package org.apereo.cas.support.saml;

import java.util.Locale;
import java.util.regex.Matcher;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apereo.cas.util.RegexUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/SamlAssertionRealmCodec.class */
public class SamlAssertionRealmCodec implements SAMLRealmCodec {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlAssertionRealmCodec.class);
    private final String realm;

    public String getRealmFromToken(SamlAssertionWrapper samlAssertionWrapper) {
        String parseCNValue = parseCNValue(samlAssertionWrapper.getSignatureKeyInfo().getCerts()[0].getSubjectX500Principal().getName());
        LOGGER.debug("Realm parsed from certificate CN of the SAML assertion: [{}]", parseCNValue);
        if (StringUtils.equals(parseCNValue, this.realm)) {
            return parseCNValue;
        }
        LOGGER.warn("Retrieved realm from CN of SAML assertion certificate [{}] does not match the CAS realm [{}]. Beware that realm mismatch does requires configuration to implement realm relationships or identity mapping", parseCNValue, this.realm);
        return parseCNValue;
    }

    private static String parseCNValue(String str) {
        Matcher matcher = RegexUtils.createPattern("cn=(\\w+)").matcher(str);
        if (matcher.find()) {
            return matcher.group(1).toUpperCase(Locale.ENGLISH);
        }
        return null;
    }

    @Generated
    public SamlAssertionRealmCodec(String str) {
        this.realm = str;
    }
}
