package org.craftercms.engine.util.spring.security.saml2;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.craftercms.core.util.cache.CacheTemplate;
import org.craftercms.engine.service.context.SiteContext;
import org.craftercms.engine.util.ConfigUtils;
import org.craftercms.engine.util.spring.security.CustomUser;
import org.opensaml.xml.schema.impl.XSStringImpl;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLCredential;

/* loaded from: input_file:org/craftercms/engine/util/spring/security/saml2/ConfigAwareSAMLAuthenticationProvider.class */
public class ConfigAwareSAMLAuthenticationProvider extends SAMLAuthenticationProvider {
    private static final String CONFIG_CACHE_KEY = "saml2.config";
    protected CacheTemplate cacheTemplate;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/craftercms/engine/util/spring/security/saml2/ConfigAwareSAMLAuthenticationProvider$SAMLConfig.class */
    public static class SAMLConfig {
        protected String roleElementName;
        protected List<String> attributeElementName = Collections.emptyList();
        protected Map<String, String> roleMapping = Collections.emptyMap();

        protected SAMLConfig() {
        }
    }

    public ConfigAwareSAMLAuthenticationProvider(CacheTemplate cacheTemplate) {
        this.cacheTemplate = cacheTemplate;
    }

    protected SAMLConfig getConfig(HierarchicalConfiguration hierarchicalConfiguration) {
        return (SAMLConfig) this.cacheTemplate.getObject(SiteContext.getCurrent().getContext(), () -> {
            SAMLConfig sAMLConfig = new SAMLConfig();
            sAMLConfig.roleElementName = hierarchicalConfiguration.getString(Constants.ROLE_KEY_CONFIG_KEY, Constants.DEFAULT_ROLE_CONFIG_KEY);
            if (hierarchicalConfiguration.containsKey(Constants.ATTRIBUTES_CONFIG_KEY)) {
                sAMLConfig.attributeElementName = hierarchicalConfiguration.getList(String.class, Constants.ATTRIBUTES_CONFIG_KEY);
            }
            List configurationsAt = hierarchicalConfiguration.configurationsAt(Constants.ROLE_MAPPINGS_CONFIG_KEY);
            if (CollectionUtils.isNotEmpty(configurationsAt)) {
                sAMLConfig.roleMapping = new HashMap();
                configurationsAt.forEach(hierarchicalConfiguration2 -> {
                    sAMLConfig.roleMapping.put(hierarchicalConfiguration2.getString("name"), hierarchicalConfiguration2.getString("role"));
                });
            }
            return sAMLConfig;
        }, new Object[]{CONFIG_CACHE_KEY});
    }

    protected Object getPrincipal(SAMLCredential sAMLCredential, Object obj) {
        if (obj != null) {
            return super.getPrincipal(sAMLCredential, obj);
        }
        SAMLConfig config = getConfig(ConfigUtils.getCurrentConfig());
        CustomUser customUser = new CustomUser(sAMLCredential.getNameID().getValue(), "", Collections.emptyList());
        config.attributeElementName.forEach(str -> {
            sAMLCredential.getAttributes().stream().filter(attribute -> {
                return attribute.getName().equals(str);
            }).map((v0) -> {
                return v0.getAttributeValues();
            }).forEach(list -> {
                list.stream().filter(xMLObject -> {
                    return xMLObject instanceof XSStringImpl;
                }).map(xMLObject2 -> {
                    return (XSStringImpl) xMLObject2;
                }).map((v0) -> {
                    return v0.getValue();
                }).forEach(str -> {
                    customUser.setAttribute(str, str);
                });
            });
        });
        return customUser;
    }

    protected Collection<? extends GrantedAuthority> getEntitlements(SAMLCredential sAMLCredential, Object obj) {
        if (obj != null) {
            return super.getEntitlements(sAMLCredential, obj);
        }
        SAMLConfig config = getConfig(ConfigUtils.getCurrentConfig());
        LinkedList linkedList = new LinkedList();
        sAMLCredential.getAttributes().stream().filter(attribute -> {
            return attribute.getName().equals(config.roleElementName);
        }).map((v0) -> {
            return v0.getAttributeValues();
        }).forEach(list -> {
            Stream map = list.stream().filter(xMLObject -> {
                return xMLObject instanceof XSStringImpl;
            }).map(xMLObject2 -> {
                return (XSStringImpl) xMLObject2;
            }).map((v0) -> {
                return v0.getValue();
            }).map(str -> {
                return config.roleMapping.getOrDefault(str, str);
            }).map(SimpleGrantedAuthority::new);
            linkedList.getClass();
            map.forEach((v1) -> {
                r1.add(v1);
            });
        });
        return linkedList;
    }
}
