package pl.edu.icm.yadda.ui.utils;

import java.util.Collection;
import java.util.Iterator;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import pl.edu.icm.yadda.aas.client.IPredefinedSubstituteUser;
import pl.edu.icm.yadda.aas.client.ISubstitueUser;
import pl.edu.icm.yadda.aas.client.LoginResult;
import pl.edu.icm.yadda.aas.client.authn.IAuthenticationManager;
import pl.edu.icm.yadda.aas.client.authn.session.AttributeAssertionExtractionHelper;
import pl.edu.icm.yadda.service2.YaddaErrorCodeConstants;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.exception.ServiceException;
import pl.edu.icm.yadda.service2.user.token.LoginPasswordToken;
import pl.edu.icm.yadda.ui.security.SudoableSessionManager;
import pl.edu.icm.yadda.ui.security.impl.DefaultUser;

/* loaded from: input_file:WEB-INF/lib/yaddaweb-lite-core-4.4.10-SNAPSHOT.jar:pl/edu/icm/yadda/ui/utils/SessionManagerBasedWebSubstituteUser.class */
public class SessionManagerBasedWebSubstituteUser implements IPredefinedSubstituteUser {
    protected Logger log = LoggerFactory.getLogger(getClass());
    protected IAuthenticationManager authnManager;
    protected SudoableSessionManager sessionManager;
    protected String login;
    protected String password;
    protected String domain;

    @Override // pl.edu.icm.yadda.aas.client.IPredefinedSubstituteUser
    public <R> R su(ISubstitueUser.Callback<R> callback) throws Exception {
        return (R) su(this.login, this.password, null, callback);
    }

    @Override // pl.edu.icm.yadda.aas.client.ISubstitueUser
    public <R> R su(String str, String str2, String str3, ISubstitueUser.Callback<R> callback) throws Exception {
        this.sessionManager.sudoBind();
        try {
            if (!this.sessionManager.isLoggedIn()) {
                authenticateSudo(str, str2);
            }
            try {
                R run = callback.run();
                this.sessionManager.sudoUnbind();
                return run;
            } catch (Exception e) {
                if (!isPermanentAssertionExpirationRelatedException(e) && !isAuthorizationRelatedException(e)) {
                    throw e;
                }
                authenticateSudo(str, str2);
                R run2 = callback.run();
                this.sessionManager.sudoUnbind();
                return run2;
            }
        } catch (Throwable th) {
            this.sessionManager.sudoUnbind();
            throw th;
        }
    }

    protected boolean isErrorRelatedException(Throwable th, String str) {
        if (th instanceof ServiceException) {
            return str.equals(((ServiceException) th).getCode());
        }
        if (th.getCause() != null) {
            return isErrorRelatedException(th.getCause(), str);
        }
        return false;
    }

    protected boolean isPermanentAssertionExpirationRelatedException(Throwable th) {
        return isErrorRelatedException(th, AAError.WARN_ASSERTION_PERM_EXPIRED);
    }

    protected boolean isAuthorizationRelatedException(Throwable th) {
        return isErrorRelatedException(th, YaddaErrorCodeConstants.ERROR_AUTH);
    }

    protected void authenticateSudo(String str, String str2) throws Exception {
        LoginPasswordToken loginPasswordToken = new LoginPasswordToken();
        loginPasswordToken.setDomain(this.domain);
        loginPasswordToken.setLogin(str);
        loginPasswordToken.setPassword(str2);
        LoginResult login = this.authnManager.login(loginPasswordToken);
        if (!DecisionType.DECISION.Permit.equals(login.getDecition())) {
            if (login.getErrors().size() <= 0) {
                throw new AuthenticationServiceException("sudo login unsuccessful for login: " + str + ", decision: " + login.getDecition());
            }
            throw new AuthenticationServiceException("sudo login unsuccessful for login: " + str + ", error code: " + login.getErrors().get(0).getErrorId() + ", error message: " + login.getErrors().get(0).getMessage(), login.getErrors().get(0).getThrowable());
        }
        if (login.getAssertion() != null) {
            Collection<String> values = AttributeAssertionExtractionHelper.getValues(AttributeAssertionExtractionHelper.DEFAULT_ROLES_ATTR_NAME, login.getAssertion());
            GrantedAuthorityImpl[] grantedAuthorityImplArr = new GrantedAuthorityImpl[values.size()];
            int i = 0;
            Iterator<String> it = values.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                grantedAuthorityImplArr[i2] = new GrantedAuthorityImpl(it.next());
            }
        } else {
            GrantedAuthority[] grantedAuthorityArr = new GrantedAuthority[0];
        }
        Collection<String> values2 = AttributeAssertionExtractionHelper.getValues(AttributeAssertionExtractionHelper.DEFAULT_EMAIL_ATTR_NAME, login.getAssertion());
        this.sessionManager.init(new DefaultUser(str, "", str, values2.isEmpty() ? null : values2.iterator().next()));
    }

    public void setAuthnManager(IAuthenticationManager iAuthenticationManager) {
        this.authnManager = iAuthenticationManager;
    }

    public void setSessionManager(SudoableSessionManager sudoableSessionManager) {
        this.sessionManager = sudoableSessionManager;
    }

    public void setLogin(String str) {
        this.login = str;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public void setDomain(String str) {
        this.domain = str;
    }
}
