package com.sun.identity.saml2.plugins;

import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.saml2.assertion.AuthnContext;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.profile.SPCache;
import com.sun.identity.saml2.profile.SPSSOFederate;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.RequestedAuthnContext;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.shared.xml.XMLUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.w3c.dom.Document;
import org.w3c.dom.Node;

/* loaded from: input_file:com/sun/identity/saml2/plugins/DefaultSPAuthnContextMapper.class */
public class DefaultSPAuthnContextMapper implements SPAuthnContextMapper {
    static String DEFAULT = "default";
    static String DEFAULT_CLASS_REF = "defaultClassRef";

    @Override // com.sun.identity.saml2.plugins.SPAuthnContextMapper
    public RequestedAuthnContext getRequestedAuthnContext(String str, String str2, Map map) throws SAML2Exception {
        Integer num;
        List list = (List) map.get(SAML2Constants.AUTH_CONTEXT_CLASS_REF);
        List list2 = (List) map.get("AuthLevel");
        Integer num2 = null;
        if (list2 != null && !list2.isEmpty()) {
            try {
                num2 = new Integer((String) list2.iterator().next());
            } catch (NumberFormatException e) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("not a valid integer", e);
                }
            } catch (Exception e2) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("error getting integer object", e2);
                }
            }
        }
        if (num2 == null) {
            num2 = getAuthLevelFromAdvice(map);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("authLevel in Query:" + num2);
            SAML2Utils.debug.message("authContextClassRef in Query:" + list);
        }
        Map authRefMap = getAuthRefMap(str, str2);
        ArrayList arrayList = new ArrayList();
        if (list != null && !list.isEmpty()) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String prefixIfRequired = prefixIfRequired((String) it.next());
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("DefaultSPAuthnContextMapper: authClassRef=" + prefixIfRequired);
                }
                arrayList.add(prefixIfRequired);
            }
        }
        if (num2 != null) {
            for (String str3 : authRefMap.keySet()) {
                if (!DEFAULT.equals(str3) && !DEFAULT_CLASS_REF.equals(str3) && (num = (Integer) authRefMap.get(str3)) != null && num.intValue() >= num2.intValue()) {
                    arrayList.add(str3);
                }
            }
        }
        if ((arrayList == null || arrayList.isEmpty()) && authRefMap != null && !authRefMap.isEmpty()) {
            String str4 = (String) authRefMap.get(DEFAULT_CLASS_REF);
            if (str4 != null) {
                arrayList.add(str4);
            } else {
                for (String str5 : authRefMap.keySet()) {
                    if (str5 != null && !str5.equals(DEFAULT)) {
                        arrayList.add(str5);
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            arrayList.add(SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPCache.authContextHash is: " + SPCache.authContextHash);
            SAML2Utils.debug.message("authCtxList is: " + arrayList);
        }
        String parameter = SPSSOFederate.getParameter(map, SAML2Constants.SP_AUTHCONTEXT_COMPARISON);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AuthComparison in Query:" + parameter);
        }
        if (parameter == null || !isValidAuthComparison(parameter)) {
            parameter = SAML2Utils.getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.SP_AUTHCONTEXT_COMPARISON_TYPE);
            if (parameter != null && !isValidAuthComparison(parameter)) {
                parameter = null;
            }
        }
        RequestedAuthnContext createRequestedAuthnContext = ProtocolFactory.getInstance().createRequestedAuthnContext();
        createRequestedAuthnContext.setAuthnContextClassRef(arrayList);
        createRequestedAuthnContext.setComparison(parameter);
        return createRequestedAuthnContext;
    }

    private Integer getAuthLevelFromAdvice(Map map) {
        Node rootNode;
        Integer num = null;
        List list = (List) map.get(SAML2Constants.AUTH_LEVEL_ADVICE);
        if (list != null && !list.isEmpty()) {
            String decode = URLEncDec.decode((String) list.iterator().next());
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("DefaultSPAuthnContextMapper:adviceXML=" + decode);
            }
            Set<String> set = null;
            Document dOMDocument = XMLUtils.toDOMDocument(decode, SAML2Utils.debug);
            if (dOMDocument != null && (rootNode = XMLUtils.getRootNode(dOMDocument, "Advices")) != null) {
                set = (Set) XMLUtils.parseAttributeValuePairTags(rootNode).get("AuthLevelConditionAdvice");
            }
            if (set != null && !set.isEmpty()) {
                for (String str : set) {
                    if (str != null && str.length() != 0) {
                        int indexOf = str.indexOf(":");
                        try {
                            Integer num2 = new Integer(indexOf != -1 ? str.substring(indexOf + 1).trim() : str);
                            if (num == null || num.compareTo(num2) > 0) {
                                num = num2;
                            }
                        } catch (Exception e) {
                        }
                    }
                }
            }
        }
        return num;
    }

    @Override // com.sun.identity.saml2.plugins.SPAuthnContextMapper
    public int getAuthLevel(RequestedAuthnContext requestedAuthnContext, AuthnContext authnContext, String str, String str2, String str3) throws SAML2Exception {
        Map map = (Map) SPCache.authContextHash.get(str2 + "|" + str);
        if (map == null || map.isEmpty()) {
            map = getAuthRefMap(str, str2);
        }
        int i = 0;
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("DefaultSPAuthnContextMapper:hostEntityID:" + str2);
            SAML2Utils.debug.message("DefaultSPAuthnContextMapper:realm:" + str);
            SAML2Utils.debug.message("DefaultSPAuthnContextMapper:MAP:" + map);
            SAML2Utils.debug.message("DefaultSPAuthnContextMapper:HASH:" + SPCache.authContextHash);
        }
        String str4 = null;
        if (authnContext != null) {
            str4 = authnContext.getAuthnContextClassRef();
        }
        if (requestedAuthnContext != null && str4 != null && !isAuthnContextMatching(requestedAuthnContext.getAuthnContextClassRef(), str4, requestedAuthnContext.getComparison(), str, str2)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidAuthnContextClassRef"));
        }
        Integer num = null;
        if (str4 == null || str4.length() <= 0) {
            if (map != null && !map.isEmpty()) {
                num = (Integer) map.get(DEFAULT);
            }
        } else if (map != null && !map.isEmpty()) {
            num = (Integer) map.get(str4);
        }
        if (num != null) {
            i = num.intValue();
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("DefaultSPAuthnContextMapper:authnClRef:" + str4);
            SAML2Utils.debug.message("DefaultSPAuthnContextMapper:authLevel :" + i);
        }
        return i;
    }

    @Override // com.sun.identity.saml2.plugins.SPAuthnContextMapper
    public boolean isAuthnContextMatching(List list, String str, String str2, String str3, String str4) {
        return SAML2Utils.isAuthnContextMatching(list, str, str2, getAuthRefMap(str3, str4));
    }

    private static Map getAuthnCtxFromSPConfig(String str, String str2) {
        List<String> allAttributeValueFromSSOConfig = SAML2Utils.getAllAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.SP_AUTH_CONTEXT_CLASS_REF_ATTR);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("DefaultSPAuthnContextMapper: List:" + allAttributeValueFromSSOConfig);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (allAttributeValueFromSSOConfig != null && allAttributeValueFromSSOConfig.size() != 0) {
            for (String str3 : allAttributeValueFromSSOConfig) {
                boolean z = false;
                if (str3.endsWith("|" + DEFAULT)) {
                    str3 = str3.substring(0, str3.length() - DEFAULT.length());
                    z = true;
                }
                StringTokenizer stringTokenizer = new StringTokenizer(str3, "|");
                String str4 = null;
                try {
                    str4 = stringTokenizer.nextToken();
                } catch (Exception e) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("AuthnContextClassRef not found");
                    }
                }
                if (stringTokenizer.hasMoreTokens()) {
                    Integer num = null;
                    try {
                        num = new Integer(stringTokenizer.nextToken());
                    } catch (NumberFormatException e2) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("DefaultSPAuthnContextMapper.getAuthnCtxFromSPConfig:", e2);
                        }
                    }
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("DefaultSPAuthnContextMapper.getAuthnCtxFromSPConfig: AuthLevel is " + num);
                    }
                    if (num != null) {
                        if (z && !linkedHashMap.containsKey(DEFAULT)) {
                            linkedHashMap.put(DEFAULT, num);
                        }
                        if (str4 != null) {
                            linkedHashMap.put(prefixIfRequired(str4), num);
                        }
                    }
                }
                if (z && str4 != null && !linkedHashMap.containsKey(DEFAULT_CLASS_REF)) {
                    linkedHashMap.put(DEFAULT_CLASS_REF, prefixIfRequired(str4));
                }
            }
        }
        return Collections.unmodifiableMap(linkedHashMap);
    }

    private static boolean isValidAuthComparison(String str) {
        return str.equals("exact") || str.equals(IFSConstants.MAXIMUM) || str.equals(IFSConstants.MINIMUM) || str.equals(IFSConstants.BETTER);
    }

    private static Map getAuthRefMap(String str, String str2) {
        String str3 = str2 + "|" + str;
        Map map = (Map) SPCache.authContextHash.get(str3);
        if (map == null) {
            try {
                map = getAuthnCtxFromSPConfig(str, str2);
                if (map != null && !map.isEmpty()) {
                    SPCache.authContextHash.put(str3, map);
                }
            } catch (Exception e) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("DefaultSPAuthnContextMapper.getAuthRefMap:", e);
                }
            }
        }
        return map;
    }

    private static String prefixIfRequired(String str) {
        return (str == null || str.indexOf(58) != -1) ? str : SAML2Constants.AUTH_CTX_PREFIX + str;
    }
}
