package pl.edu.icm.unity.engine.authn.remote;

import eu.unicore.util.configuration.ConfigurationException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResultProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedContext;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedInput;
import pl.edu.icm.unity.engine.api.identity.IdentityResolver;
import pl.edu.icm.unity.engine.api.translation.in.IdentityEffectMode;
import pl.edu.icm.unity.engine.api.translation.in.InputTranslationActionsRegistry;
import pl.edu.icm.unity.engine.api.translation.in.InputTranslationEngine;
import pl.edu.icm.unity.engine.api.translation.in.MappedAttribute;
import pl.edu.icm.unity.engine.api.translation.in.MappedGroup;
import pl.edu.icm.unity.engine.api.translation.in.MappedIdentity;
import pl.edu.icm.unity.engine.api.translation.in.MappingResult;
import pl.edu.icm.unity.engine.translation.in.InputTranslationProfile;
import pl.edu.icm.unity.engine.translation.in.InputTranslationProfileRepository;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalIdentityValueException;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.basic.IdentityTaV;
import pl.edu.icm.unity.types.translation.TranslationProfile;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/authn/remote/RemoteAuthnResultProcessorImpl.class */
public class RemoteAuthnResultProcessorImpl implements RemoteAuthnResultProcessor {
    private static final Logger log = Log.getLogger("unity.server", RemoteAuthnResultProcessorImpl.class);
    private InputTranslationProfileRepository inputProfileRepo;
    private IdentityResolver identityResolver;
    private InputTranslationEngine trEngine;
    private InputTranslationActionsRegistry actionsRegistry;

    @Autowired
    public RemoteAuthnResultProcessorImpl(IdentityResolver identityResolver, InputTranslationProfileRepository inputTranslationProfileRepository, InputTranslationEngine inputTranslationEngine, InputTranslationActionsRegistry inputTranslationActionsRegistry) {
        this.identityResolver = identityResolver;
        this.inputProfileRepo = inputTranslationProfileRepository;
        this.trEngine = inputTranslationEngine;
        this.actionsRegistry = inputTranslationActionsRegistry;
    }

    @Transactional
    public AuthenticationResult getResult(RemotelyAuthenticatedInput remotelyAuthenticatedInput, String str, boolean z, Optional<IdentityTaV> optional) throws AuthenticationException {
        try {
            TranslationProfile profile = this.inputProfileRepo.getProfile(str);
            if (profile != null) {
                return getResult(remotelyAuthenticatedInput, profile, z, optional);
            }
            log.warn("The translation profile '" + str + "' configured for the authenticator does not exist");
            throw new ConfigurationException("The translation profile '" + str + "' configured for the authenticator does not exist");
        } catch (EngineException e) {
            log.error("Can not get translation profile " + str, e);
            throw new ConfigurationException("Can not get translation profile " + str, e);
        }
    }

    @Transactional
    public AuthenticationResult getResult(RemotelyAuthenticatedInput remotelyAuthenticatedInput, TranslationProfile translationProfile, boolean z, Optional<IdentityTaV> optional) throws AuthenticationException {
        try {
            RemotelyAuthenticatedContext processRemoteInput = processRemoteInput(remotelyAuthenticatedInput, translationProfile, z, optional);
            return z ? new AuthenticationResult(AuthenticationResult.Status.success, processRemoteInput, (AuthenticatedEntity) null) : assembleAuthenticationResult(processRemoteInput);
        } catch (EngineException e) {
            log.warn("The mapping of the remotely authenticated principal to a local representation failed", e);
            throw new AuthenticationException("The mapping of the remotely authenticated principal to a local representation failed", e);
        }
    }

    public AuthenticationResult assembleAuthenticationResult(RemotelyAuthenticatedContext remotelyAuthenticatedContext) throws AuthenticationException {
        if (remotelyAuthenticatedContext.getIdentities().isEmpty()) {
            throw new AuthenticationException("The remotely authenticated principal was not mapped to a local representation.");
        }
        if (remotelyAuthenticatedContext.getLocalMappedPrincipal() == null) {
            handleUnknownUser(remotelyAuthenticatedContext);
        }
        try {
            EntityParam localMappedPrincipal = remotelyAuthenticatedContext.getLocalMappedPrincipal();
            long longValue = localMappedPrincipal.getEntityId() != null ? localMappedPrincipal.getEntityId().longValue() : this.identityResolver.resolveIdentity(localMappedPrincipal.getIdentity().getValue(), new String[]{localMappedPrincipal.getIdentity().getTypeId()}, (String) null, (String) null);
            if (!this.identityResolver.isEntityEnabled(longValue)) {
                throw new AuthenticationException("The remotely authenticated principal was mapped to a disabled account");
            }
            AuthenticatedEntity authenticatedEntity = new AuthenticatedEntity(Long.valueOf(longValue), remotelyAuthenticatedContext.getMappingResult().getAuthenticatedWith(), (String) null);
            authenticatedEntity.setRemoteIdP(remotelyAuthenticatedContext.getRemoteIdPName());
            return new AuthenticationResult(AuthenticationResult.Status.success, remotelyAuthenticatedContext, authenticatedEntity);
        } catch (EngineException e) {
            throw new AuthenticationException("Problem occured when searching for the mapped, remotely authenticated identity in the local user store", e);
        } catch (IllegalIdentityValueException e2) {
            handleUnknownUser(remotelyAuthenticatedContext);
            return null;
        }
    }

    private void handleUnknownUser(RemotelyAuthenticatedContext remotelyAuthenticatedContext) throws AuthenticationException {
        throw new AuthenticationException(new AuthenticationResult(AuthenticationResult.Status.unknownRemotePrincipal, remotelyAuthenticatedContext, (AuthenticatedEntity) null), "The mapped identity is not present in the local user store.");
    }

    public final RemotelyAuthenticatedContext processRemoteInput(RemotelyAuthenticatedInput remotelyAuthenticatedInput, TranslationProfile translationProfile, boolean z, Optional<IdentityTaV> optional) throws EngineException {
        if (translationProfile == null) {
            log.warn("The translation profile can not be empty");
            throw new ConfigurationException("The translation profile can not be empty");
        }
        MappingResult translate = new InputTranslationProfile(translationProfile, this.inputProfileRepo, this.actionsRegistry).translate(remotelyAuthenticatedInput);
        log.debug("Result of remote data mapping:\n{}", translate);
        if (optional.isPresent()) {
            IdentityTaV identityTaV = optional.get();
            IdentityParam identityParam = new IdentityParam(identityTaV.getTypeId(), identityTaV.getValue());
            log.debug("Adding a preset identity as a required to results of mapping: {}", identityTaV);
            translate.addIdentity(new MappedIdentity(IdentityEffectMode.REQUIRE_MATCH, identityParam, (String) null));
        }
        if (!z) {
            this.trEngine.process(translate);
        }
        RemotelyAuthenticatedContext remotelyAuthenticatedContext = new RemotelyAuthenticatedContext(remotelyAuthenticatedInput.getIdpName(), translationProfile.getName());
        remotelyAuthenticatedContext.addAttributes(extractAttributes(translate));
        remotelyAuthenticatedContext.addIdentities(extractIdentities(translate));
        remotelyAuthenticatedContext.addGroups(extractGroups(translate));
        remotelyAuthenticatedContext.setLocalMappedPrincipal(translate.getMappedAtExistingEntity());
        remotelyAuthenticatedContext.setMappingResult(translate);
        remotelyAuthenticatedContext.setAuthnInput(remotelyAuthenticatedInput);
        remotelyAuthenticatedContext.setSessionParticipants(remotelyAuthenticatedInput.getSessionParticipants());
        remotelyAuthenticatedContext.setCreationTime(Instant.now());
        return remotelyAuthenticatedContext;
    }

    private List<IdentityTaV> extractIdentities(MappingResult mappingResult) {
        List identities = mappingResult.getIdentities();
        ArrayList arrayList = new ArrayList();
        if (identities == null) {
            return arrayList;
        }
        Iterator it = identities.iterator();
        while (it.hasNext()) {
            arrayList.add(((MappedIdentity) it.next()).getIdentity());
        }
        return arrayList;
    }

    private Set<String> extractGroups(MappingResult mappingResult) {
        List groups = mappingResult.getGroups();
        HashSet hashSet = new HashSet();
        if (groups == null) {
            return hashSet;
        }
        Iterator it = groups.iterator();
        while (it.hasNext()) {
            hashSet.add(((MappedGroup) it.next()).getGroup());
        }
        return hashSet;
    }

    private static List<Attribute> extractAttributes(MappingResult mappingResult) throws EngineException {
        List attributes = mappingResult.getAttributes();
        ArrayList arrayList = new ArrayList();
        Iterator it = attributes.iterator();
        while (it.hasNext()) {
            arrayList.add(((MappedAttribute) it.next()).getAttribute());
        }
        return arrayList;
    }
}
