package pl.edu.icm.yadda.aas.client.authn;

import java.util.List;
import org.apache.log4j.Logger;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.xacml.ctx.DecisionType;
import org.opensaml.lite.xacml.policy.ObligationsType;
import pl.edu.icm.yadda.aas.client.IAssertionHolder;
import pl.edu.icm.yadda.aas.client.authn.oblig.IObligationsAnalyzer;
import pl.edu.icm.yadda.aas.client.authn.req.IAuthnRequestBuilder;
import pl.edu.icm.yadda.aas.client.authn.sched.IReauthenticationScheduler;
import pl.edu.icm.yadda.service2.aas.AAError;
import pl.edu.icm.yadda.service2.aas.AuthenticateResponse;
import pl.edu.icm.yadda.service2.aas.IAAService;

/* loaded from: input_file:pl/edu/icm/yadda/aas/client/authn/GenericServiceAuthenticator.class */
public class GenericServiceAuthenticator implements IServiceAuthenticator {
    private IAAService authnService;
    private IAuthnRequestBuilder requestBuilder;
    private IAssertionHolder assertionHolder;
    private IReauthenticationScheduler reauthnScheduler;
    private IObligationsAnalyzer obligationsAnalyzer;
    private final Logger log = Logger.getLogger(getClass());
    private boolean breakOnFailure = true;

    @Override // pl.edu.icm.yadda.aas.client.authn.IServiceAuthenticator
    public void authenticateService() throws ServiceAuthenticatorException {
        reauthenticateService(null);
    }

    @Override // pl.edu.icm.yadda.aas.client.authn.IServiceAuthenticator
    public void reauthenticateService(String str) throws ServiceAuthenticatorException {
        AnalysisResult analyze = analyze(this.authnService.authenticate(this.requestBuilder.buildAuthnRequest(null)), str);
        if (analyze != null && analyze.success) {
            this.log.debug("service successfully authenticated!");
            return;
        }
        String str2 = "Service authentication failed: " + (analyze != null ? analyze.message : null);
        if (this.breakOnFailure) {
            throw new ServiceAuthenticatorException(str2);
        }
        this.log.warn(str2);
    }

    protected AnalysisResult analyze(AuthenticateResponse authenticateResponse, String str) throws ServiceAuthenticatorException {
        if (authenticateResponse == null) {
            return new AnalysisResult(false, "null authentication response");
        }
        if (authenticateResponse.getResult() == null || authenticateResponse.getResult().getDecision() == null) {
            return new AnalysisResult(false, "invalid response: no decision found!");
        }
        if (authenticateResponse.getResult().getDecision().getDecision() != DecisionType.DECISION.Permit) {
            logErrors(authenticateResponse.getErrors());
            return new AnalysisResult(false, "decision " + authenticateResponse.getResult().getDecision().getDecision());
        }
        AnalysisResult analyzeAuthnPermitObligations = analyzeAuthnPermitObligations(authenticateResponse.getResult().getObligations());
        if (!analyzeAuthnPermitObligations.isSuccess()) {
            return analyzeAuthnPermitObligations;
        }
        if (authenticateResponse.getSAMLObject() == null || !(authenticateResponse.getSAMLObject() instanceof Assertion)) {
            this.log.warn("expected authn assertion got: " + (authenticateResponse.getSAMLObject() != null ? authenticateResponse.getSAMLObject().getClass().getName() : null));
        } else {
            Assertion sAMLObject = authenticateResponse.getSAMLObject();
            this.assertionHolder.addOrReplace(sAMLObject);
            this.log.debug("new authenctication assertion stored: " + sAMLObject.getID());
            if (str != null) {
                this.assertionHolder.remove(str);
                this.log.debug("old authenctication assertion removed: " + str);
            }
            this.reauthnScheduler.scheduleReauthentication(sAMLObject, this);
        }
        return new AnalysisResult(true);
    }

    protected void logErrors(List<AAError> list) {
        if (list == null || list.size() <= 0) {
            return;
        }
        for (AAError aAError : list) {
            this.log.error(aAError.getErrorId() + ':' + aAError.getMessage(), aAError.getThrowable());
        }
    }

    protected AnalysisResult analyzeAuthnPermitObligations(ObligationsType obligationsType) throws ServiceAuthenticatorException {
        return this.obligationsAnalyzer == null ? new AnalysisResult(true) : this.obligationsAnalyzer.analyze(obligationsType);
    }

    public void setAuthnService(IAAService iAAService) {
        this.authnService = iAAService;
    }

    public void setRequestBuilder(IAuthnRequestBuilder iAuthnRequestBuilder) {
        this.requestBuilder = iAuthnRequestBuilder;
    }

    public void setAssertionHolder(IAssertionHolder iAssertionHolder) {
        this.assertionHolder = iAssertionHolder;
    }

    public void setBreakOnFailure(boolean z) {
        this.breakOnFailure = z;
    }

    public void setObligationsAnalyzer(IObligationsAnalyzer iObligationsAnalyzer) {
        this.obligationsAnalyzer = iObligationsAnalyzer;
    }

    public void setReauthnScheduler(IReauthenticationScheduler iReauthenticationScheduler) {
        this.reauthnScheduler = iReauthenticationScheduler;
    }
}
