package eu.cec.digit.ecas.client.validation;

import eu.cec.digit.ecas.client.EcasUtil;
import eu.cec.digit.ecas.client.constants.ContextConstant;
import eu.cec.digit.ecas.client.constants.RequestConstant;
import eu.cec.digit.ecas.client.constants.SessionConstant;
import eu.cec.digit.ecas.client.constants.Strength;
import eu.cec.digit.ecas.client.http.LoginRequestTransaction;
import eu.cec.digit.ecas.client.jaas.FailedTicketValidationException;
import eu.cec.digit.ecas.client.jaas.HttpSessionHandlerAdapter;
import eu.cec.digit.ecas.client.jaas.InvalidLoginDateException;
import eu.cec.digit.ecas.client.jaas.InvalidProxyException;
import eu.cec.digit.ecas.client.jaas.InvalidSignatureException;
import eu.cec.digit.ecas.client.jaas.InvalidStrengthException;
import eu.cec.digit.ecas.client.jaas.SessionCreationLoginException;
import eu.cec.digit.ecas.client.jaas.UnexpectedLoginException;
import eu.cec.digit.ecas.client.logging.Logger;
import eu.cec.digit.ecas.client.proxy.LocalPgtExpiredException;
import eu.cec.digit.ecas.client.proxy.ProxyGrantingTicketCacheIntf;
import eu.cec.digit.ecas.client.resolver.context.ServletContextStrategy;
import eu.cec.digit.ecas.client.resolver.logging.LoggerFactory;
import eu.cec.digit.ecas.client.resolver.session.HttpSessionHandlerStrategy;
import eu.cec.digit.ecas.client.resolver.session.SessionCreationRuntimeException;
import eu.cec.digit.ecas.client.reverseproxy.BluecoatReverseProxyHelper;
import eu.cec.digit.ecas.client.service.ServiceMatcher;
import eu.cec.digit.ecas.client.service.StrictNormalizingServiceMatcher;
import eu.cec.digit.ecas.client.signature.AuthenticatedMessage;
import eu.cec.digit.ecas.client.signature.UserConfirmationMessage;
import eu.cec.digit.ecas.client.signature.VerifiedAuthenticatedMessage;
import eu.cec.digit.ecas.client.signature.VerifiedUserConfirmationMessage;
import eu.cec.digit.ecas.client.validation.ProxyAuthenticationSuccess;
import eu.cec.digit.ecas.client.validation.ValidatedUserImpl;
import java.io.UnsupportedEncodingException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:eu/cec/digit/ecas/client/validation/BaseUserValidator.class */
public abstract class BaseUserValidator implements UserValidator {
    private static final Logger LOG;
    private final UserValidatorHelper userValidatorHelper;
    private final ServiceMatcher serviceMatcher = new StrictNormalizingServiceMatcher();
    static Class class$eu$cec$digit$ecas$client$validation$BaseUserValidator;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:eu/cec/digit/ecas/client/validation/BaseUserValidator$ASCH.class */
    public static final class ASCH implements AuthenticationSuccessCallbackHandlerV2 {
        private final UserValidatorHelper userValidatorHelper;
        private final ProxyGrantingTicketCacheIntf clientPgtCache;

        ASCH(UserValidatorHelper userValidatorHelper, HttpServletRequest httpServletRequest) {
            this.userValidatorHelper = userValidatorHelper;
            if (null == httpServletRequest) {
                this.clientPgtCache = null;
            } else {
                this.clientPgtCache = BaseUserValidator.retrieveProxyGrantingTicketCache(ServletContextStrategy.getInstance().getServletContext(httpServletRequest));
            }
        }

        @Override // eu.cec.digit.ecas.client.validation.AuthenticationSuccessCallbackHandlerV2
        public AuthenticationSuccess handle(AuthenticationSuccess authenticationSuccess) throws InvalidStrengthException, LocalPgtExpiredException {
            StrengthManagerIntf strengthManager = this.userValidatorHelper.getEcasValidationConfig().getStrengthManager();
            List strengths = authenticationSuccess.getStrengths();
            List retainAcceptable = strengthManager.retainAcceptable(strengths);
            String pgtIou = authenticationSuccess.getPgtIou();
            if (retainAcceptable.isEmpty()) {
                if (null != this.clientPgtCache && null != pgtIou) {
                    this.clientPgtCache.deleteProxyGrantingTicket(pgtIou);
                }
                String obj = strengths.toString();
                throw new InvalidStrengthException(new StringBuffer().append("ECAS authentication strengths \"").append(obj).append("\" are not acceptable for this application which requires \"").append(strengthManager.getAcceptedStrengthsAsCSVString()).append("\"").toString(), obj);
            }
            if (null == this.clientPgtCache || null == pgtIou || null != authenticationSuccess.getPgtId()) {
                return authenticationSuccess;
            }
            String retrieveProxyGrantingTicket = this.clientPgtCache.retrieveProxyGrantingTicket(pgtIou);
            if (null == retrieveProxyGrantingTicket) {
                throw new LocalPgtExpiredException(new StringBuffer().append("Unable to retrieve pgtIou ['").append(pgtIou).append("'], invalid or expired").toString());
            }
            ProxyAuthenticationSuccess.Builder builder = new ProxyAuthenticationSuccess.Builder((DetailedAuthenticationSuccess) authenticationSuccess);
            builder.pgtId(retrieveProxyGrantingTicket);
            return builder.build();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseUserValidator(EcasValidationConfigIntf ecasValidationConfigIntf) {
        this.userValidatorHelper = new UserValidatorHelper(ecasValidationConfigIntf);
    }

    @Override // eu.cec.digit.ecas.client.validation.UserValidator
    public final ValidatedUser validate(String str, String str2, HttpServletRequest httpServletRequest) throws FailedTicketValidationException, InvalidStrengthException, InvalidProxyException, InvalidLoginDateException, UnexpectedLoginException, LocalPgtExpiredException, SessionCreationLoginException {
        return validate(str, str2, httpServletRequest, true);
    }

    public final ValidatedUser validate(String str, String str2) throws FailedTicketValidationException, InvalidStrengthException, InvalidProxyException, InvalidLoginDateException, UnexpectedLoginException {
        return this.userValidatorHelper.validate(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ValidatedUser validate(String str, String str2, HttpServletRequest httpServletRequest, boolean z) throws FailedTicketValidationException, InvalidStrengthException, InvalidProxyException, InvalidLoginDateException, UnexpectedLoginException, LocalPgtExpiredException, SessionCreationLoginException {
        String str3 = null;
        String str4 = null;
        String str5 = null;
        if (null != httpServletRequest) {
            str3 = BluecoatReverseProxyHelper.getInstance().getRemoteAddr(httpServletRequest);
            LoginRequestTransaction andRemove = LoginRequestTransaction.getAndRemove(httpServletRequest);
            if (null != andRemove) {
                str4 = andRemove.getClientFingerprint();
                String service = andRemove.getService();
                if (LOG.isWarnEnabled() && !this.serviceMatcher.matches(service, str2)) {
                    LOG.warn(new StringBuffer().append("Possible service mismatch at validation: service in login transaction=\"").append(service).append("\" vs service from current request=\"").append(str2).append("\"").toString());
                }
                if (null != andRemove.getTicket()) {
                    str2 = service;
                }
                if (null != andRemove.getUserIpAddress() && LOG.isWarnEnabled() && !andRemove.getUserIpAddress().equals(str3)) {
                    LOG.warn(new StringBuffer().append("End user IP address mismatch at validation: IP address in login transaction=\"").append(andRemove.getUserIpAddress()).append("\" vs IP address from current request=\"").append(str3).append("\"").toString());
                }
            }
            str5 = getSessionIdHash(httpServletRequest);
        }
        return new ValidatedUserView((DetailedValidatedUser) internalValidate(str, str2, str3, null != str4, str4, str5, z ? httpServletRequest : null));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ValidatedUser validateSignedUserConfirmationMessage(UserConfirmationMessage userConfirmationMessage, String str) throws InvalidSignatureException, InvalidStrengthException, ExtraGroupHandlingException, InvalidLoginDateException, UnexpectedLoginException {
        return this.userValidatorHelper.validateSignedUserConfirmationMessage(userConfirmationMessage, str);
    }

    @Override // eu.cec.digit.ecas.client.validation.UserValidator
    public final ValidatedUser validateSignedUserConfirmationMessage(UserConfirmationMessage userConfirmationMessage, String str, HttpServletRequest httpServletRequest) throws InvalidSignatureException, InvalidStrengthException, ExtraGroupHandlingException, InvalidLoginDateException, UnexpectedLoginException, LocalPgtExpiredException, SessionCreationLoginException {
        return storeEnhancedUserInRenewedSession(this.userValidatorHelper.validateSignedUserConfirmationMessage(userConfirmationMessage, str), httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ValidatedUser validateSignedAuthenticatedMessage(AuthenticatedMessage authenticatedMessage, String str) throws InvalidSignatureException, InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, UnexpectedLoginException {
        return this.userValidatorHelper.validateSignedAuthenticatedMessage(authenticatedMessage, str);
    }

    @Override // eu.cec.digit.ecas.client.validation.UserValidator
    public final ValidatedUser validateSignedAuthenticatedMessage(AuthenticatedMessage authenticatedMessage, String str, HttpServletRequest httpServletRequest) throws InvalidSignatureException, InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, LocalPgtExpiredException, SessionCreationLoginException, UnexpectedLoginException {
        return storeEnhancedUserInRenewedSession(this.userValidatorHelper.validateSignedAuthenticatedMessage(authenticatedMessage, str), httpServletRequest);
    }

    private ValidatedUser internalValidate(String str, String str2, String str3, boolean z, String str4, String str5, HttpServletRequest httpServletRequest) throws FailedTicketValidationException, InvalidStrengthException, InvalidProxyException, InvalidLoginDateException, UnexpectedLoginException, LocalPgtExpiredException, SessionCreationLoginException {
        if (LOG.isDebugEnabled()) {
            LOG.debug(new StringBuffer().append("Validating [ticket='").append(str).append("', targetService='").append(str2).append("', realRemoteAddr='").append(str3).append("', clientFingerprintEnabled='").append(z).append("', clientFingerprint='").append(str4).append("', sessionIdHash='").append(str5).append("', request='").append(httpServletRequest).append("']").toString());
        }
        ValidatedUser internalValidate = this.userValidatorHelper.internalValidate(str, str2, str3, z, str4, str5, new ASCH(this.userValidatorHelper, httpServletRequest));
        ValidatedUser validatedUser = internalValidate;
        if (null != httpServletRequest) {
            validatedUser = storeEnhancedUserInRenewedSession(internalValidate, httpServletRequest);
        }
        return validatedUser;
    }

    private String getSessionIdHash(HttpServletRequest httpServletRequest) throws UnexpectedLoginException, SessionCreationLoginException {
        if (isStateless(httpServletRequest)) {
            return null;
        }
        try {
            return EcasUtil.shaDouble(HttpSessionHandlerAdapter.getInstance().getOrCreateSession(httpServletRequest).getId().getBytes("US-ASCII"));
        } catch (UnsupportedEncodingException e) {
            throw new UnexpectedLoginException(e);
        }
    }

    protected final ValidatedUser validateAuthenticationSuccess(AuthenticationSuccess authenticationSuccess, HttpServletRequest httpServletRequest) throws InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, LocalPgtExpiredException, SessionCreationLoginException, TypeMappingException {
        return storeEnhancedUserInRenewedSession(this.userValidatorHelper.validateAuthenticationSuccess(new ASCH(this.userValidatorHelper, httpServletRequest).handle(authenticationSuccess)), httpServletRequest);
    }

    private String deleteProxyTicket(ProxyGrantingTicketCacheIntf proxyGrantingTicketCacheIntf, String str) {
        if (null == proxyGrantingTicketCacheIntf) {
            throw new IllegalStateException("no PGT cache initialized");
        }
        return proxyGrantingTicketCacheIntf.deleteProxyGrantingTicket(str);
    }

    private static String getPgtId(ServletContext servletContext, String str) throws LocalPgtExpiredException {
        ProxyGrantingTicketCacheIntf retrieveProxyGrantingTicketCache = retrieveProxyGrantingTicketCache(servletContext);
        if (null == retrieveProxyGrantingTicketCache) {
            throw new IllegalStateException("no PGT cache initialized");
        }
        String retrieveProxyGrantingTicket = retrieveProxyGrantingTicketCache.retrieveProxyGrantingTicket(str);
        if (null == retrieveProxyGrantingTicket) {
            throw new LocalPgtExpiredException(new StringBuffer().append("Unable to retrieve pgtIou ['").append(str).append("'], invalid or expired").toString());
        }
        return retrieveProxyGrantingTicket;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ProxyGrantingTicketCacheIntf retrieveProxyGrantingTicketCache(ServletContext servletContext) {
        return (ProxyGrantingTicketCacheIntf) servletContext.getAttribute(ContextConstant.PGT_CACHE.toString());
    }

    private ValidatedUser storeEnhancedUserInRenewedSession(ValidatedUser validatedUser, HttpServletRequest httpServletRequest) throws LocalPgtExpiredException, SessionCreationLoginException {
        ValidatedUser validatedUser2 = validatedUser;
        if (!isStateless(httpServletRequest)) {
            try {
                HttpSession renewSession = HttpSessionHandlerStrategy.getInstance().renewSession(httpServletRequest, HttpSessionHandlerStrategy.getInstance().getOrCreateSession(httpServletRequest));
                synchronized (renewSession) {
                    Map map = (Map) renewSession.getAttribute(SessionConstant.STRENGTHS.toString());
                    if (null == map) {
                        map = Collections.synchronizedMap(new HashMap());
                    }
                    List strengths = validatedUser.getStrengths();
                    int size = strengths.size();
                    for (int i = 0; i < size; i++) {
                        map.put(((Strength) strengths.get(i)).getName(), validatedUser.getUser());
                    }
                    renewSession.setAttribute(SessionConstant.STRENGTHS.toString(), map);
                    renewSession.setAttribute(SessionConstant.USER.toString(), validatedUser.getUser());
                    String pgtIou = validatedUser.getPgtIou();
                    String pgtId = validatedUser.getPgtId();
                    if (null != pgtIou) {
                        renewSession.setAttribute(SessionConstant.PGT_IOU.toString(), pgtIou);
                        if (null == pgtId) {
                            pgtId = getPgtId(renewSession.getServletContext(), pgtIou);
                            validatedUser2 = new ValidatedUserImpl.Builder(validatedUser).pgtId(pgtId).build();
                        }
                    }
                    if (null != pgtId) {
                        renewSession.setAttribute(SessionConstant.PGT_ID.toString(), pgtId);
                    }
                }
            } catch (SessionCreationRuntimeException e) {
                throw new SessionCreationLoginException(e.getMessage(), e.getCause() == null ? e : e.getCause());
            }
        }
        return validatedUser2;
    }

    protected boolean isStateless(HttpServletRequest httpServletRequest) {
        return null == httpServletRequest || Boolean.TRUE.equals(httpServletRequest.getAttribute(RequestConstant.STATELESS.getName()));
    }

    protected final ValidatedUser internalValidateSignedAuthenticatedMessage(AuthenticatedMessage authenticatedMessage, String str, HttpServletRequest httpServletRequest) throws InvalidSignatureException, InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, LocalPgtExpiredException, SessionCreationLoginException, TypeMappingException {
        return storeEnhancedUserInRenewedSession(this.userValidatorHelper.internalValidateSignedAuthenticatedMessage(authenticatedMessage, str), httpServletRequest);
    }

    protected final ValidatedUser validateVerifiedAuthenticatedMessage(VerifiedAuthenticatedMessage verifiedAuthenticatedMessage, String str, HttpServletRequest httpServletRequest) throws InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, LocalPgtExpiredException, SessionCreationLoginException, TypeMappingException {
        return storeEnhancedUserInRenewedSession(this.userValidatorHelper.validateVerifiedAuthenticatedMessage(verifiedAuthenticatedMessage, str), httpServletRequest);
    }

    protected final ValidatedUser internalValidateSignedUserConfirmationMessage(UserConfirmationMessage userConfirmationMessage, String str, HttpServletRequest httpServletRequest) throws InvalidSignatureException, InvalidStrengthException, ExtraGroupHandlingException, UnexpectedLoginException, InvalidLoginDateException, LocalPgtExpiredException, SessionCreationLoginException, TypeMappingException {
        return storeEnhancedUserInRenewedSession(this.userValidatorHelper.internalValidateSignedUserConfirmationMessage(userConfirmationMessage, str), httpServletRequest);
    }

    protected final ValidatedUser validateVerifiedUserConfirmationMessage(VerifiedUserConfirmationMessage verifiedUserConfirmationMessage, String str, HttpServletRequest httpServletRequest) throws InvalidStrengthException, ExtraGroupHandlingException, UnexpectedLoginException, InvalidLoginDateException, LocalPgtExpiredException, SessionCreationLoginException, TypeMappingException {
        return storeEnhancedUserInRenewedSession(this.userValidatorHelper.validateVerifiedUserConfirmationMessage(verifiedUserConfirmationMessage, str), httpServletRequest);
    }

    public int hashCode() {
        if (this.userValidatorHelper == null) {
            return 0;
        }
        return this.userValidatorHelper.hashCode();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LoggerFactory loggerFactory = LoggerFactory.getInstance();
        if (class$eu$cec$digit$ecas$client$validation$BaseUserValidator == null) {
            cls = class$("eu.cec.digit.ecas.client.validation.BaseUserValidator");
            class$eu$cec$digit$ecas$client$validation$BaseUserValidator = cls;
        } else {
            cls = class$eu$cec$digit$ecas$client$validation$BaseUserValidator;
        }
        LOG = loggerFactory.getLogger(cls);
    }
}
