package pl.edu.icm.unity.engine.authn.remote;

import eu.unicore.util.configuration.ConfigurationException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationException;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResultTranslator;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedInput;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedPrincipal;
import pl.edu.icm.unity.engine.api.identity.IdentityResolver;
import pl.edu.icm.unity.engine.api.translation.in.IdentityEffectMode;
import pl.edu.icm.unity.engine.api.translation.in.InputTranslationActionsRegistry;
import pl.edu.icm.unity.engine.api.translation.in.InputTranslationEngine;
import pl.edu.icm.unity.engine.api.translation.in.MappedAttribute;
import pl.edu.icm.unity.engine.api.translation.in.MappedGroup;
import pl.edu.icm.unity.engine.api.translation.in.MappedIdentity;
import pl.edu.icm.unity.engine.api.translation.in.MappingResult;
import pl.edu.icm.unity.engine.translation.ExecutionBreakException;
import pl.edu.icm.unity.engine.translation.in.InputTranslationProfile;
import pl.edu.icm.unity.engine.translation.in.InputTranslationProfileRepository;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalIdentityValueException;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.Entity;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.basic.IdentityTaV;
import pl.edu.icm.unity.types.translation.TranslationProfile;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/authn/remote/RemoteAuthnResultTranslatorImpl.class */
class RemoteAuthnResultTranslatorImpl implements RemoteAuthnResultTranslator {
    private static final Logger log = Log.getLogger("unity.server.authn", RemoteAuthnResultTranslatorImpl.class);
    private final InputTranslationProfileRepository inputProfileRepo;
    private final IdentityResolver identityResolver;
    private final InputTranslationEngine trEngine;
    private final InputTranslationActionsRegistry actionsRegistry;
    private final EntityManagement idsMan;

    @Autowired
    RemoteAuthnResultTranslatorImpl(IdentityResolver identityResolver, InputTranslationProfileRepository inputTranslationProfileRepository, InputTranslationEngine inputTranslationEngine, InputTranslationActionsRegistry inputTranslationActionsRegistry, @Qualifier("insecure") EntityManagement entityManagement) {
        this.identityResolver = identityResolver;
        this.inputProfileRepo = inputTranslationProfileRepository;
        this.trEngine = inputTranslationEngine;
        this.actionsRegistry = inputTranslationActionsRegistry;
        this.idsMan = entityManagement;
    }

    @Transactional
    public RemoteAuthenticationResult getTranslatedResult(RemotelyAuthenticatedInput remotelyAuthenticatedInput, String str, boolean z, Optional<IdentityTaV> optional, String str2, boolean z2) throws RemoteAuthenticationException {
        try {
            TranslationProfile profile = this.inputProfileRepo.getProfile(str);
            if (profile != null) {
                return getTranslatedResult(remotelyAuthenticatedInput, profile, z, optional, str2, z2);
            }
            log.warn("The translation profile '" + str + "' configured for the authenticator does not exist");
            throw new ConfigurationException("The translation profile '" + str + "' configured for the authenticator does not exist");
        } catch (EngineException e) {
            log.error("Can not get translation profile " + str, e);
            throw new ConfigurationException("Can not get translation profile " + str, e);
        }
    }

    @Transactional
    public RemoteAuthenticationResult getTranslatedResult(RemotelyAuthenticatedInput remotelyAuthenticatedInput, TranslationProfile translationProfile, boolean z, Optional<IdentityTaV> optional, String str, boolean z2) throws RemoteAuthenticationException {
        try {
            RemotelyAuthenticatedPrincipal translateRemoteInput = translateRemoteInput(remotelyAuthenticatedInput, translationProfile, z, optional);
            return z ? assembleDryRunAuthenticationResult(translateRemoteInput, str, z2) : assembleAuthenticationResult(translateRemoteInput, str, z2);
        } catch (EngineException e) {
            log.warn("The mapping of the remotely authenticated principal to a local representation failed", e);
            throw new RemoteAuthenticationException("The mapping of the remotely authenticated principal to a local representation failed", e);
        }
    }

    private RemoteAuthenticationResult assembleDryRunAuthenticationResult(RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal, String str, boolean z) {
        AuthenticatedEntity authenticatedEntity = null;
        if (remotelyAuthenticatedPrincipal.getLocalMappedPrincipal() == null) {
            return handleUnknownUser(remotelyAuthenticatedPrincipal, str, z);
        }
        try {
            authenticatedEntity = resolveAuthenticatedEntity(remotelyAuthenticatedPrincipal);
        } catch (RemoteAuthenticationException | EngineException e) {
            log.debug("Exception resolving remote principal", e);
        }
        return RemoteAuthenticationResult.successfulPartial(remotelyAuthenticatedPrincipal, authenticatedEntity);
    }

    public RemoteAuthenticationResult assembleAuthenticationResult(RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal, String str, boolean z) throws RemoteAuthenticationException {
        if (remotelyAuthenticatedPrincipal.getIdentities().isEmpty()) {
            throw new RemoteAuthenticationException("The remotely authenticated principal was not mapped to a local representation.");
        }
        if (remotelyAuthenticatedPrincipal.getLocalMappedPrincipal() == null) {
            return handleUnknownUser(remotelyAuthenticatedPrincipal, str, z);
        }
        try {
            return RemoteAuthenticationResult.successful(remotelyAuthenticatedPrincipal, resolveAuthenticatedEntity(remotelyAuthenticatedPrincipal));
        } catch (EngineException e) {
            throw new RemoteAuthenticationException("Problem occured when searching for the mapped, remotely authenticated identity in the local user store", e);
        } catch (IllegalIdentityValueException e2) {
            return handleUnknownUser(remotelyAuthenticatedPrincipal, str, z);
        }
    }

    private AuthenticatedEntity resolveAuthenticatedEntity(RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal) throws EngineException, RemoteAuthenticationException {
        EntityParam localMappedPrincipal = remotelyAuthenticatedPrincipal.getLocalMappedPrincipal();
        long longValue = localMappedPrincipal.getEntityId() != null ? localMappedPrincipal.getEntityId().longValue() : this.identityResolver.resolveIdentity(localMappedPrincipal.getIdentity().getValue(), new String[]{localMappedPrincipal.getIdentity().getTypeId()}, (String) null, (String) null);
        if (!this.identityResolver.isEntityEnabled(longValue)) {
            throw new RemoteAuthenticationException("The remotely authenticated principal was mapped to a disabled account");
        }
        AuthenticatedEntity authenticatedEntity = new AuthenticatedEntity(Long.valueOf(longValue), remotelyAuthenticatedPrincipal.getMappingResult().getAuthenticatedWith(), (String) null);
        authenticatedEntity.setRemoteIdP(remotelyAuthenticatedPrincipal.getRemoteIdPName());
        return authenticatedEntity;
    }

    private RemoteAuthenticationResult handleUnknownUser(RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal, String str, boolean z) {
        return RemoteAuthenticationResult.unknownRemotePrincipal(remotelyAuthenticatedPrincipal, str, z);
    }

    public final RemotelyAuthenticatedPrincipal translateRemoteInput(RemotelyAuthenticatedInput remotelyAuthenticatedInput, TranslationProfile translationProfile, boolean z, Optional<IdentityTaV> optional) throws EngineException {
        if (translationProfile == null) {
            log.warn("The translation profile can not be empty");
            throw new ConfigurationException("The translation profile can not be empty");
        }
        MappingResult translate = new InputTranslationProfile(translationProfile, this.inputProfileRepo, this.actionsRegistry).translate(remotelyAuthenticatedInput);
        log.info("Result of remote data mapping:\n{}", translate);
        if (optional.isPresent()) {
            IdentityTaV identityTaV = optional.get();
            IdentityParam identityParam = new IdentityParam(identityTaV.getTypeId(), identityTaV.getValue());
            log.info("Adding a preset identity as a required to results of mapping: {}", identityTaV);
            translate.addIdentity(new MappedIdentity(IdentityEffectMode.REQUIRE_MATCH, identityParam, (String) null));
        }
        setMappingToExistingEntity(translate);
        if (!z) {
            this.trEngine.process(translate);
        }
        RemotelyAuthenticatedPrincipal remotelyAuthenticatedPrincipal = new RemotelyAuthenticatedPrincipal(remotelyAuthenticatedInput.getIdpName(), translationProfile.getName());
        remotelyAuthenticatedPrincipal.addAttributes(extractAttributes(translate));
        remotelyAuthenticatedPrincipal.addIdentities(extractIdentities(translate));
        remotelyAuthenticatedPrincipal.addGroups(extractGroups(translate));
        remotelyAuthenticatedPrincipal.setLocalMappedPrincipal(translate.getMappedAtExistingEntity());
        remotelyAuthenticatedPrincipal.setMappingResult(translate);
        remotelyAuthenticatedPrincipal.setAuthnInput(remotelyAuthenticatedInput);
        remotelyAuthenticatedPrincipal.setSessionParticipants(remotelyAuthenticatedInput.getSessionParticipants());
        remotelyAuthenticatedPrincipal.setCreationTime(Instant.now());
        return remotelyAuthenticatedPrincipal;
    }

    private void setMappingToExistingEntity(MappingResult mappingResult) throws EngineException {
        Entity entity;
        Entity entity2 = null;
        for (MappedIdentity mappedIdentity : mappingResult.getIdentities()) {
            try {
                entity = this.idsMan.getEntity(new EntityParam(mappedIdentity.getIdentity()));
            } catch (IllegalArgumentException e) {
                log.trace("Identity " + mappedIdentity + " not found in DB, details of exception follows", e);
            }
            if (entity2 != null && !entity2.getId().equals(entity.getId())) {
                log.warn("Identity was mapped to two different entities: " + entity2 + " and " + entity);
                throw new ExecutionBreakException();
                break;
            } else {
                entity2 = entity;
                mappingResult.addAuthenticatedWith(mappedIdentity.getIdentity().getValue());
            }
        }
        if (entity2 != null) {
            mappingResult.setMappedToExistingEntity(new EntityParam(entity2.getId()));
        }
    }

    private List<IdentityTaV> extractIdentities(MappingResult mappingResult) {
        List identities = mappingResult.getIdentities();
        ArrayList arrayList = new ArrayList();
        if (identities == null) {
            return arrayList;
        }
        Iterator it = identities.iterator();
        while (it.hasNext()) {
            arrayList.add(((MappedIdentity) it.next()).getIdentity());
        }
        return arrayList;
    }

    private Set<String> extractGroups(MappingResult mappingResult) {
        List groups = mappingResult.getGroups();
        HashSet hashSet = new HashSet();
        if (groups == null) {
            return hashSet;
        }
        Iterator it = groups.iterator();
        while (it.hasNext()) {
            hashSet.add(((MappedGroup) it.next()).getGroup());
        }
        return hashSet;
    }

    private static List<Attribute> extractAttributes(MappingResult mappingResult) throws EngineException {
        List attributes = mappingResult.getAttributes();
        ArrayList arrayList = new ArrayList();
        Iterator it = attributes.iterator();
        while (it.hasNext()) {
            arrayList.add(((MappedAttribute) it.next()).getAttribute());
        }
        return arrayList;
    }
}
