package nl._42.boot.saml.user;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import nl._42.boot.saml.SAMLProperties;
import nl._42.boot.saml.UserNotAllowedException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml.SAMLCredential;
import org.springframework.security.saml.userdetails.SAMLUserDetailsService;

/* loaded from: input_file:nl/_42/boot/saml/user/SAMLUserService.class */
public class SAMLUserService implements SAMLUserDetailsService {
    private static final Logger log = LoggerFactory.getLogger(SAMLUserService.class);
    private final RoleMapper mapper;
    private List<SAMLUserDecorator> decorators = new ArrayList();
    private final String userAttribute;
    private final String roleAttribute;
    private final boolean roleRequired;

    public SAMLUserService(SAMLProperties sAMLProperties, RoleMapper roleMapper) {
        Objects.requireNonNull(sAMLProperties, "Role mapper is required");
        this.mapper = roleMapper;
        Objects.requireNonNull(sAMLProperties, "Properties are required");
        this.userAttribute = sAMLProperties.getUserAttribute();
        this.roleAttribute = sAMLProperties.getRoleAttribute();
        this.roleRequired = sAMLProperties.isRoleRequired();
    }

    /* renamed from: loadUserBySAML, reason: merged with bridge method [inline-methods] */
    public UserDetails m6loadUserBySAML(SAMLCredential sAMLCredential) throws UsernameNotFoundException {
        return load(new DefaultSAMLResponse(sAMLCredential));
    }

    private UserDetails load(SAMLResponse sAMLResponse) {
        log.debug("Loading user by SAML credentials...");
        return decorate(buildUser(sAMLResponse), sAMLResponse);
    }

    private UserDetails buildUser(SAMLResponse sAMLResponse) {
        String orElse = sAMLResponse.getValue(this.userAttribute).orElse("");
        if (StringUtils.isBlank(orElse)) {
            throw new UserNotAllowedException(String.format("User identifier is required, missing attribute '%s'", this.userAttribute));
        }
        return new User(orElse, "", getAuthorities(sAMLResponse));
    }

    private Collection<SimpleGrantedAuthority> getAuthorities(SAMLResponse sAMLResponse) {
        Set<String> values = sAMLResponse.getValues(this.roleAttribute);
        Collection<SimpleGrantedAuthority> authorities = this.mapper.getAuthorities(values);
        if (!authorities.isEmpty() || !this.roleRequired) {
            return authorities;
        }
        throw new UserNotAllowedException("User has no authorized roles, found: " + ((String) values.stream().collect(Collectors.joining(","))));
    }

    private UserDetails decorate(UserDetails userDetails, SAMLResponse sAMLResponse) {
        Iterator<SAMLUserDecorator> it = this.decorators.iterator();
        while (it.hasNext()) {
            userDetails = it.next().decorate(userDetails, sAMLResponse);
        }
        return userDetails;
    }

    @Autowired(required = false)
    public void setDecorators(List<SAMLUserDecorator> list) {
        this.decorators = list;
    }
}
