package fi.vm.sade.generic.ui.portlet.security;

import fi.vm.sade.authentication.cas.DefaultTicketCachePolicy;
import fi.vm.sade.authentication.cas.TicketCachePolicy;
import fi.vm.sade.generic.PERA;
import java.util.Collection;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/lib/generic-common-9.4-SNAPSHOT.jar:fi/vm/sade/generic/ui/portlet/security/ProxyAuthenticator.class */
public class ProxyAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(ProxyAuthenticator.class);
    private TicketCachePolicy ticketCachePolicy = new DefaultTicketCachePolicy();

    /* loaded from: input_file:WEB-INF/lib/generic-common-9.4-SNAPSHOT.jar:fi/vm/sade/generic/ui/portlet/security/ProxyAuthenticator$Callback.class */
    public interface Callback {
        void setRequestHeader(String str, String str2);

        void gotNewTicket(Authentication authentication, String str);
    }

    public void proxyAuthenticate(String str, String str2, Callback callback) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            try {
                if ("dev".equals(str2)) {
                    proxyAuthenticateDev(callback, authentication);
                }
            } catch (Throwable th) {
                throw new RuntimeException("Could not attach security ticket to SOAP message, user: " + (authentication != null ? authentication.getName() : "null") + ", authmode: " + str2 + ", exception: " + th, th);
            }
        }
        proxyAuthenticateCas(str, callback, authentication);
    }

    protected void proxyAuthenticateCas(String str, Callback callback, Authentication authentication) {
        String cachedProxyTicket = getCachedProxyTicket(str, authentication, callback);
        if (cachedProxyTicket == null) {
            throw new BadCredentialsException("got null proxyticket, cannot attach to request, casTargetService: " + str + ", authentication: " + authentication);
        }
        callback.setRequestHeader("CasSecurityTicket", cachedProxyTicket);
        PERA.setProxyKayttajaHeaders(callback, authentication.getName());
        log.debug("attached proxyticket to request! user: " + authentication.getName() + ", ticket: " + cachedProxyTicket);
    }

    protected void proxyAuthenticateDev(Callback callback, Authentication authentication) {
        callback.setRequestHeader("CasSecurityTicket", "oldDeprecatedSecurity_REMOVE");
        String name = authentication.getName();
        String proxyAuthenticator = toString(authentication.getAuthorities());
        callback.setRequestHeader("oldDeprecatedSecurity_REMOVE_username", name);
        callback.setRequestHeader("oldDeprecatedSecurity_REMOVE_authorities", proxyAuthenticator);
        log.debug("DEV Proxy ticket! user: " + name + ", authorities: " + proxyAuthenticator);
    }

    public String getCachedProxyTicket(final String str, final Authentication authentication, final Callback callback) {
        return this.ticketCachePolicy.getCachedTicket(str, authentication, new TicketCachePolicy.TicketLoader() { // from class: fi.vm.sade.generic.ui.portlet.security.ProxyAuthenticator.1
            @Override // fi.vm.sade.authentication.cas.TicketCachePolicy.TicketLoader
            public String loadTicket() {
                String obtainNewCasProxyTicket = ProxyAuthenticator.this.obtainNewCasProxyTicket(str, authentication);
                if (callback != null) {
                    callback.gotNewTicket(authentication, obtainNewCasProxyTicket);
                }
                return obtainNewCasProxyTicket;
            }
        });
    }

    public void clearTicket(String str) {
        this.ticketCachePolicy.clearTicket(str, SecurityContextHolder.getContext().getAuthentication());
    }

    protected String obtainNewCasProxyTicket(String str, Authentication authentication) {
        if (authentication == null || (authentication instanceof AnonymousAuthenticationToken)) {
            throw new RuntimeException("current user is not authenticated");
        }
        String proxyTicketFor = ((CasAuthenticationToken) authentication).getAssertion().getPrincipal().getProxyTicketFor(str);
        if (proxyTicketFor == null) {
            throw new NullPointerException("obtainNewCasProxyTicket got null proxyticket, there must be something wrong with cas proxy authentication -scenario! check proxy callback works etc, targetService: " + str + ", user: " + authentication.getName());
        }
        return proxyTicketFor;
    }

    private String toString(Collection<? extends GrantedAuthority> collection) {
        StringBuilder sb = new StringBuilder();
        Iterator<? extends GrantedAuthority> it = collection.iterator();
        while (it.hasNext()) {
            sb.append(it.next().getAuthority()).append(StringArrayPropertyEditor.DEFAULT_SEPARATOR);
        }
        return sb.toString();
    }

    public void setTicketCachePolicy(TicketCachePolicy ticketCachePolicy) {
        this.ticketCachePolicy = ticketCachePolicy;
    }
}
