package org.craftercms.engine.util.spring.security.saml2;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.core.util.cache.CacheTemplate;
import org.craftercms.engine.service.context.SiteContext;
import org.craftercms.engine.util.ConfigUtils;
import org.craftercms.engine.util.spring.security.CustomUser;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.XSString;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLCredential;

/* loaded from: input_file:BOOT-INF/lib/crafter-studio-3.1.11E-classes.jar:org/craftercms/engine/util/spring/security/saml2/ConfigAwareSAMLAuthenticationProvider.class */
public class ConfigAwareSAMLAuthenticationProvider extends SAMLAuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ConfigAwareSAMLAuthenticationProvider.class);
    private static final String CONFIG_CACHE_KEY = "saml2.config";
    protected CacheTemplate cacheTemplate;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:BOOT-INF/lib/crafter-studio-3.1.11E-classes.jar:org/craftercms/engine/util/spring/security/saml2/ConfigAwareSAMLAuthenticationProvider$SAMLConfig.class */
    public static class SAMLConfig {
        protected String roleElementName;
        protected Map<String, String> attributeMapping = Collections.emptyMap();
        protected Map<String, String> roleMapping = Collections.emptyMap();

        protected SAMLConfig() {
        }
    }

    public ConfigAwareSAMLAuthenticationProvider(CacheTemplate cacheTemplate) {
        this.cacheTemplate = cacheTemplate;
    }

    protected SAMLConfig getConfig(HierarchicalConfiguration hierarchicalConfiguration) {
        return (SAMLConfig) this.cacheTemplate.getObject(SiteContext.getCurrent().getContext(), () -> {
            SAMLConfig sAMLConfig = new SAMLConfig();
            sAMLConfig.roleElementName = hierarchicalConfiguration.getString(Constants.ROLE_KEY_CONFIG_KEY, Constants.DEFAULT_ROLE_CONFIG_KEY);
            List configurationsAt = hierarchicalConfiguration.configurationsAt(Constants.ATTRIBUTES_MAPPINGS_CONFIG_KEY);
            if (CollectionUtils.isNotEmpty(configurationsAt)) {
                sAMLConfig.attributeMapping = new HashMap();
                configurationsAt.forEach(hierarchicalConfiguration2 -> {
                    sAMLConfig.attributeMapping.put(hierarchicalConfiguration2.getString("name"), hierarchicalConfiguration2.getString("attribute"));
                });
            }
            List configurationsAt2 = hierarchicalConfiguration.configurationsAt(Constants.ROLE_MAPPINGS_CONFIG_KEY);
            if (CollectionUtils.isNotEmpty(configurationsAt2)) {
                sAMLConfig.roleMapping = new HashMap();
                configurationsAt2.forEach(hierarchicalConfiguration3 -> {
                    sAMLConfig.roleMapping.put(hierarchicalConfiguration3.getString("name"), hierarchicalConfiguration3.getString("role"));
                });
            }
            return sAMLConfig;
        }, new Object[]{CONFIG_CACHE_KEY});
    }

    protected Object getPrincipal(SAMLCredential sAMLCredential, Object obj) {
        if (obj != null) {
            return super.getPrincipal(sAMLCredential, obj);
        }
        SAMLConfig config = getConfig(ConfigUtils.getCurrentConfig());
        CustomUser customUser = new CustomUser(sAMLCredential.getNameID().getValue(), "", Collections.emptyList());
        config.attributeMapping.forEach((str, str2) -> {
            sAMLCredential.getAttributes().stream().filter(attribute -> {
                return attribute.getName().equals(str);
            }).findFirst().ifPresent(attribute2 -> {
                String str = StringUtils.isEmpty(str2) ? str : str2;
                logger.debug("Mapping incoming SAML attribute '{}' to user attribute '{}'", str, str);
                attribute2.getAttributeValues().forEach(xMLObject -> {
                    customUser.setAttribute(str, attributeValueAsString(xMLObject));
                });
            });
        });
        return customUser;
    }

    protected Collection<? extends GrantedAuthority> getEntitlements(SAMLCredential sAMLCredential, Object obj) {
        if (obj != null) {
            return super.getEntitlements(sAMLCredential, obj);
        }
        SAMLConfig config = getConfig(ConfigUtils.getCurrentConfig());
        LinkedList linkedList = new LinkedList();
        sAMLCredential.getAttributes().stream().filter(attribute -> {
            return attribute.getName().equals(config.roleElementName);
        }).findFirst().ifPresent(attribute2 -> {
            logger.debug("Found SAML role attribute: '{}'. Mapping role values...", config.roleElementName);
            attribute2.getAttributeValues().forEach(xMLObject -> {
                String attributeValueAsString = attributeValueAsString(xMLObject);
                String orDefault = config.roleMapping.getOrDefault(attributeValueAsString, attributeValueAsString);
                logger.debug("Mapping original role value '{}' to '{}'", attributeValueAsString, orDefault);
                linkedList.add(new SimpleGrantedAuthority(orDefault));
            });
        });
        return linkedList;
    }

    protected String attributeValueAsString(XMLObject xMLObject) {
        if (xMLObject != null) {
            return xMLObject instanceof XSString ? ((XSString) xMLObject).getValue() : xMLObject instanceof XSAny ? ((XSAny) xMLObject).getTextContent() : xMLObject.toString();
        }
        return null;
    }
}
