package org.dataconservancy.pass.authz;

import java.net.URI;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
import java.util.ListIterator;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.dataconservancy.pass.client.PassClient;
import org.dataconservancy.pass.model.User;
import org.dataconservancy.pass.model.support.Identifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dataconservancy/pass/authz/ShibAuthUserProvider.class */
public class ShibAuthUserProvider implements AuthUserProvider {
    public static final String CONFIG_SHIB_USE_HEADERS = "authz.shib.use.headers";
    public static final String CONFIG_SHIB_CACHE_LIFE = "authz.shib.cache.minutes";
    public static final String CONFIG_SHIB_CACHE_SIZE = "authz.shib.cache.size";
    Logger LOG;
    public static final String DISPLAY_NAME_HEADER = "Displayname";
    public static final String EMAIL_HEADER = "Mail";
    public static final String EPPN_HEADER = "Eppn";
    public static final String SCOPED_AFFILIATION_HEADER = "Affiliation";
    public static final String EMPLOYEE_ID_HEADER = "Employeenumber";
    public static final String HOPKINS_ID_HEADER = "unique-id";
    public static final String EMPLOYEE_ID_TYPE = "employeeid";
    public static final String HOPKINS_ID_TYPE = "hopkinsid";
    public static final String JHED_ID_TYPE = "jhed";
    final PassClient passClient;
    final ExpiringLRUCache<String, User> userCache;
    boolean useShibHeaders;

    public ShibAuthUserProvider(PassClient passClient) {
        this.LOG = LoggerFactory.getLogger((Class<?>) ShibAuthUserProvider.class);
        this.useShibHeaders = ((Boolean) Optional.ofNullable(ConfigUtil.getValue(CONFIG_SHIB_USE_HEADERS)).map(Boolean::valueOf).orElse(false)).booleanValue();
        this.passClient = passClient;
        this.userCache = new ExpiringLRUCache<>(Integer.valueOf((String) Optional.ofNullable(ConfigUtil.getValue(CONFIG_SHIB_CACHE_SIZE)).orElse("100")).intValue(), Duration.ofMinutes(Integer.valueOf((String) Optional.ofNullable(ConfigUtil.getValue(CONFIG_SHIB_CACHE_LIFE)).orElse("10")).intValue()));
    }

    public ShibAuthUserProvider(PassClient passClient, ExpiringLRUCache<String, User> expiringLRUCache) {
        this.LOG = LoggerFactory.getLogger((Class<?>) ShibAuthUserProvider.class);
        this.useShibHeaders = ((Boolean) Optional.ofNullable(ConfigUtil.getValue(CONFIG_SHIB_USE_HEADERS)).map(Boolean::valueOf).orElse(false)).booleanValue();
        this.passClient = passClient;
        this.userCache = expiringLRUCache;
    }

    @Override // org.dataconservancy.pass.authz.AuthUserProvider
    public AuthUser getUser(HttpServletRequest httpServletRequest, Function<AuthUser, AuthUser> function, boolean z) {
        if (this.LOG.isDebugEnabled() && httpServletRequest != null) {
            this.LOG.debug("Request headers: ");
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            if (headerNames != null) {
                while (headerNames.hasMoreElements()) {
                    String str = (String) headerNames.nextElement();
                    this.LOG.debug("   " + str + ": " + httpServletRequest.getHeader(str));
                }
            }
        }
        String str2 = (String) getShibAttr(httpServletRequest, DISPLAY_NAME_HEADER, (v0) -> {
            return v0.trim();
        });
        String str3 = (String) getShibAttr(httpServletRequest, EMAIL_HEADER, (v0) -> {
            return v0.trim();
        });
        String str4 = (String) getShibAttr(httpServletRequest, EPPN_HEADER, str5 -> {
            return str5.split("@")[1];
        });
        String str6 = (String) getShibAttr(httpServletRequest, EPPN_HEADER, str7 -> {
            return str7.split("@")[0];
        });
        if (str6 != null && !str6.isEmpty()) {
            str6 = new Identifier(str4, JHED_ID_TYPE, str6.toLowerCase()).serialize();
        }
        String serialize = new Identifier(str4, EMPLOYEE_ID_TYPE, (String) getShibAttr(httpServletRequest, EMPLOYEE_ID_HEADER, str8 -> {
            return str8;
        })).serialize();
        String serialize2 = new Identifier(str4, HOPKINS_ID_TYPE, (String) getShibAttr(httpServletRequest, HOPKINS_ID_HEADER, str9 -> {
            return str9.split("@")[0];
        })).serialize();
        String str10 = null;
        AuthUser authUser = new AuthUser();
        authUser.setName(str2);
        authUser.setEmail(str3);
        if (serialize2 != null) {
            authUser.getLocatorIds().add(serialize2);
            str10 = serialize2;
        }
        if (serialize != null) {
            authUser.getLocatorIds().add(serialize);
        }
        if (str6 != null) {
            authUser.getLocatorIds().add(str6);
        }
        authUser.setPrincipal((String) getShibAttr(httpServletRequest, EPPN_HEADER, str11 -> {
            return str11;
        }));
        Optional map = Optional.ofNullable(authUser.getPrincipal()).filter(str12 -> {
            return str12.contains("@");
        }).map(str13 -> {
            return str13.split("@")[1];
        });
        Set<String> domains = authUser.getDomains();
        domains.getClass();
        map.ifPresent((v1) -> {
            r1.add(v1);
        });
        authUser.getDomains().addAll((Collection) Arrays.stream((Object[]) Optional.ofNullable(getShibAttr(httpServletRequest, SCOPED_AFFILIATION_HEADER, str14 -> {
            return str14.split(";");
        })).orElse(new String[0])).filter(str15 -> {
            return str15.contains("@");
        }).map(str16 -> {
            return str16.split("@")[1];
        }).collect(Collectors.toSet()));
        if (str10 != null) {
            this.LOG.debug("Looking up User based on hopkins id '{}'", str10);
            try {
                Callable<User> callable = () -> {
                    authUser.setId(findUserId(authUser.getLocatorIds()));
                    AuthUser authUser2 = (AuthUser) function.apply(authUser);
                    if (authUser2.getUser() != null) {
                        this.LOG.debug("doAfter filter supplied a User resource");
                        return authUser2.getUser();
                    }
                    this.LOG.debug("doAfter filter did NOT supply a User resource");
                    return null;
                };
                if (z) {
                    authUser.setUser(this.userCache.getOrDo(serialize2, callable));
                } else {
                    authUser.setUser(this.userCache.doAndCache(serialize2, callable));
                }
                if (authUser.getUser() != null) {
                    authUser.setId(authUser.getUser().getId());
                }
                this.LOG.debug("User resource for {} is {}", serialize2, authUser.getId());
            } catch (Exception e) {
                throw new RuntimeException("Error while looking up user by locatorIds" + authUser.getLocatorIds().toString(), e);
            }
        } else {
            this.LOG.debug("No shibboleth hopkins id; skipping user lookup ");
        }
        return authUser;
    }

    private URI findUserId(List<String> list) {
        URI uri = null;
        ListIterator<String> listIterator = list.listIterator();
        while (uri == null && listIterator.hasNext()) {
            String valueOf = String.valueOf(listIterator.next());
            if (valueOf != null) {
                uri = this.passClient.findByAttribute(User.class, "locatorIds", valueOf);
            }
        }
        return uri;
    }

    private <T> T getShibAttr(HttpServletRequest httpServletRequest, String str, Function<String, T> function) {
        T t = (T) transform((String) Optional.ofNullable(httpServletRequest.getAttribute(str)).map((v0) -> {
            return v0.toString();
        }).orElse(this.useShibHeaders ? httpServletRequest.getHeader(str) : null), function);
        this.LOG.debug("Shib attribute {} is {}", str, t);
        return t;
    }

    private <T> T transform(String str, Function<String, T> function) {
        return (T) Optional.ofNullable(str).map(function).orElse(null);
    }
}
