package an.xacml.policy.function;

import an.xacml.Constants;
import an.xacml.ExtendedRequest;
import an.xacml.IndeterminateException;
import an.xacml.context.Request;
import an.xacml.engine.EvaluationContext;
import an.xacml.policy.AttributeValue;
import java.net.URI;
import java.util.Collection;
import java.util.List;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.xacml.XACMLConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.client.authn.session.AttributeAssertionExtractionHelper;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.aas.retrievers.AttributeRetrieverHelper;
import pl.edu.icm.yadda.service2.user.UserCatalogConstants;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-1.12.0.jar:an/xacml/policy/function/DomainApproverFunction.class */
public class DomainApproverFunction implements BuiltInFunction {
    public static final URI FUNCTION_ID = URI.create("urn:yadda:function:approve-domain");
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected String superDomain = UserCatalogConstants.SUPER_DOMAIN_NAME;
    protected String domainAttributeId = AttributeAssertionExtractionHelper.DEFAULT_DOMAIN_ATTR_NAME;
    protected ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // an.xacml.policy.function.BuiltInFunction
    public Object invoke(EvaluationContext evaluationContext, Object[] objArr) throws Exception {
        String domainRootFromRequest;
        String domainToBeTestedFromRequest;
        if (objArr.length == 2) {
            AttributeValue attributeValue = (AttributeValue) objArr[0];
            AttributeValue attributeValue2 = (AttributeValue) objArr[1];
            CommonFunctions.checkArgumentType(attributeValue, Constants.TYPE_STRING);
            CommonFunctions.checkArgumentType(attributeValue2, Constants.TYPE_STRING);
            domainRootFromRequest = (String) attributeValue.getValue();
            domainToBeTestedFromRequest = (String) attributeValue2.getValue();
        } else {
            domainRootFromRequest = getDomainRootFromRequest(evaluationContext.getRequest());
            domainToBeTestedFromRequest = getDomainToBeTestedFromRequest(evaluationContext.getRequest());
        }
        if (domainToBeTestedFromRequest == null) {
            throw new IndeterminateException("invalid state: unable to infer domain to be tested!");
        }
        if (domainRootFromRequest != null && !domainToBeTestedFromRequest.equals(this.superDomain) && !domainToBeTestedFromRequest.equals(domainRootFromRequest)) {
            if (domainToBeTestedFromRequest.endsWith(UserCatalogConstants.DL_DOMAIN_SUFFIX)) {
                if (domainRootFromRequest.equals(domainToBeTestedFromRequest.substring(0, domainToBeTestedFromRequest.length() - UserCatalogConstants.DL_DOMAIN_SUFFIX.length()))) {
                    return AttributeValue.TRUE;
                }
            }
            return AttributeValue.FALSE;
        }
        return AttributeValue.TRUE;
    }

    protected String getDomainRootFromRequest(Request request) {
        List<String> auxiliaryFieldsFromRequest = AttributeRetrieverHelper.getAuxiliaryFieldsFromRequest(request, XACMLConstants.SUBJECT_AUX_PARAM_DOMAIN_ROOT_SUFFIX, this.log, true);
        if (auxiliaryFieldsFromRequest == null || auxiliaryFieldsFromRequest.size() <= 0) {
            return null;
        }
        return auxiliaryFieldsFromRequest.get(0);
    }

    protected String getDomainToBeTestedFromRequest(Request request) throws Exception {
        if (!(request instanceof ExtendedRequest)) {
            throw new Exception("invalid state: request in not an instance of ExtendedRequest!");
        }
        ExtendedRequest extendedRequest = (ExtendedRequest) request;
        if (extendedRequest.getSAMLObjects() == null || extendedRequest.getSAMLObjects().size() <= 0) {
            return null;
        }
        SAMLObject next = extendedRequest.getSAMLObjects().iterator().next();
        if (next instanceof Assertion) {
            return getDomainFromAssertion((Assertion) next);
        }
        throw new Exception("invalid state: SAML object in not an instance of Assertion!");
    }

    protected String getDomainFromAssertion(Assertion assertion) {
        Collection<String> values = AttributeAssertionExtractionHelper.getValues(this.domainAttributeId, assertion);
        if (values == null || values.size() <= 0) {
            return null;
        }
        return values.iterator().next();
    }

    @Override // an.xacml.policy.function.BuiltInFunction
    public URI getFunctionId() {
        return FUNCTION_ID;
    }

    @Override // an.xacml.policy.function.BuiltInFunction
    public Object[] getAllAttributes() {
        return null;
    }

    @Override // an.xacml.policy.function.BuiltInFunction
    public Object getAttribute(Object obj) {
        return null;
    }

    public void setSuperDomain(String str) {
        this.superDomain = str;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }

    public void setDomainAttributeId(String str) {
        this.domainAttributeId = str;
    }
}
