package com.suncode.vwsso.authenticator;

import com.suncode.pwfl.SystemContext;
import com.suncode.pwfl.administration.configuration.SystemProperties;
import com.suncode.pwfl.administration.user.User;
import com.suncode.pwfl.administration.user.UserFinder;
import com.suncode.pwfl.security.AuthenticationButton;
import com.suncode.pwfl.security.AuthenticationResult;
import com.suncode.pwfl.security.Authenticator;
import com.suncode.pwfl.security.SSORedirectType;
import com.suncode.pwfl.translation.Translator;
import com.suncode.pwfl.translation.Translators;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.time.DateUtils;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/suncode/vwsso/authenticator/VWAuthenticator.class */
public class VWAuthenticator implements Authenticator {
    private static final String VW_NAME = "PKI";
    private static final String CRL_URL = "http://crl.volkswagen.de/VW-CA-OTHR-10.CRL";
    private static final String CRL_REFRESH_INTERVAL_PARAM = "CRLRefreshInterval";
    private static Date lastRefreshTime;

    @Autowired
    private UserFinder userFinder;
    private static final Logger log = LoggerFactory.getLogger(VWAuthenticator.class);
    private static final Translator translator = Translators.get(VWAuthenticator.class);
    private static final String crlFilePath = System.getProperty("java.io.tmpdir") + "/VWCRLFile.crl";

    public String getName() {
        return VW_NAME;
    }

    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest) {
        X509Certificate certificate = getCertificate(httpServletRequest);
        if (certificate != null) {
            String cardNumberFromX509Cert = getCardNumberFromX509Cert(certificate);
            if (StringUtils.isNotBlank(cardNumberFromX509Cert)) {
                try {
                    if (checkCertificateIsValid(certificate)) {
                        User findUserByCN = findUserByCN(cardNumberFromX509Cert);
                        if (findUserByCN == null) {
                            log.warn("User with number " + cardNumberFromX509Cert + " not exists. Cannot be authorized");
                        } else if (StringUtils.isNotBlank(findUserByCN.getUserName())) {
                            return new AuthenticationResult(true, findUserByCN.getUserName());
                        }
                    } else {
                        log.warn("Certificate invalid for CN " + cardNumberFromX509Cert);
                    }
                } catch (Exception e) {
                    log.error("Could not authenticate with PKI.");
                    log.error(e.getMessage(), e);
                }
            } else {
                log.warn("No CN parameter in the request");
            }
        } else {
            log.warn("No certificate in the request");
        }
        return new AuthenticationResult(false, (String) null, translator.getMessage("authentication.failure.message"));
    }

    private X509Certificate getCertificate(HttpServletRequest httpServletRequest) {
        try {
            Object attribute = httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
            if (attribute == null) {
                return null;
            }
            X509Certificate[] x509CertificateArr = (X509Certificate[]) attribute;
            if (x509CertificateArr.length > 0) {
                return x509CertificateArr[0];
            }
            return null;
        } catch (Exception e) {
            log.error("Could not get certificate X509 from request.");
            log.error(e.getMessage(), e);
            return null;
        }
    }

    private String getCardNumberFromX509Cert(X509Certificate x509Certificate) {
        try {
            for (Rdn rdn : new LdapName(x509Certificate.getSubjectDN().getName()).getRdns()) {
                if (rdn.getType().equalsIgnoreCase("CN")) {
                    String[] split = ((String) rdn.getValue()).split(" ");
                    return split[split.length - 1];
                }
            }
            return null;
        } catch (InvalidNameException e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    private User findUserByCN(String str) {
        DetachedCriteria forClass = DetachedCriteria.forClass(User.class);
        forClass.add(Restrictions.eq("number", str));
        List findByCriteria = this.userFinder.findByCriteria(forClass);
        if (findByCriteria.size() > 0) {
            return (User) findByCriteria.get(0);
        }
        return null;
    }

    private boolean checkCertificateIsValid(X509Certificate x509Certificate) throws IOException, CertificateException, CRLException {
        X509CRL crl = getCRL();
        if (crl != null) {
            return !Optional.ofNullable(crl.getRevokedCertificate(x509Certificate.getSerialNumber())).isPresent();
        }
        log.error("Can not read crl file from path " + crlFilePath);
        return false;
    }

    private X509CRL getCRL() throws IOException, CertificateException, CRLException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        Date date = new Date();
        int refreshInterval = getRefreshInterval();
        if (lastRefreshTime == null || lastRefreshTime.before(DateUtils.addMinutes(date, -refreshInterval))) {
            DataInputStream dataInputStream = new DataInputStream(new URL(CRL_URL).openConnection().getInputStream());
            Throwable th = null;
            try {
                FileUtils.copyInputStreamToFile(dataInputStream, new File(crlFilePath));
                lastRefreshTime = date;
                if (dataInputStream != null) {
                    if (0 != 0) {
                        try {
                            dataInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dataInputStream.close();
                    }
                }
            } catch (Throwable th3) {
                if (dataInputStream != null) {
                    if (0 != 0) {
                        try {
                            dataInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        dataInputStream.close();
                    }
                }
                throw th3;
            }
        }
        FileInputStream fileInputStream = new FileInputStream(new File(crlFilePath));
        Throwable th5 = null;
        try {
            try {
                X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return x509crl;
            } finally {
            }
        } catch (Throwable th7) {
            if (fileInputStream != null) {
                if (th5 != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th8) {
                        th5.addSuppressed(th8);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th7;
        }
    }

    private int getRefreshInterval() {
        Long l = SystemProperties.getLong(CRL_REFRESH_INTERVAL_PARAM);
        if (l != null) {
            return l.intValue();
        }
        log.warn("System parameter CRLRefreshInterval not set. The crl file will be updated on every login attempt.");
        return 0;
    }

    public AuthenticationButton authenticationButtonDefinition() {
        return AuthenticationButton.builder().name(translator.getMessage("vw.authenticator.buttonName", new Object[]{VW_NAME})).redirectType(SSORedirectType.GET).url(SystemContext.get().getBaseUrl() + "/api/authentication/sso/login?provider=vw-pki").styles(buttonStyles()).build();
    }

    private Map<String, String> buttonStyles() {
        HashMap hashMap = new HashMap();
        hashMap.put("color", "white");
        hashMap.put("background", "linear-gradient(#007dc1,#0073b2)");
        hashMap.put("border-color", "#004b75");
        return hashMap;
    }
}
