package pl.edu.icm.yadda.aas.client.authn;

import java.util.List;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.opensaml.lite.xacml.policy.ObligationsType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.client.IAssertionHolder;
import pl.edu.icm.yadda.aas.client.authn.oblig.IObligationsAnalyzer;
import pl.edu.icm.yadda.aas.client.authn.req.IAuthnRequestBuilder;
import pl.edu.icm.yadda.aas.client.authn.sched.IReauthenticationScheduler;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AuthenticateResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.11.2-SNAPSHOT.jar:pl/edu/icm/yadda/aas/client/authn/GenericServiceAuthenticator.class */
public class GenericServiceAuthenticator implements IServiceAuthenticator {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private IAAService authnService;
    private IAuthnRequestBuilder requestBuilder;
    private IAssertionHolder assertionHolder;
    private IReauthenticationScheduler reauthnScheduler;
    private IObligationsAnalyzer obligationsAnalyzer;

    @Override // pl.edu.icm.yadda.aas.client.authn.IServiceAuthenticator
    public Assertion authenticateService() throws ServiceAuthenticatorException {
        return reauthenticateService(null);
    }

    @Override // pl.edu.icm.yadda.aas.client.authn.IServiceAuthenticator
    public Assertion reauthenticateService(String str) throws ServiceAuthenticatorException {
        AnalysisResult analyze = analyze(this.authnService.authenticate(this.requestBuilder.buildAuthnRequest(null)), str);
        if (analyze == null || !analyze.success) {
            throw new ServiceAuthenticatorException("Service authentication failed: " + (analyze != null ? analyze.message : null));
        }
        this.log.debug("service successfully authenticated!");
        return analyze.getAssertion();
    }

    protected AnalysisResult analyze(AuthenticateResponse authenticateResponse, String str) throws ServiceAuthenticatorException {
        Assertion assertion;
        if (authenticateResponse == null) {
            return new AnalysisResult(false, "null authentication response");
        }
        if (authenticateResponse.getResult() == null || authenticateResponse.getResult().getDecision() == null) {
            return new AnalysisResult(false, "invalid response: no decision found!");
        }
        if (authenticateResponse.getResult().getDecision().getDecision() != DecisionType.DECISION.Permit) {
            logErrors(authenticateResponse.getErrors());
            return new AnalysisResult(false, "decision " + authenticateResponse.getResult().getDecision().getDecision());
        }
        AnalysisResult analyzeAuthnPermitObligations = analyzeAuthnPermitObligations(authenticateResponse.getResult().getObligations());
        if (!analyzeAuthnPermitObligations.isSuccess()) {
            return analyzeAuthnPermitObligations;
        }
        if (authenticateResponse.getSAMLObject() == null || !(authenticateResponse.getSAMLObject() instanceof Assertion)) {
            String str2 = "expected authn assertion got: " + (authenticateResponse.getSAMLObject() != null ? authenticateResponse.getSAMLObject().getClass().getName() : null);
            this.log.warn(str2);
            return new AnalysisResult(false, str2);
        }
        Assertion assertion2 = (Assertion) authenticateResponse.getSAMLObject();
        if (str != null) {
            assertion = this.assertionHolder.replace(str, assertion2);
        } else {
            assertion = null;
            this.assertionHolder.addOrReplace(assertion2);
        }
        if (assertion == null && str != null) {
            return new AnalysisResult(false, "unsuccessful replacement of old assertion: " + str + ", no such assertion stored in assertion holder!");
        }
        this.log.debug("new authenctication assertion stored: " + assertion2.getID() + "replacing old assertion: " + str);
        if (this.reauthnScheduler != null) {
            this.reauthnScheduler.scheduleReauthentication(assertion2, this);
        } else {
            this.log.warn("no reauthentication scheduler was injected, therefore reauthentication will not be scheduled");
        }
        return new AnalysisResult(true, assertion2);
    }

    protected void logErrors(List<AAError> list) {
        if (list == null || list.size() <= 0) {
            return;
        }
        for (AAError aAError : list) {
            this.log.error(aAError.getErrorId() + ':' + aAError.getMessage(), aAError.getThrowable());
        }
    }

    protected AnalysisResult analyzeAuthnPermitObligations(ObligationsType obligationsType) throws ServiceAuthenticatorException {
        return this.obligationsAnalyzer == null ? new AnalysisResult(true) : this.obligationsAnalyzer.analyze(obligationsType);
    }

    public void setAuthnService(IAAService iAAService) {
        this.authnService = iAAService;
    }

    public void setRequestBuilder(IAuthnRequestBuilder iAuthnRequestBuilder) {
        this.requestBuilder = iAuthnRequestBuilder;
    }

    public void setAssertionHolder(IAssertionHolder iAssertionHolder) {
        this.assertionHolder = iAssertionHolder;
    }

    public void setObligationsAnalyzer(IObligationsAnalyzer iObligationsAnalyzer) {
        this.obligationsAnalyzer = iObligationsAnalyzer;
    }

    public void setReauthnScheduler(IReauthenticationScheduler iReauthenticationScheduler) {
        this.reauthnScheduler = iReauthenticationScheduler;
    }
}
