package org.osivia.cas.pronote;

import java.io.IOException;
import java.io.StringReader;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.jasig.cas.authentication.AbstractAuthenticationHandler;
import org.jasig.cas.authentication.BasicCredentialMetaData;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.DefaultHandlerResult;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.web.view.CasViewConstants;
import org.ldaptive.LdapException;
import org.ldaptive.auth.DnResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/classes/org/osivia/cas/pronote/PronoteCasClientHandler.class */
public class PronoteCasClientHandler extends AbstractAuthenticationHandler {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private final DnResolver dnResolverForClient;
    private String casValidateUrl;

    public PronoteCasClientHandler(DnResolver dnResolver) {
        this.dnResolverForClient = dnResolver;
    }

    @Override // org.jasig.cas.authentication.AuthenticationHandler
    public HandlerResult authenticate(Credential credential) throws GeneralSecurityException, PreventedException {
        if (credential == null) {
            this.logger.error("credential is null");
            throw new GeneralSecurityException("credential is null");
        }
        PronoteCasClientCredential pronoteCasClientCredential = (PronoteCasClientCredential) credential;
        try {
            if (!pronoteCasClientCredential.getCasName().equals("pronote")) {
                throw new GeneralSecurityException("Upstream Cas name " + pronoteCasClientCredential.getCasName() + " unknown");
            }
            CloseableHttpClient build = HttpClientBuilder.create().build();
            URIBuilder uRIBuilder = new URIBuilder(this.casValidateUrl);
            uRIBuilder.setParameter("ticket", pronoteCasClientCredential.getServiceTicket());
            uRIBuilder.setParameter(CasViewConstants.MODEL_ATTRIBUTE_NAME_SERVICE, pronoteCasClientCredential.getServiceUrl());
            HttpGet httpGet = new HttpGet(uRIBuilder.build());
            httpGet.addHeader("User-Agent", "Cloud-ens");
            CloseableHttpResponse execute = build.execute((HttpUriRequest) httpGet);
            int statusCode = execute.getStatusLine().getStatusCode();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("GET " + httpGet.getURI().toASCIIString() + " returned HTTP " + statusCode);
            }
            if (statusCode != 200) {
                throw new GeneralSecurityException("Server returned a non-ok response " + execute.getEntity().toString());
            }
            DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
            Element documentElement = newDocumentBuilder.parse(new InputSource(new StringReader(EntityUtils.toString(execute.getEntity())))).getDocumentElement();
            String str = null;
            for (int i = 0; i < documentElement.getChildNodes().getLength(); i++) {
                Node item = documentElement.getChildNodes().item(i);
                if (item.getNodeType() == 1 && item.getNodeName().equals("cas:authenticationSuccess")) {
                    for (int i2 = 0; i2 < item.getChildNodes().getLength(); i2++) {
                        Node item2 = item.getChildNodes().item(i2);
                        if (item2.getNodeType() == 1 && item2.getNodeName().equals("cas:user")) {
                            for (int i3 = 0; i3 < item2.getChildNodes().getLength(); i3++) {
                                str = item2.getChildNodes().item(i3).getNodeValue();
                            }
                        }
                    }
                }
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Response :  " + newDocumentBuilder.toString());
            }
            if (this.dnResolverForClient.resolve(str) == null) {
                throw new GeneralSecurityException("Unknown user " + str);
            }
            return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), this.principalFactory.createPrincipal(str), new ArrayList());
        } catch (IOException | UnsupportedOperationException | URISyntaxException | ParserConfigurationException | LdapException | SAXException e) {
            throw new PreventedException(e);
        }
    }

    @Override // org.jasig.cas.authentication.AuthenticationHandler
    public boolean supports(Credential credential) {
        return credential instanceof PronoteCasClientCredential;
    }

    public String getCasValidateUrl() {
        return this.casValidateUrl;
    }

    public void setCasValidateUrl(String str) {
        this.casValidateUrl = str;
    }
}
