package com.alfaariss.oa.sso.authorization.web;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.api.IComponent;
import com.alfaariss.oa.api.IOptional;
import com.alfaariss.oa.api.attribute.ISessionAttributes;
import com.alfaariss.oa.api.authorization.IAuthorizationAction;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.logging.IAuthority;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.authorization.AuthorizationMethod;
import com.alfaariss.oa.engine.core.authorization.AuthorizationProfile;
import com.alfaariss.oa.engine.core.authorization.factory.IAuthorizationFactory;
import com.alfaariss.oa.engine.core.requestor.RequestorPool;
import com.alfaariss.oa.sso.SSOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/sso/authorization/web/PreAuthorizationManager.class */
public class PreAuthorizationManager implements IComponent, IOptional, IAuthority {
    private IConfigurationManager _configManager;
    private IAuthorizationFactory _oPreAuthorizationFactory;
    private AuthorizationProfile _oGlobalAuthorizationProfile;
    private final String SESSION_CURRENT_PROFILE = "PRE_AUTHZ_PROFILE_CURRENT";
    private final String SESSION_CURRENT_METHOD = "PRE_AUTHZ_METHOD_CURRENT";
    private Log _logger = LogFactory.getLog(PreAuthorizationManager.class);
    private boolean _bEnabled = false;
    private Map<String, IWebAuthorizationMethod> _mapMethods = new HashMap();
    private Map<String, IAuthorizationAction> _mapActions = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.alfaariss.oa.sso.authorization.web.PreAuthorizationManager$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/sso/authorization/web/PreAuthorizationManager$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$UserEvent = new int[UserEvent.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.AUTHZ_METHOD_SUCCESSFUL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.AUTHZ_METHOD_IN_PROGRESS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.USER_CANCELLED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public void start(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        if (element == null) {
            this._bEnabled = false;
            return;
        }
        if (iConfigurationManager == null) {
            throw new IllegalArgumentException("Supplied oConfigurationManager is empty");
        }
        this._configManager = iConfigurationManager;
        this._bEnabled = true;
        String param = this._configManager.getParam(element, "enabled");
        if (param != null) {
            if (param.equalsIgnoreCase("FALSE")) {
                this._bEnabled = false;
            } else if (!param.equalsIgnoreCase("TRUE")) {
                this._logger.error("Unknown value in 'enabled' configuration item: " + param);
                throw new OAException(17);
            }
        }
        if (!this._bEnabled) {
            return;
        }
        Engine engine = Engine.getInstance();
        this._oPreAuthorizationFactory = engine.getPreAuthorizationPoolFactory();
        if (this._oPreAuthorizationFactory == null || !this._oPreAuthorizationFactory.isEnabled()) {
            this._logger.error("Pre Authorization Manager is disabled");
            throw new OAException(2);
        }
        String preAuthorizationProfileID = engine.getServer().getPreAuthorizationProfileID();
        if (preAuthorizationProfileID != null) {
            this._oGlobalAuthorizationProfile = this._oPreAuthorizationFactory.getProfile(preAuthorizationProfileID);
        } else {
            this._oGlobalAuthorizationProfile = null;
        }
        Element section = this._configManager.getSection(element, "actions");
        if (section != null) {
            Element section2 = this._configManager.getSection(section, "action");
            while (true) {
                Element element2 = section2;
                if (element2 == null) {
                    break;
                }
                IAuthorizationAction createAction = createAction(element2);
                if (!createAction.isEnabled()) {
                    this._logger.debug("Action is disabled: " + createAction.getID());
                }
                if (this._mapActions.containsKey(createAction.getID())) {
                    this._logger.error("Action is not unique: " + createAction.getID());
                    throw new OAException(17);
                }
                this._mapActions.put(createAction.getID(), createAction);
                section2 = this._configManager.getNextSection(element2);
            }
        } else {
            this._logger.warn("No optional actions found in configuration");
        }
        Element section3 = this._configManager.getSection(element, "methods");
        if (section3 == null) {
            this._logger.error("No 'methods' section found in configuration");
            throw new OAException(17);
        }
        Element section4 = this._configManager.getSection(section3, "method");
        while (true) {
            Element element3 = section4;
            if (element3 == null) {
                this._logger.debug("Finished action initialization (" + this._mapActions.size() + " actions loaded)");
                return;
            }
            IWebAuthorizationMethod createMethod = createMethod(element3, this._mapActions);
            if (!createMethod.isEnabled()) {
                this._logger.debug("Authentication method is disabled: " + createMethod.getID());
            }
            if (this._mapMethods.containsKey(createMethod.getID())) {
                this._logger.error("Authentication method is not unique: " + createMethod.getID());
                throw new OAException(17);
            }
            this._mapMethods.put(createMethod.getID(), createMethod);
            section4 = this._configManager.getNextSection(element3);
        }
    }

    public void restart(Element element) throws OAException {
        synchronized (this) {
            stop();
            start(this._configManager, element);
        }
    }

    public void stop() {
        if (this._mapMethods != null) {
            Iterator<IWebAuthorizationMethod> it = this._mapMethods.values().iterator();
            while (it.hasNext()) {
                it.next().stop();
            }
            this._mapMethods.clear();
        }
        if (this._mapActions != null) {
            Iterator<IAuthorizationAction> it2 = this._mapActions.values().iterator();
            while (it2.hasNext()) {
                it2.next().stop();
            }
            this._mapActions.clear();
        }
        this._bEnabled = false;
    }

    public void authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, RequestorPool requestorPool) throws SSOException, OAException {
        List<AuthorizationMethod> vector;
        try {
            if (httpServletRequest == null) {
                throw new IllegalArgumentException("Supplied request == null");
            }
            if (httpServletResponse == null) {
                throw new IllegalArgumentException("Supplied response == null");
            }
            if (iSession == null) {
                throw new IllegalArgumentException("Supplied session == null");
            }
            if (!this._bEnabled) {
                this._logger.error("Preauthorization manager disabled");
                throw new SSOException(1);
            }
            ISessionAttributes attributes = iSession.getAttributes();
            if (attributes.contains(PreAuthorizationManager.class, "PRE_AUTHZ_PROFILE_CURRENT")) {
                vector = (List) attributes.get(PreAuthorizationManager.class, "PRE_AUTHZ_PROFILE_CURRENT");
            } else {
                vector = new Vector();
                if (this._oGlobalAuthorizationProfile != null && this._oGlobalAuthorizationProfile.isEnabled()) {
                    vector.addAll(this._oGlobalAuthorizationProfile.getAuthorizationMethods());
                }
                String preAuthorizationProfileID = requestorPool.getPreAuthorizationProfileID();
                if (preAuthorizationProfileID != null) {
                    try {
                        AuthorizationProfile profile = this._oPreAuthorizationFactory.getProfile(preAuthorizationProfileID);
                        if (profile == null) {
                            this._logger.warn("Preauthorization profile not found: " + preAuthorizationProfileID);
                            throw new SSOException(1);
                        }
                        if (profile.isEnabled()) {
                            vector.addAll(profile.getAuthorizationMethods());
                        } else {
                            this._logger.debug("Preauthorization profile disabled: " + preAuthorizationProfileID);
                        }
                    } catch (OAException e) {
                        this._logger.warn("Could not get preauthorization profile", e);
                        throw new SSOException(1);
                    }
                }
                attributes.put(PreAuthorizationManager.class, "PRE_AUTHZ_PROFILE_CURRENT", vector);
            }
            if (vector.isEmpty()) {
                iSession.setState(SessionState.PRE_AUTHZ_OK);
                try {
                    iSession.persist();
                } catch (OAException e2) {
                    this._logger.warn("Could not store session", e2);
                    throw new SSOException(1);
                }
            } else {
                authorizeForProfile(vector, httpServletRequest, httpServletResponse, iSession);
            }
        } catch (Exception e3) {
            this._logger.fatal("Internal error during preauthorization", e3);
            throw new SSOException(1);
        } catch (OAException e4) {
            throw e4;
        }
    }

    public boolean isEnabled() {
        return this._bEnabled;
    }

    public String getAuthority() {
        return "Pre authZ Manager";
    }

    private IAuthorizationAction createAction(Element element) throws OAException {
        try {
            String param = this._configManager.getParam(element, "class");
            if (param == null) {
                this._logger.error("No 'class' item found in 'action' section found in configuration");
                throw new OAException(17);
            }
            try {
                try {
                    IAuthorizationAction iAuthorizationAction = (IAuthorizationAction) Class.forName(param).newInstance();
                    iAuthorizationAction.start(this._configManager, element);
                    return iAuthorizationAction;
                } catch (Exception e) {
                    this._logger.error("Could not create instance of " + param, e);
                    throw new OAException(17);
                }
            } catch (Exception e2) {
                this._logger.error("Class not found: " + param, e2);
                throw new OAException(17);
            }
        } catch (OAException e3) {
            throw e3;
        } catch (Exception e4) {
            this._logger.fatal("Internal error during object creation", e4);
            throw new OAException(1);
        }
    }

    private IWebAuthorizationMethod createMethod(Element element, Map<String, IAuthorizationAction> map) throws OAException {
        try {
            String param = this._configManager.getParam(element, "class");
            if (param == null) {
                this._logger.error("No 'class' item found in 'methods' section found in configuration");
                throw new OAException(17);
            }
            try {
                try {
                    IWebAuthorizationMethod iWebAuthorizationMethod = (IWebAuthorizationMethod) Class.forName(param).newInstance();
                    iWebAuthorizationMethod.start(this._configManager, element, map);
                    return iWebAuthorizationMethod;
                } catch (Exception e) {
                    this._logger.error("Could not create instance of " + param, e);
                    throw new OAException(17);
                }
            } catch (Exception e2) {
                this._logger.error("Class not found: " + param, e2);
                throw new OAException(17);
            }
        } catch (Exception e3) {
            this._logger.fatal("Internal error during object creation", e3);
            throw new OAException(1);
        } catch (OAException e4) {
            throw e4;
        }
    }

    private void authorizeForProfile(List<AuthorizationMethod> list, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException, SSOException {
        try {
            ISessionAttributes attributes = iSession.getAttributes();
            Integer num = new Integer(0);
            if (attributes.contains(PreAuthorizationManager.class, "PRE_AUTHZ_METHOD_CURRENT")) {
                num = (Integer) attributes.get(PreAuthorizationManager.class, "PRE_AUTHZ_METHOD_CURRENT");
            } else {
                attributes.put(PreAuthorizationManager.class, "PRE_AUTHZ_METHOD_CURRENT", num);
            }
            AuthorizationMethod authorizationMethod = list.get(num.intValue());
            IWebAuthorizationMethod iWebAuthorizationMethod = this._mapMethods.get(authorizationMethod.getID());
            if (iWebAuthorizationMethod == null) {
                this._logger.error("No preauthorization method found with id: " + authorizationMethod.getID());
                throw new SSOException(1);
            }
            while (iSession.getState() == SessionState.PRE_AUTHZ_IN_PROGRESS) {
                if (!iWebAuthorizationMethod.isEnabled()) {
                    this._logger.error("Preauthorization method is disabled: " + iWebAuthorizationMethod.getID());
                    throw new SSOException(1);
                }
                switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$UserEvent[iWebAuthorizationMethod.authorize(httpServletRequest, httpServletResponse, iSession).ordinal()]) {
                    case 1:
                        num = Integer.valueOf(num.intValue() + 1);
                        if (num.intValue() >= list.size()) {
                            iSession.setState(SessionState.PRE_AUTHZ_OK);
                            break;
                        } else {
                            attributes.put(PreAuthorizationManager.class, "PRE_AUTHZ_METHOD_CURRENT", num);
                            AuthorizationMethod authorizationMethod2 = list.get(num.intValue());
                            if (!this._mapMethods.containsKey(authorizationMethod2.getID())) {
                                this._logger.error("Preauthorization method not available: " + authorizationMethod2.getID());
                                throw new SSOException(1);
                            }
                            iWebAuthorizationMethod = this._mapMethods.get(authorizationMethod2.getID());
                            break;
                        }
                    case 2:
                        return;
                    case 3:
                        iSession.setState(SessionState.USER_CANCELLED);
                        break;
                    default:
                        iSession.setState(SessionState.PRE_AUTHZ_FAILED);
                        break;
                }
            }
        } catch (OAException e) {
            throw e;
        } catch (Exception e2) {
            this._logger.fatal("Internal error during preauthorization", e2);
            throw new SSOException(1);
        }
    }
}
