package edu.harvard.med.cbmi.auth.ecommons;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.derby.client.am.EncryptionManager;
import org.apache.log4j.Logger;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/ecommons-authen-0.0.1.jar:edu/harvard/med/cbmi/auth/ecommons/EcommonsAuthenticationClient.class */
public class EcommonsAuthenticationClient {
    private static final Logger log = Logger.getLogger(EcommonsAuthenticationClient.class);
    private String app;
    private String issuer;
    private DocumentBuilder docbuilder;
    private String url = "https://authenticate.med.harvard.edu/wsAuthenticate.asp";
    private DocumentBuilderFactory docbuilderfac = DocumentBuilderFactory.newInstance();
    private String reqxml = null;
    private String reqid = null;
    private String reqsig = null;
    private String resxml = null;
    private String resid = null;
    private String ressig = null;
    private String rescode = null;
    private String rescategory = null;
    private String resmessage = null;

    public EcommonsAuthenticationClient(String str, String str2) {
        this.app = "Default CBMI Client Application";
        this.issuer = "Orchestra_ATTR_CLIENT";
        this.docbuilder = null;
        if (str != null && !str.matches("^\\s*$")) {
            this.app = str;
        }
        if (str2 != null && !str2.matches("^\\s*$")) {
            this.issuer = str2;
        }
        try {
            this.docbuilder = this.docbuilderfac.newDocumentBuilder();
        } catch (ParserConfigurationException e) {
        }
    }

    public boolean authenticate(String str, String str2) {
        reset();
        try {
            setRequestXml(str, str2);
            postRequest();
            parseResponseXml();
            validateRequestId();
            validateRequestSignature();
        } catch (Exception e) {
            if (this.resmessage == null || this.resmessage.matches("^\\s*$")) {
                this.resmessage = e.getMessage();
            } else {
                this.resmessage += " (" + e.getMessage() + ")";
            }
        }
        if (this.rescode != null) {
            return this.rescode.equals("2000") || this.rescode.equals("2111");
        }
        return false;
    }

    private void setRequestXml(String str, String str2) throws Exception {
        if (str == null || str.matches("^\\s*$")) {
            log.error("user can't be empty");
            throw new Exception("user can't be empty");
        }
        if (str2 == null || str2.matches("^\\s*$")) {
            log.error("pass can't be empty");
            throw new Exception("pass can't be empty");
        }
        if (this.app == null || this.app.matches("^\\s*$")) {
            log.error("app can't be empty");
            throw new Exception("app can't be empty");
        }
        if (this.issuer == null || this.issuer.matches("^\\s*$")) {
            log.error("issuer can't be empty");
            throw new Exception("issuer can't be empty");
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        Document newDocument = this.docbuilder.newDocument();
        Element createElement = newDocument.createElement("AuthNRequest");
        newDocument.appendChild(createElement);
        this.reqid = String.valueOf(new Date().getTime());
        Element createElement2 = newDocument.createElement("RequestId");
        createElement.appendChild(createElement2);
        try {
            createElement2.appendChild(newDocument.createTextNode(URLEncoder.encode(this.reqid, "UTF-8")));
        } catch (UnsupportedEncodingException e) {
        }
        Element createElement3 = newDocument.createElement("Issuer");
        createElement.appendChild(createElement3);
        try {
            createElement3.appendChild(newDocument.createTextNode(URLEncoder.encode(this.issuer, "UTF-8")));
        } catch (UnsupportedEncodingException e2) {
        }
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance(EncryptionManager.SHA_1_DIGEST_ALGORITHM);
        } catch (NoSuchAlgorithmException e3) {
        }
        messageDigest.update((this.app + this.reqid).getBytes());
        byte[] digest = messageDigest.digest();
        this.reqsig = "";
        for (byte b : digest) {
            this.reqsig += Integer.toString((b & 255) + 256, 16).substring(1);
        }
        Element createElement4 = newDocument.createElement("Signature");
        createElement.appendChild(createElement4);
        try {
            createElement4.appendChild(newDocument.createTextNode(URLEncoder.encode(this.reqsig, "UTF-8")));
        } catch (UnsupportedEncodingException e4) {
        }
        String format = simpleDateFormat.format(new Date());
        Element createElement5 = newDocument.createElement("IssueInstant");
        createElement.appendChild(createElement5);
        try {
            createElement5.appendChild(newDocument.createTextNode(URLEncoder.encode(format, "UTF-8")));
        } catch (UnsupportedEncodingException e5) {
        }
        Element createElement6 = newDocument.createElement("ValidityInterval");
        createElement.appendChild(createElement6);
        Element createElement7 = newDocument.createElement("NotBefore");
        createElement6.appendChild(createElement7);
        try {
            createElement7.appendChild(newDocument.createTextNode(URLEncoder.encode(simpleDateFormat.format(new Date(new Date().getTime() - 300000)), "UTF-8")));
        } catch (UnsupportedEncodingException e6) {
        }
        Element createElement8 = newDocument.createElement("NotAfter");
        createElement6.appendChild(createElement8);
        try {
            createElement8.appendChild(newDocument.createTextNode(URLEncoder.encode(simpleDateFormat.format(new Date(new Date().getTime() + 300000)), "UTF-8")));
        } catch (UnsupportedEncodingException e7) {
        }
        Element createElement9 = newDocument.createElement("RequestApp");
        createElement.appendChild(createElement9);
        try {
            createElement9.appendChild(newDocument.createTextNode(URLEncoder.encode(this.app, "UTF-8")));
        } catch (UnsupportedEncodingException e8) {
        }
        Element createElement10 = newDocument.createElement("AuthNData");
        createElement.appendChild(createElement10);
        Element createElement11 = newDocument.createElement("Id");
        createElement10.appendChild(createElement11);
        try {
            createElement11.appendChild(newDocument.createTextNode(URLEncoder.encode(str, "UTF-8")));
        } catch (UnsupportedEncodingException e9) {
        }
        Element createElement12 = newDocument.createElement("Password");
        createElement10.appendChild(createElement12);
        try {
            createElement12.appendChild(newDocument.createTextNode(URLEncoder.encode(str2, "UTF-8")));
        } catch (UnsupportedEncodingException e10) {
        }
        Transformer transformer = null;
        try {
            transformer = TransformerFactory.newInstance().newTransformer();
        } catch (TransformerConfigurationException e11) {
        }
        transformer.setOutputProperty("omit-xml-declaration", CustomBooleanEditor.VALUE_NO);
        transformer.setOutputProperty("indent", CustomBooleanEditor.VALUE_YES);
        StringWriter stringWriter = new StringWriter();
        try {
            transformer.transform(new DOMSource(newDocument), new StreamResult(stringWriter));
        } catch (TransformerException e12) {
        }
        this.reqxml = stringWriter.toString();
    }

    private void postRequest() throws Exception {
        HttpClient httpClient = new HttpClient();
        PostMethod postMethod = new PostMethod(this.url);
        postMethod.setRequestHeader("SOAPMethodName", "urn:myserver:AuthenticationReply#GetXIDAuthenticateResponse");
        StringRequestEntity stringRequestEntity = null;
        try {
            stringRequestEntity = new StringRequestEntity(this.reqxml, "text/xml", "UTF-8");
        } catch (UnsupportedEncodingException e) {
        }
        postMethod.setRequestEntity(stringRequestEntity);
        try {
            if (httpClient.executeMethod(postMethod) != 200) {
                log.error("http error: " + postMethod.getStatusLine().toString());
                throw new Exception("authentication service http error");
            }
            try {
                this.resxml = postMethod.getResponseBodyAsString();
                postMethod.releaseConnection();
            } catch (IOException e2) {
                log.error(e2.getClass().getName() + ": " + e2.getMessage());
                throw new Exception("authentication service http error");
            }
        } catch (HttpException e3) {
            log.error(e3.getClass().getName() + ": " + e3.getMessage());
            throw new Exception("authentication service http error");
        } catch (IOException e4) {
            log.error(e4.getClass().getName() + ": " + e4.getMessage());
            throw new Exception("authentication service http error");
        }
    }

    private void parseResponseXml() throws Exception {
        try {
            Document parse = this.docbuilder.parse(new ByteArrayInputStream(this.resxml.getBytes()));
            try {
                this.resid = URLDecoder.decode(((Element) parse.getElementsByTagName("RequestId").item(0)).getChildNodes().item(0).getNodeValue(), "UTF-8");
            } catch (UnsupportedEncodingException e) {
            } catch (DOMException e2) {
                log.error(e2.getClass().getName() + ": " + e2.getMessage());
                throw new Exception("authentication service response parsing error");
            }
            if (this.resid != null && this.resid.matches("^\\s*$")) {
                this.resid = null;
            }
            try {
                this.ressig = URLDecoder.decode(((Element) parse.getElementsByTagName("RequestSignature").item(0)).getChildNodes().item(0).getNodeValue(), "UTF-8");
            } catch (UnsupportedEncodingException e3) {
            } catch (DOMException e4) {
                log.error(e4.getClass().getName() + ": " + e4.getMessage());
                throw new Exception("authentication service response parsing error");
            }
            if (this.ressig != null && this.ressig.matches("^\\s*$")) {
                this.ressig = null;
            }
            try {
                this.rescode = URLDecoder.decode(((Element) parse.getElementsByTagName("StatusCode").item(0)).getChildNodes().item(0).getNodeValue(), "UTF-8");
            } catch (UnsupportedEncodingException e5) {
            } catch (DOMException e6) {
                log.error(e6.getClass().getName() + ": " + e6.getMessage());
                throw new Exception("authentication service response parsing error");
            }
            if (this.rescode != null && this.rescode.matches("^\\s*$")) {
                this.rescode = null;
            }
            try {
                this.rescategory = URLDecoder.decode(((Element) parse.getElementsByTagName("StatusCodeCategory").item(0)).getChildNodes().item(0).getNodeValue(), "UTF-8");
            } catch (UnsupportedEncodingException e7) {
            } catch (DOMException e8) {
                log.error(e8.getClass().getName() + ": " + e8.getMessage());
                throw new Exception("authentication service response parsing error");
            }
            if (this.rescategory != null && this.rescategory.matches("^\\s*$")) {
                this.rescategory = null;
            }
            try {
                this.resmessage = URLDecoder.decode(((Element) parse.getElementsByTagName("StatusMessage").item(0)).getChildNodes().item(0).getNodeValue(), "UTF-8");
            } catch (UnsupportedEncodingException e9) {
            } catch (DOMException e10) {
                log.error(e10.getClass().getName() + ": " + e10.getMessage());
                throw new Exception("authentication service response parsing error");
            }
            if (this.resmessage == null || !this.resmessage.matches("^\\s*$")) {
                return;
            }
            this.resmessage = null;
        } catch (IOException e11) {
            log.error(e11.getClass().getName() + ": " + e11.getMessage());
            throw new Exception("authentication service response parsing error");
        } catch (SAXException e12) {
            log.error(e12.getClass().getName() + ": " + e12.getMessage());
            throw new Exception("authentication service response parsing error");
        }
    }

    private void validateRequestId() throws Exception {
        if (this.reqid == null || !this.reqid.equals(this.resid)) {
            log.error("request id does not match that in response");
            throw new Exception("request id does not match that in response");
        }
    }

    private void validateRequestSignature() throws Exception {
        if (this.reqsig == null || !this.reqsig.equals(this.ressig)) {
            log.error("request signature does not match that in response");
            throw new Exception("request signature does not match that in response");
        }
    }

    public String getRequestXml() {
        return this.reqxml == null ? this.reqxml : this.reqxml.replaceAll("<Password>.*</Password>", "<Password>XXXXXXXX</Password>");
    }

    public String getRequestId() {
        return this.reqid;
    }

    public String getRequestSignature() {
        return this.reqsig;
    }

    public String getResponseXml() {
        return this.resxml;
    }

    public String getResponseId() {
        return this.reqid;
    }

    public String getResponseSignature() {
        return this.reqsig;
    }

    public String getResponseCode() {
        return this.rescode;
    }

    public String getResponseCategory() {
        return this.rescategory;
    }

    public String getResponseMessage() {
        return this.resmessage;
    }

    private void reset() {
        this.reqxml = null;
        this.reqid = null;
        this.reqsig = null;
        this.resxml = null;
        this.resid = null;
        this.ressig = null;
        this.rescode = null;
        this.rescategory = null;
        this.resmessage = null;
    }

    static {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: edu.harvard.med.cbmi.auth.ecommons.EcommonsAuthenticationClient.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }
}
