package org.jasig.cas.extension.clearpass.integration.uportal;

import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.portal.security.IOpaqueCredentials;
import org.jasig.portal.security.provider.ChainingSecurityContext;
import org.jasig.portal.security.provider.NotSoOpaqueCredentials;
import org.jasig.portal.security.provider.cas.CasAssertionSecurityContext;
import org.springframework.util.Assert;

/* loaded from: input_file:org/jasig/cas/extension/clearpass/integration/uportal/PasswordCachingCasAssertionSecurityContext.class */
public class PasswordCachingCasAssertionSecurityContext extends CasAssertionSecurityContext {
    private final String clearPassUrl;
    private byte[] cachedCredentials;

    /* loaded from: input_file:org/jasig/cas/extension/clearpass/integration/uportal/PasswordCachingCasAssertionSecurityContext$CacheOpaqueCredentials.class */
    private class CacheOpaqueCredentials extends ChainingSecurityContext.ChainingOpaqueCredentials implements NotSoOpaqueCredentials {
        private static final long serialVersionUID = 1;

        private CacheOpaqueCredentials() {
            super(PasswordCachingCasAssertionSecurityContext.this);
        }

        public String getCredentials() {
            if (this.credentialstring != null) {
                return new String(this.credentialstring);
            }
            return null;
        }

        /* synthetic */ CacheOpaqueCredentials(PasswordCachingCasAssertionSecurityContext passwordCachingCasAssertionSecurityContext, CacheOpaqueCredentials cacheOpaqueCredentials) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordCachingCasAssertionSecurityContext(String str) {
        Assert.notNull(str, "clearPassUrl cannot be null.");
        this.clearPassUrl = str;
    }

    protected final void postAuthenticate(Assertion assertion) {
        String proxyTicketFor = assertion.getPrincipal().getProxyTicketFor(this.clearPassUrl);
        if (proxyTicketFor == null) {
            this.log.error("Unable to obtain proxy ticket for ClearPass service.");
            return;
        }
        String retrievePasswordFromResponse = retrievePasswordFromResponse(proxyTicketFor);
        if (retrievePasswordFromResponse == null) {
            this.log.debug("Unable to retrieve password from ClearPass.");
        } else {
            this.log.debug("Password retrieved from ClearPass.");
            this.cachedCredentials = retrievePasswordFromResponse.getBytes();
        }
    }

    public final IOpaqueCredentials getOpaqueCredentials() {
        if (this.cachedCredentials == null) {
            return super.getOpaqueCredentials();
        }
        CacheOpaqueCredentials cacheOpaqueCredentials = new CacheOpaqueCredentials(this, null);
        cacheOpaqueCredentials.setCredentials(this.cachedCredentials);
        return cacheOpaqueCredentials;
    }

    protected final String retrievePasswordFromResponse(String str) {
        String retrieveResponseFromServer = retrieveResponseFromServer(String.valueOf(this.clearPassUrl) + (this.clearPassUrl.contains("?") ? "&" : "?") + "ticket=" + str, "UTF-8");
        String textForElement = XmlUtils.getTextForElement(retrieveResponseFromServer, "credentials");
        if (this.log.isTraceEnabled()) {
            this.log.trace(String.format("ClearPass Response was:\n %s", retrieveResponseFromServer));
        }
        if (CommonUtils.isNotBlank(textForElement)) {
            return textForElement;
        }
        this.log.error("Unable to Retrieve Password.  If you see a [403] HTTP response code returned from the CommonUtils then it most likely means the proxy configuration on the CAS server is not correct.\n\nFull Response from ClearPass was [" + retrieveResponseFromServer + "].");
        return null;
    }

    protected String retrieveResponseFromServer(String str, String str2) {
        return CommonUtils.getResponseFromServer(str, "UTF-8");
    }
}
