package pl.edu.icm.yadda.aas.proxy;

import org.opensaml.lite.encryption.IDecrypter;
import org.opensaml.lite.encryption.exc.DecryptionException;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.saml2.core.EncryptedAssertion;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.audit.user.IIdExtractor;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.aas.helper.AASRequestHelper;
import pl.edu.icm.yadda.aas.refresher.IRefresher;
import pl.edu.icm.yadda.aas.refresher.RefresherException;
import pl.edu.icm.yadda.aas.service.holder.IServiceClientStubHolder;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AuthenticateResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.10.0-RC4.jar:pl/edu/icm/yadda/aas/proxy/GenericAssertionRefresher.class */
public class GenericAssertionRefresher implements IRefresher<Assertion> {
    protected IServiceClientStubHolder<IAAService> clientStubHolder;
    protected IDecrypter decrypter;
    protected IIdExtractor idExtractor;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // pl.edu.icm.yadda.aas.refresher.IRefresher
    public Assertion refresh(Assertion assertion) throws RefresherException {
        IAAService iServiceClientStubHolder = this.clientStubHolder.getInstance(assertion.getIssuer().getValue());
        if (iServiceClientStubHolder != null) {
            this.log.debug("refreshing assertion: " + assertion.getID() + ", using aaService instance received for issuer: " + assertion.getIssuer().getValue());
            return extractAssertion(iServiceClientStubHolder.authenticate(AASRequestHelper.buildAssertionRefreshingRequest(assertion, this.securityRequestHandler, this.idExtractor)));
        }
        this.log.error("cannot find AAService instance for issuer: " + assertion.getIssuer().getValue());
        return null;
    }

    protected Assertion extractAssertion(AuthenticateResponse authenticateResponse) {
        if (authenticateResponse.getSAMLObject() != null) {
            if (!(authenticateResponse.getSAMLObject() instanceof EncryptedAssertion)) {
                if (authenticateResponse.getSAMLObject() instanceof Assertion) {
                    return (Assertion) authenticateResponse.getSAMLObject();
                }
                this.log.error("unsupported instance of SAMLObject: " + authenticateResponse.getSAMLObject().getClass().getCanonicalName());
                return null;
            }
            if (this.decrypter == null) {
                this.log.error("got encrypted assertion but decrypter module was not set!");
                return null;
            }
            try {
                this.log.debug("found EncryptedAssertion, decrypting...");
                return this.decrypter.decrypt((EncryptedAssertion) authenticateResponse.getSAMLObject());
            } catch (DecryptionException e) {
                this.log.error("Exception occured when decrypting assertion", (Throwable) e);
                return null;
            }
        }
        if (authenticateResponse.getErrors() != null && authenticateResponse.getErrors().size() > 0) {
            for (AAError aAError : authenticateResponse.getErrors()) {
                this.log.error("got error in assertion refreshing response: " + aAError.getErrorId() + ':' + aAError.getMessage(), aAError.getThrowable());
            }
            return null;
        }
        if (authenticateResponse.getResult() == null || authenticateResponse.getResult().getDecision() == null || authenticateResponse.getResult().getDecision().getDecision() == DecisionType.DECISION.Permit) {
            this.log.error("Got no assertion in AAService response, probably assertion wasn't refreshable!");
            return null;
        }
        this.log.error("Couldn't refresh assertion, got decision: " + authenticateResponse.getResult().getDecision().getDecision());
        return null;
    }

    public void setClientStubHolder(IServiceClientStubHolder<IAAService> iServiceClientStubHolder) {
        this.clientStubHolder = iServiceClientStubHolder;
    }

    public void setDecrypter(IDecrypter iDecrypter) {
        this.decrypter = iDecrypter;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }

    public void setIdExtractor(IIdExtractor iIdExtractor) {
        this.idExtractor = iIdExtractor;
    }
}
