package org.astrogrid.security.community;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.net.URLEncoder;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.CertPath;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import org.astrogrid.security.SecurityGuard;
import org.astrogrid.security.SignOnClient;
import org.bouncycastle.openssl.PEMWriter;
import org.mortbay.http.HttpRequest;

/* loaded from: input_file:org/astrogrid/security/community/SsoClient.class */
public class SsoClient implements SignOnClient {
    private String endpoint;
    static final /* synthetic */ boolean $assertionsDisabled;

    public SsoClient(URI uri) {
        this.endpoint = uri.toString();
    }

    public SsoClient(String str) {
        this.endpoint = str;
    }

    @Override // org.astrogrid.security.SignOnClient
    public void authenticate(String str, String str2, int i, SecurityGuard securityGuard) throws IOException, AccessControlException, CertificateException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && i <= 0) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && securityGuard == null) {
            throw new AssertionError();
        }
        URL proxyUrl = getProxyUrl(str);
        KeyPair generateKeyPair = generateKeyPair();
        HttpURLConnection httpURLConnection = (HttpURLConnection) proxyUrl.openConnection();
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setRequestMethod("POST");
        securityGuard.configureHttps(httpURLConnection);
        String encode = URLEncoder.encode(str2, "UTF-8");
        StringWriter stringWriter = new StringWriter();
        PEMWriter pEMWriter = new PEMWriter(stringWriter);
        pEMWriter.writeObject(generateKeyPair.getPublic());
        pEMWriter.close();
        String encode2 = URLEncoder.encode(stringWriter.toString(), "UTF-8");
        String encode3 = URLEncoder.encode(Integer.toString(i), "UTF-8");
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream(), "UTF-8");
        outputStreamWriter.write("password=");
        outputStreamWriter.write(encode);
        outputStreamWriter.write("&key=");
        outputStreamWriter.write(encode2);
        outputStreamWriter.write("&lifetime=");
        outputStreamWriter.write(encode3);
        outputStreamWriter.flush();
        outputStreamWriter.close();
        int responseCode = httpURLConnection.getResponseCode();
        switch (responseCode) {
            case 200:
                CertPath readCertificates = readCertificates(httpURLConnection.getInputStream());
                securityGuard.setPrivateKey(generateKeyPair.getPrivate());
                securityGuard.setCertificateChain(readCertificates);
                securityGuard.setX500PrincipalFromCertificateChain();
                return;
            case 403:
                throw new AccessControlException("The password was rejected.");
            case 404:
                throw new FileNotFoundException("The user-name " + str + " is not recogognized.");
            default:
                throw new IOException("The community service returned HTTP code " + responseCode);
        }
    }

    @Override // org.astrogrid.security.SignOnClient
    public void home(String str, SecurityGuard securityGuard) throws IOException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && securityGuard == null) {
            throw new AssertionError();
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) getHomeUrl(str).openConnection();
        httpURLConnection.setDoOutput(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setRequestMethod(HttpRequest.__GET);
        HttpURLConnection.setFollowRedirects(false);
        securityGuard.configureHttps(httpURLConnection);
        String str2 = null;
        if (httpURLConnection.getResponseCode() == 303 || httpURLConnection.getResponseCode() == 301 || httpURLConnection.getResponseCode() == 302) {
            str2 = httpURLConnection.getHeaderField("Location");
        }
        if (str2 != null) {
            securityGuard.setHomespaceLocation(str2);
        }
    }

    @Override // org.astrogrid.security.SignOnClient
    public void changePassword(String str, String str2, String str3, SecurityGuard securityGuard) throws AccessControlException, GeneralSecurityException, IOException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str3 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && securityGuard == null) {
            throw new AssertionError();
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) getAccountUrl(str).openConnection();
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestMethod("POST");
        securityGuard.configureHttps(httpURLConnection);
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream(), "UTF-8");
        outputStreamWriter.write("oldPassword=");
        outputStreamWriter.write(URLEncoder.encode(str2, "UTF-8"));
        outputStreamWriter.write("&newPassword=");
        outputStreamWriter.write(URLEncoder.encode(str3, "UTF-8"));
        outputStreamWriter.flush();
        outputStreamWriter.close();
        switch (httpURLConnection.getResponseCode()) {
            case 200:
            case 204:
                return;
            case 400:
                throw new IllegalArgumentException("Failed to change the password: parameters were wrong");
            case 403:
                throw new AccessControlException("Failed to change the password: access was denied");
            case 404:
                throw new FileNotFoundException("Failed to change the password: no such account");
            case 500:
                throw new GeneralSecurityException("Failed to change the password: community service failed internally");
            default:
                throw new IOException("Failed to change the password; HTTP code " + httpURLConnection.getResponseCode());
        }
    }

    protected CertPath readCertificates(InputStream inputStream) throws CertificateException, IOException {
        return CertificateFactory.getInstance("X509").generateCertPath(inputStream, "PkiPath");
    }

    private URL getProxyUrl(String str) {
        try {
            return new URL(this.endpoint + "/" + str + "/proxy");
        } catch (Exception e) {
            throw new RuntimeException("Failed to construct a URL for a user proxy", e);
        }
    }

    private URL getAccountUrl(String str) {
        try {
            return new URL(this.endpoint + "/" + str);
        } catch (Exception e) {
            throw new RuntimeException("Failed to construct a URL for a user's account", e);
        }
    }

    private URL getHomeUrl(String str) {
        try {
            return new URL(this.endpoint + "/" + str + "/home");
        } catch (Exception e) {
            throw new RuntimeException("Failed to construct a URL for a user homespace", e);
        }
    }

    private KeyPair generateKeyPair() {
        try {
            return KeyPairGenerator.getInstance("RSA").generateKeyPair();
        } catch (Exception e) {
            throw new RuntimeException("Failed to generate a key pair", e);
        }
    }

    static {
        $assertionsDisabled = !SsoClient.class.desiredAssertionStatus();
    }
}
