package org.apereo.cas.support.saml.web.idp.profile.builders.authn;

import java.util.List;
import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.util.CollectionUtils;
import org.jasig.cas.client.validation.Assertion;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/authn/DefaultAuthnContextClassRefBuilder.class */
public class DefaultAuthnContextClassRefBuilder implements AuthnContextClassRefBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultAuthnContextClassRefBuilder.class);
    private final CasConfigurationProperties casProperties;

    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.authn.AuthnContextClassRefBuilder
    public String build(Object obj, RequestAbstractType requestAbstractType, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, SamlRegisteredService samlRegisteredService) {
        if (StringUtils.isNotBlank(samlRegisteredService.getRequiredAuthenticationContextClass())) {
            LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", samlRegisteredService.getRequiredAuthenticationContextClass(), samlRegisteredService.getName());
            return samlRegisteredService.getRequiredAuthenticationContextClass();
        }
        String str = (String) StringUtils.defaultIfBlank(this.casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
        RequestedAuthnContext requestedAuthnContext = requestAbstractType instanceof AuthnRequest ? ((AuthnRequest) AuthnRequest.class.cast(requestAbstractType)).getRequestedAuthnContext() : null;
        if (requestedAuthnContext == null) {
            LOGGER.debug("No specific authN context is requested. Returning [{}]", str);
            return str;
        }
        List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
        if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
            LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", str);
            return str;
        }
        String str2 = (String) StringUtils.defaultIfBlank(getAuthenticationContextByAssertion(obj, requestedAuthnContext, authnContextClassRefs), str);
        LOGGER.debug("Returning authN context [{}]", str2);
        return str2;
    }

    protected String getAuthenticationContextByAssertion(Object obj, RequestedAuthnContext requestedAuthnContext, List<AuthnContextClassRef> list) {
        LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
        list.forEach(authnContextClassRef -> {
            LOGGER.debug("Requested AuthN Context [{}]", authnContextClassRef.getURI());
        });
        Assertion assertion = (Assertion) Assertion.class.cast(obj);
        Map convertDirectedListToMap = CollectionUtils.convertDirectedListToMap(this.casProperties.getAuthn().getSamlIdp().getCore().getAuthenticationContextClassMappings());
        Pair pair = (Pair) list.stream().filter(authnContextClassRef2 -> {
            return StringUtils.isNotBlank(authnContextClassRef2.getURI());
        }).filter(authnContextClassRef3 -> {
            return convertDirectedListToMap.containsKey(authnContextClassRef3.getURI());
        }).map(authnContextClassRef4 -> {
            return Pair.of(authnContextClassRef4, (String) convertDirectedListToMap.get(authnContextClassRef4.getURI()));
        }).findFirst().orElse(null);
        Map attributes = assertion.getPrincipal().getAttributes();
        attributes.putAll(assertion.getAttributes());
        String authenticationContextAttribute = this.casProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute();
        if (!attributes.containsKey(authenticationContextAttribute) || pair == null) {
            return null;
        }
        if (StringUtils.equals((CharSequence) pair.getValue(), (String) CollectionUtils.firstElement(attributes.get(authenticationContextAttribute)).map((v0) -> {
            return v0.toString();
        }).orElse(null))) {
            return ((AuthnContextClassRef) pair.getLeft()).getURI();
        }
        return null;
    }

    @Generated
    public DefaultAuthnContextClassRefBuilder(CasConfigurationProperties casConfigurationProperties) {
        this.casProperties = casConfigurationProperties;
    }
}
