package org.josso.gateway.identity.service;

import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.Lookup;
import org.josso.SecurityDomain;
import org.josso.auth.Authenticator;
import org.josso.auth.Credential;
import org.josso.auth.SimplePrincipal;
import org.josso.auth.exceptions.AuthenticationFailureException;
import org.josso.auth.exceptions.SSOAuthenticationException;
import org.josso.auth.scheme.UsernamePasswordCredentialProvider;
import org.josso.gateway.MutableSSOContext;
import org.josso.gateway.SSOContext;
import org.josso.gateway.SSOException;
import org.josso.gateway.assertion.AuthenticationAssertion;
import org.josso.gateway.assertion.exceptions.AssertionNotValidException;
import org.josso.gateway.event.security.SSOSecurityEventManager;
import org.josso.gateway.identity.exceptions.IdentityProvisioningException;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.gateway.session.SSOSession;
import org.josso.gateway.session.exceptions.NoSuchSessionException;
import org.josso.gateway.session.exceptions.SSOSessionException;
import org.josso.gateway.session.service.SSOSessionManager;

/* loaded from: input_file:WEB-INF/lib/josso-default-identityprovider-1.8.8.jar:org/josso/gateway/identity/service/SSOIdentityProviderImpl.class */
public class SSOIdentityProviderImpl implements SSOIdentityProvider {
    private static final Log logger = LogFactory.getLog(SSOIdentityProvider.class);

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public void initialize() {
    }

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public String assertIdentityWithSimpleAuthentication(String str, String str2) throws IdentityProvisioningException {
        try {
            return Lookup.getInstance().lookupAssertionManager().requestAssertion(login(new Credential[]{newCredential("basic-authentication", "username", str), newCredential("basic-authentication", UsernamePasswordCredentialProvider.PASSWORD_CREDENTIAL_NAME, str2)}, "basic-authentication").getId()).getId();
        } catch (SSOAuthenticationException e) {
            throw new IdentityProvisioningException("Failed to assert identity of user : " + str);
        } catch (SSOException e2) {
            throw new IdentityProvisioningException("Error asserting identity of user : " + str);
        } catch (Exception e3) {
            throw new IdentityProvisioningException("Unknown error asserting identity of user : " + str);
        }
    }

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public String resolveAuthenticationAssertion(String str) throws IdentityProvisioningException {
        try {
            AuthenticationAssertion consumeAssertion = Lookup.getInstance().lookupAssertionManager().consumeAssertion(str);
            if (consumeAssertion == null) {
                throw new AssertionNotValidException(str);
            }
            return consumeAssertion.getSSOSessionId();
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new IdentityProvisioningException("Error dereferencing authentication assertion : " + str, e);
        }
    }

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public void globalSignoff(String str) throws IdentityProvisioningException {
        try {
            MutableSSOContext mutableSSOContext = (MutableSSOContext) SSOContext.getCurrent();
            mutableSSOContext.setCurrentSession(mutableSSOContext.getSecurityDomain().getSessionManager().getSession(str));
            mutableSSOContext.setUserLocation("remote-application");
            mutableSSOContext.setScheme("basic-authentication");
            logout();
        } catch (SSOException e) {
            throw new IdentityProvisioningException("Error signing off user with sessin : " + str);
        } catch (Exception e2) {
            throw new IdentityProvisioningException("Unknown error signing off user with session : " + str);
        }
    }

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public SSOSession login(Credential[] credentialArr, String str) throws SSOException, SSOAuthenticationException {
        SSOContext current = SSOContext.getCurrent();
        try {
            SecurityDomain lookupSecurityDomain = Lookup.getInstance().lookupSecurityDomain();
            SSOIdentityManager identityManager = lookupSecurityDomain.getIdentityManager();
            SSOSessionManager sessionManager = lookupSecurityDomain.getSessionManager();
            Authenticator authenticator = lookupSecurityDomain.getAuthenticator();
            SSOSession session = current.getSession();
            if (session != null) {
                try {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Invalidating existing session : " + session.getId());
                    }
                    sessionManager.invalidate(session.getId());
                } catch (Exception e) {
                    logger.warn("Can't ivalidate current session : " + session.getId() + "\n" + e.getMessage(), e);
                }
            }
            Subject check = authenticator.check(credentialArr, str);
            Set principals = check.getPrincipals(SimplePrincipal.class);
            if (principals.size() != 1) {
                throw new SSOException("Assertion failed : principals.size() != 1");
            }
            Principal principal = (Principal) principals.iterator().next();
            identityManager.userExists(principal.getName());
            SSOSession session2 = sessionManager.getSession(sessionManager.initiateSession(principal.getName(), check));
            notifyLoginSuccess(session2.getUsername(), session2, str);
            return session2;
        } catch (AuthenticationFailureException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug(e2.getMessage(), e2);
            }
            notifyLoginFailed(credentialArr, str, e2);
            throw e2;
        } catch (SSOAuthenticationException e3) {
            if (logger.isDebugEnabled()) {
                logger.debug(e3.getMessage(), e3);
            }
            notifyLoginFailed(credentialArr, str, e3);
            throw e3;
        } catch (SSOIdentityException e4) {
            if (logger.isDebugEnabled()) {
                logger.debug(e4.getMessage(), e4);
            }
            notifyLoginFailed(credentialArr, str, e4);
            throw new SSOException(e4.getMessage(), e4);
        } catch (SSOSessionException e5) {
            if (logger.isDebugEnabled()) {
                logger.debug(e5.getMessage(), e5);
            }
            notifyLoginFailed(credentialArr, str, e5);
            throw new SSOException(e5.getMessage(), e5);
        } catch (Exception e6) {
            logger.error(e6.getMessage(), e6);
            notifyLoginFailed(credentialArr, str, e6);
            throw new SSOException(e6.getMessage(), e6);
        }
    }

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public AuthenticationAssertion assertIdentity(Credential[] credentialArr, String str) throws SSOException, SSOAuthenticationException {
        SSOContext.getCurrent();
        try {
            return Lookup.getInstance().lookupAssertionManager().requestAssertion(login(credentialArr, str).getId());
        } catch (AuthenticationFailureException e) {
            throw e;
        } catch (SSOAuthenticationException e2) {
            throw e2;
        } catch (Exception e3) {
            logger.error(e3.getMessage(), e3);
            throw new SSOException(e3.getMessage(), e3);
        }
    }

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public AuthenticationAssertion assertIdentity(String str) throws SSOException {
        try {
            return Lookup.getInstance().lookupAssertionManager().requestAssertion(Lookup.getInstance().lookupSecurityDomain().getSessionManager().getSession(str).getId());
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new SSOException(e.getMessage(), e);
        }
    }

    @Override // org.josso.gateway.identity.service.SSOIdentityProvider
    public void logout() throws SSOException {
        SSOSession session = SSOContext.getCurrent().getSession();
        if (session == null) {
            return;
        }
        String id = session.getId();
        try {
            Lookup.getInstance().lookupSecurityDomain().getSessionManager().invalidate(id);
            notifyLogoutSuccess(session);
        } catch (NoSuchSessionException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("[logout()] Session is not valid : " + id);
            }
        } catch (SSOSessionException e2) {
            logger.error(e2.getMessage(), e2);
            notifyLogoutFail(e2);
            throw new SSOException(e2.getMessage(), e2);
        } catch (Exception e3) {
            logger.error(e3.getMessage(), e3);
            notifyLogoutFail(e3);
            throw new SSOException(e3.getMessage(), e3);
        }
    }

    protected void notifyLoginFailed(Credential[] credentialArr, String str, Throwable th) {
        try {
            ((SSOSecurityEventManager) Lookup.getInstance().lookupSecurityDomain().getEventManager()).fireAuthenticationFailureEvent(SSOContext.getCurrent().getUserLocation(), str, credentialArr, th);
        } catch (Exception e) {
            logger.error("Can't notify login failure : " + e.getMessage(), e);
        }
    }

    protected void notifyLoginSuccess(String str, SSOSession sSOSession, String str2) {
        try {
            ((SSOSecurityEventManager) Lookup.getInstance().lookupSecurityDomain().getEventManager()).fireAuthenticationSuccessEvent(SSOContext.getCurrent().getUserLocation(), str2, str, sSOSession.getId());
        } catch (Exception e) {
            logger.error("Can't notify login success : " + e.getMessage(), e);
        }
    }

    private void notifyLogoutFail(Throwable th) {
        SSOContext current = SSOContext.getCurrent();
        try {
            ((SSOSecurityEventManager) Lookup.getInstance().lookupSecurityDomain().getEventManager()).fireLogoutFailureEvent(current.getUserLocation(), current.getSession().getUsername(), current.getSession().getId(), th);
        } catch (Exception e) {
            logger.error("Can't notify logout failure : " + e.getMessage(), e);
        }
    }

    protected void notifyLogoutSuccess(SSOSession sSOSession) {
        try {
            ((SSOSecurityEventManager) Lookup.getInstance().lookupSecurityDomain().getEventManager()).fireLogoutSuccessEvent(SSOContext.getCurrent().getUserLocation(), sSOSession.getUsername(), sSOSession.getId());
        } catch (Exception e) {
            logger.error("Can't notify logout success : " + e.getMessage(), e);
        }
    }

    protected Credential newCredential(String str, String str2, Object obj) throws SSOAuthenticationException {
        try {
            return Lookup.getInstance().lookupSecurityDomain().getAuthenticator().newCredential(str, str2, obj);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            return null;
        }
    }
}
