package net.shibboleth.idp.attribute.consent;

import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.consent.ConsentContext;
import net.shibboleth.idp.attribute.consent.storage.Storage;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:net/shibboleth/idp/attribute/consent/ConsentEngineImpl.class */
public class ConsentEngineImpl implements ConsentEngine {
    private final Logger logger = LoggerFactory.getLogger(ConsentEngineImpl.class);

    @Resource(name = "consent.storage")
    private Storage storage;

    @Resource(name = "consent.config.relyingPartyWhiteBlackList")
    private Collection<String> relyingPartyWhiteBlackList;

    @Resource(name = "consent.config.relyingPartyWhiteBlackList.isBlacklist")
    private boolean relyingPartyWhiteBlackListIsBlacklist;

    @Resource(name = "consent.config.attributeBlacklist")
    private Collection<String> attributeBlacklist;

    @Resource(name = "consent.config.userIdAttribute")
    private String userIdAttribute;

    @Resource(name = "consent.config.alwaysRequireConsent")
    private boolean alwaysRequireConsent;

    public void determineConsent(ConsentContext consentContext) throws ConsentException {
        Assert.notNull(consentContext, "No consent context found");
        Assert.state(consentContext.getParent().getClass().equals(ProfileRequestContext.class), "Owner of a consent context must be a profile context");
        String relyingParty = ConsentHelper.getRelyingParty(consentContext);
        Collection values = consentContext.getUserIdPAttributes().values();
        String findUserId = ConsentHelper.findUserId(this.userIdAttribute, values);
        Assert.notNull(findUserId, "No userId found");
        this.logger.debug("Using {}({}) as userId attribute", this.userIdAttribute, findUserId);
        User createUser = createUser(findUserId, relyingParty);
        if (ConsentHelper.isConsentRevocationRequested(consentContext)) {
            createUser.setGlobalConsent(false);
            createUser.setAttributeReleases(relyingParty, Collections.EMPTY_SET);
            this.storage.deleteAttributeReleases(createUser.getId(), relyingParty);
        }
        if (createUser.hasGlobalConsent()) {
            this.logger.info("user {} has given global consent", createUser);
            consentContext.setConsentDecision(ConsentContext.Consent.PRIOR);
            return;
        }
        if (ConsentHelper.skipRelyingParty(this.relyingPartyWhiteBlackList, this.relyingPartyWhiteBlackListIsBlacklist, relyingParty)) {
            this.logger.info("Skip relying party {}", relyingParty);
            consentContext.setConsentDecision(ConsentContext.Consent.UNSPECIFIED);
            return;
        }
        Collection<IdPAttribute> removeBlacklistedAttributes = ConsentHelper.removeBlacklistedAttributes(this.attributeBlacklist, values);
        this.logger.debug("Blacklisted attributes are removed from the release set, considered attributes are {}", removeBlacklistedAttributes);
        if (removeBlacklistedAttributes.isEmpty()) {
            this.logger.info("No attributes of user {} for relying party {} are released", createUser, relyingParty);
            consentContext.setConsentDecision(ConsentContext.Consent.INAPPLICABLE);
            return;
        }
        if (this.alwaysRequireConsent) {
            this.logger.debug("Always require consent is enabled");
            showAttributeReleaseView(consentContext, createUser, relyingParty, removeBlacklistedAttributes);
        } else if (createUser.hasGlobalConsent()) {
            this.logger.info("User {} has given global consent", createUser);
            consentContext.setConsentDecision(ConsentContext.Consent.PRIOR);
        } else if (!createUser.hasApprovedAttributes(relyingParty, removeBlacklistedAttributes)) {
            showAttributeReleaseView(consentContext, createUser, relyingParty, removeBlacklistedAttributes);
        } else {
            this.logger.info("User {} has appoved set of attributes for relying party {}", createUser, relyingParty);
            consentContext.setConsentDecision(ConsentContext.Consent.PRIOR);
        }
    }

    private void showAttributeReleaseView(ConsentContext consentContext, User user, String str, Collection<IdPAttribute> collection) {
        HttpServletRequest request = ConsentHelper.getRequest(consentContext);
        HttpServletResponse response = ConsentHelper.getResponse(consentContext);
        request.setAttribute(ConsentServlet.USER_KEY, user);
        request.setAttribute(ConsentServlet.RELYINGPARTYID_KEY, str);
        request.setAttribute(ConsentServlet.ATTRIBUTES_KEY, collection);
        this.logger.debug("Dispatch to attribute release view");
        try {
            request.getRequestDispatcher("attribute-release").forward(request, response);
        } catch (ServletException e) {
            this.logger.error("Error while dispatching to attribute release view", e);
        } catch (IOException e2) {
            this.logger.error("Error while dispatching to attribute release view", e2);
        }
    }

    private User createUser(String str, String str2) {
        User user;
        if (this.storage.containsUser(str)) {
            user = this.storage.readUser(str);
            user.setAttributeReleases(str2, this.storage.readAttributeReleases(str, str2));
        } else {
            user = new User(str, false);
            user.setAttributeReleases(str2, Collections.EMPTY_SET);
        }
        return user;
    }
}
