package net.java.dev.sommer.foafssl.login;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Collection;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.java.dev.sommer.foafssl.principals.FoafSslPrincipal;
import net.java.dev.sommer.foafssl.verifier.DereferencingFoafSslVerifier;
import net.java.dev.sommer.foafssl.verifier.FoafSslVerifier;
import org.apache.log4j.spi.LocationInfo;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:WEB-INF/classes/net/java/dev/sommer/foafssl/login/IdpServlet.class */
public class IdpServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    public static final String SIGNATURE_PARAMNAME = "sig";
    public static final String SIGALG_PARAMNAME = "sigalg";
    public static final String TIMESTAMP_PARAMNAME = "ts";
    public static final String WEBID_PARAMNAME = "webid";
    public static final String AUTHREQISSUER_PARAMNAME = "authreqissuer";
    public static final String KEYSTORE_JNDI_INITPARAM = "keystore";
    public static final String DEFAULT_KEYSTORE_JNDI_INITPARAM = "keystore/signingKeyStore";
    public static final String KEYSTORE_PATH_INITPARAM = "keystorePath";
    public static final String KEYSTORE_TYPE_INITPARAM = "keystoreType";
    public static final String KEYSTORE_PASSWORD_INITPARAM = "keystorePassword";
    public static final String KEY_PASSWORD_INITPARAM = "keyPassword";
    public static final String ALIAS_INITPARAM = "keyAlias";
    private PrivateKey privateKey = null;
    private PublicKey publicKey = null;
    private Certificate certificate = null;
    public static final transient Logger LOG = Logger.getLogger(IdpServlet.class.getName());
    private static FoafSslVerifier FOAF_SSL_VERIFIER = new DereferencingFoafSslVerifier();

    /* JADX WARN: Finally extract failed */
    public void init() throws ServletException {
        KeyStore keyStore = null;
        String initParameter = getInitParameter(KEYSTORE_JNDI_INITPARAM);
        if (initParameter == null) {
            initParameter = DEFAULT_KEYSTORE_JNDI_INITPARAM;
        }
        String initParameter2 = getInitParameter(KEYSTORE_PATH_INITPARAM);
        String initParameter3 = getInitParameter(KEYSTORE_TYPE_INITPARAM);
        String initParameter4 = getInitParameter(KEYSTORE_PASSWORD_INITPARAM);
        String initParameter5 = getInitParameter(KEY_PASSWORD_INITPARAM);
        if (initParameter5 == null) {
            initParameter5 = initParameter4;
        }
        String initParameter6 = getInitParameter(ALIAS_INITPARAM);
        Context context = null;
        try {
            try {
                keyStore = (KeyStore) new InitialContext().lookup("java:comp/env/" + initParameter);
                if (0 != 0) {
                    context.close();
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    context.close();
                }
                throw th;
            }
        } catch (NameNotFoundException e) {
        } catch (NamingException e2) {
            LOG.log(Level.SEVERE, "Error configuring servlet.", e2);
            throw new ServletException(e2);
        }
        if (keyStore == null) {
            FileInputStream fileInputStream = null;
            if (initParameter2 != null) {
                try {
                    try {
                        fileInputStream = new FileInputStream(initParameter2);
                    } catch (Throwable th2) {
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        throw th2;
                    }
                } catch (FileNotFoundException e3) {
                    LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e3);
                    throw new ServletException("Could not load keystore.");
                } catch (IOException e4) {
                    LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e4);
                    throw new ServletException("Could not load keystore.");
                } catch (KeyStoreException e5) {
                    LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e5);
                    throw new ServletException("Could not load keystore.");
                } catch (NoSuchAlgorithmException e6) {
                    LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e6);
                    throw new ServletException("Could not load keystore.");
                } catch (CertificateException e7) {
                    LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e7);
                    throw new ServletException("Could not load keystore.");
                }
            }
            keyStore = KeyStore.getInstance(initParameter3 != null ? initParameter3 : KeyStore.getDefaultType());
            keyStore.load(fileInputStream, initParameter4 != null ? initParameter4.toCharArray() : null);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
        }
        if (initParameter6 == null) {
            try {
                Enumeration<String> aliases = keyStore.aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    }
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        initParameter6 = nextElement;
                        break;
                    }
                }
            } catch (KeyStoreException e8) {
                LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e8);
                throw new ServletException("Could not load keystore.");
            } catch (NoSuchAlgorithmException e9) {
                LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e9);
                throw new ServletException("Could not load keystore.");
            } catch (UnrecoverableKeyException e10) {
                LOG.log(Level.SEVERE, "Error configuring servlet (could not load keystore).", (Throwable) e10);
                throw new ServletException("Could not load keystore.");
            }
        }
        if (initParameter6 == null) {
            LOG.log(Level.SEVERE, "Error configuring servlet, invalid keystore configuration: alias unspecified or couldn't find key at alias: " + initParameter6);
            throw new ServletException("Invalid keystore configuration: alias unspecified or couldn't find key at alias: " + initParameter6);
        }
        this.privateKey = (PrivateKey) keyStore.getKey(initParameter6, initParameter5 != null ? initParameter5.toCharArray() : null);
        this.certificate = keyStore.getCertificate(initParameter6);
        this.publicKey = keyStore.getCertificate(initParameter6).getPublicKey();
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Collection<? extends FoafSslPrincipal> collection = null;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null) {
            try {
                collection = FOAF_SSL_VERIFIER.verifyFoafSslCertificate(x509CertificateArr[0]);
            } catch (Exception e) {
                LOG.log(Level.WARNING, "Exception when verifying the certificate.", (Throwable) e);
                httpServletResponse.setStatus(500);
                return;
            }
        }
        if (collection == null || collection.size() <= 0) {
            httpServletResponse.setStatus(401);
            return;
        }
        String parameter = httpServletRequest.getParameter(AUTHREQISSUER_PARAMNAME);
        if (parameter != null) {
            try {
                if (parameter.length() > 0) {
                    String createSignedResponse = createSignedResponse(collection, parameter);
                    httpServletResponse.setStatus(302);
                    httpServletResponse.setHeader("Location", createSignedResponse);
                }
            } catch (InvalidKeyException e2) {
                LOG.log(Level.SEVERE, "Error when signing the response.", (Throwable) e2);
                httpServletResponse.setStatus(500);
                return;
            } catch (NoSuchAlgorithmException e3) {
                LOG.log(Level.SEVERE, "Error when signing the response.", (Throwable) e3);
                httpServletResponse.setStatus(500);
                return;
            } catch (SignatureException e4) {
                LOG.log(Level.SEVERE, "Error when signing the response.", (Throwable) e4);
                httpServletResponse.setStatus(500);
                return;
            }
        }
        usage(httpServletResponse, collection);
    }

    private String createSignedResponse(Collection<? extends FoafSslPrincipal> collection, String str) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException, SignatureException {
        String str2;
        if ("RSA".equals(this.privateKey.getAlgorithm())) {
            str2 = "SHA1withRSA";
        } else {
            if (!"DSA".equals(this.privateKey.getAlgorithm())) {
                throw new NoSuchAlgorithmException("Unsupported key algorithm type.");
            }
            str2 = "SHA1withDSA";
        }
        String str3 = (str + "?webid=" + URLEncoder.encode(collection.iterator().next().getUri().toASCIIString(), "UTF-8")) + "&ts=" + URLEncoder.encode(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ").format(Calendar.getInstance().getTime()), "UTF-8");
        Signature signature = Signature.getInstance(str2);
        signature.initSign(this.privateKey);
        signature.update(str3.getBytes("UTF-8"));
        return str3 + "&sig=" + URLEncoder.encode(new String(Base64.encode(signature.sign())), "UTF-8");
    }

    private void usage(HttpServletResponse httpServletResponse, Collection<? extends FoafSslPrincipal> collection) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<html><head><title>FOAF+SSL identity servlet</title></head><body>").append("<h1>FOAF+SSL identity provider servlet</h1>").append("<p>This is a very basic Identity Provider for <a href='http://esw.w3.org/topic/foaf+ssl'>FOAF+SSL</a>.").append(" It identifies a user connecting using SSL to this service, and returns ").append("the <a href='http://esw.w3.org/topic/WebID'>WebID</a> of the user to the service in a secure manner.").append("The user that just connected right now for example has ");
        if (collection.size() == 0) {
            stringBuffer.append(" no verified webIDs.");
        } else {
            stringBuffer.append(" the following WebIDs:<ul>");
            for (FoafSslPrincipal foafSslPrincipal : collection) {
                stringBuffer.append("<li><a href='").append(foafSslPrincipal.getUri()).append("'>").append(foafSslPrincipal.getUri()).append("</a></li>");
            }
            stringBuffer.append("</ul>");
        }
        stringBuffer.append("</p>").append("<h3>How does it work?</h3>").append("<p>This service just sends a redirect to the service given by the '").append(AUTHREQISSUER_PARAMNAME).append("' parameter. ").append(" The redirected to URL is constructed on the following pattern:").append("<pre><b>$").append(AUTHREQISSUER_PARAMNAME).append(LocationInfo.NA).append(WEBID_PARAMNAME).append("=$webid&amp;").append(TIMESTAMP_PARAMNAME).append("=$timeStamp</b>&amp;").append(SIGNATURE_PARAMNAME).append("=$URLSignature").append("</pre>");
        stringBuffer.append("Where the above variables have the following meanings:").append("<ul><li><code>$").append(AUTHREQISSUER_PARAMNAME).append("</code> is the URL passed by the server in the initial request.</li>").append("<li><code>$webid</code> is the webid of the user connecting.").append("<li><code>$timeStamp</code> is a time stamp in XML Schema format (same as used by Atom).").append(" This is needed to reduce the ease of developing replay attacks.").append("<li><code>$URLSignature</code> is the signature of the whole url in bold above.").append("</ul>");
        if ("RSA".equals(this.privateKey.getAlgorithm())) {
            stringBuffer.append("The signature uses the RSA with SHA-1 algorithm.");
            stringBuffer.append("The public key used by this service that verifies the signature is:");
            RSAPublicKey rSAPublicKey = (RSAPublicKey) this.publicKey;
            stringBuffer.append("<ul><li>Key Type: RSA</li>").append("<li>public exponent: ").append(rSAPublicKey.getPublicExponent()).append("</li>");
            stringBuffer.append("<li>modulus: ").append(rSAPublicKey.getModulus()).append("</li></ul>");
        }
        stringBuffer.append("For ease of use, depending on which tool you use, here is the public key in a PEM format:");
        stringBuffer.append("<ul><li>Public key:<pre>");
        httpServletResponse.getWriter().print(stringBuffer);
        PEMWriter pEMWriter = new PEMWriter(httpServletResponse.getWriter());
        pEMWriter.writeObject(this.publicKey);
        pEMWriter.flush();
        StringBuffer stringBuffer2 = new StringBuffer();
        stringBuffer2.append("</pre></li>");
        stringBuffer2.append("<li>Certificate with this public key:<pre>");
        httpServletResponse.getWriter().print(stringBuffer2);
        pEMWriter.writeObject(this.certificate);
        pEMWriter.flush();
        StringBuffer stringBuffer3 = new StringBuffer();
        stringBuffer3.append("</pre></li></ul>");
        stringBuffer3.append("<h3>Try it out from here</h3>");
        stringBuffer3.append("<form action='' method='get'>").append("Requesting service URL: <input type='text' size='80' name='").append(AUTHREQISSUER_PARAMNAME).append("'></input>").append("<input type='submit' value='test this'>").append("</form>");
        stringBuffer3.append("</p></body></html>");
        httpServletResponse.getWriter().print(stringBuffer3);
    }
}
