package org.adeptnet.atlassian.common;

import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.adeptnet.auth.kerberos.Krb5;
import org.adeptnet.auth.kerberos.Krb5ConfigImpl;
import org.adeptnet.auth.saml.SAMLClient;
import org.adeptnet.auth.saml.SAMLConfigImpl;
import org.adeptnet.auth.saml.SAMLException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.ws.message.encoder.MessageEncodingException;

/* loaded from: input_file:org/adeptnet/atlassian/common/Common.class */
public class Common {
    private static final Log LOG = LogFactory.getLog(Common.class);
    private static final String KRB5_ENABLE = "krb5-enable";
    private static final String KRB5_SKIP401 = "krb5-skip401";
    private static final String KRB5_REALM = "krb5-realm";
    private static final String KRB5_KEYTAB = "krb5-keytab";
    private static final String KRB5_LOGIN_CONTEXT = "krb5-login-context";
    private static final String SAML_ENABLE = "saml-enable";
    private static final String SAML_IDP_CONFIG = "saml-idp-config";
    private static final String SAML_SP_CONFIG = "saml-sp-config";
    private static final String SAML_KEYSTORE_NAME = "saml-keystore-name";
    private static final String SAML_KEYSTORE_PASSWORD = "saml-keystore-password";
    private static final String SAML_CERTIFICATE_ALIAS = "saml-certificate-alias";
    private SAMLClient samlClient;
    private boolean hasInit;
    private boolean krb5Enabled;
    private boolean samlEnabled;
    private final Krb5ConfigImpl krb5Cfg = new Krb5ConfigImpl();
    private final SAMLConfigImpl samlCfg = new SAMLConfigImpl();
    private final List<Pattern> patterns = new ArrayList();

    public Common check() throws IllegalStateException {
        if (this.hasInit) {
            return this;
        }
        throw new IllegalStateException("Please INIT before use");
    }

    private void initSkip401(Map<String, String> map) {
        if (map.containsKey(KRB5_SKIP401)) {
            for (String str : map.get(KRB5_SKIP401).split("\n")) {
                String trim = str.trim();
                if (!trim.isEmpty()) {
                    try {
                        this.patterns.add(Pattern.compile(trim));
                    } catch (PatternSyntaxException e) {
                        LOG.error(String.format("skip401: %s - %s", trim, e.getMessage()), e);
                    }
                }
            }
        }
    }

    public void init(Map<String, String> map) {
        this.krb5Enabled = Boolean.valueOf(map.get(KRB5_ENABLE)).booleanValue();
        initSkip401(map);
        this.krb5Cfg.setRealm(map.get(KRB5_REALM));
        if (map.containsKey(KRB5_KEYTAB)) {
            this.krb5Cfg.setKeytabName(map.get(KRB5_KEYTAB));
        }
        if (map.containsKey(KRB5_LOGIN_CONTEXT)) {
            this.krb5Cfg.setContextName(map.get(KRB5_LOGIN_CONTEXT));
        }
        this.samlEnabled = Boolean.valueOf(map.get(SAML_ENABLE)).booleanValue();
        this.samlCfg.setIdpConfigName(map.get(SAML_IDP_CONFIG));
        this.samlCfg.setSpConfigName(map.get(SAML_SP_CONFIG));
        this.samlCfg.setKeystoreName(map.get(SAML_KEYSTORE_NAME));
        this.samlCfg.setKeystorePassword(map.get(SAML_KEYSTORE_PASSWORD));
        this.samlCfg.setCertificateAlias(map.get(SAML_CERTIFICATE_ALIAS));
        if (LOG.isDebugEnabled()) {
            LOG.debug(map);
            LOG.debug(String.format("krb5Enabled: %s", Boolean.valueOf(this.krb5Enabled)));
            LOG.debug(String.format("samlEnabled: %s", Boolean.valueOf(this.samlEnabled)));
        }
        this.hasInit = true;
    }

    private SAMLClient getSAMLClient(ServletContext servletContext) throws SAMLException {
        if (this.samlClient == null) {
            this.samlCfg.init(getFileName(servletContext));
            this.samlClient = new SAMLClient(this.samlCfg);
        }
        return this.samlClient;
    }

    public void doSAMLRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws SAMLException, MessageEncodingException {
        if (!this.samlEnabled) {
            throw new SAMLException("SAML is not enabled");
        }
        getSAMLClient(httpServletRequest.getServletContext()).doSAMLRedirect(httpServletResponse, str);
    }

    private Function<String, String> getFileName(ServletContext servletContext) {
        return str -> {
            return servletContext.getRealPath(str);
        };
    }

    public String getKrb5UserName(HttpServletRequest httpServletRequest) {
        if (!this.krb5Enabled) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("!krb5Enabled");
            return null;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Found Kerberos Ticket");
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace(header);
        }
        String extractTicket = Krb5.extractTicket(header);
        if (extractTicket == null) {
            return null;
        }
        String resolveServerName = Krb5.resolveServerName(httpServletRequest.getServerName());
        this.krb5Cfg.init(getFileName(httpServletRequest.getServletContext()));
        String format = String.format("@%s", this.krb5Cfg.getRealm());
        String format2 = String.format("HTTP/%s%s", resolveServerName, format);
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("SPN: %s", format2));
        }
        String isTicketValid = new Krb5(this.krb5Cfg).isTicketValid(format2, Base64.getDecoder().decode(extractTicket));
        if (isTicketValid != null && isTicketValid.endsWith(format)) {
            return isTicketValid.split("@")[0];
        }
        LOG.error(String.format("Invalid username: %s", isTicketValid));
        return null;
    }

    public String getSAMLUserName(HttpServletRequest httpServletRequest) {
        if (!this.samlEnabled) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("!samlEnabled");
            return null;
        }
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        if (parameter == null) {
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Found SAML Ticket");
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace(parameter);
        }
        try {
            SAMLClient sAMLClient = getSAMLClient(httpServletRequest.getServletContext());
            return ("GET".equalsIgnoreCase(httpServletRequest.getMethod()) ? sAMLClient.validateResponseGET(httpServletRequest.getQueryString()) : sAMLClient.validateResponsePOST(parameter)).getNameId();
        } catch (SAMLException e) {
            LOG.fatal(e.getMessage(), e);
            return null;
        }
    }

    public boolean krb5Skip401(String str) {
        if (LOG.isTraceEnabled()) {
            LOG.trace(String.format("krb5Skip401: %s", str));
        }
        Iterator<Pattern> it = this.patterns.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    public boolean isKrb5Enabled() {
        return this.krb5Enabled;
    }

    public boolean isSamlEnabled() {
        return this.samlEnabled;
    }
}
