package com.tivoli.am.fim.demo.icam;

import com.tivoli.am.fim.demo.icam.attributes.AttributePopulator;
import com.tivoli.am.fim.demo.icam.attributes.AttributePopulatorFactory;
import com.tivoli.am.fim.trustserver.sts.STSRequest;
import com.tivoli.am.fim.trustserver.sts.STSResponse;
import com.tivoli.am.fim.trustserver.sts.STSUniversalUser;
import com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils;
import com.tivoli.am.fim.trustserver.sts.utilities.OpenIDClaimsHelper;
import com.tivoli.am.fim.trustserver.sts.utilities.QueryServiceAttribute;
import com.tivoli.am.fim.trustserver.sts.uuser.Attribute;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/tivoli/am/fim/demo/icam/IDPContextHelper.class */
public class IDPContextHelper {
    static final String CLASS;
    static Logger _log;
    static final String PAPE_POLICY_NOPII = "http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf";
    static final String PAPE_POLICY_PPID = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";
    static final String PAPE_POLICY_TRUSTLEVEL = "http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf";
    static final String PAPE_POLICY_PHISHING_RESISTANT = "http://schemas.openid.net/pape/policies/2007/06/phishing-resistant";
    static final String CREDATTR_AUTHN_TIME = "PAPE_AUTHN_TIME";
    String _username;
    OpenIDClaimsHelper _ch;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("com.tivoli.am.fim.demo.icam.IDPContextHelper");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        CLASS = cls.getName();
        _log = Logger.getLogger(CLASS);
    }

    private IDPContextHelper() {
    }

    public static IDPContextHelper fromRequestResponse(STSRequest sTSRequest, STSResponse sTSResponse) throws Exception {
        IDPContextHelper iDPContextHelper = new IDPContextHelper();
        _log.entering(CLASS, "fromRequestResponse");
        try {
            iDPContextHelper._username = sTSResponse.getSTSUniversalUser().getPrincipalName();
            if (iDPContextHelper._username == null || iDPContextHelper._username.length() <= 0) {
                IDMappingExtUtils.throwSTSException("STSUniversalUser did not contain a username");
            }
            iDPContextHelper._ch = OpenIDClaimsHelper.getOpenIDClaimsFromClaimsNode(XMLUtil.toString(sTSRequest.getRequestSecurityToken().getClaimsElement()));
            return iDPContextHelper;
        } finally {
            _log.exiting(CLASS, "fromRequestResponse", iDPContextHelper);
        }
    }

    public boolean includesPAPEPolicyNoPII() {
        _log.entering(CLASS, "includesPAPEPolicyNoPII");
        boolean z = false;
        try {
            z = this._ch.containsPAPEAuthPolicy(PAPE_POLICY_NOPII);
            _log.exiting(CLASS, "includesPAPEPolicyNoPII", new StringBuffer().append(z).toString());
            return z;
        } catch (Throwable th) {
            _log.exiting(CLASS, "includesPAPEPolicyNoPII", new StringBuffer().append(z).toString());
            throw th;
        }
    }

    public void populateRequestedAttributes(STSUniversalUser sTSUniversalUser, STSUniversalUser sTSUniversalUser2) {
        _log.entering(CLASS, "populateRequestedAttributes");
        try {
            QueryServiceAttribute[] requestedAttributes = this._ch.getRequestedAttributes();
            if (requestedAttributes != null && requestedAttributes.length > 0) {
                AttributePopulator attributePopulator = AttributePopulatorFactory.getAttributePopulator();
                for (int i = 0; i < requestedAttributes.length; i++) {
                    String name = requestedAttributes[i].getName();
                    String type = requestedAttributes[i].getType();
                    int maxValues = requestedAttributes[i].getMaxValues();
                    String str = name;
                    if (type != null && type.length() > 0) {
                        str = type;
                    }
                    String[] attributeValuesForUser = attributePopulator.getAttributeValuesForUser(this._username, str);
                    if (attributeValuesForUser != null && attributeValuesForUser.length > 0) {
                        Attribute attribute = new Attribute(name, type, (List) null);
                        if (maxValues == 0) {
                            attribute.addAttributeValues(new String[]{attributeValuesForUser[0]});
                        } else if (maxValues == -1) {
                            attribute.addAttributeValues(attributeValuesForUser);
                        } else {
                            for (int i2 = 0; i2 < attributeValuesForUser.length && i2 < maxValues; i2++) {
                                attribute.addAttributeValues(new String[]{attributeValuesForUser[i2]});
                            }
                        }
                        sTSUniversalUser2.addAttribute(attribute);
                    }
                }
            }
        } finally {
            _log.exiting(CLASS, "populateRequestedAttributes");
        }
    }

    public void updatePAPEState(STSUniversalUser sTSUniversalUser, STSUniversalUser sTSUniversalUser2) {
        _log.entering(CLASS, "updatePAPEState");
        boolean isLoggable = _log.isLoggable(Level.FINEST);
        if (isLoggable) {
            try {
                _log.logp(Level.FINEST, CLASS, "updatePAPEState", new StringBuffer("stsuu: ").append(sTSUniversalUser2.toClearTextString()).toString());
            } finally {
                _log.exiting(CLASS, "updatePAPEState");
            }
        }
        String attributeValueByName = sTSUniversalUser.getAttributeValueByName(CREDATTR_AUTHN_TIME);
        if (isLoggable) {
            _log.logp(Level.FINEST, CLASS, "updatePAPEState", new StringBuffer("lastAuthenticationTime: ").append(attributeValueByName).toString());
        }
        if (attributeValueByName != null && attributeValueByName.length() > 0) {
            sTSUniversalUser2.getContextAttributesAttributeContainer().setAttribute("openid.pape.auth_time", "", new String[]{attributeValueByName});
        }
        String[] strArr = {PAPE_POLICY_PPID, PAPE_POLICY_NOPII, PAPE_POLICY_TRUSTLEVEL};
        boolean z = false;
        Attribute attribute = new Attribute("openid.pape.auth_policies", "", (List) null);
        for (int i = 0; i < strArr.length; i++) {
            if (this._ch.containsPAPEAuthPolicy(strArr[i])) {
                z = true;
                attribute.addAttributeValues(new String[]{strArr[i]});
            }
        }
        if (this._ch.containsPAPEAuthPolicy(PAPE_POLICY_PHISHING_RESISTANT)) {
            String attributeValueByName2 = sTSUniversalUser.getAttributeValueByName("interpretedppid");
            if (attributeValueByName2 == null || attributeValueByName2.length() <= 0) {
                int intValue = Integer.valueOf(this._ch.getOpenIDClaimsElementAttribute("ReauthCount")).intValue();
                if (isLoggable) {
                    _log.logp(Level.FINEST, CLASS, "updatePAPEState", new StringBuffer("reauthCount: ").append(intValue).toString());
                }
                if (intValue <= 1) {
                    sTSUniversalUser2.addContextAttribute(new Attribute("openid.pape.to_be_satisfied_auth_policies", "", new String[]{PAPE_POLICY_PHISHING_RESISTANT}));
                }
            } else {
                z = true;
                attribute.addAttributeValues(new String[]{PAPE_POLICY_PHISHING_RESISTANT});
            }
        }
        if (z) {
            sTSUniversalUser2.addContextAttribute(attribute);
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("{");
        stringBuffer.append("_username: ");
        stringBuffer.append(this._username);
        stringBuffer.append("}");
        return stringBuffer.toString();
    }
}
