package org.picketlink.identity.federation.web.handlers.saml2;

import java.security.Principal;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.config.IDPType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.impl.EmptyRoleGenerator;
import org.picketlink.identity.federation.core.interfaces.RoleGenerator;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;

/* loaded from: input_file:WEB-INF/lib/picketlink-web-1.0.0.jar:org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.class */
public class RolesGenerationHandler extends BaseSAML2Handler {
    private static Logger log = Logger.getLogger(RolesGenerationHandler.class);
    private boolean trace = log.isTraceEnabled();
    private transient RoleGenerator roleGenerator = new EmptyRoleGenerator();

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler
    public void initChainConfig(SAML2HandlerChainConfig sAML2HandlerChainConfig) throws ConfigurationException {
        super.initChainConfig(sAML2HandlerChainConfig);
        Object parameter = this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION);
        if (parameter instanceof IDPType) {
            insantiateRoleValidator(((IDPType) parameter).getRoleGenerator());
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler
    public void initHandlerConfig(SAML2HandlerConfig sAML2HandlerConfig) throws ConfigurationException {
        super.initHandlerConfig(sAML2HandlerConfig);
        insantiateRoleValidator((String) this.handlerConfig.getParameter(GeneralConstants.ATTIBUTE_MANAGER));
    }

    public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if ((sAML2HandlerRequest.getSAML2Object() instanceof LogoutRequestType) || getType() == SAML2Handler.HANDLER_TYPE.SP) {
            return;
        }
        HttpSession session = ((HTTPContext) sAML2HandlerRequest.getContext()).getRequest().getSession(false);
        Principal principal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
        List list = (List) session.getAttribute(GeneralConstants.ROLES_ID);
        if (list == null) {
            list = this.roleGenerator.generateRoles(principal);
            session.setAttribute(GeneralConstants.ROLES_ID, list);
        }
        sAML2HandlerResponse.setRoles(list);
    }

    private void insantiateRoleValidator(String str) throws ConfigurationException {
        if (str == null || "".equals(str)) {
            return;
        }
        try {
            this.roleGenerator = (RoleGenerator) SecurityActions.getContextClassLoader().loadClass(str).newInstance();
            if (this.trace) {
                log.trace("RoleGenerator set to " + this.roleGenerator);
            }
        } catch (Exception e) {
            log.error("Exception initializing role generator:", e);
            throw new ConfigurationException();
        }
    }
}
