package com.att.cadi.aaf.v2_0;

import com.att.cadi.Access;
import com.att.cadi.Lur;
import com.att.cadi.TrustChecker;
import com.att.cadi.aaf.AAFPermission;
import com.att.cadi.principal.TrustPrincipal;
import com.att.cadi.taf.TafResp;
import com.att.cadi.taf.TrustNotTafResp;
import com.att.cadi.taf.TrustTafResp;
import com.att.inno.env.Env;
import com.att.inno.env.util.Split;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/att/cadi/aaf/v2_0/AAFTrustChecker.class */
public class AAFTrustChecker implements TrustChecker {
    private final String tag;
    private final String id;
    private final AAFPermission perm;
    private Lur lur;

    public AAFTrustChecker(Env env) {
        this.tag = env.getProperty("cadi_user_chain", "USER_CHAIN");
        this.id = env.getProperty("cadi_alias", env.getProperty("aaf_id"));
        String property = env.getProperty("cadi_trust_perm");
        AAFPermission aAFPermission = null;
        if (property != null) {
            String[] splitTrim = Split.splitTrim('|', property);
            if (splitTrim.length == 3) {
                aAFPermission = new AAFPermission(splitTrim[0], splitTrim[1], splitTrim[2]);
            }
        }
        this.perm = aAFPermission;
    }

    public AAFTrustChecker(Access access) {
        this.tag = access.getProperty("cadi_user_chain", "USER_CHAIN");
        this.id = access.getProperty("cadi_alias", access.getProperty("aaf_id", (String) null));
        String property = access.getProperty("cadi_trust_perm", (String) null);
        AAFPermission aAFPermission = null;
        if (property != null) {
            String[] splitTrim = Split.splitTrim('|', property);
            if (splitTrim.length == 3) {
                aAFPermission = new AAFPermission(splitTrim[0], splitTrim[1], splitTrim[2]);
            }
        }
        this.perm = aAFPermission;
    }

    public void setLur(Lur lur) {
        this.lur = lur;
    }

    public TafResp mayTrust(TafResp tafResp, HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.tag);
        if (header != null) {
            String[] split = Split.split(',', header);
            if (split.length > 0) {
                String[] splitTrim = Split.splitTrim(':', split[0]);
                if (splitTrim.length > 3 && "AS".equals(splitTrim[3])) {
                    String name = tafResp.getPrincipal().getName();
                    return (name.equals(this.id) || this.lur.fish(tafResp.getPrincipal(), this.perm)) ? new TrustTafResp(tafResp, new TrustPrincipal(tafResp.getPrincipal(), splitTrim[0]), "  " + splitTrim[0] + " validated using " + splitTrim[2] + " by " + splitTrim[1] + ',') : name.equals(splitTrim[0]) ? tafResp : new TrustNotTafResp(tafResp, tafResp.getPrincipal().getName() + " requested trust as " + splitTrim[0] + ", but does not have Authorization");
                }
            }
        }
        return tafResp;
    }
}
