package pl.edu.icm.yadda.aas.refresher.impl;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import org.joda.time.DateTime;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.saml2.core.Attribute;
import org.opensaml.lite.saml2.core.AttributeStatement;
import pl.edu.icm.yadda.aas.audit.user.IIdExtractor;
import pl.edu.icm.yadda.aas.audit.user.IdExtractorException;
import pl.edu.icm.yadda.aas.refresher.RefresherException;
import pl.edu.icm.yadda.aas.usercatalog.model.User;
import pl.edu.icm.yadda.aas.usercatalog.service.IUserCatalogService;
import pl.edu.icm.yadda.aas.usercatalog.service.LoadSecurityObjectsRequest;
import pl.edu.icm.yadda.aas.usercatalog.service.LoadSecurityObjectsResponse;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/yadda-aas2-1.12.6.jar:pl/edu/icm/yadda/aas/refresher/impl/UserProfileBasedAssertionRefresher.class */
public class UserProfileBasedAssertionRefresher extends AttributeStatementBasedAssertionRefresher {
    public static final String SUPPORTED_ATTR_PREFIX = "yadda:user-profile:";
    public static final String ATTR_ID_ROLES = "yadda:user-profile:roles";
    public static final String ATTR_ID_GROUPS = "yadda:user-profile:groups";
    protected IIdExtractor userIdExtractor;
    protected IUserCatalogService userCatalogService;
    protected boolean throwExceptionWhenDontUnderstand = true;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // pl.edu.icm.yadda.aas.refresher.impl.AttributeStatementBasedAssertionRefresher, pl.edu.icm.yadda.aas.refresher.IRefresher
    public Assertion refresh(Assertion assertion) throws RefresherException {
        DateTime notBefore = assertion.getConditions().getNotBefore();
        DateTime notOnOrAfter = assertion.getConditions().getNotOnOrAfter();
        Assertion refresh = super.refresh(assertion);
        if (!wasDateTimeRefreshed(refresh, notBefore, notOnOrAfter)) {
            return refresh;
        }
        try {
            String extractId = this.userIdExtractor.extractId(refresh);
            if (extractId != null) {
                return processUserProfile(extractId, refresh);
            }
            throw new RefresherException("unable to extract user identifier from assertion: " + refresh.getID());
        } catch (IdExtractorException e) {
            throw new RefresherException("unable to extract user identifier from assertion: " + refresh.getID(), e);
        }
    }

    protected Assertion processUserProfile(String str, Assertion assertion) throws RefresherException {
        LoadSecurityObjectsResponse loadSecurityObjects = this.userCatalogService.loadSecurityObjects(LoadSecurityObjectsRequest.loadUserRequest(str, false));
        if (!loadSecurityObjects.isOK()) {
            throw new RefresherException("unable to load user data for id: " + str + ", error: " + loadSecurityObjects.getError().getMssg(), loadSecurityObjects.getError().getException());
        }
        List<Serializable> result = loadSecurityObjects.getResult();
        if (result == null || result.size() != 1) {
            throw new RefresherException("unable to load user data for id: " + str + ", expected 1 object, got " + (result != null ? Integer.valueOf(result.size()) : "0"));
        }
        return processUserProfile((User) result.get(0), assertion);
    }

    protected Assertion processUserProfile(User user, Assertion assertion) throws RefresherException {
        if (user.isDeleted()) {
            throw new RefresherException("unable to refresh assertion " + assertion.getID() + ", user profile " + user.getName() + " was deleted!");
        }
        if (!user.isActivated()) {
            throw new RefresherException("unable to refresh assertion " + assertion.getID() + ", user profile " + user.getName() + " was deactivated!");
        }
        if (assertion.getAttributeStatement() != null) {
            for (AttributeStatement attributeStatement : assertion.getAttributeStatement()) {
                if (attributeStatement.getAttributes() != null) {
                    for (Attribute attribute : attributeStatement.getAttributes()) {
                        String name = attribute.getName();
                        if (name.startsWith(SUPPORTED_ATTR_PREFIX)) {
                            if ("yadda:user-profile:roles".equals(name)) {
                                handleRoles(user, attribute);
                            } else if ("yadda:user-profile:groups".equals(name)) {
                                handleGroups(user, attribute);
                            } else {
                                if (this.throwExceptionWhenDontUnderstand) {
                                    throw new RefresherException("don't know how to handle attribute: " + name);
                                }
                                this.log.error("don't know how to handle attribute: " + name + ", leaving existing values: " + prepareValues(attribute));
                            }
                        }
                    }
                }
            }
        }
        return assertion;
    }

    protected String prepareValues(Attribute attribute) {
        if (attribute.getAttributeValues() == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < attribute.getAttributeValues().size(); i++) {
            if (i > 0) {
                stringBuffer.append(';');
            }
            if (attribute.getAttributeValues().get(i) != null) {
                stringBuffer.append(attribute.getAttributeValues().get(i).toString());
            } else {
                stringBuffer.append("null");
            }
        }
        return stringBuffer.toString();
    }

    protected void handleRoles(User user, Attribute attribute) throws RefresherException {
        String prepareValues = prepareValues(attribute);
        if (user.getRoles() != null) {
            attribute.setAttributeValues(new ArrayList(user.getRoles()));
        } else {
            attribute.setAttributeValues(null);
        }
        this.log.debug("updated existing roles: " + prepareValues + " with new roles: " + prepareValues(attribute));
    }

    protected void handleGroups(User user, Attribute attribute) throws RefresherException {
        String prepareValues = prepareValues(attribute);
        if (user.getGroups() != null) {
            attribute.setAttributeValues(new ArrayList(user.getGroups()));
        } else {
            attribute.setAttributeValues(null);
        }
        this.log.debug("updated existing groups: " + prepareValues + " with new groups: " + prepareValues(attribute));
    }

    protected boolean wasDateTimeRefreshed(Assertion assertion, DateTime dateTime, DateTime dateTime2) {
        return (dateTime == assertion.getConditions().getNotBefore() && dateTime2 == assertion.getConditions().getNotOnOrAfter()) ? false : true;
    }

    public void setUserIdExtractor(IIdExtractor iIdExtractor) {
        this.userIdExtractor = iIdExtractor;
    }

    public void setUserCatalogService(IUserCatalogService iUserCatalogService) {
        this.userCatalogService = iUserCatalogService;
    }

    public void setThrowExceptionWhenDontUnderstand(boolean z) {
        this.throwExceptionWhenDontUnderstand = z;
    }
}
