package org.picketlink.identity.federation.web.handlers.saml2;

import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpSession;
import org.picketlink.common.constants.GeneralConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.util.StringUtil;
import org.picketlink.config.federation.IDPType;
import org.picketlink.identity.federation.core.impl.DelegatedAttributeManager;
import org.picketlink.identity.federation.core.impl.EmptyAttributeManager;
import org.picketlink.identity.federation.core.interfaces.AttributeManager;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2AttributeManager;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.core.HTTPContext;

/* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.7.0.CR2.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.class */
public class SAML2AttributeHandler extends BaseSAML2Handler {
    protected SAML2AttributeManager attribManager = new DelegatedAttributeManager(new EmptyAttributeManager(), null);
    protected List<String> attributeKeys = new ArrayList();
    protected boolean chooseFriendlyName = false;

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void initChainConfig(SAML2HandlerChainConfig sAML2HandlerChainConfig) throws ConfigurationException {
        super.initChainConfig(sAML2HandlerChainConfig);
        Object parameter = this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION);
        if ((parameter instanceof IDPType) && getAttributeManager() == null) {
            insantiateAttributeManager(((IDPType) parameter).getAttributeManager());
        }
    }

    private Object getAttributeManager() {
        if (this.handlerConfig == null) {
            return null;
        }
        return this.handlerConfig.getParameter(GeneralConstants.ATTIBUTE_MANAGER);
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void initHandlerConfig(SAML2HandlerConfig sAML2HandlerConfig) throws ConfigurationException {
        super.initHandlerConfig(sAML2HandlerConfig);
        insantiateAttributeManager((String) getAttributeManager());
        String str = (String) this.handlerConfig.getParameter(GeneralConstants.ATTRIBUTE_KEYS);
        if (StringUtil.isNotNull(str)) {
            this.attributeKeys.addAll(StringUtil.tokenize(str));
        }
        String str2 = (String) sAML2HandlerConfig.getParameter(GeneralConstants.ATTRIBUTE_CHOOSE_FRIENDLY_NAME);
        if (StringUtil.isNotNull(str2)) {
            this.chooseFriendlyName = Boolean.parseBoolean(str2);
        }
    }

    @Override // org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        SAML2Object sAML2Object = sAML2HandlerRequest.getSAML2Object();
        if ((sAML2Object instanceof LogoutRequestType) || getType() == SAML2Handler.HANDLER_TYPE.SP) {
            return;
        }
        HTTPContext hTTPContext = (HTTPContext) sAML2HandlerRequest.getContext();
        HttpSession session = hTTPContext.getRequest().getSession(false);
        Principal principal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
        AuthnRequestType authnRequestType = (AuthnRequestType) sAML2Object;
        if (principal == null) {
            principal = hTTPContext.getRequest().getUserPrincipal();
        }
        if (((Map) session.getAttribute(GeneralConstants.ATTRIBUTES)) == null) {
            Set<AttributeStatementType> attributes = this.attribManager.getAttributes(authnRequestType, principal);
            sAML2HandlerRequest.addOption(GeneralConstants.ATTRIBUTES, attributes);
            session.setAttribute(GeneralConstants.ATTRIBUTES, StatementUtil.asMap(attributes));
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
            return;
        }
        handleIDPResponse(sAML2HandlerRequest);
    }

    private void insantiateAttributeManager(String str) throws ConfigurationException {
        if (str == null || "".equals(str)) {
            return;
        }
        try {
            this.attribManager = new DelegatedAttributeManager((AttributeManager) SecurityActions.loadClass(getClass(), str).newInstance(), null);
            logger.trace("AttributeManager set to " + str);
        } catch (Exception e) {
            logger.attributeProviderInstationError(e);
            throw logger.configurationError(e);
        }
    }

    protected void handleIDPResponse(SAML2HandlerRequest sAML2HandlerRequest) {
        if (sAML2HandlerRequest.getSAML2Object() instanceof ResponseType) {
            HttpSession session = ((HTTPContext) sAML2HandlerRequest.getContext()).getRequest().getSession(false);
            AssertionType assertionType = (AssertionType) sAML2HandlerRequest.getOptions().get(GeneralConstants.ASSERTION);
            if (assertionType == null) {
                throw logger.samlHandlerAssertionNotFound();
            }
            for (StatementAbstractType statementAbstractType : assertionType.getStatements()) {
                if (statementAbstractType instanceof AttributeStatementType) {
                    for (AttributeStatementType.ASTChoiceType aSTChoiceType : ((AttributeStatementType) statementAbstractType).getAttributes()) {
                        Map map = (Map) session.getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP);
                        if (map == null) {
                            map = new HashMap();
                            session.setAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP, map);
                        }
                        AttributeType attribute = aSTChoiceType.getAttribute();
                        String friendlyName = this.chooseFriendlyName ? attribute.getFriendlyName() : attribute.getName();
                        List list = (List) map.get(friendlyName);
                        if (list == null) {
                            list = new ArrayList();
                            map.put(friendlyName, list);
                        }
                        list.addAll(attribute.getAttributeValue());
                    }
                }
            }
        }
    }
}
