package org.kuali.rice.kim.client.acegi;

import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import java.io.StringReader;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.cas.TicketResponse;
import org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.kuali.rice.kim.sesn.DistributedSession;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:WEB-INF/lib/rice-impl-1.0.3.3.jar:org/kuali/rice/kim/client/acegi/KualiCasProxyTicketValidator.class */
public class KualiCasProxyTicketValidator extends CasProxyTicketValidator {
    private static final Log logger = LogFactory.getLog(KualiCasProxyTicketValidator.class);
    private DistributedSession distributedSession;

    protected TicketResponse validateNow(ProxyTicketValidator proxyTicketValidator) throws AuthenticationServiceException, BadCredentialsException {
        String str = null;
        String str2 = null;
        try {
            proxyTicketValidator.validate();
            if (!proxyTicketValidator.isAuthenticationSuccesful()) {
                throw new BadCredentialsException(proxyTicketValidator.getErrorCode() + ": " + proxyTicketValidator.getErrorMessage());
            }
            logger.debug("PROXY RESPONSE: " + proxyTicketValidator.getResponse());
            if (logger.isDebugEnabled()) {
                logger.debug("DEBUG");
            }
            try {
                DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
                InputSource inputSource = new InputSource();
                inputSource.setCharacterStream(new StringReader(proxyTicketValidator.getResponse()));
                NodeList elementsByTagName = newDocumentBuilder.parse(inputSource).getDocumentElement().getElementsByTagName("cas:attribute");
                for (int i = 0; i < elementsByTagName.getLength(); i++) {
                    logger.debug("Field name:" + ((Element) elementsByTagName.item(i)).getAttribute("name") + "=" + ((Element) elementsByTagName.item(i)).getAttribute("value"));
                    if (((Element) elementsByTagName.item(i)).getAttribute("name").equals("authenticationMethod")) {
                        str = ((Element) elementsByTagName.item(i)).getAttribute("value");
                    } else if (((Element) elementsByTagName.item(i)).getAttribute("name").equals(DistributedSession.DEFAULT_PREFIX)) {
                        str2 = ((Element) elementsByTagName.item(i)).getAttribute("value");
                    }
                }
                if (str != null && str2 != null) {
                    String str3 = proxyTicketValidator.getUser() + "@" + str;
                    if (logger.isDebugEnabled()) {
                        logger.debug("Updating session: " + str2 + " " + str3);
                    }
                    this.distributedSession.touchSesn(str2);
                } else if (logger.isDebugEnabled()) {
                    logger.debug("Incomplete data from CAS:" + str + ":" + str2);
                }
            } catch (Exception e) {
                logger.error("Error parsing CAS Result", e);
            }
            logger.debug("Authentication Method:" + str);
            return new KualiTicketResponse(proxyTicketValidator.getUser(), proxyTicketValidator.getProxyList(), proxyTicketValidator.getPgtIou(), str2);
        } catch (Exception e2) {
            throw new AuthenticationServiceException(e2.getMessage());
        }
    }

    public void setDistributedSession(DistributedSession distributedSession) {
        this.distributedSession = distributedSession;
    }
}
