package uk.ac.diamond.shibbolethecpauthclient;

import de.tudarmstadt.ukp.shibhttpclient.ShibHttpClient;
import java.io.IOException;
import java.util.List;
import javax.security.sasl.AuthenticationException;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.ws.soap.client.SOAPClientException;
import org.opensaml.ws.soap.soap11.Body;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.impl.EnvelopeBuilder;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.util.Base64;

/* loaded from: input_file:uk/ac/diamond/shibbolethecpauthclient/ShibbolethECPAuthClient.class */
public class ShibbolethECPAuthClient extends ShibHttpClient {
    private static final Logger log = Logger.getLogger(ShibbolethECPAuthClient.class);
    private String IdP;
    private String SP;

    public ShibbolethECPAuthClient(HttpHost httpHost, String str, String str2, boolean z) throws ConfigurationException, IllegalStateException {
        super((String) null, (String) null, (String) null, httpHost, z, false);
        this.IdP = str;
        this.SP = str2;
    }

    public ShibbolethECPAuthClient(String str, String str2, boolean z) throws ConfigurationException, IllegalStateException {
        this(null, str, str2, z);
    }

    public Response authenticate(String str, String str2) throws IOException, AuthenticationException, SOAPClientException {
        StatusCode statusCode;
        HttpResponse execute = super.execute(new HttpGet(this.SP));
        log.info("Status: " + execute.getStatusLine());
        for (Header header : execute.getAllHeaders()) {
            log.debug(header.getName() + ": " + header.getValue());
        }
        String entityUtils = EntityUtils.toString(execute.getEntity());
        log.debug("HttpResponse::Content: " + entityUtils);
        if (!isSamlSoapResponse(execute)) {
            throw new SOAPClientException("Service Provider not configured to accept ECP messages");
        }
        Envelope soapMessage = getSoapMessage(new StringEntity(entityUtils));
        Envelope buildObject = new EnvelopeBuilder().buildObject();
        Body body = soapMessage.getBody();
        body.detach();
        buildObject.setBody(body);
        log.debug("Logging into IdP [" + this.IdP + "]");
        HttpPost httpPost = new HttpPost(this.IdP);
        httpPost.getParams().setBooleanParameter(ShibHttpClient.getAuthInProgress(), true);
        httpPost.addHeader("Authorization", "Basic " + Base64.encodeBytes((str + ":" + str2).getBytes()));
        httpPost.setEntity(new StringEntity(Utils.xmlToString((XMLObject) buildObject)));
        HttpResponse execute2 = super.execute(httpPost);
        log.debug("Status: " + execute2.getStatusLine());
        if (execute2.getStatusLine().getStatusCode() != 200) {
            throw new AuthenticationException(execute2.getStatusLine().toString());
        }
        String entityUtils2 = EntityUtils.toString(execute2.getEntity());
        log.debug("HttpResponse::Content: " + entityUtils2);
        Envelope soapMessage2 = getSoapMessage(new StringEntity(entityUtils2));
        log.debug("assertionConsumerServiceURL: " + ((org.opensaml.saml2.ecp.Response) soapMessage2.getHeader().getUnknownXMLObjects(org.opensaml.saml2.ecp.Response.DEFAULT_ELEMENT_NAME).get(0)).getAssertionConsumerServiceURL());
        List unknownXMLObjects = soapMessage2.getBody().getUnknownXMLObjects(Response.DEFAULT_ELEMENT_NAME);
        if (unknownXMLObjects.isEmpty()) {
            return null;
        }
        Response response = (Response) unknownXMLObjects.get(0);
        StatusCode statusCode2 = response.getStatus().getStatusCode();
        while (true) {
            statusCode = statusCode2;
            if (statusCode.getStatusCode() == null) {
                break;
            }
            statusCode2 = statusCode.getStatusCode();
        }
        if ("urn:oasis:names:tc:SAML:2.0:status:AuthnFailed".equals(statusCode.getValue())) {
            throw new AuthenticationException(statusCode.getValue());
        }
        return response;
    }
}
