package org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.impl;

import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.servlet.ServletContext;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.ws.BindingType;
import javax.xml.ws.Holder;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.soap.Addressing;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxws.context.WrappedMessageContext;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementServiceImpl;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
import org.wso2.carbon.device.mgt.mobile.windows.api.common.PluginConstants;
import org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.CertificateGenerationException;
import org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.SyncmlMessageFormatException;
import org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.WAPProvisioningException;
import org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.WindowsDeviceEnrolmentException;
import org.wso2.carbon.device.mgt.mobile.windows.api.common.util.DeviceUtil;
import org.wso2.carbon.device.mgt.mobile.windows.api.common.util.WindowsAPIUtils;
import org.wso2.carbon.device.mgt.mobile.windows.api.operations.util.SyncmlCredentialUtil;
import org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.EnrollmentService;
import org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.beans.AdditionalContext;
import org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.beans.BinarySecurityToken;
import org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.beans.ContextItem;
import org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.beans.RequestSecurityTokenResponse;
import org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.beans.RequestedSecurityToken;
import org.wso2.carbon.device.mgt.mobile.windows.api.services.syncml.beans.WindowsDevice;
import org.wso2.carbon.device.mgt.mobile.windows.impl.dto.MobileCacheEntry;
import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
import org.xml.sax.SAXException;

@Addressing(enabled = true, required = true)
@BindingType("http://www.w3.org/2003/05/soap/bindings/HTTP/")
@WebService(endpointInterface = PluginConstants.ENROLLMENT_SERVICE_ENDPOINT, targetNamespace = PluginConstants.DEVICE_ENROLLMENT_SERVICE_TARGET_NAMESPACE)
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.class */
public class EnrollmentServiceImpl implements EnrollmentService {
    private static Log log = LogFactory.getLog(EnrollmentServiceImpl.class);
    private String pollingFrequency;
    private String provisioningURL;
    private String domain;

    @Resource
    private WebServiceContext context;

    @Override // org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.EnrollmentService
    public void requestSecurityToken(String str, String str2, String str3, AdditionalContext additionalContext, Holder<RequestSecurityTokenResponse> holder) throws WindowsDeviceEnrolmentException, UnsupportedEncodingException, WAPProvisioningException {
        String str4 = null;
        String str5 = null;
        for (Header header : getHeaders()) {
            String localPart = header.getName().getLocalPart();
            if ("Security".equals(localPart)) {
                str4 = ((Element) header.getObject()).getFirstChild().getFirstChild().getTextContent();
            }
            if ("To".equals(localPart)) {
                str5 = ((Element) header.getObject()).getFirstChild().getTextContent();
            }
        }
        try {
            enrollDevice(additionalContext, str4);
            this.domain = str5.split("(/ENROLLMENTSERVER)")[0].split("(EnterpriseEnrollment.)")[1];
            this.provisioningURL = "https://EnterpriseEnrollment." + this.domain + PluginConstants.CertificateEnrolment.SYNCML_PROVISIONING_WIN10_SERVICE_URL;
            try {
                try {
                    try {
                        List<ConfigurationEntry> tenantConfigurationData = WindowsAPIUtils.getTenantConfigurationData();
                        if (tenantConfigurationData != null) {
                            for (ConfigurationEntry configurationEntry : tenantConfigurationData) {
                                if (PluginConstants.TenantConfigProperties.NOTIFIER_FREQUENCY.equals(configurationEntry.getName())) {
                                    this.pollingFrequency = configurationEntry.getValue().toString();
                                } else {
                                    this.pollingFrequency = PluginConstants.TenantConfigProperties.DEFAULT_FREQUENCY;
                                }
                            }
                        } else {
                            this.pollingFrequency = PluginConstants.TenantConfigProperties.DEFAULT_FREQUENCY;
                            log.error("Tenant configurations are not initialized yet.");
                        }
                        File file = (File) ((ServletContext) this.context.getMessageContext().get("javax.xml.ws.servlet.context")).getAttribute(PluginConstants.CONTEXT_WAP_PROVISIONING_FILE);
                        if (log.isDebugEnabled()) {
                            log.debug("Received CSR from Device:" + str3);
                        }
                        String path = file.getPath();
                        RequestSecurityTokenResponse requestSecurityTokenResponse = new RequestSecurityTokenResponse();
                        requestSecurityTokenResponse.setTokenType(PluginConstants.CertificateEnrolment.TOKEN_TYPE);
                        String prepareWapProvisioningXML = prepareWapProvisioningXML(str3, path, str4);
                        RequestedSecurityToken requestedSecurityToken = new RequestedSecurityToken();
                        BinarySecurityToken binarySecurityToken = new BinarySecurityToken();
                        binarySecurityToken.setValueType(PluginConstants.CertificateEnrolment.VALUE_TYPE);
                        binarySecurityToken.setEncodingType(PluginConstants.CertificateEnrolment.ENCODING_TYPE);
                        binarySecurityToken.setToken(prepareWapProvisioningXML);
                        requestedSecurityToken.setBinarySecurityToken(binarySecurityToken);
                        requestSecurityTokenResponse.setRequestedSecurityToken(requestedSecurityToken);
                        requestSecurityTokenResponse.setRequestID(0);
                        holder.value = requestSecurityTokenResponse;
                    } catch (WAPProvisioningException e) {
                        log.error("Problem occurred while generating wap-provisioning file.", e);
                        throw new WindowsDeviceEnrolmentException("Problem occurred while generating wap-provisioning file.", (Exception) e);
                    }
                } catch (CertificateGenerationException e2) {
                    log.error("Problem occurred while generating certificate.", e2);
                    throw new WindowsDeviceEnrolmentException("Problem occurred while generating certificate.", (Exception) e2);
                } catch (DeviceManagementException e3) {
                    log.error("Error occurred while getting tenant configurations.");
                    throw new WindowsDeviceEnrolmentException("Error occurred while getting tenant configurations.", (Exception) e3);
                }
            } finally {
                PrivilegedCarbonContext.endTenantFlow();
            }
        } catch (PolicyManagementException e4) {
            throw new WindowsDeviceEnrolmentException("Error occurred while enforcing windows policies.");
        } catch (DeviceManagementException e5) {
            throw new WindowsDeviceEnrolmentException("Error occurred while enrolling the device.");
        }
    }

    private String convertDocumentToString(Document document) throws TransformerException {
        DOMSource dOMSource = new DOMSource(document);
        StringWriter stringWriter = new StringWriter();
        TransformerFactory.newInstance().newTransformer().transform(dOMSource, new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    private String prepareWapProvisioningXML(String str, String str2, String str3) throws CertificateGenerationException, WAPProvisioningException, WindowsDeviceEnrolmentException {
        CertificateManagementServiceImpl certificateManagementServiceImpl = CertificateManagementServiceImpl.getInstance();
        Base64 base64 = new Base64();
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateManagementServiceImpl.getCACertificate();
            String encodeAsString = base64.encodeAsString(x509Certificate.getEncoded());
            X509Certificate signedCertificateFromCSR = certificateManagementServiceImpl.getSignedCertificateFromCSR(str);
            String encodeAsString2 = base64.encodeAsString(signedCertificateFromCSR.getEncoded());
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
            Document parse = newInstance.newDocumentBuilder().parse(str2);
            NodeList elementsByTagName = parse.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM);
            Node item = elementsByTagName.item(0);
            item.getParentNode().getAttributes().getNamedItem("type").setTextContent(String.valueOf(DigestUtils.sha1Hex(x509Certificate.getEncoded())).toUpperCase());
            Node namedItem = item.getAttributes().getNamedItem("value");
            String replaceAll = encodeAsString.replaceAll("\n", "");
            namedItem.setTextContent(replaceAll);
            if (log.isDebugEnabled()) {
                log.debug("Root certificate: " + replaceAll);
            }
            Node item2 = elementsByTagName.item(1);
            item2.getParentNode().getAttributes().getNamedItem("type").setTextContent(String.valueOf(DigestUtils.sha1Hex(signedCertificateFromCSR.getEncoded())).toUpperCase());
            Node namedItem2 = item2.getAttributes().getNamedItem("value");
            String replaceAll2 = encodeAsString2.replaceAll("\n", "");
            namedItem2.setTextContent(replaceAll2);
            if (log.isDebugEnabled()) {
                log.debug("Signed certificate: " + replaceAll2);
            }
            elementsByTagName.item(7).getAttributes().getNamedItem("value").setTextContent(this.domain);
            elementsByTagName.item(8).getAttributes().getNamedItem("value").setTextContent(this.provisioningURL);
            Node namedItem3 = elementsByTagName.item(21).getAttributes().getNamedItem("value");
            String requestedUser = getRequestedUser(str3);
            namedItem3.setTextContent(requestedUser);
            DeviceUtil.removeTokenEntry(str3);
            String generateRandomToken = DeviceUtil.generateRandomToken();
            elementsByTagName.item(22).getAttributes().getNamedItem("value").setTextContent(generateRandomToken);
            DeviceUtil.persistChallengeToken(SyncmlCredentialUtil.generateRST(requestedUser, generateRandomToken), null, requestedUser);
            elementsByTagName.item(24).getAttributes().getNamedItem("value").setTextContent(this.pollingFrequency);
            return base64.encodeAsString(convertDocumentToString(parse).getBytes());
        } catch (KeystoreException e) {
            throw new CertificateGenerationException("CA certificate cannot be generated.", (Exception) e);
        } catch (IOException e2) {
            throw new WAPProvisioningException("Error occurred while getting wap-provisioning.xml file.", (Exception) e2);
        } catch (CertificateEncodingException e3) {
            throw new WindowsDeviceEnrolmentException("Error occurred while encoding certificates.", (Exception) e3);
        } catch (ParserConfigurationException e4) {
            throw new WAPProvisioningException("Problem occurred while creating configuration request", (Exception) e4);
        } catch (TransformerException e5) {
            throw new WAPProvisioningException("Error occurred while transforming wap-provisioning.xml file.", (Exception) e5);
        } catch (SyncmlMessageFormatException e6) {
            throw new WindowsDeviceEnrolmentException("Error occurred while generating password hash value.", (Exception) e6);
        } catch (SAXException e7) {
            throw new WAPProvisioningException("Error occurred while parsing wap-provisioning.xml file.", (Exception) e7);
        }
    }

    private List<Header> getHeaders() {
        MessageContext messageContext = this.context.getMessageContext();
        if (messageContext == null || !(messageContext instanceof WrappedMessageContext)) {
            return null;
        }
        return CastUtils.cast((List<?>) ((WrappedMessageContext) messageContext).getWrappedMessage().get(Header.HEADER_LIST));
    }

    private String getRequestedUser(String str) {
        MobileCacheEntry mobileCacheEntry = null;
        try {
            mobileCacheEntry = DeviceUtil.getTokenEntry(str);
        } catch (WindowsDeviceEnrolmentException e) {
        }
        return mobileCacheEntry.getUsername();
    }

    private Device generateDevice(WindowsDevice windowsDevice) {
        Device device = new Device();
        Device.Property property = new Device.Property();
        property.setName(PluginConstants.SyncML.OS_VERSION);
        property.setValue(windowsDevice.getOsVersion());
        Device.Property property2 = new Device.Property();
        property2.setName(PluginConstants.SyncML.IMSI);
        property2.setValue(windowsDevice.getImsi());
        Device.Property property3 = new Device.Property();
        property3.setName(PluginConstants.SyncML.IMEI);
        property3.setValue(windowsDevice.getImei());
        ArrayList arrayList = new ArrayList();
        arrayList.add(property);
        arrayList.add(property2);
        arrayList.add(property3);
        EnrolmentInfo enrolmentInfo = new EnrolmentInfo();
        enrolmentInfo.setOwner(windowsDevice.getUser());
        enrolmentInfo.setOwnership(EnrolmentInfo.OwnerShip.BYOD);
        enrolmentInfo.setStatus(EnrolmentInfo.Status.ACTIVE);
        device.setEnrolmentInfo(enrolmentInfo);
        device.setDeviceIdentifier(windowsDevice.getDeviceId());
        device.setProperties(arrayList);
        device.setType(windowsDevice.getDeviceType());
        device.setName(windowsDevice.getDeviceName());
        return device;
    }

    private void enrollDevice(AdditionalContext additionalContext, String str) throws DeviceManagementException, PolicyManagementException {
        WindowsDevice windowsDevice = new WindowsDevice();
        windowsDevice.setDeviceType("windows");
        windowsDevice.setUser(getRequestedUser(str));
        for (ContextItem contextItem : additionalContext.getcontextitem()) {
            if (PluginConstants.WindowsEnrollmentProperties.DEVICE_ID.equals(contextItem.getName())) {
                windowsDevice.setDeviceId(contextItem.getValue());
            }
            if (PluginConstants.WindowsEnrollmentProperties.DEVICE_NAME.equals(contextItem.getName())) {
                windowsDevice.setDeviceName(contextItem.getValue());
            }
            if (PluginConstants.WindowsEnrollmentProperties.IMEI.equals(contextItem.getName())) {
                windowsDevice.setImei(contextItem.getValue());
            }
            if (PluginConstants.WindowsEnrollmentProperties.DEVICE_VERSION.equals(contextItem.getName())) {
                windowsDevice.setOsVersion(contextItem.getValue());
            }
        }
        Device generateDevice = generateDevice(windowsDevice);
        WindowsAPIUtils.getDeviceManagementService().enrollDevice(generateDevice);
        WindowsAPIUtils.getPolicyManagerService().getEffectivePolicy(new DeviceIdentifier(windowsDevice.getDeviceId(), generateDevice.getType()));
    }
}
