package org.asimba.custom.postauthz.authncontextattribute;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.api.attribute.IAttributes;
import com.alfaariss.oa.api.authentication.IAuthenticationContext;
import com.alfaariss.oa.api.authentication.IAuthenticationContexts;
import com.alfaariss.oa.api.authorization.IAuthorizationAction;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.authentication.AuthenticationContexts;
import com.alfaariss.oa.sso.authorization.web.IWebAuthorizationMethod;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:org/asimba/custom/postauthz/authncontextattribute/AuthnContextToUserAttributes.class */
public class AuthnContextToUserAttributes implements IWebAuthorizationMethod {
    private Log _oLogger = LogFactory.getLog(AuthnContextToUserAttributes.class);
    public static final String EL_ENABLED = "enabled";
    public static final String EL_ID = "id";
    public static final String EL_FRIENDLYNAME = "friendlyname";
    public static final String EL_ATTRIBUTES = "attributes";
    public static final String EL_ATTRIBUTE = "attribute";
    private String _sID;
    private String _sFriendlyname;
    private boolean _enabled;
    private List<ACAttribute> _lConfiguredAttributes;

    public String getID() {
        return this._sID;
    }

    public String getFriendlyName() {
        return this._sFriendlyname;
    }

    public boolean isEnabled() {
        return this._enabled;
    }

    public String getAuthority() {
        return null;
    }

    public UserEvent authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException {
        if (!this._enabled) {
            this._oLogger.debug("AuthnContextToUserAttributes '" + this._sID + "' was disabled; skipping.");
            return UserEvent.AUTHZ_METHOD_SUCCESSFUL;
        }
        if (this._lConfiguredAttributes == null) {
            this._oLogger.debug("No AuthnContext attributes processed.");
            return UserEvent.AUTHZ_METHOD_SUCCESSFUL;
        }
        IAuthenticationContexts iAuthenticationContexts = (IAuthenticationContexts) iSession.getAttributes().get(AuthenticationContexts.class, "authcontexts");
        if (iAuthenticationContexts == null) {
            this._oLogger.debug("Trying to get AuthenticationContexts from TGT ...");
            String tGTId = iSession.getTGTId();
            if (tGTId != null) {
                ITGT retrieve = Engine.getInstance().getTGTFactory().retrieve(tGTId);
                if (retrieve != null) {
                    iAuthenticationContexts = (IAuthenticationContexts) retrieve.getAttributes().get(AuthenticationContexts.class, "authcontexts");
                }
            } else {
                this._oLogger.warn("Could not find TGT for Session, so no AuthenticationContext was resolved!");
            }
        }
        if (iAuthenticationContexts == null) {
            this._oLogger.warn("No AuthenticationContext was resolved - will fail on required attributes!");
        }
        IAttributes attributes = iSession.getUser().getAttributes();
        for (ACAttribute aCAttribute : this._lConfiguredAttributes) {
            String attributeValue = getAttributeValue(aCAttribute, iAuthenticationContexts);
            if (attributeValue != null) {
                attributes.put(aCAttribute.getDest(), attributeValue);
            } else {
                this._oLogger.debug("No value established for " + aCAttribute.getAuthnMethodID() + ":" + aCAttribute.getSrc());
                if (aCAttribute.isRequired()) {
                    this._oLogger.info("Failing Authorization because attribute '" + aCAttribute.getSrc() + "' is required.");
                    return UserEvent.AUTHZ_METHOD_FAILED;
                }
            }
        }
        return UserEvent.AUTHZ_METHOD_SUCCESSFUL;
    }

    public void start(IConfigurationManager iConfigurationManager, Element element, Map<String, IAuthorizationAction> map) throws OAException {
        this._oLogger.trace("start() called.");
        this._enabled = true;
        String param = iConfigurationManager.getParam(element, EL_ENABLED);
        if (param != null) {
            this._enabled = Boolean.valueOf(param).booleanValue();
        }
        this._sID = iConfigurationManager.getParam(element, EL_ID);
        if (this._sID == null || "".equals(this._sID)) {
            this._oLogger.error("No 'id' found for authorization method");
            throw new OAException(17);
        }
        this._sFriendlyname = iConfigurationManager.getParam(element, EL_FRIENDLYNAME);
        if (this._sFriendlyname == null) {
            this._oLogger.error("No 'friendlyname' found for authorization method");
            throw new OAException(17);
        }
        this._lConfiguredAttributes = null;
        if (this._enabled) {
            Element section = iConfigurationManager.getSection(element, EL_ATTRIBUTES);
            if (section == null) {
                this._oLogger.info("No attributes configured for AuthnContextToUserAttributes: no processing.");
                return;
            }
            readAttributes(iConfigurationManager, section);
        }
        this._oLogger.info("Initialized AuthnContextToUserAttributes (enabled: " + this._enabled + ")");
    }

    public void stop() {
        this._oLogger.trace("stop() called.");
        this._lConfiguredAttributes.clear();
    }

    private void readAttributes(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        this._lConfiguredAttributes = new ArrayList();
        Element section = iConfigurationManager.getSection(element, EL_ATTRIBUTE);
        while (true) {
            Element element2 = section;
            if (element2 == null) {
                return;
            }
            ACAttribute fromConfig = ACAttribute.fromConfig(iConfigurationManager, element2);
            if (fromConfig == null) {
                throw new OAException(17);
            }
            this._lConfiguredAttributes.add(fromConfig);
            section = iConfigurationManager.getNextSection(element2);
        }
    }

    private String getAttributeValue(ACAttribute aCAttribute, IAuthenticationContexts iAuthenticationContexts) {
        if (iAuthenticationContexts == null) {
            if (aCAttribute.isRequired()) {
                return null;
            }
            return aCAttribute.getDefault();
        }
        IAuthenticationContext authenticationContext = iAuthenticationContexts.getAuthenticationContext(aCAttribute.getAuthnMethodID());
        if (authenticationContext == null) {
            if (aCAttribute.isRequired()) {
                return null;
            }
            return aCAttribute.getDefault();
        }
        String str = authenticationContext.get(aCAttribute.getSrc());
        if (str == null) {
            str = aCAttribute.getDefault();
        }
        return str;
    }
}
