package pl.edu.icm.yadda.aas.client;

import java.util.Set;
import org.apache.commons.lang.NotImplementedException;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.saml2.core.EncryptedAssertion;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.client.session.GroupIdentity;
import pl.edu.icm.yadda.aas.client.session.LicenseAuthority;
import pl.edu.icm.yadda.aas.client.session.LoginIdentity;
import pl.edu.icm.yadda.aas.client.session.RoleAuthority;
import pl.edu.icm.yadda.aas.usercatalog.model.User;
import pl.edu.icm.yadda.aas.usercatalog.service.IUserCatalogFacade;
import pl.edu.icm.yadda.service2.aas.AuthenticateResponse;
import pl.edu.icm.yadda.service2.usersession.ISessionService;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-0.5.0.jar:pl/edu/icm/yadda/aas/client/ClientSecurityService.class */
public class ClientSecurityService extends AuthzClientSecurityService implements IClientSecurityService {
    private static final Logger log = LoggerFactory.getLogger(ClientSecurityService.class);
    private ISessionService sessionService;
    private IAssertionHolder assertionHolder;
    private String authnType = "user";
    private IUserCatalogFacade userCatalogFacade;

    @Override // pl.edu.icm.yadda.aas.client.IClientSecurityService
    public YaddaErrorAwareResult<Set<String>> retrieveLicenses(String str) {
        return str == null ? retrieveLicenses((Assertion) null) : retrieveLicenses(this.assertionHolder.getAssertion(str));
    }

    @Override // pl.edu.icm.yadda.aas.client.IClientSecurityService
    public LoginResult login(String str, String str2, String str3) {
        User loadUser;
        Assertion assertion = null;
        AuthenticateResponse authenticate = this.aasService.authenticate(ClientSecurityServiceHelper.buildUserAuthnRequest(str, str2, str3, this.authnType, true));
        if (authenticate.getSAMLObject() instanceof Assertion) {
            assertion = (Assertion) authenticate.getSAMLObject();
        } else if (authenticate.getSAMLObject() instanceof EncryptedAssertion) {
            throw new NotImplementedException();
        }
        if (authenticate.getXacmlResponse() != null && authenticate.getXacmlResponse().getResult().getDecision().getDecision() == DecisionType.DECISION.Permit) {
            ISecuritySession iSecuritySession = (ISecuritySession) this.sessionService.get(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME);
            ((LicenseAuthority) iSecuritySession.getAuthorities("LICENSE")).addAll(retrieveLicenses(assertion).getData());
            iSecuritySession.setAuthorities(new LoginIdentity(str));
            this.assertionHolder.addOrReplace(assertion);
            iSecuritySession.setSecuritySessionId(assertion.getID());
            try {
                if (isSupportedFetchingUserData() && (loadUser = this.userCatalogFacade.loadUser(str)) != null) {
                    ((RoleAuthority) iSecuritySession.getAuthorities("ROLE")).addAll(loadUser.getRoles());
                    ((GroupIdentity) iSecuritySession.getAuthorities("GROUP")).addAll(loadUser.getGroups());
                }
            } catch (Exception e) {
                log.error("Error: " + e.getMessage(), (Throwable) e);
            }
        }
        return new LoginResult(assertion, authenticate.getXacmlResponse() == null ? null : authenticate.getXacmlResponse().getResult().getDecision().getDecision(), authenticate.getErrors());
    }

    @Override // pl.edu.icm.yadda.aas.client.IClientSecurityService
    public LoginResult login(String str) {
        Assertion assertion = null;
        AuthenticateResponse authenticate = this.aasService.authenticate(ClientSecurityServiceHelper.buildAnonymousAuthnRequest(str));
        if (authenticate.getSAMLObject() instanceof Assertion) {
            assertion = (Assertion) authenticate.getSAMLObject();
        } else if (authenticate.getSAMLObject() instanceof EncryptedAssertion) {
            throw new NotImplementedException();
        }
        if (authenticate.getXacmlResponse() != null && authenticate.getXacmlResponse().getResult().getDecision().getDecision() == DecisionType.DECISION.Permit) {
            ISecuritySession iSecuritySession = (ISecuritySession) this.sessionService.get(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME);
            ((LicenseAuthority) iSecuritySession.getAuthorities("LICENSE")).addAll(retrieveLicenses(assertion).getData());
            this.assertionHolder.addOrReplace(assertion);
            iSecuritySession.setSecuritySessionId(assertion.getID());
        }
        return new LoginResult(assertion, authenticate.getXacmlResponse() == null ? null : authenticate.getXacmlResponse().getResult().getDecision().getDecision(), authenticate.getErrors());
    }

    @Override // pl.edu.icm.yadda.aas.client.IClientSecurityService
    public boolean logout(SAMLObject... sAMLObjectArr) {
        return logout();
    }

    @Override // pl.edu.icm.yadda.aas.client.IClientSecurityService
    public boolean logout() {
        ISecuritySession iSecuritySession = (ISecuritySession) this.sessionService.get(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME);
        log.info("Loggin out, removing assertion from AssertionHolder assertionId=" + iSecuritySession.getSecuritySessionId() + ", httpSessionId=" + iSecuritySession.getHttpSessionId());
        boolean z = this.assertionHolder.remove(iSecuritySession.getSecuritySessionId()) != null;
        iSecuritySession.invalidate();
        return z;
    }

    public boolean isSupportedFetchingUserData() {
        return this.userCatalogFacade != null;
    }

    public void setAssertionHolder(IAssertionHolder iAssertionHolder) {
        this.assertionHolder = iAssertionHolder;
    }

    public void setSessionService(ISessionService iSessionService) {
        this.sessionService = iSessionService;
    }

    public void setAuthnType(String str) {
        this.authnType = str;
    }

    public void setUserCatalogFacade(IUserCatalogFacade iUserCatalogFacade) {
        this.userCatalogFacade = iUserCatalogFacade;
    }
}
