package org.ojbc.mondrian.rest;

import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ojbc.mondrian.rest.RequestAuthorizer;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.w3c.dom.Document;

@Component
/* loaded from: input_file:WEB-INF/classes/org/ojbc/mondrian/rest/SamlAssertionRequestAuthorizer.class */
public class SamlAssertionRequestAuthorizer extends AbstractSamlAssertionRequestAuthorizer {
    private final Log log = LogFactory.getLog(SamlAssertionRequestAuthorizer.class);
    private Map<String, Map<String, String>> tokenRoleMappings;

    @Value("${samlAssertionRequestAuthorizerConfigFileName:saml-assertion-request-authorizer.json}")
    private String samlAssertionRequestAuthorizerConfigFileName;

    @PostConstruct
    public void init() throws Exception {
        this.tokenRoleMappings = RequestAuthorizer.AuthorizerUtil.convertRoleConnectionJsonToMaps(this.samlAssertionRequestAuthorizerConfigFileName);
    }

    public void setSamlAssertionRequestAuthorizerConfigFileName(String str) {
        this.samlAssertionRequestAuthorizerConfigFileName = str;
    }

    @Override // org.ojbc.mondrian.rest.AbstractSamlAssertionRequestAuthorizer
    protected RequestAuthorizer.RequestAuthorizationStatus authorizeAssertion(String str, Document document) {
        Map<String, String> connectionMappingsForAssertion = getConnectionMappingsForAssertion(document);
        RequestAuthorizer.RequestAuthorizationStatus requestAuthorizationStatus = new RequestAuthorizer.RequestAuthorizationStatus();
        requestAuthorizationStatus.authorized = false;
        if (connectionMappingsForAssertion != null) {
            String str2 = connectionMappingsForAssertion.get(str);
            if (str2 != null) {
                requestAuthorizationStatus.authorized = true;
                requestAuthorizationStatus.mondrianRole = str2;
                requestAuthorizationStatus.token = getToken(document);
                if (str2.equals(ALL_ACCESS_ROLE_NAME)) {
                    requestAuthorizationStatus.mondrianRole = null;
                }
            } else {
                requestAuthorizationStatus.message = "Authentication failed for SAML assertion with token " + getToken(document) + " for connection " + str;
            }
        } else {
            requestAuthorizationStatus.message = "Authentication failed.  No connection-role mappings found for assertion with token " + getToken(document);
        }
        return requestAuthorizationStatus;
    }

    private Map<String, String> getConnectionMappingsForAssertion(Document document) {
        String token = getToken(document);
        if (token != null) {
            return this.tokenRoleMappings.get(token);
        }
        return null;
    }
}
