package org.picketlink.identity.federation.web.handlers.saml2;

import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.apache.wss4j.common.crypto.Merlin;
import org.jboss.security.audit.AuditLevel;
import org.picketlink.common.constants.GeneralConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.config.federation.IDPType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEvent;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEventType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;
import org.picketlink.identity.federation.core.impl.EmptyRoleGenerator;
import org.picketlink.identity.federation.core.interfaces.RoleGenerator;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.web.core.HTTPContext;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/picketlink/federation/main/picketlink-federation-2.5.5.SP2.jar:org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.class */
public class RolesGenerationHandler extends BaseSAML2Handler {
    private transient RoleGenerator roleGenerator = new EmptyRoleGenerator();

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void initChainConfig(SAML2HandlerChainConfig sAML2HandlerChainConfig) throws ConfigurationException {
        super.initChainConfig(sAML2HandlerChainConfig);
        Object parameter = this.handlerChainConfig.getParameter("CONFIGURATION");
        if (parameter instanceof IDPType) {
            insantiateRoleValidator(((IDPType) parameter).getRoleGenerator());
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void initHandlerConfig(SAML2HandlerConfig sAML2HandlerConfig) throws ConfigurationException {
        super.initHandlerConfig(sAML2HandlerConfig);
        insantiateRoleValidator((String) this.handlerConfig.getParameter("ATTRIBUTE_MANAGER"));
    }

    @Override // org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if ((sAML2HandlerRequest.getSAML2Object() instanceof LogoutRequestType) || getType() == SAML2Handler.HANDLER_TYPE.SP) {
            return;
        }
        HttpSession session = ((HTTPContext) sAML2HandlerRequest.getContext()).getRequest().getSession(false);
        Map<String, Object> options = sAML2HandlerRequest.getOptions();
        PicketLinkAuditHelper picketLinkAuditHelper = (PicketLinkAuditHelper) options.get(GeneralConstants.AUDIT_HELPER);
        String str = (String) options.get("CONTEXT_PATH");
        Principal principal = (Principal) session.getAttribute("picketlink.principal");
        List<String> list = (List) session.getAttribute("picketlink.roles");
        if (list == null) {
            list = this.roleGenerator.generateRoles(principal);
            if (picketLinkAuditHelper != null) {
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                picketLinkAuditEvent.setWhoIsAuditing(str);
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.GENERATED_ROLES);
                picketLinkAuditEvent.setOptionalString(principal.getName() + "(" + Arrays.toString(list.toArray()) + Merlin.ENCRYPTED_PASSWORD_SUFFIX);
                picketLinkAuditHelper.audit(picketLinkAuditEvent);
            }
            session.setAttribute("picketlink.roles", list);
        }
        sAML2HandlerResponse.setRoles(list);
    }

    private void insantiateRoleValidator(String str) throws ConfigurationException {
        if (str == null || "".equals(str)) {
            return;
        }
        try {
            this.roleGenerator = (RoleGenerator) SecurityActions.loadClass(getClass(), str).newInstance();
            logger.trace("RoleGenerator set to " + this.roleGenerator);
        } catch (Exception e) {
            logger.samlHandlerRoleGeneratorSetupError(e);
            throw logger.configurationError(e);
        }
    }
}
