package org.asimba.util.saml2.nameid.handler;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.api.attribute.IAttributes;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import com.alfaariss.oa.util.saml2.NameIDFormatter;
import com.alfaariss.oa.util.saml2.SAML2Constants;
import java.security.MessageDigest;
import java.security.SecureRandom;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.asimba.util.saml2.nameid.INameIDFormatHandler;
import org.w3c.dom.Element;

/* loaded from: input_file:org/asimba/util/saml2/nameid/handler/DefaultPersistentFormatHandler.class */
public class DefaultPersistentFormatHandler implements INameIDFormatHandler {
    public static final String EL_OPAQUE = "opaque";
    public static final String EL_ATTR_ENABLED = "enabled";
    public static final String EL_ATTR_SALT = "salt";
    public static final String EL_ATTRIBUTE = "attribute";
    public static final String EL_ATTR_NAME = "name";
    public static final String EL_ATTR_REMOVE = "removeAfterUse";
    public static final String EL_IGNORE_REQUESTORCTX = "ignoreRequestorContext";
    public static final String EL_ATTR_VALUE = "value";
    private static final Log _oLogger = LogFactory.getLog(DefaultPersistentFormatHandler.class);
    protected NameIDFormatter _oParentFormatter;
    protected CryptoManager _oCrypoManager;
    protected SecureRandom _oSecureRandom;
    protected String _sAttributeName;
    protected boolean _bRemoveAfterUse;
    protected Boolean _bUseOpaque;
    protected String _sSalt;
    protected Boolean _bIgnoreRequestorContext;

    @Override // org.asimba.util.saml2.nameid.INameIDFormatHandler
    public String format(IUser iUser, String str, String str2, ISession iSession) throws OAException {
        String userAttributeValue = getUserAttributeValue(iUser, this._sAttributeName, this._bRemoveAfterUse);
        if (userAttributeValue == null) {
            userAttributeValue = iUser.getID();
        }
        if (this._bUseOpaque.booleanValue() && this._sSalt != null) {
            userAttributeValue = userAttributeValue + this._sSalt;
        }
        if (!this._bIgnoreRequestorContext.booleanValue()) {
            userAttributeValue = userAttributeValue + "!" + str;
        }
        if (this._bUseOpaque.booleanValue()) {
            userAttributeValue = getHash(userAttributeValue);
        }
        return userAttributeValue;
    }

    @Override // org.asimba.util.saml2.nameid.INameIDFormatHandler
    public void reformat(IUser iUser, String str, String str2, ISession iSession) throws OAException {
        if (this._bRemoveAfterUse) {
            iUser.getAttributes().remove(this._sAttributeName);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUserAttributeValue(IUser iUser, String str, boolean z) {
        String str2 = null;
        if (str != null) {
            IAttributes attributes = iUser.getAttributes();
            if (attributes == null || !attributes.contains(str)) {
                _oLogger.info("Attribute '" + str + "' is not available for user '" + iUser.getID() + "'");
            } else {
                str2 = (String) attributes.get(str);
                if (z) {
                    iUser.getAttributes().remove(str);
                }
            }
        }
        return str2;
    }

    protected String getHash(String str) throws OAException {
        MessageDigest messageDigest = this._oCrypoManager.getMessageDigest();
        try {
            messageDigest.update(str.getBytes(SAML2Constants.CHARSET));
            return new String(Hex.encodeHex(messageDigest.digest()));
        } catch (Exception e) {
            _oLogger.warn("Exception when calculating hash over '" + str + "'");
            throw new OAException(1);
        }
    }

    @Override // org.asimba.util.saml2.nameid.INameIDFormatHandler
    public void init(IConfigurationManager iConfigurationManager, Element element, NameIDFormatter nameIDFormatter) throws OAException {
        this._oParentFormatter = nameIDFormatter;
        this._bUseOpaque = false;
        this._sSalt = null;
        this._sAttributeName = null;
        this._bIgnoreRequestorContext = false;
        Element section = iConfigurationManager.getSection(element, EL_OPAQUE);
        if (section != null) {
            String param = iConfigurationManager.getParam(section, EL_ATTR_ENABLED);
            if ("TRUE".equalsIgnoreCase(param)) {
                this._bUseOpaque = true;
            } else if (!"FALSE".equalsIgnoreCase(param)) {
                _oLogger.warn("Invalid value for opaque@enabled: " + param);
            }
            String param2 = iConfigurationManager.getParam(section, EL_ATTR_SALT);
            if (param2 != null) {
                this._sSalt = param2;
            }
            _oLogger.info("Opaque set to " + this._bUseOpaque + "; salt configured as: " + (this._sSalt == null ? "not configured" : this._sSalt));
        } else {
            _oLogger.info("No opaque-setting configured; disabling opaque");
        }
        Element section2 = iConfigurationManager.getSection(element, "attribute");
        if (section2 != null) {
            String param3 = iConfigurationManager.getParam(section2, "name");
            if (param3 == null) {
                _oLogger.error("attribute@name must be configured for the element");
                throw new OAException(17);
            }
            this._sAttributeName = param3;
            String param4 = iConfigurationManager.getParam(section2, "removeAfterUse");
            if (param4 == null) {
                this._bRemoveAfterUse = false;
                _oLogger.info("Optional attribute@removeAfterUse is not configured, using default '" + this._bRemoveAfterUse + "'");
            }
            if ("TRUE".equalsIgnoreCase(param4)) {
                this._bRemoveAfterUse = true;
            } else if (!"FALSE".equalsIgnoreCase(param4)) {
                _oLogger.warn("Invalid value for attribute@removeAfterUse: " + param4);
            }
            _oLogger.info("Attributename set to " + this._sAttributeName + "; the value " + (this._bRemoveAfterUse ? "WILL" : "WILL NOT") + " be removed after use.");
        }
        Element section3 = iConfigurationManager.getSection(element, EL_IGNORE_REQUESTORCTX);
        if (section3 != null) {
            String param5 = iConfigurationManager.getParam(section3, "value");
            if ("TRUE".equalsIgnoreCase(param5)) {
                this._bIgnoreRequestorContext = true;
            } else if (!"FALSE".equalsIgnoreCase(param5)) {
                _oLogger.warn("Invalid value for ignoreRequestorContext@value: " + param5);
            }
        }
        _oLogger.info("Ignore Requestor in context set to: " + (this._bIgnoreRequestorContext.booleanValue() ? "TRUE" : "FALSE"));
        this._oCrypoManager = nameIDFormatter.getCryptoManager();
        this._oSecureRandom = this._oCrypoManager.getSecureRandom();
        if (this._sSalt != null) {
            this._oSecureRandom.setSeed(this._sSalt.getBytes());
        }
    }

    @Override // org.asimba.util.saml2.nameid.INameIDFormatHandler
    public boolean isDomainScoped() {
        return true;
    }

    @Override // org.asimba.util.saml2.nameid.INameIDFormatHandler
    public boolean isDomainUnique() {
        return false;
    }

    @Override // org.asimba.util.saml2.nameid.INameIDFormatHandler
    public String getDomain(IUser iUser, String str) {
        return str;
    }
}
