package org.openliberty.wsc;

import com.unboundid.ldap.sdk.CRAMMD5BindRequest;
import com.unboundid.ldap.sdk.PLAINBindRequest;
import java.net.URL;
import java.util.Iterator;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.apache.commons.codec.binary.Hex;
import org.openliberty.xmltooling.sasl.Data;
import org.openliberty.xmltooling.sasl.DataBuilder;
import org.openliberty.xmltooling.sasl.SASLRequest;
import org.openliberty.xmltooling.sasl.SASLRequestBuilder;
import org.openliberty.xmltooling.sasl.SASLResponse;
import org.openliberty.xmltooling.soap.soap11.HeaderIDWSF;
import org.openliberty.xmltooling.utility_2_0.Status;
import org.openliberty.xmltooling.wsa.Address;
import org.openliberty.xmltooling.wsa.EndpointReference;
import org.openliberty.xmltooling.wsa.MessageID;
import org.openliberty.xmltooling.wsa.RelatesTo;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.security.crypto.JCAConstants;
import org.opensaml.soap.soap11.Envelope;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idwsfconsumer-2.1.0.jar:org/openliberty/wsc/AuthenticationService.class */
public class AuthenticationService extends BaseServiceClient {
    private Logger log;
    boolean promiscuousMode;
    private URL serviceURL;
    private ResponseCode lastResponseCode;
    private String lastMessageId;

    /* loaded from: input_file:WEB-INF/lib/idwsfconsumer-2.1.0.jar:org/openliberty/wsc/AuthenticationService$AuthMechanism.class */
    public enum AuthMechanism {
        CRAM_MD5(CRAMMD5BindRequest.CRAMMD5_MECHANISM_NAME),
        PLAIN(PLAINBindRequest.PLAIN_MECHANISM_NAME);

        public String code;

        AuthMechanism(String str) {
            this.code = str;
        }

        public static AuthMechanism findAuthMechanism(String str) throws WSCException {
            String upperCase = str.toUpperCase();
            for (AuthMechanism authMechanism : values()) {
                if (authMechanism.code.equals(upperCase)) {
                    return authMechanism;
                }
            }
            throw new WSCException("Authentication Service Client Failure: unsupported authorization mechanism '" + upperCase + "'");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/idwsfconsumer-2.1.0.jar:org/openliberty/wsc/AuthenticationService$ResponseCode.class */
    public enum ResponseCode {
        CONTINUE("continue"),
        ABORT("abort"),
        OK("ok");

        public String codeValue;

        ResponseCode(String str) {
            this.codeValue = str;
        }

        public static ResponseCode getResponseCode(SASLResponse sASLResponse) throws WSCException {
            Status status = sASLResponse.getStatus();
            if (null != status) {
                return getResponseCode(status.getCode());
            }
            throw new WSCException("Authentication Service Failure: No <Status> Element in SASL Response");
        }

        public static ResponseCode getResponseCode(String str) throws WSCException {
            String lowerCase = str.toLowerCase();
            for (ResponseCode responseCode : values()) {
                if (responseCode.codeValue.equals(lowerCase)) {
                    return responseCode;
                }
            }
            throw new WSCException("Authentication Service Client Failure: unsupported status returned from AS '" + lowerCase + "'");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/idwsfconsumer-2.1.0.jar:org/openliberty/wsc/AuthenticationService$WSCExceptionType.class */
    public enum WSCExceptionType {
        ILLEGAL_ARGUMENTS("ILLEGAL_ARGUMENTS: "),
        UNEXPECTED_SERVER_AUTH_MECHANISM("UNEXPECTED_SERVER_AUTH_MECHANISM: The server returned a serverMechanism in the SASLResponse that does not match the one requested"),
        CRAM_MD5_CHALLENGE_IS_EMPTY("CRAM_MD5_CHALLENGE_IS_EMPTY: The SASLResponse contained a <Data> element that should have contained a CRAM-MD5 Challenge, but did not"),
        NO_DATA_IN_SASL_RESPONSE("NO_DATA_IN_SASL_RESPONSE: There is no <Data> element in the SASLResponse"),
        UNRECOGNIZED_RESPONSE("UNRECOGNIZED_RESPONSE: The Authentication Service response for a SASLRequest did not contain a SASLResponse"),
        UNEXPECTED_STATUS_CODE("UNEXPECTED_STATUS_CODE: "),
        AUTHENTICATION_SERVICE_INVOCATION_FAILURE("AUTHENTICATION_SERVICE_INVOCATION_FAILURE: Failed to invoke the service call as specified"),
        AUTHENTICATION_SERVICE_FAILURE("AUTHENTICATION_SERVICE_FAILURE: "),
        CONTINUE_NOT_SUPPORTED_IN_AUTHENTICATE_CONTEXT("CONTINUE_NOT_SUPPORTED_IN_AUTHENTICATE_CONTEXT: AuthenticationService Client Exception");

        String shortDesc;

        WSCExceptionType(String str) {
            this.shortDesc = str;
        }
    }

    public AuthenticationService(DiscoveryService discoveryService, EndpointReference endpointReference) {
        super(discoveryService, endpointReference);
        this.log = LoggerFactory.getLogger((Class<?>) AuthenticationService.class);
        this.promiscuousMode = false;
        this.serviceURL = null;
    }

    public static AuthenticationService serviceForEndpointReference(DiscoveryService discoveryService, EndpointReference endpointReference) {
        AuthenticationService authenticationService = null;
        try {
            authenticationService = new AuthenticationService(discoveryService, endpointReference);
            authenticationService.setServiceURL(new URL(endpointReference.getAddress().getValue()));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return authenticationService;
    }

    public void setServiceURL(URL url) {
        this.serviceURL = url;
    }

    public ResponseCode getLastResponseCode() {
        return this.lastResponseCode;
    }

    public boolean isPromiscuousMode() {
        return this.promiscuousMode;
    }

    public void setPromiscuousMode(boolean z) {
        this.promiscuousMode = z;
    }

    public EndpointReference authenticate(String str, String str2, AuthMechanism authMechanism) throws WSCException {
        return authenticate(str, str2, authMechanism, null);
    }

    public EndpointReference authenticate(String str, String str2, AuthMechanism authMechanism, RequestedAuthnContext requestedAuthnContext) throws WSCException {
        this.lastMessageId = null;
        this.lastResponseCode = null;
        if (AuthMechanism.PLAIN == authMechanism) {
            return authenticatePLAIN(str, str2, requestedAuthnContext);
        }
        if (AuthMechanism.CRAM_MD5 == authMechanism) {
            return authenticateCRAM_MD5(str, str2, requestedAuthnContext);
        }
        throw new WSCException("");
    }

    public EndpointReference authenticatePLAIN(String str, String str2, RequestedAuthnContext requestedAuthnContext) throws WSCException {
        if (str == null || str2 == null) {
            throw new WSCException(WSCExceptionType.ILLEGAL_ARGUMENTS.shortDesc + "Both username and password are required.");
        }
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (isDebugEnabled) {
            this.log.debug("AS: authenticatePLAIN(username " + str + ", password " + str2 + ")");
        }
        SASLRequest buildObject = new SASLRequestBuilder().buildObject();
        buildObject.setMechanism(AuthMechanism.PLAIN.code);
        buildObject.setRequestedAuthnContext(requestedAuthnContext);
        Data buildObject2 = new DataBuilder().buildObject();
        try {
            buildObject2.setValue(Base64Support.encode(("��" + str + "��" + str2).getBytes(), false));
            buildObject.setData(buildObject2);
            SASLResponse invokeSASLRequest = invokeSASLRequest(this.serviceURL, buildObject);
            ResponseCode responseCode = ResponseCode.getResponseCode(invokeSASLRequest);
            if (isDebugEnabled) {
                this.log.debug("     STATUS CODE: " + responseCode.codeValue);
            }
            EndpointReference endpointReference = null;
            if (ResponseCode.OK == responseCode) {
                this.lastResponseCode = responseCode;
                endpointReference = invokeSASLRequest.getEndpointReference();
                if (isDebugEnabled) {
                    this.log.debug("     Authentication completed successfully.");
                }
            } else if (ResponseCode.ABORT == responseCode) {
                this.lastResponseCode = responseCode;
                if (isDebugEnabled) {
                    this.log.debug("     Authentication aborted.");
                }
            } else if (ResponseCode.CONTINUE == responseCode) {
                this.lastResponseCode = responseCode;
                invokeSASLRequest.getStatus();
                throw new WSCException(WSCExceptionType.CONTINUE_NOT_SUPPORTED_IN_AUTHENTICATE_CONTEXT.shortDesc);
            }
            return endpointReference;
        } catch (EncodingException e) {
            throw new WSCException(e);
        }
    }

    public EndpointReference authenticateCRAM_MD5(String str, String str2, RequestedAuthnContext requestedAuthnContext) throws WSCException {
        if (str == null || str2 == null) {
            throw new WSCException(WSCExceptionType.ILLEGAL_ARGUMENTS.shortDesc + "Both username and password are required.");
        }
        boolean isDebugEnabled = this.log.isDebugEnabled();
        SASLRequestBuilder sASLRequestBuilder = new SASLRequestBuilder();
        SASLRequest buildObject = sASLRequestBuilder.buildObject();
        buildObject.setMechanism(AuthMechanism.CRAM_MD5.code);
        SASLResponse invokeSASLRequest = invokeSASLRequest(this.serviceURL, buildObject);
        if (AuthMechanism.CRAM_MD5 != AuthMechanism.findAuthMechanism(invokeSASLRequest.getServerMechanism())) {
            if (this.promiscuousMode) {
                return authenticatePLAIN(str, str2, requestedAuthnContext);
            }
            throw new WSCException(WSCExceptionType.UNEXPECTED_SERVER_AUTH_MECHANISM.shortDesc);
        }
        if (ResponseCode.CONTINUE != this.lastResponseCode) {
            throw new WSCException(WSCExceptionType.UNEXPECTED_STATUS_CODE.shortDesc);
        }
        if (null == invokeSASLRequest.getData()) {
            throw new WSCException(WSCExceptionType.NO_DATA_IN_SASL_RESPONSE.shortDesc);
        }
        String value = invokeSASLRequest.getData().getValue();
        if (null == value) {
            throw new WSCException(WSCExceptionType.CRAM_MD5_CHALLENGE_IS_EMPTY.shortDesc);
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            stringBuffer.append(str).append(' ');
            SecretKeySpec secretKeySpec = new SecretKeySpec(value.getBytes(), JCAConstants.HMAC_MD5);
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            stringBuffer.append(Hex.encodeHex(mac.doFinal(str2.getBytes())));
        } catch (Exception e) {
            e.printStackTrace();
        }
        System.out.println(stringBuffer);
        Data buildObject2 = new DataBuilder().buildObject();
        try {
            buildObject2.setValue(Base64Support.encode(stringBuffer.toString().getBytes(), false));
            SASLRequest buildObject3 = sASLRequestBuilder.buildObject();
            buildObject3.setMechanism(AuthMechanism.CRAM_MD5.code);
            buildObject3.setData(buildObject2);
            buildObject3.setRequestedAuthnContext(requestedAuthnContext);
            SASLResponse invokeSASLRequest2 = invokeSASLRequest(this.serviceURL, buildObject3);
            if (isDebugEnabled) {
                this.log.debug("     STATUS CODE: " + this.lastResponseCode.codeValue);
            }
            EndpointReference endpointReference = null;
            if (ResponseCode.OK == this.lastResponseCode) {
                endpointReference = invokeSASLRequest2.getEndpointReference();
                if (isDebugEnabled) {
                    this.log.debug("     Authentication completed successfully.");
                }
            } else if (ResponseCode.ABORT == this.lastResponseCode) {
                if (isDebugEnabled) {
                    this.log.debug("     Authentication aborted.");
                }
            } else if (ResponseCode.CONTINUE == this.lastResponseCode) {
                throw new WSCException(WSCExceptionType.CONTINUE_NOT_SUPPORTED_IN_AUTHENTICATE_CONTEXT.shortDesc);
            }
            return endpointReference;
        } catch (EncodingException e2) {
            throw new WSCException(e2);
        }
    }

    private SASLResponse invokeSASLRequest(URL url, SASLRequest sASLRequest) throws WSCException {
        boolean isDebugEnabled = this.log.isDebugEnabled();
        Address address = new Address();
        address.setValue(url.toString());
        new EndpointReference().setAddress(address);
        try {
            WSFMessage createWSFMessage = WSFMessage.createWSFMessage(this, "urn:liberty:sa:2006-08:SASLRequest");
            createWSFMessage.getRequestEnvelope().getBody().getUnknownXMLObjects().add(sASLRequest);
            if (ResponseCode.CONTINUE == this.lastResponseCode && null != this.lastMessageId) {
                RelatesTo relatesTo = new RelatesTo();
                relatesTo.setValue(this.lastMessageId);
                createWSFMessage.addWSUIdAttribute(relatesTo, "relHdr");
                createWSFMessage.addSOAP11Attributes(relatesTo, true);
                ((HeaderIDWSF) createWSFMessage.getRequestEnvelope().getHeader()).setRelatesTo(relatesTo);
            }
            if (isDebugEnabled) {
                this.log.debug("SASL REQUEST\n" + WSFMessage.prettyPrintRequestMessage(createWSFMessage));
            }
            try {
                createWSFMessage.invoke();
                if (isDebugEnabled) {
                    this.log.debug("SASL RESPONSE\n" + WSFMessage.prettyPrintResponseMessage(createWSFMessage));
                }
                Envelope responseEnvelope = createWSFMessage.getResponseEnvelope();
                SASLResponse sASLResponse = null;
                Iterator<XMLObject> it = responseEnvelope.getBody().getUnknownXMLObjects().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    XMLObject next = it.next();
                    if (next instanceof SASLResponse) {
                        sASLResponse = (SASLResponse) next;
                        break;
                    }
                }
                if (null == sASLResponse) {
                    throw new WSCException(WSCExceptionType.UNRECOGNIZED_RESPONSE.shortDesc);
                }
                MessageID messageID = ((HeaderIDWSF) responseEnvelope.getHeader()).getMessageID();
                if (null == messageID || null == messageID.getValue()) {
                    throw new WSCException(WSCExceptionType.AUTHENTICATION_SERVICE_FAILURE.shortDesc + " No <MessageID> Element in SOAP Response Header");
                }
                if (isDebugEnabled) {
                    this.log.debug("     SASL RESPONSE MessageID " + messageID.getValue());
                }
                this.lastMessageId = messageID.getValue();
                this.lastResponseCode = ResponseCode.getResponseCode(sASLResponse);
                return sASLResponse;
            } catch (Exception e) {
                e.printStackTrace();
                throw new WSCException(WSCExceptionType.AUTHENTICATION_SERVICE_INVOCATION_FAILURE.shortDesc);
            }
        } catch (XMLParserException e2) {
            e2.printStackTrace();
            return null;
        } catch (UnmarshallingException e3) {
            e3.printStackTrace();
            return null;
        }
    }
}
