package org.apereo.cas.support.saml.services;

import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.apereo.cas.support.saml.SamlProtocolConstants;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-core-6.2.2.jar:org/apereo/cas/support/saml/services/BaseSamlRegisteredServiceAttributeReleasePolicy.class */
public abstract class BaseSamlRegisteredServiceAttributeReleasePolicy extends ReturnAllowedAttributeReleasePolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseSamlRegisteredServiceAttributeReleasePolicy.class);
    private static final long serialVersionUID = -3301632236702329694L;

    @Override // org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy, org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
    public Map<String, List<Object>> getAttributesInternal(Principal principal, Map<String, List<Object>> map, RegisteredService registeredService, Service service) {
        if (!(registeredService instanceof SamlRegisteredService)) {
            return authorizeReleaseOfAllowedAttributes(principal, map, registeredService, service);
        }
        SamlRegisteredService samlRegisteredService = (SamlRegisteredService) registeredService;
        String entityIdFromRequest = getEntityIdFromRequest(HttpRequestUtils.getHttpServletRequestFromRequestAttributes());
        if (StringUtils.isBlank(entityIdFromRequest)) {
            LOGGER.warn("Could not locate the entity id for SAML attribute release policy processing");
            return authorizeReleaseOfAllowedAttributes(principal, map, registeredService, service);
        }
        ApplicationContext applicationContext = ApplicationContextProvider.getApplicationContext();
        if (applicationContext == null) {
            LOGGER.warn("Could not locate the application context to process attributes");
            return authorizeReleaseOfAllowedAttributes(principal, map, registeredService, service);
        }
        SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver = (SamlRegisteredServiceCachingMetadataResolver) applicationContext.getBean("defaultSamlRegisteredServiceCachingMetadataResolver", SamlRegisteredServiceCachingMetadataResolver.class);
        Optional<SamlRegisteredServiceServiceProviderMetadataFacade> optional = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, samlRegisteredService, entityIdFromRequest);
        if (optional.isEmpty()) {
            LOGGER.warn("Could not locate metadata for [{}] to process attributes", entityIdFromRequest);
            return authorizeReleaseOfAllowedAttributes(principal, map, registeredService, service);
        }
        EntityDescriptor entityDescriptor = optional.get().getEntityDescriptor();
        if (entityDescriptor != null) {
            return getAttributesForSamlRegisteredService(map, samlRegisteredService, applicationContext, samlRegisteredServiceCachingMetadataResolver, optional.get(), entityDescriptor, principal, service);
        }
        LOGGER.warn("Could not locate entity descriptor for [{}] to process attributes", entityIdFromRequest);
        return authorizeReleaseOfAllowedAttributes(principal, map, registeredService, service);
    }

    private static String getEntityIdFromRequest(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            LOGGER.debug("No http request could be identified to locate the entity id");
            return null;
        }
        String parameter = httpServletRequest.getParameter(SamlProtocolConstants.PARAMETER_ENTITY_ID);
        if (StringUtils.isNotBlank(parameter)) {
            return parameter;
        }
        String parameter2 = httpServletRequest.getParameter("service");
        if (!StringUtils.isNotBlank(parameter2)) {
            return null;
        }
        try {
            return (String) new URIBuilder(parameter2).getQueryParams().stream().filter(nameValuePair -> {
                return nameValuePair.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID);
            }).map((v0) -> {
                return v0.getValue();
            }).findFirst().orElse("");
        } catch (Exception e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.error(e.getMessage(), (Throwable) e);
                return null;
            }
            LOGGER.error(e.getMessage());
            return null;
        }
    }

    protected abstract Map<String, List<Object>> getAttributesForSamlRegisteredService(Map<String, List<Object>> map, SamlRegisteredService samlRegisteredService, ApplicationContext applicationContext, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, EntityDescriptor entityDescriptor, Principal principal, Service service);
}
