package pl.edu.icm.unity.oauth.client;

import java.util.List;
import java.util.Map;
import org.apache.logging.log4j.Logger;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthnMetadata;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAttribute;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteIdentity;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedInput;
import pl.edu.icm.unity.oauth.as.token.TokenInfoResource;
import pl.edu.icm.unity.oauth.client.config.CustomProviderProperties;
import pl.edu.icm.unity.oauth.oidc.metadata.OAuthDiscoveryMetadataCache;

@Component
/* loaded from: input_file:pl/edu/icm/unity/oauth/client/OAuthRemoteAuthenticationInputAssembler.class */
class OAuthRemoteAuthenticationInputAssembler {
    private static final String ISSUER = "iss";
    private static final String ACR_CLAIM = "acr";
    private static final Logger log = Log.getLogger("unity.server.oauth", OAuthRemoteAuthenticationInputAssembler.class);
    private final OAuthDiscoveryMetadataCache metadataManager;

    OAuthRemoteAuthenticationInputAssembler(OAuthDiscoveryMetadataCache oAuthDiscoveryMetadataCache) {
        this.metadataManager = oAuthDiscoveryMetadataCache;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RemotelyAuthenticatedInput convertInput(CustomProviderProperties customProviderProperties, OAuthContext oAuthContext, AttributeFetchResult attributeFetchResult, boolean z) {
        String value = customProviderProperties.getValue(CustomProviderProperties.ACCESS_TOKEN_ENDPOINT);
        String value2 = customProviderProperties.getValue(CustomProviderProperties.OPENID_DISCOVERY);
        if (value == null && value2 != null) {
            try {
                value = this.metadataManager.getMetadata(customProviderProperties.generateMetadataRequest()).getTokenEndpointURI().toString();
            } catch (Exception e) {
                log.warn("Can't obtain OIDC metadata", e);
            }
        }
        if (value == null) {
            value = "unknown";
        }
        RemotelyAuthenticatedInput remotelyAuthenticatedInput = new RemotelyAuthenticatedInput(value);
        for (Map.Entry<String, List<String>> entry : attributeFetchResult.getAttributes().entrySet()) {
            remotelyAuthenticatedInput.addAttribute(new RemoteAttribute(entry.getKey(), entry.getValue().toArray()));
            if (entry.getKey().equals(TokenInfoResource.SUBJECT) && !entry.getValue().isEmpty()) {
                remotelyAuthenticatedInput.addIdentity(new RemoteIdentity(entry.getValue().get(0), TokenInfoResource.SUBJECT));
            }
        }
        remotelyAuthenticatedInput.setRawAttributes(attributeFetchResult.getRawAttributes());
        remotelyAuthenticatedInput.setRemoteAuthnMetadata(getAuthnMeta(attributeFetchResult, z));
        return remotelyAuthenticatedInput;
    }

    private RemoteAuthnMetadata getAuthnMeta(AttributeFetchResult attributeFetchResult, boolean z) {
        return new RemoteAuthnMetadata(z ? RemoteAuthnMetadata.Protocol.OIDC : RemoteAuthnMetadata.Protocol.OTHER, z ? attributeFetchResult.getAttributes().get(ISSUER).get(0) : "undefined", getAcr(attributeFetchResult));
    }

    private List<String> getAcr(AttributeFetchResult attributeFetchResult) {
        return attributeFetchResult.getAttributes().get(ACR_CLAIM) != null ? List.of(attributeFetchResult.getAttributes().get(ACR_CLAIM).get(0)) : List.of();
    }
}
