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init();
        this.contextRealPath = servletConfig.getServletContext().getRealPath("/");
        Properties gSSOProperties = GoogleSSOPropUtil.getGSSOProperties();
        GSSOEnabled = Boolean.parseBoolean(gSSOProperties.getProperty("GSSOEnabled"));
        if (GSSOEnabled) {
            this.localhostpw = gSSOProperties.getProperty("localhostpw");
            this.googleSsoKeysPw = gSSOProperties.getProperty("googleSsoKeysPw");
            mapAcsUrlProperties(GoogleSSOPropUtil.getAcsUrlMaps());
            initializeWikid(servletConfig.getServletContext());
            loadLoginFormHTML(servletConfig);
        }
    }

    private void mapAcsUrlProperties(Properties properties) {
        if (GSSOEnabled) {
            this.acsurlToNameDomain.clear();
            this.acsurlToNameMap.clear();
            Iterator it = properties.keySet().iterator();
            while (it.hasNext()) {
                String trim = ((String) it.next()).trim();
                String[] split = properties.getProperty(trim).split(":");
                this.acsurlToNameDomain.put(trim, split[0].trim());
                this.acsurlToNameMap.put(trim, split[1].trim());
            }
            refreshNCs = false;
        }
    }

    public void destroy() {
        super.destroy();
        if (this.wc != null) {
            this.wc.close();
        }
        this.wc = null;
    }

    private void initializeWikid(ServletContext servletContext) {
        this.log.debug("Attempting to initialize wClient for GoogleSSO");
        String initParameter = servletContext.getInitParameter("WikidHostName");
        String initParameter2 = servletContext.getInitParameter("WAuthPort");
        String initParameter3 = servletContext.getInitParameter("ClientCertP12");
        String initParameter4 = servletContext.getInitParameter("ClientCertPassword");
        String initParameter5 = servletContext.getInitParameter("CACertFile");
        String initParameter6 = servletContext.getInitParameter("CACertFilePass");
        debug = C3P0Substitutions.DEBUG.equalsIgnoreCase(servletContext.getInitParameter("GSSODebug"));
        try {
            if (initParameter == null) {
                this.log.debug("Initalizing wClient for GoogleSSO with localhost defaults");
                this.wc = new wClient("localhost", 8388, "/opt/WiKID/private/localhost.p12", this.localhostpw);
                if (this.wc.isConnected()) {
                    return;
                }
                this.log.warn("Initalizing wClient for GoogleSSO with localhost defaults FAILED");
                return;
            }
            this.log.debug("Initalizing wClient for GoogleSSO with web.xml parameters");
            if (initParameter5 == null) {
                this.wc = new wClient(initParameter, Integer.parseInt(initParameter2), initParameter3, initParameter4);
            } else {
                this.wc = new wClient(initParameter, Integer.parseInt(initParameter2), initParameter3, initParameter4, initParameter5, initParameter6);
            }
            if (!this.wc.isConnected()) {
                this.log.warn("Initalizing wClient for GoogleSSO with web.xml parameters FAILED");
            }
        } catch (Throwable th) {
            this.log.error(th, th);
        }
    }

    private void loadLoginFormHTML(ServletConfig servletConfig) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(Config.getValue("BASEPATH") + "private/googlesso/login.html"));
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    this.loginFormHTML = stringBuffer.toString();
                    bufferedReader.close();
                    return;
                }
                stringBuffer.append(readLine);
            }
        } catch (FileNotFoundException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (IOException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!GSSOEnabled) {
            httpServletResponse.sendError(404);
            return;
        }
        if (httpServletRequest.getParameter("refreshNCs") != null) {
            refreshNCs = true;
        }
        if (refreshNCs) {
            mapAcsUrlProperties(GoogleSSOPropUtil.getAcsUrlMaps());
        }
        if (httpServletRequest.getParameter("SAMLRequest") == null) {
            httpServletResponse.setContentType("text/html");
            httpServletResponse.getWriter().write("<HTML><HEAD><TITLE>Invalid SSO Request</TITLE></HEAD><BODY><H2>Invalid Request</H2></BODY></HTML>");
            return;
        }
        httpServletRequest.getSession(true).setAttribute("SSODataHolder", new SSODataHolder(httpServletRequest.getParameter("SAMLRequest"), httpServletRequest.getParameter("RelayState")));
        httpServletResponse.setContentType("text/html");
        String str = (String) httpServletRequest.getAttribute("error");
        if (str != null) {
            httpServletResponse.getWriter().write(this.loginFormHTML.replaceAll("<!--<@ERROR_MESSAGE@/>-->", str));
        } else {
            httpServletResponse.getWriter().write(this.loginFormHTML);
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (debug) {
            this.log.debug("Start doPost processiing for GSSO");
        }
        if (!GSSOEnabled) {
            httpServletResponse.sendError(404);
            return;
        }
        SSODataHolder sSODataHolder = (SSODataHolder) httpServletRequest.getSession(true).getAttribute("SSODataHolder");
        String sAMLRequest = sSODataHolder.getSAMLRequest();
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter(SqlUtils.DRIVER_MANAGER_PASSWORD_PROPERTY);
        String relayStateURL = sSODataHolder.getRelayStateURL();
        String str = null;
        try {
            String[] requestAttributes = GoogleSamlUtil.getRequestAttributes(GoogleSamlUtil.decodeAuthnRequestXML(sAMLRequest));
            String str2 = requestAttributes[0];
            String str3 = requestAttributes[2];
            String str4 = requestAttributes[3];
            httpServletRequest.getSession().getServletContext().getInitParameter("DomainName");
            this.log.debug("Request Attributes: " + requestAttributes.toString());
            String login = login(httpServletRequest.getSession().getServletContext(), parameter, parameter2, str3);
            if (login == null) {
                httpServletRequest.setAttribute("error", "Login Failed");
                this.log.info("GoogleSSO login failed for username " + parameter + " with acsURL " + str3);
                httpServletRequest.getRequestDispatcher(httpServletRequest.getRequestURI()).include(httpServletRequest, httpServletResponse);
            } else {
                this.log.info("GoogleSSO login succeeded for username " + parameter + " with acsURL " + str3);
                httpServletRequest.removeAttribute("error");
                KeyPair dSAKeys = getDSAKeys(str3);
                DSAPublicKey dSAPublicKey = (DSAPublicKey) dSAKeys.getPublic();
                DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) dSAKeys.getPrivate();
                if (debug) {
                    this.log.debug("publicKey " + dSAPublicKey.toString());
                }
                if (debug) {
                    this.log.debug("privateKey " + dSAPrivateKey.toString());
                }
                String notBeforeDateAndTime = GoogleSamlUtil.getNotBeforeDateAndTime();
                String notOnOrAfterDateAndTime = GoogleSamlUtil.getNotOnOrAfterDateAndTime();
                if (!GoogleSamlUtil.validSamlDateFormat(str2)) {
                    this.log.debug("Not Before date check failed");
                    throw new RuntimeException("ERROR: Invalid NotBefore date specified - " + notBeforeDateAndTime);
                }
                if (!GoogleSamlUtil.validSamlDateFormat(notOnOrAfterDateAndTime)) {
                    this.log.debug("Not After data check failed");
                    throw new RuntimeException("ERROR: Invalid NotOnOrAfter date specified - " + notOnOrAfterDateAndTime);
                }
                String xmlReply = getXmlReply(GoogleSamlUtil.createID(), GoogleSamlUtil.getDateAndTime(), GoogleSamlUtil.createID(), login, str3, notOnOrAfterDateAndTime, str4, notBeforeDateAndTime, GoogleSamlUtil.getDateAndTime());
                if (debug) {
                    this.log.debug("Response XML: " + xmlReply);
                }
                str = GoogleSamlUtil.signResponse(xmlReply, dSAPublicKey, dSAPrivateKey);
                if (debug) {
                    this.log.debug("Signed response: " + str);
                }
            }
            httpServletResponse.setContentType("text/html");
            httpServletResponse.getWriter().write(redirectToSamlClientHtml(str3, str, relayStateURL));
        } catch (SamlException e) {
            this.log.debug("SAML Exception:" + e.getMessage());
            e.printStackTrace(System.out);
            httpServletRequest.setAttribute("error", e.getMessage());
        }
    }

    private KeyPair getDSAKeys(String str) {
        if (this.acsurlToKeysMap.containsKey(str)) {
            return this.acsurlToKeysMap.get(str);
        }
        this.log.debug("Loading keys for " + str);
        String str2 = this.acsurlToNameMap.get(str);
        if (str2 == null) {
            this.log.error("acsURL " + str + " did not map to a valid GoogleSSO name.  Check the GoogleSSO network client configuration");
            return null;
        }
        File file = new File(Config.getValue("BASEPATH") + "private/googlesso/" + str2 + "_keys.jks");
        if (!file.exists() || !file.canRead()) {
            this.log.error("Cannot read from " + file.getAbsolutePath() + " for GoogleSSO with acsURL " + str);
            return null;
        }
        KeyStore loadKeystore = JksKeyStore.loadKeystore(this.googleSsoKeysPw.toCharArray(), file);
        if (loadKeystore == null) {
            this.log.error("Failed to open keystore from " + file.getAbsolutePath());
            return null;
        }
        try {
            KeyPair keyPair = new KeyPair((DSAPublicKey) loadKeystore.getCertificate("GoogleSSO").getPublicKey(), (DSAPrivateKey) loadKeystore.getKey("GoogleSSO", this.googleSsoKeysPw.toCharArray()));
            this.acsurlToKeysMap.put(str, keyPair);
            return keyPair;
        } catch (Exception e) {
            this.log.error("Failed to load keys from " + file.getAbsolutePath(), e);
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private String login(ServletContext servletContext, String str, String str2, String str3) {
        if (this.wc == null || !this.wc.isConnected()) {
            initializeWikid(servletContext);
        }
        if (!this.wc.isConnected()) {
            this.log.error("wClient could not be initialuized for GoogleSSO login service.");
            return null;
        }
        String str4 = this.acsurlToNameDomain.get(str3);
        if (str4 == null) {
            this.log.error("acsURL " + str3 + " did not map to a valid WiKID domain.  Check the GoogleSSO network client configuration");
            return null;
        }
        try {
            this.log.debug("Checking credentials for " + str + " in the " + str4 + " domain");
            if (this.wc.CheckCredentials(str, str2, str4)) {
                return str;
            }
            return null;
        } catch (Throwable th) {
            this.log.error(th, th);
            return null;
        }
    }

    private String redirectToSamlClientHtml(String str, String str2, String str3) {
        return "<HTML><head><meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"></head><script language=\"JavaScript\">function submit_now(s,r) {document.acsForm.submit();} </script><body onload=\"Javascript:submit_now()\"><form name=\"acsForm\" action=\"" + str + "\" method=\"post\" target=\"_top\"><div style=\"display: none\"><textarea rows=10 cols=80 name=\"SAMLResponse\">" + str2 + "</textarea><textarea rows=10 cols=80 name=\"RelayState\">" + RequestUtil.htmlEncode(str3) + "</textarea></div>\n</form></BODY></HTML>";
    }

    private String getXmlReply(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) {
        return "<samlp:Response ID=\"" + str + "\" IssueInstant=\"" + str2 + "\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"> <samlp:Status> <samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/> </samlp:Status> <Assertion ID=\"" + str3 + "\" IssueInstant=\"2003-04-17T00:46:02Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"> <Issuer>https://www.opensaml.org/IDP </Issuer> <Subject> <NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\"> " + str4 + " </NameID> <SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"> <SubjectConfirmationData Recipient=\"" + str5 + "\" NotOnOrAfter=\"" + str6 + "\" InResponseTo=\"" + str7 + "\"/> </SubjectConfirmation> </Subject> <Conditions NotBefore=\"" + str8 + "\" NotOnOrAfter=\"" + str6 + "\"> <AudienceRestriction> <Audience>" + str5 + "</Audience> </AudienceRestriction> </Conditions> <AuthnStatement AuthnInstant=\"" + str9 + "\"> <AuthnContext> <AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:Password </AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion></samlp:Response>";
    }

    private static void refreshNCs() {
        refreshNCs = true;
    }
}
