package com.alfaariss.oa.util.saml2;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import com.alfaariss.oa.engine.core.tgt.factory.ITGTAliasStore;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.asimba.util.saml2.nameid.INameIDFormatHandler;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/util/saml2/NameIDFormatter.class */
public class NameIDFormatter {
    public static final String EL_ATTR_DEFAULT = "default";
    public static final String EL_FORMAT = "format";
    public static final String EL_ID = "id";
    public static final String EL_CLASS = "class";
    public static final String SAML20_UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified";
    public static final String TYPE_ALIAS_TGT = "session_index";
    private CryptoManager _oCryptoManager;
    private ITGTAliasStore _oTGTAliasStore;
    protected Map<String, INameIDFormatHandler> _mFormatHandlers;
    private String _sDefaultFormat;
    protected static final Map<String, String> mFormatDefaultClass = createFormatDefaultClassMap();
    protected static final Map<String, String> mFormatToType = createFormatToTypeMap();
    private static final Log _oLogger = LogFactory.getLog(NameIDFormatter.class);

    public NameIDFormatter(IConfigurationManager iConfigurationManager, Element element, CryptoManager cryptoManager, ITGTAliasStore iTGTAliasStore) throws OAException {
        try {
            this._oTGTAliasStore = iTGTAliasStore;
            this._oCryptoManager = cryptoManager;
            this._mFormatHandlers = readFormatConfig(iConfigurationManager, element);
        } catch (OAException e) {
            throw e;
        } catch (Exception e2) {
            _oLogger.error("Exception when creating object instance: ", e2);
            throw new OAException(1);
        }
    }

    public NameIDFormatter(CryptoManager cryptoManager, ITGTAliasStore iTGTAliasStore) throws OAException {
        try {
            this._oTGTAliasStore = iTGTAliasStore;
            this._oCryptoManager = cryptoManager;
            this._mFormatHandlers = new HashMap();
            this._sDefaultFormat = null;
        } catch (Exception e) {
            _oLogger.error("Exception when creating default object instance: ", e);
            throw new OAException(1);
        }
    }

    public CryptoManager getCryptoManager() {
        return this._oCryptoManager;
    }

    public String getDefault() {
        return this._sDefaultFormat;
    }

    public boolean isSupported(String str) {
        return this._mFormatHandlers.keySet().contains(str);
    }

    public String format(IUser iUser, String str, String str2, String str3) throws OAException {
        if (iUser == null) {
            throw new IllegalArgumentException("Supplied user is empty");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Supplied Entity ID is empty");
        }
        if (str == null) {
            throw new IllegalArgumentException("Supplied NameIDFormat is empty");
        }
        if (this._mFormatHandlers.get(str) == null) {
            _oLogger.error("Request for formatting unsupported NameIDFormat: '" + str + "'");
            throw new OAException(1);
        }
        try {
            if (mFormatToType.get(str) != null) {
                return generate(str, iUser, str2, str3, null);
            }
            _oLogger.error("Unsupported NameID Format requested: " + str);
            throw new OAException(1);
        } catch (Exception e) {
            _oLogger.fatal("Could not generate name ID format", e);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    public boolean verify(String str, String str2, String str3, String str4) throws OAException {
        try {
            String str5 = mFormatToType.get(str);
            if (str5 == null) {
                _oLogger.debug("Unsupported NameID Format requested: " + str);
                return false;
            }
            String alias = this._oTGTAliasStore.getAlias(str5, str3, str4);
            if (alias == null) {
                return false;
            }
            return alias.equals(str2);
        } catch (Exception e) {
            _oLogger.fatal("Could not verify Name ID", e);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    public String resolve(String str, String str2, String str3) throws OAException {
        try {
            String str4 = mFormatToType.get(str);
            if (str4 != null) {
                return this._oTGTAliasStore.getAlias(str4, str2, str3);
            }
            _oLogger.debug("Unsupported NameID Format requested: " + str);
            return null;
        } catch (Exception e) {
            _oLogger.fatal("Could not resolve Name ID", e);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    public boolean exists(String str, String str2, String str3) throws OAException {
        try {
            String str4 = mFormatToType.get(str);
            if (str4 != null) {
                return this._oTGTAliasStore.isAlias(str4, str2, str3);
            }
            _oLogger.debug("Unsupported NameID Format requested: " + str);
            return false;
        } catch (Exception e) {
            _oLogger.error("Unable to verify alias '" + str3 + "'for '" + str2 + "' and type '" + str);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    public String resolveTGTID(String str, String str2, String str3) throws OAException {
        try {
            String str4 = mFormatToType.get(str);
            if (str4 != null) {
                return this._oTGTAliasStore.getTGTID(str4, str2, str3);
            }
            _oLogger.debug("Unsupported NameID Format requested: " + str);
            return null;
        } catch (Exception e) {
            _oLogger.error("Unable to find TGT with alias '" + str3 + "'for '" + str2 + "' and type '" + str);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    public void store(String str, String str2, String str3, String str4) throws OAException {
        try {
            String str5 = mFormatToType.get(str2);
            if (str5 == null) {
                _oLogger.debug("Unsupported NameID Format requested: " + str2);
            } else {
                this._oTGTAliasStore.putAlias(str5, str3, str, str4);
            }
        } catch (OAException e) {
            throw e;
        } catch (Exception e2) {
            _oLogger.error("Unable to store alias '" + str4 + "'for '" + str3 + "' and type '" + str2 + " with TGT '" + str + "'");
            throw new OAException(1);
        }
    }

    public void remove(String str, String str2, String str3) throws OAException {
        try {
            String str4 = mFormatToType.get(str);
            if (str4 == null) {
                _oLogger.debug("Unsupported NameID Format requested: " + str);
            } else {
                this._oTGTAliasStore.removeAlias(str4, str2, str3);
            }
        } catch (Exception e) {
            _oLogger.error("Unable to remove alias '" + str3 + "'for '" + str2 + "' and type '" + str);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    private String generate(String str, IUser iUser, String str2, String str3, ISession iSession) throws OAException {
        INameIDFormatHandler iNameIDFormatHandler = this._mFormatHandlers.get(str);
        String str4 = str2;
        String str5 = null;
        String str6 = mFormatToType.get(str);
        if (iNameIDFormatHandler.isDomainScoped()) {
            str4 = iNameIDFormatHandler.getDomain(iUser, str2);
            if (str3 != null) {
                str5 = this._oTGTAliasStore.getAlias(str6, str4, str3);
            }
        }
        if (str5 == null) {
            int i = 0;
            do {
                str5 = iNameIDFormatHandler.format(iUser, str4, str3, iSession);
                i++;
                if (i >= 100 || !iNameIDFormatHandler.isDomainUnique()) {
                    break;
                }
            } while (this._oTGTAliasStore.isAlias(str6, str4, str5));
            if (i >= 100) {
                _oLogger.error("Giving up; can not create unique NameID value within context of '" + str4 + "': '" + str5 + "'");
                throw new OAException(1);
            }
        } else {
            iNameIDFormatHandler.reformat(iUser, str2, str3, iSession);
        }
        if (iNameIDFormatHandler.isDomainScoped() && str3 != null) {
            this._oTGTAliasStore.putAlias(str6, str4, str3, str5);
        }
        return str5;
    }

    private Map<String, INameIDFormatHandler> readFormatConfig(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        HashMap hashMap = new HashMap();
        String str = null;
        Element section = iConfigurationManager.getSection(element, EL_FORMAT);
        while (true) {
            Element element2 = section;
            if (element2 == null) {
                this._sDefaultFormat = null;
                String param = iConfigurationManager.getParam(element, EL_ATTR_DEFAULT);
                if (param != null) {
                    if (!hashMap.keySet().contains(param)) {
                        _oLogger.error("The configured default NameID type is not supported: '" + param + "'");
                        throw new OAException(17);
                    }
                    this._sDefaultFormat = param;
                }
                if (this._sDefaultFormat == null) {
                    _oLogger.info("Using '" + str + "' as default NameID Format type");
                    this._sDefaultFormat = str;
                }
                return hashMap;
            }
            String param2 = iConfigurationManager.getParam(element2, "id");
            if (param2 == null) {
                _oLogger.error("No @id specified with NameID format");
                throw new OAException(17);
            }
            if (str == null) {
                str = param2;
            }
            String param3 = iConfigurationManager.getParam(element2, EL_CLASS);
            if (param3 == null) {
                param3 = mFormatDefaultClass.get(param2);
            }
            if (param3 == null) {
                _oLogger.error("No implementation could be found to handle NameID format type '" + param2 + "'");
                throw new OAException(17);
            }
            INameIDFormatHandler createHandler = createHandler(param3);
            createHandler.init(iConfigurationManager, element2, this);
            hashMap.put(param2, createHandler);
            _oLogger.info("NameIDFormat type '" + param2 + "' support added through " + param3);
            section = iConfigurationManager.getNextSection(element2);
        }
    }

    private INameIDFormatHandler createHandler(String str) throws OAException {
        try {
            try {
                return (INameIDFormatHandler) Class.forName(str).newInstance();
            } catch (Exception e) {
                _oLogger.error("Could not create an 'INameIDFormatHandler' instance of class with name '" + str + "'", e);
                throw new OAException(17);
            }
        } catch (Exception e2) {
            _oLogger.error("No 'class' found with name: " + str, e2);
            throw new OAException(17);
        }
    }

    private static Map<String, String> createFormatDefaultClassMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "org.asimba.util.saml2.nameid.handler.DefaultUnspecifiedFormatHandler");
        hashMap.put("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "org.asimba.util.saml2.nameid.handler.AttributeFormatHandler");
        hashMap.put("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "org.asimba.util.saml2.nameid.handler.DefaultX509SubjectNameHandler");
        hashMap.put("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", "org.asimba.util.saml2.nameid.handler.DefaultWindowsDomainQualifiedNameHandler");
        hashMap.put("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", "org.asimba.util.saml2.nameid.handler.DefaultKerberosPrincipalNameHandler");
        hashMap.put("urn:oasis:names:tc:SAML:2.0:nameid-format:entity", "org.asimba.util.saml2.nameid.handler.DefaultEntityIdentifierHandler");
        hashMap.put("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "org.asimba.util.saml2.nameid.handler.DefaultPersistentFormatHandler");
        hashMap.put("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "org.asimba.util.saml2.nameid.handler.DefaultTransientFormatHandler");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, String> createFormatToTypeMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "transient_user_id");
        hashMap.put("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "persistent_user_id");
        hashMap.put("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "unspecified11_user_id");
        hashMap.put(SAML20_UNSPECIFIED, "unspecified20_user_id");
        hashMap.put("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "email_user_id");
        return Collections.unmodifiableMap(hashMap);
    }
}
