package org.apereo.cas.web.saml2;

import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviders;
import org.apereo.cas.support.saml.util.Saml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.AuthenticatedAssertionContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlIdPResponseCustomizer;
import org.apereo.cas.util.CollectionUtils;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthenticatingAuthority;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.pac4j.saml.client.SAML2Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/web/saml2/DelegatedAuthenticationSamlIdPResponseCustomizer.class */
public class DelegatedAuthenticationSamlIdPResponseCustomizer implements SamlIdPResponseCustomizer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedAuthenticationSamlIdPResponseCustomizer.class);
    private final DelegatedIdentityProviders identityProviders;

    public void customizeAssertion(SamlProfileBuilderContext samlProfileBuilderContext, Saml20ObjectBuilder saml20ObjectBuilder, Assertion assertion) {
        Map attributes = ((AuthenticatedAssertionContext) samlProfileBuilderContext.getAuthenticatedAssertion().orElseThrow()).getAttributes();
        LOGGER.debug("Attributes to evaluate to customize SAML2 assertion are [{}]", attributes);
        if (!attributes.containsKey("clientName") || samlProfileBuilderContext.getRegisteredService().isSkipGeneratingAuthenticatingAuthority()) {
            return;
        }
        CollectionUtils.toCollection(attributes.get("clientName")).forEach(obj -> {
            Optional findClient = this.identityProviders.findClient(obj.toString());
            Class<SAML2Client> cls = SAML2Client.class;
            Objects.requireNonNull(SAML2Client.class);
            Optional filter = findClient.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<SAML2Client> cls2 = SAML2Client.class;
            Objects.requireNonNull(SAML2Client.class);
            filter.map((v1) -> {
                return r1.cast(v1);
            }).ifPresent(sAML2Client -> {
                sAML2Client.init();
                assertion.getAuthnStatements().forEach(authnStatement -> {
                    AuthnContext authnContext = authnStatement.getAuthnContext();
                    AuthenticatingAuthority newSamlObject = saml20ObjectBuilder.newSamlObject(AuthenticatingAuthority.class);
                    newSamlObject.setURI(sAML2Client.getIdentityProviderResolvedEntityId());
                    LOGGER.debug("Customizing SAML2 assertion to include authenticating authority [{}] linked to delegated client [{}]", sAML2Client.getIdentityProviderResolvedEntityId(), obj);
                    authnContext.getAuthenticatingAuthorities().add(newSamlObject);
                });
            });
        });
    }

    @Generated
    public DelegatedAuthenticationSamlIdPResponseCustomizer(DelegatedIdentityProviders delegatedIdentityProviders) {
        this.identityProviders = delegatedIdentityProviders;
    }
}
