package pl.edu.icm.yadda.aas.client;

import java.util.Iterator;
import java.util.List;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.client.authn.IAuthenticationManager;
import pl.edu.icm.yadda.aas.client.authn.IAuthenticationRequestBuilder;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AuthenticateRequest;
import pl.edu.icm.yadda.service2.aas.AuthenticateResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;
import pl.edu.icm.yadda.service2.user.token.SecurityToken;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-4.3.0-SNAPSHOT.jar:pl/edu/icm/yadda/aas/client/AbstractAuthenticationManager.class */
public abstract class AbstractAuthenticationManager implements IAuthenticationManager {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected List<IAuthenticationRequestBuilder> requestBuilders;
    protected IAAService aaService;

    @Override // pl.edu.icm.yadda.aas.client.authn.IAuthenticationManager
    public LoginResult login(SecurityToken securityToken) {
        this.log.info("Logging in with security token " + securityToken);
        AuthenticateRequest authenticateRequest = null;
        Iterator<IAuthenticationRequestBuilder> it = this.requestBuilders.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            IAuthenticationRequestBuilder next = it.next();
            if (next.isApplicable(securityToken)) {
                authenticateRequest = next.buildAuthenticationRequest(securityToken);
                break;
            }
        }
        if (authenticateRequest == null) {
            return new LoginResult((Assertion) null, DecisionType.DECISION.Indeterminate, new AAError(AAError.UNKNOWN_ERROR, "unable to generate request for security token: " + securityToken));
        }
        Assertion assertion = null;
        AuthenticateResponse authenticate = this.aaService.authenticate(authenticateRequest);
        if (authenticate.getSAMLObject() != null) {
            if (!(authenticate.getSAMLObject() instanceof Assertion)) {
                return new LoginResult((Assertion) null, DecisionType.DECISION.Indeterminate, new AAError(AAError.UNKNOWN_ERROR, "unsupported instance of SAML object, got: " + authenticate.getSAMLObject().getClass() + ", expected assertion"));
            }
            assertion = (Assertion) authenticate.getSAMLObject();
        }
        DecisionType.DECISION decision = (authenticate.getXacmlResponse() == null || authenticate.getXacmlResponse().getResult() == null || authenticate.getXacmlResponse().getResult().getDecision() == null) ? null : authenticate.getXacmlResponse().getResult().getDecision().getDecision();
        if (decision == DecisionType.DECISION.Permit) {
            try {
                handlePermitInternally(securityToken, assertion);
            } catch (Exception e) {
                return new LoginResult((Assertion) null, DecisionType.DECISION.Indeterminate, new AAError(AAError.UNKNOWN_ERROR, "exception occurred when processing authentication result internally", e));
            }
        }
        return new LoginResult(assertion, decision, authenticate.getErrors());
    }

    protected abstract void handlePermitInternally(SecurityToken securityToken, Assertion assertion) throws Exception;

    @Required
    public void setRequestBuilders(List<IAuthenticationRequestBuilder> list) {
        this.requestBuilders = list;
    }

    public List<IAuthenticationRequestBuilder> getRequestBuilders() {
        return this.requestBuilders;
    }

    @Required
    public void setAaService(IAAService iAAService) {
        this.aaService = iAAService;
    }
}
