package com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.security.policies.interceptors;

import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.parameters.ProxySettingsParams;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.security.online.MicrosoftOnlineAuthenticationPolicy;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.security.online.MicrosoftOnlineSecurityHeaderInterceptor;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.security.online.Office365ConnectionException;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.security.online.Office365TokenRetriever;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.security.online.RealmInfo;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.utils.DynamicsCrmConnectionUtils;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.utils.MessageUtils;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.security.assertors.XrmAuthenticationTypeAssertion;
import com.mulesoft.connectors.microsoft.dynamics.crm.internal.utils.DynamicsCrmConstants;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import javax.xml.namespace.QName;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import joptsimple.internal.Strings;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.endpoint.EndpointException;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.apache.cxf.ws.addressing.EndpointReferenceUtils;
import org.apache.cxf.ws.addressing.VersionTransformer;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.wss4j.policy.SP12Constants;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/mulesoft/connectors/microsoft/dynamics/crm/internal/connection/security/policies/interceptors/CrmAuthenticationPolicyOutInterceptor.class */
public class CrmAuthenticationPolicyOutInterceptor extends AbstractPhaseInterceptor<Message> {
    private static final Log log = LogFactory.getLog(CrmAuthenticationPolicyOutInterceptor.class);
    private final ProxySettingsParams proxySettingsParams;

    public CrmAuthenticationPolicyOutInterceptor(ProxySettingsParams proxySettingsParams) {
        super("prepare-send");
        addBefore("IssuedTokenOutInterceptor");
        this.proxySettingsParams = proxySettingsParams;
    }

    public void handleMessage(Message message) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) message.get(AssertionInfoMap.class);
        if (assertionInfoMap != null) {
            boolean contextualBoolean = MessageUtils.getContextualBoolean(message, DynamicsCrmConstants.DISABLE_CN_CHECK, false);
            ArrayList arrayList = new ArrayList();
            buildAssertionInfo(assertionInfoMap, arrayList, (Collection) assertionInfoMap.get(DynamicsCrmConstants.AUTH_POLICY_2011));
            for (AssertionInfo assertionInfo : arrayList) {
                XrmAuthenticationTypeAssertion assertion = assertionInfo.getAssertion();
                if (assertion != null && assertion.getAuthenticationType() != null) {
                    log.debug("Authentication type from wsdl: " + assertion.getAuthenticationType());
                }
                if (StringUtils.equalsIgnoreCase(((XrmAuthenticationTypeAssertion) Objects.requireNonNull(assertion)).getAuthenticationType(), DynamicsCrmConstants.AUTH_TYPE_FEDERATION)) {
                    try {
                        String metadataWsdl = getMetadataWsdl(assertionInfoMap, assertionInfo);
                        if (metadataWsdl == null) {
                            return;
                        } else {
                            handleAuthTypeFederation(message, metadataWsdl, contextualBoolean);
                        }
                    } catch (Exception e) {
                        log.error(e);
                        assertionInfo.setNotAsserted("Error when trying to configure conduit in STS Client: " + e.getMessage());
                        return;
                    }
                } else if (StringUtils.equalsIgnoreCase(assertion.getAuthenticationType(), DynamicsCrmConstants.AUTH_TYPE_ONLINE_FEDERATION)) {
                    handleAuthTypeOnlineFederation(message);
                } else if (StringUtils.equalsIgnoreCase(assertion.getAuthenticationType(), DynamicsCrmConstants.AUTH_TYPE_ACTIVE_DIRECTORY)) {
                    handleAuthTypeActiveDirectory(message, assertionInfo, contextualBoolean);
                }
                assertionInfo.setAsserted(true);
            }
        }
    }

    private void handleAuthTypeFederation(Message message, String str, boolean z) throws EndpointException, BusException {
        String endpointName = getEndpointName(str);
        STSClient sTSClient = new STSClient((Bus) message.getExchange().get(Bus.class));
        sTSClient.setWsdlLocation(str);
        sTSClient.setEndpointQName(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", endpointName));
        sTSClient.setSendRenewing(false);
        sTSClient.setWspNamespace("http://schemas.xmlsoap.org/ws/2004/09/policy");
        message.put("security.sts.client", sTSClient);
        HTTPConduit conduit = sTSClient.getClient().getConduit();
        DynamicsCrmConnectionUtils.setProxyConnection(conduit, this.proxySettingsParams);
        if (z) {
            DynamicsCrmConnectionUtils.disableCnCheck(conduit);
        }
    }

    private void handleAuthTypeOnlineFederation(Message message) {
        SecurityToken securityToken = (SecurityToken) MessageUtils.getContextualObject(message, "ws-security.token");
        if (securityToken == null || securityToken.isExpired() || securityToken.isAboutToExpire(30L)) {
            issueToken(message, (Bus) message.getExchange().get(Bus.class));
        }
    }

    private void handleAuthTypeActiveDirectory(Message message, final AssertionInfo assertionInfo, final boolean z) {
        message.put("security.sts.client", new STSClient((Bus) message.getExchange().get(Bus.class)) { // from class: com.mulesoft.connectors.microsoft.dynamics.crm.internal.connection.security.policies.interceptors.CrmAuthenticationPolicyOutInterceptor.1CustomSTSClient
            protected void createClient() throws BusException, EndpointException {
                super.createClient();
                try {
                    HTTPConduit conduit = getClient().getConduit();
                    DynamicsCrmConnectionUtils.setProxyConnection(conduit, CrmAuthenticationPolicyOutInterceptor.this.proxySettingsParams);
                    if (z) {
                        DynamicsCrmConnectionUtils.disableCnCheck(conduit);
                    }
                } catch (Exception e) {
                    CrmAuthenticationPolicyOutInterceptor.log.error(e);
                    assertionInfo.setNotAsserted("Error when trying to configure conduit in STS Client: " + e.getMessage());
                }
            }
        });
    }

    private void buildAssertionInfo(AssertionInfoMap assertionInfoMap, Collection<AssertionInfo> collection, Collection<AssertionInfo> collection2) {
        if (collection2 != null) {
            collection.addAll(collection2);
        }
        Collection<? extends AssertionInfo> collection3 = (Collection) assertionInfoMap.get(DynamicsCrmConstants.AUTH_POLICY_2012);
        if (collection3 != null) {
            collection.addAll(collection3);
        }
    }

    private String getMetadataWsdl(AssertionInfoMap assertionInfoMap, AssertionInfo assertionInfo) {
        String str = "";
        Collection collection = (Collection) assertionInfoMap.get(SP12Constants.ISSUED_TOKEN);
        if (collection != null && !collection.isEmpty()) {
            Iterator it = collection.iterator();
            if (it.hasNext()) {
                str = findMEXLocation(((AssertionInfo) it.next()).getAssertion().getIssuer());
            }
        }
        if (Strings.isNullOrEmpty(str)) {
            assertionInfo.setNotAsserted("Unable to get Federation Metadata WSDL from CRM's Authentication Policy");
            return null;
        }
        log.debug("Found Federation Metadata WSDL from CRM's Authentication Policy: " + str);
        return str;
    }

    private String getEndpointName(String str) {
        String str2;
        try {
            String[] split = ((Node) XPathFactory.newInstance().newXPath().compile("//*[local-name()='Address' and substring(text(), string-length(text()) - 36)='/adfs/services/trust/13/usernamemixed']").evaluate(DynamicsCrmConnectionUtils.downloadUrlIntoDocument(str, this.proxySettingsParams), XPathConstants.NODE)).getParentNode().getParentNode().getAttributes().getNamedItem("binding").getTextContent().split(":");
            str2 = split.length > 1 ? split[1] : split[0];
            log.debug("Found '13/usernamemixed' endpoint in wsdl: " + str2);
        } catch (Exception e) {
            log.debug(e.getMessage(), e);
            str2 = "UserNameWSTrustBinding_IWSTrust13Async1";
        }
        return str2;
    }

    private void issueToken(Message message, Bus bus) {
        log.info("Authenticating against Microsoft Online");
        Office365TokenRetriever office365TokenRetriever = (Office365TokenRetriever) MessageUtils.getContextualObject(message, DynamicsCrmConstants.ONLINE_TOKEN_RETRIEVER);
        String str = (String) MessageUtils.getContextualObject(message, "security.username");
        String str2 = (String) MessageUtils.getContextualObject(message, "security.password");
        try {
            RealmInfo userRealmInfo = office365TokenRetriever.getUserRealmInfo(str);
            setRealmNamespaceType(message, userRealmInfo);
            PolicyEngine policyEngine = (PolicyEngine) bus.getExtension(PolicyEngine.class);
            MicrosoftOnlineAuthenticationPolicy microsoftOnlineAuthenticationPolicy = (MicrosoftOnlineAuthenticationPolicy) MessageUtils.getContextualObject(message, DynamicsCrmConstants.ONLINE_AUTH_POLICY);
            int intValue = ((Integer) MessageUtils.getContextualObject(message, DynamicsCrmConstants.AUTH_RETRIES)).intValue();
            for (int i = 1; i <= intValue; i++) {
                try {
                } catch (Exception e) {
                    log.info("Error trying to authenticate against Microsoft Online.", e);
                    if (i >= intValue) {
                        throw new Fault(e);
                    }
                    log.info("Retries left: " + (intValue - i));
                }
                if (RealmInfo.NamespaceTypes.MANAGED.equalsIgnoreCase(userRealmInfo.getNamespaceType())) {
                    policyEngine.setEnabled(true);
                    message.put("ws-security.token", office365TokenRetriever.getTokenFromOffice365(bus, str, str2, microsoftOnlineAuthenticationPolicy.getIssuerUri().toString(), microsoftOnlineAuthenticationPolicy.getAppliesTo()));
                } else if (RealmInfo.NamespaceTypes.LIVEID.equalsIgnoreCase(userRealmInfo.getNamespaceType())) {
                    policyEngine.setEnabled(false);
                    bus.getOutInterceptors().add(new MicrosoftOnlineSecurityHeaderInterceptor(office365TokenRetriever.getTokenFromLiveId((String) MessageUtils.getContextualObject(message, DynamicsCrmConstants.ORG_SERVICE_URL), str, str2, microsoftOnlineAuthenticationPolicy)));
                    policyEngine.setEnabled(true);
                } else if (RealmInfo.NamespaceTypes.FEDERATED.equalsIgnoreCase(userRealmInfo.getNamespaceType())) {
                    policyEngine.setEnabled(true);
                    message.put("ws-security.token", office365TokenRetriever.getTokenFromMicrosoftOnline(bus, office365TokenRetriever.getTokenFromAdfs(bus, str, str2, userRealmInfo.getMetadataUrl(), (String) MessageUtils.getContextualObject(message, DynamicsCrmConstants.PORT_NAME), microsoftOnlineAuthenticationPolicy.getMicrosoftOnlineIdentifier()), microsoftOnlineAuthenticationPolicy.getIssuerUri().toString(), microsoftOnlineAuthenticationPolicy.getAppliesTo()));
                } else {
                    continue;
                }
                return;
            }
        } catch (Office365ConnectionException e2) {
            throw new Fault(e2);
        }
    }

    private void setRealmNamespaceType(Message message, RealmInfo realmInfo) {
        if (RealmInfo.NamespaceTypes.UNKNOWN.equalsIgnoreCase(realmInfo.getNamespaceType())) {
            log.info("Realm info not provided - will try federated auth if custom sts provided");
            if (!Strings.isNullOrEmpty(realmInfo.getMetadataUrl())) {
                realmInfo.setNamespaceType(RealmInfo.NamespaceTypes.FEDERATED);
                return;
            }
            String str = (String) MessageUtils.getContextualObject(message, DynamicsCrmConstants.STS_METADATA_URL);
            if (Strings.isNullOrEmpty(str)) {
                return;
            }
            realmInfo.setMetadataUrl(str);
            realmInfo.setNamespaceType(RealmInfo.NamespaceTypes.FEDERATED);
        }
    }

    private String findMEXLocation(EndpointReferenceType endpointReferenceType) {
        String findMEXLocation;
        if (endpointReferenceType.getMetadata() != null && endpointReferenceType.getMetadata().getAny() != null) {
            for (Object obj : endpointReferenceType.getMetadata().getAny()) {
                if ((obj instanceof Element) && (findMEXLocation = findMEXLocation((Element) obj)) != null) {
                    return findMEXLocation;
                }
            }
        }
        return EndpointReferenceUtils.getAddress(endpointReferenceType);
    }

    private String findMEXLocation(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                return null;
            }
            if (element2.getLocalName().equals("Address") && VersionTransformer.isSupported(element2.getNamespaceURI()) && "MetadataReference".equals(element.getLocalName())) {
                return DOMUtils.getContent(element2);
            }
            String findMEXLocation = findMEXLocation(element2);
            if (findMEXLocation != null) {
                return findMEXLocation;
            }
            firstElement = DOMUtils.getNextElement(element2);
        }
    }
}
