package org.ifsoft.sso;

import com.j256.twofactorauth.TimeBasedOneTimePasswordUtil;
import gov.nist.core.Separators;
import gov.nist.javax.sip.parser.TokenNames;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.time.Duration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.eclipse.jetty.ee8.nested.Request;
import org.glassfish.jersey.jackson.internal.jackson.jaxrs.json.JacksonJsonProvider;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.group.Group;
import org.jivesoftware.openfire.group.GroupManager;
import org.jivesoftware.openfire.group.GroupNotFoundException;
import org.jivesoftware.openfire.http.HttpBindManager;
import org.jivesoftware.openfire.user.User;
import org.jivesoftware.openfire.user.UserManager;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/ofmeet-0.9.7.jar:org/ifsoft/sso/SmartIdCardCert.class */
public class SmartIdCardCert extends HttpServlet {
    private static final Logger Log = LoggerFactory.getLogger((Class<?>) SmartIdCardCert.class);

    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Principal subjectDN;
        try {
            XMPPServer.getInstance().getServerInfo().getHostname();
            String xMPPDomain = XMPPServer.getInstance().getServerInfo().getXMPPDomain();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute(Request.PEER_CERTIFICATES);
            if (x509CertificateArr != null && x509CertificateArr.length > 1 && (subjectDN = x509CertificateArr[0].getSubjectDN()) != null) {
                String name = subjectDN.getName();
                String str = null;
                String str2 = null;
                String str3 = null;
                String str4 = null;
                String str5 = null;
                String str6 = null;
                Log.debug("SmartIdCardCert servlet: Found subject DN " + name);
                for (String str7 : name.split(",")) {
                    String[] split = str7.split(Separators.EQUALS);
                    if (split.length >= 2) {
                        String trim = split[0].trim();
                        String trim2 = split[1].trim();
                        if ("OU".equals(trim)) {
                            str4 = trim2;
                        }
                        if (TokenNames.O.equals(trim)) {
                            str5 = trim2;
                        }
                        if (TokenNames.C.equals(trim)) {
                            str6 = trim2;
                        }
                        if ("SERIALNUMBER".equals(trim)) {
                            str = trim2;
                        }
                        if ("GIVENNAME".equals(trim)) {
                            str2 = trim2;
                        }
                        if ("SURNAME".equals(trim)) {
                            str3 = trim2;
                        }
                    }
                }
                if ("EE".equals(str6) && "ESTEID (DIGI-ID E-RESIDENT)".equals(str5) && "authentication".equals(str4)) {
                    String str8 = str2 + " " + str3;
                    String str9 = str + "@" + xMPPDomain;
                    JSONObject jSONObject = new JSONObject();
                    jSONObject.put("firstname", str2);
                    jSONObject.put("lastname", str3);
                    jSONObject.put("email", str9);
                    jSONObject.put("idcode", str);
                    String generateBase32Secret = TimeBasedOneTimePasswordUtil.generateBase32Secret();
                    Password.passwords.put(str, generateBase32Secret);
                    jSONObject.put("password", generateBase32Secret);
                    UserManager userManager = XMPPServer.getInstance().getUserManager();
                    User user = null;
                    try {
                        user = userManager.getUser(str);
                        user.setPassword(generateBase32Secret);
                        Log.debug("SmartIdCardCert servlet: Found user " + str + " " + str8);
                    } catch (UserNotFoundException e) {
                        try {
                            Log.debug("SmartIdCardCert servlet: Creating user " + str + " " + str8 + " " + str9);
                            user = userManager.createUser(str, generateBase32Secret, str8, str9);
                            Group group = null;
                            String property = JiveGlobals.getProperty("ofchat.smartid.groupname", "smartid");
                            String property2 = JiveGlobals.getProperty("ofchat.smartid.groupname", "Smart ID");
                            try {
                                group = GroupManager.getInstance().getGroup(property);
                            } catch (GroupNotFoundException e2) {
                                try {
                                    group = GroupManager.getInstance().createGroup(property);
                                    group.getProperties().put("sharedRoster.showInRoster", "onlyGroup");
                                    group.getProperties().put("sharedRoster.displayName", property2);
                                    group.getProperties().put("sharedRoster.groupList", "");
                                } catch (Exception e3) {
                                }
                            }
                            if (group != null) {
                                group.getMembers().add(XMPPServer.getInstance().createJID(str, (String) null));
                            }
                        } catch (Exception e4) {
                            Log.error("Config servlet: Failed creating user " + str, (Throwable) e4);
                        }
                    } catch (Exception e5) {
                        Log.error("Config servlet: Failed finding user " + str, (Throwable) e5);
                    }
                    if (user != null) {
                        writeHeader(httpServletResponse);
                        httpServletResponse.getOutputStream().println(jSONObject.toString());
                        return;
                    }
                }
            }
        } catch (Exception e6) {
            Log.error("SmartIdCardCert Servlet Error", (Throwable) e6);
        }
        writeHeader(httpServletResponse);
        httpServletResponse.getOutputStream().println("{\"status\":\"ERROR\"}");
    }

    private void writeHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        httpServletResponse.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        httpServletResponse.addHeader("Cache-Control", "post-check=0, pre-check=0");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Content-Type", JacksonJsonProvider.MIME_JAVASCRIPT);
        httpServletResponse.setHeader("Connection", "close");
        HttpBindManager.getInstance();
        httpServletResponse.setHeader("Access-Control-Allow-Methods", String.join(",", (Iterable<? extends CharSequence>) HttpBindManager.HTTP_BIND_CORS_ALLOW_METHODS.getValue()));
        httpServletResponse.setHeader("Access-Control-Allow-Headers", String.join(",", String.valueOf(HttpBindManager.HTTP_BIND_CORS_ALLOW_HEADERS.getValue()) + ", Authorization"));
        httpServletResponse.setHeader("Access-Control-Max-Age", String.valueOf(((Duration) HttpBindManager.HTTP_BIND_CORS_MAX_AGE.getValue()).toSeconds()));
        httpServletResponse.setHeader("Access-Control-Allow-Origin", String.valueOf(HttpBindManager.HTTP_BIND_ALLOWED_ORIGINS.getDefaultValue()));
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
    }
}
