package org.ametys.plugins.zimbra;

import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.ametys.plugins.messagingconnector.MessagingConnectorException;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.apache.excalibur.xml.dom.DOMParser;
import org.apache.excalibur.xml.xpath.PrefixResolver;
import org.apache.excalibur.xml.xpath.XPathProcessor;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.conn.ConnectionPoolTimeoutException;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/ametys/plugins/zimbra/ZimbraPreauthHelper.class */
public class ZimbraPreauthHelper implements Serviceable {
    private static final ZimbraPrefixResolver __PREFIX_RESOLVER = new ZimbraPrefixResolver();
    private static XPathProcessor _xPathProcessor;
    private static DOMParser _domParser;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ametys/plugins/zimbra/ZimbraPreauthHelper$ZimbraPrefixResolver.class */
    public static class ZimbraPrefixResolver implements PrefixResolver {
        private Map<String, String> _namespaces = Map.of("soap", "http://www.w3.org/2003/05/soap-envelope", "account", "urn:zimbraAccount");

        private ZimbraPrefixResolver() {
        }

        public String prefixToNamespace(String str) {
            return this._namespaces.get(str);
        }
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        _xPathProcessor = (XPathProcessor) serviceManager.lookup(XPathProcessor.ROLE);
        _domParser = (DOMParser) serviceManager.lookup(DOMParser.ROLE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String _doPreauthRequest(String str, String str2, String str3, CloseableHttpClient closeableHttpClient) {
        String valueOf = String.valueOf(System.currentTimeMillis());
        try {
            try {
                try {
                    try {
                        String str4 = "<soap:Envelope xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\">  <soap:Header>    <context xmlns=\"urn:zimbra\">    </context>  </soap:Header>  <soap:Body>    <AuthRequest xmlns=\"urn:zimbraAccount\">\n      <account by=\"name\">" + str2 + "</account>\n      <preauth timestamp=\"" + valueOf + "\" expires=\"0\">" + _getComputedPreauth(str2, valueOf, str3) + "</preauth>\n    </AuthRequest>  </soap:Body></soap:Envelope>";
                        HttpPost httpPost = new HttpPost(str + "/service/soap");
                        httpPost.setEntity(new StringEntity(str4, StandardCharsets.UTF_8));
                        CloseableHttpResponse execute = closeableHttpClient.execute(httpPost);
                        try {
                            Document parseDocument = _domParser.parseDocument(new InputSource(new StringReader(EntityUtils.toString(execute.getEntity()))));
                            String evaluateAsString = _xPathProcessor.evaluateAsString(parseDocument, "/soap:Envelope/soap:Body/soap:Fault/soap:Reason/soap:Text", __PREFIX_RESOLVER);
                            if (StringUtils.isNotBlank(evaluateAsString)) {
                                throw new MessagingConnectorException("Zimbra authentification failed for user " + str2 + " with message " + evaluateAsString, MessagingConnectorException.ExceptionType.CONFIGURATION_EXCEPTION);
                            }
                            String evaluateAsString2 = _xPathProcessor.evaluateAsString(parseDocument, "/soap:Envelope/soap:Body/account:AuthResponse/account:authToken", __PREFIX_RESOLVER);
                            if (StringUtils.isBlank(evaluateAsString2)) {
                                throw new MessagingConnectorException("Zimbra authentification failed for user " + str2, MessagingConnectorException.ExceptionType.CONFIGURATION_EXCEPTION);
                            }
                            if (execute != null) {
                                execute.close();
                            }
                            if (closeableHttpClient != null) {
                                closeableHttpClient.close();
                            }
                            return evaluateAsString2;
                        } catch (Throwable th) {
                            if (execute != null) {
                                try {
                                    execute.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } catch (Throwable th3) {
                        if (closeableHttpClient != null) {
                            try {
                                closeableHttpClient.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        }
                        throw th3;
                    }
                } catch (SocketTimeoutException | ConnectionPoolTimeoutException e) {
                    throw new MessagingConnectorException("There are already too many connections to zimbra server. Giving up to proceed to the Zimbra preauth action for user " + str2, MessagingConnectorException.ExceptionType.TIMEOUT, e);
                } catch (IOException | SAXException e2) {
                    throw new MessagingConnectorException("Unable to proceed to the Zimbra preauth action for user : " + str2, MessagingConnectorException.ExceptionType.UNKNOWN, e2);
                }
            } catch (UnknownHostException e3) {
                throw new MessagingConnectorException("Unknown host for zimbra server. Giving up to proceed to the Zimbra preauth action for user " + str2, MessagingConnectorException.ExceptionType.CONFIGURATION_EXCEPTION, e3);
            }
        } catch (Exception e4) {
            throw new MessagingConnectorException("Unable to compute the preauth key during the Zimbra preauth action for user : " + str2, MessagingConnectorException.ExceptionType.UNKNOWN, e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String _computeQueryString(String str, String str2, String str3) {
        String valueOf = String.valueOf(System.currentTimeMillis());
        try {
            String _getComputedPreauth = _getComputedPreauth(str, valueOf, str2);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("account", str));
            arrayList.add(new BasicNameValuePair("timestamp", valueOf));
            arrayList.add(new BasicNameValuePair("expires", "0"));
            arrayList.add(new BasicNameValuePair("preauth", _getComputedPreauth));
            if (str3 != null) {
                arrayList.add(new BasicNameValuePair("redirectURL", "/?app=" + str3));
            }
            return URLEncodedUtils.format(arrayList, StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new MessagingConnectorException("Unable to compute the preauth key during the Zimbra preauth action for user : " + str, MessagingConnectorException.ExceptionType.UNKNOWN, e);
        }
    }

    private static String _getComputedPreauth(String str, String str2, String str3) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(str3.getBytes(), "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(secretKeySpec);
        return new String(new Hex().encode(mac.doFinal(StringUtils.join(new String[]{str, "name", "0", str2}, '|').getBytes())), "UTF-8");
    }
}
