package pl.edu.icm.synat.services.security;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.Assert;
import pl.edu.icm.synat.api.services.security.ServiceUserAuthenticationToken;
import pl.edu.icm.synat.api.services.security.exception.ServiceSecurityException;

/* loaded from: input_file:WEB-INF/lib/synat-platform-connector-1.26.20.jar:pl/edu/icm/synat/services/security/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl implements AuthenticationService, InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationServiceImpl.class);
    private String service;
    private String server;
    private AuthenticationProvider authenticationProvider;
    private Converter<CasAuthenticationToken, ServiceUserAuthenticationToken> serviceUserTokenConverter;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.server, "server must not be null");
        Assert.notNull(this.authenticationProvider, "casAuthenticationProvider must not be null");
        Assert.notNull(this.serviceUserTokenConverter, "serviceUserTokenConverter must not be null");
    }

    @Override // pl.edu.icm.synat.services.security.AuthenticationService
    public ServiceUserAuthenticationToken login(String str, String str2) throws ServiceSecurityException {
        Assert.hasText(str, "username must not be empty");
        Assert.hasText(str2, "password must not be empty");
        String ticketGrantingTicket = getTicketGrantingTicket(this.server, str, str2);
        if (ticketGrantingTicket == null) {
            throw new ServiceSecurityException("Failed login user '{}'. Cannot get ticketGrantingTicket from authentication server", str);
        }
        String serviceTicket = getServiceTicket(this.server, ticketGrantingTicket, this.service);
        if (serviceTicket == null) {
            throw new ServiceSecurityException("Failed login user[{}] for service[{}]. Cannot get ticket from authentication server", str, this.service);
        }
        return validate(serviceTicket);
    }

    @Override // pl.edu.icm.synat.services.security.AuthenticationService
    public ServiceUserAuthenticationToken validate(String str) throws ServiceSecurityException {
        Assert.notNull(str, "ticket cannot be null");
        try {
            CasAuthenticationToken casAuthenticationToken = (CasAuthenticationToken) this.authenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, str));
            if (casAuthenticationToken == null) {
                throw new ServiceSecurityException("Authentication provider return null token for ticket [{}]", str);
            }
            return this.serviceUserTokenConverter.convert(casAuthenticationToken);
        } catch (AuthenticationException e) {
            throw new ServiceSecurityException(e.getMessage(), new Object[0]);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0059. Please report as an issue. */
    private String getServiceTicket(String str, String str2, String str3) {
        if (str2 == null) {
            return null;
        }
        HttpClient httpClient = new HttpClient();
        PostMethod postMethod = new PostMethod(str + "/" + str2);
        postMethod.setRequestBody(new NameValuePair[]{new NameValuePair(ServiceProperties.DEFAULT_CAS_SERVICE_PARAMETER, str3)});
        try {
            try {
                httpClient.executeMethod(postMethod);
                String responseBodyAsString = postMethod.getResponseBodyAsString();
                switch (postMethod.getStatusCode()) {
                    case 200:
                        postMethod.releaseConnection();
                        return responseBodyAsString;
                    default:
                        logger.debug("Invalid response code (" + postMethod.getStatusCode() + ") from CAS server!");
                        logger.debug("Response \n: " + responseBodyAsString);
                        postMethod.releaseConnection();
                        return null;
                }
            } catch (IOException e) {
                logger.warn(e.getMessage());
                postMethod.releaseConnection();
                return null;
            }
        } catch (Throwable th) {
            postMethod.releaseConnection();
            throw th;
        }
    }

    private String getTicketGrantingTicket(String str, String str2, String str3) {
        HttpClient httpClient = new HttpClient();
        PostMethod postMethod = new PostMethod(str);
        postMethod.setRequestBody(new NameValuePair[]{new NameValuePair("username", str2), new NameValuePair("password", str3)});
        try {
            try {
                httpClient.executeMethod(postMethod);
                String responseBodyAsString = postMethod.getResponseBodyAsString();
                switch (postMethod.getStatusCode()) {
                    case 201:
                        Matcher matcher = Pattern.compile(".*action=\".*/(.*?)\".*").matcher(responseBodyAsString);
                        if (!matcher.matches()) {
                            logger.debug("Successful ticket granting request, but no ticket found!");
                            logger.debug("Response: \n" + responseBodyAsString);
                            break;
                        } else {
                            String group = matcher.group(1);
                            postMethod.releaseConnection();
                            return group;
                        }
                    default:
                        logger.debug("Invalid response code (" + postMethod.getStatusCode() + ") from CAS server!");
                        logger.debug("Response: \n" + responseBodyAsString);
                        break;
                }
                postMethod.releaseConnection();
                return null;
            } catch (IOException e) {
                logger.warn(e.getMessage());
                postMethod.releaseConnection();
                return null;
            }
        } catch (Throwable th) {
            postMethod.releaseConnection();
            throw th;
        }
    }

    public void setService(String str) {
        this.service = str;
    }

    public void setServer(String str) {
        this.server = str;
    }

    public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.authenticationProvider = authenticationProvider;
    }

    public void setServiceUserTokenConverter(Converter<CasAuthenticationToken, ServiceUserAuthenticationToken> converter) {
        this.serviceUserTokenConverter = converter;
    }
}
