package org.apereo.cas.support.saml;

import com.google.common.base.Splitter;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.hc.core5.http.NameValuePair;
import org.apache.hc.core5.net.URIBuilder;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.BaseAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/ShibbolethIdPEntityIdAuthenticationServiceSelectionStrategy.class */
public class ShibbolethIdPEntityIdAuthenticationServiceSelectionStrategy extends BaseAuthenticationServiceSelectionStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(ShibbolethIdPEntityIdAuthenticationServiceSelectionStrategy.class);
    private static final long serialVersionUID = -2059445756475980894L;
    private final String idpServerPrefix;
    private final AuditableExecution registeredServiceAccessStrategyEnforcer;

    public ShibbolethIdPEntityIdAuthenticationServiceSelectionStrategy(ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, String str, AuditableExecution auditableExecution) {
        super(servicesManager, serviceFactory);
        this.idpServerPrefix = str;
        this.registeredServiceAccessStrategyEnforcer = auditableExecution;
    }

    public Service resolveServiceFrom(Service service) throws Throwable {
        Optional<String> entityIdAsParameter = getEntityIdAsParameter(service);
        if (entityIdAsParameter.isPresent()) {
            String str = entityIdAsParameter.get();
            LOGGER.debug("Located entity id [{}] from service authentication request at [{}]", str, service.getId());
            if (isEntityIdServiceRegistered(str, service)) {
                return createService(str, service);
            }
            LOGGER.debug("Entity id [{}] not registered as individual service", str);
        }
        LOGGER.debug("Could not located entity id from service authentication request at [{}]", service.getId());
        return service;
    }

    public boolean supports(Service service) {
        boolean z = service != null && service.getId().matches("^".concat(this.idpServerPrefix).concat(".*"));
        LOGGER.trace("Does service id [{}] match against [{}]: [{}]", new Object[]{service, this.idpServerPrefix, BooleanUtils.toStringYesNo(z)});
        boolean z2 = z && getEntityIdAsParameter(service).isPresent();
        LOGGER.trace("Is request from [{}] supported by [{}]: [{}]", new Object[]{service, getClass().getSimpleName(), BooleanUtils.toStringYesNo(z2)});
        return z2;
    }

    protected static Optional<String> getEntityIdAsParameter(Service service) {
        Optional findFirst;
        try {
            LOGGER.trace("Checking for query parameters in [{}] to locate entity id", service.getId());
            findFirst = new URIBuilder(service.getId()).getQueryParams().stream().filter(nameValuePair -> {
                return nameValuePair.getName().equals("entityId");
            }).findFirst();
        } catch (Throwable th) {
            LoggingUtils.error(LOGGER, th);
        }
        if (findFirst.isPresent()) {
            LOGGER.debug("Found entity id in service id [{}]", ((NameValuePair) findFirst.get()).getValue());
            return Optional.of(((NameValuePair) findFirst.get()).getValue());
        }
        if (service.getAttributes().containsKey("entityId")) {
            Optional<String> map = CollectionUtils.firstElement(service.getAttributes().get("entityId")).map((v0) -> {
                return v0.toString();
            });
            LOGGER.debug("Found entity id in service attributes [{}]", map);
            return map;
        }
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext();
        if (httpServletRequestFromExternalWebflowContext != null && StringUtils.isNotBlank(httpServletRequestFromExternalWebflowContext.getQueryString())) {
            LOGGER.debug("Evaluating http request query string [{}]", httpServletRequestFromExternalWebflowContext.getQueryString());
            Optional<String> findFirst2 = Arrays.stream(httpServletRequestFromExternalWebflowContext.getQueryString().split("&")).map(str -> {
                List splitToList = Splitter.on("=").splitToList(str);
                return Pair.of((String) splitToList.getFirst(), (String) splitToList.get(1));
            }).filter(pair -> {
                return ((String) pair.getKey()).equals("entityId");
            }).map((v0) -> {
                return v0.getValue();
            }).map(EncodingUtils::urlDecode).findFirst();
            LOGGER.debug("Found entity id as part of request url [{}]", findFirst2);
            return findFirst2;
        }
        LOGGER.trace("Unable to locate entity id for [{}]", service);
        return Optional.empty();
    }

    private boolean isEntityIdServiceRegistered(String str, Service service) throws Throwable {
        return !this.registeredServiceAccessStrategyEnforcer.execute(AuditableContext.builder().registeredService(getServicesManager().findServiceBy(createService(str, service))).build()).isExecutionFailure();
    }

    @Generated
    public String getIdpServerPrefix() {
        return this.idpServerPrefix;
    }

    @Generated
    public AuditableExecution getRegisteredServiceAccessStrategyEnforcer() {
        return this.registeredServiceAccessStrategyEnforcer;
    }
}
