package org.openl.security.saml;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.function.Consumer;
import org.openl.rules.security.Privilege;
import org.openl.rules.security.SimplePrivilege;
import org.openl.rules.security.SimpleUser;
import org.openl.rules.security.User;
import org.openl.util.CollectionUtils;
import org.openl.util.StringUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.env.PropertyResolver;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;

/* loaded from: input_file:org/openl/security/saml/OpenLResponseAuthenticationConverter.class */
public class OpenLResponseAuthenticationConverter implements Converter<OpenSaml4AuthenticationProvider.ResponseToken, Saml2Authentication> {
    private final BiFunction<String, Collection<? extends GrantedAuthority>, Collection<Privilege>> privilegeMapper;
    private final Consumer<User> syncUserData;
    private final PropertyResolver propertyResolver;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openl/security/saml/OpenLResponseAuthenticationConverter$SimpleUserSamlBuilder.class */
    public static class SimpleUserSamlBuilder {
        private final String usernameAttribute;
        private final String firstNameAttribute;
        private final String lastNameAttribute;
        private final String groupsAttribute;
        private final String emailAttribute;
        private final String displayNameAttribute;
        private final Map<String, List<String>> fields = new HashMap();
        private String username;

        public SimpleUserSamlBuilder(PropertyResolver propertyResolver) {
            this.usernameAttribute = propertyResolver.getProperty("security.saml.attribute.username");
            this.firstNameAttribute = propertyResolver.getProperty("security.saml.attribute.first-name");
            this.lastNameAttribute = propertyResolver.getProperty("security.saml.attribute.last-name");
            this.emailAttribute = propertyResolver.getProperty("security.saml.attribute.email");
            this.groupsAttribute = propertyResolver.getProperty("security.saml.attribute.groups");
            this.displayNameAttribute = propertyResolver.getProperty("security.saml.attribute.display-name");
            this.fields.put(this.usernameAttribute, new ArrayList());
            this.fields.put(this.firstNameAttribute, new ArrayList());
            this.fields.put(this.lastNameAttribute, new ArrayList());
            this.fields.put(this.emailAttribute, new ArrayList());
            this.fields.put(this.groupsAttribute, new ArrayList());
            this.fields.put(this.displayNameAttribute, new ArrayList());
        }

        private void setAssertionAttributes(Assertion assertion) {
            Iterator it = assertion.getAttributeStatements().iterator();
            while (it.hasNext()) {
                for (Attribute attribute : ((AttributeStatement) it.next()).getAttributes()) {
                    if (this.fields.containsKey(attribute.getName())) {
                        ArrayList arrayList = new ArrayList();
                        Iterator it2 = attribute.getAttributeValues().iterator();
                        while (it2.hasNext()) {
                            String xmlObjectValue = getXmlObjectValue((XMLObject) it2.next());
                            if (xmlObjectValue != null) {
                                arrayList.add(xmlObjectValue);
                            }
                        }
                        this.fields.get(attribute.getName()).addAll(arrayList);
                    }
                }
            }
        }

        public void setNameID(String str) {
            this.username = str;
        }

        public SimpleUser build() {
            ArrayList arrayList = new ArrayList();
            if (StringUtils.isNotBlank(this.groupsAttribute)) {
                Iterator<String> it = getAttributeValues(this.groupsAttribute).iterator();
                while (it.hasNext()) {
                    arrayList.add(new SimplePrivilege(it.next()));
                }
            }
            return SimpleUser.builder().setFirstName(getAttributeAsString(this.firstNameAttribute)).setLastName(getAttributeAsString(this.lastNameAttribute)).setUsername(StringUtils.isBlank(this.usernameAttribute) ? this.username : getAttributeAsString(this.usernameAttribute)).setPrivileges(arrayList).setEmail(getAttributeAsString(this.emailAttribute)).setDisplayName(getAttributeAsString(this.displayNameAttribute)).build();
        }

        private String getAttributeAsString(String str) {
            List<String> list = this.fields.get(str);
            if (CollectionUtils.isNotEmpty(list)) {
                return list.iterator().next();
            }
            return null;
        }

        private List<String> getAttributeValues(String str) {
            return Collections.unmodifiableList(this.fields.getOrDefault(str, Collections.emptyList()));
        }

        private String getXmlObjectValue(XMLObject xMLObject) {
            if (xMLObject instanceof XSString) {
                return ((XSString) xMLObject).getValue();
            }
            return null;
        }
    }

    public OpenLResponseAuthenticationConverter(PropertyResolver propertyResolver, Consumer<User> consumer, BiFunction<String, Collection<? extends GrantedAuthority>, Collection<Privilege>> biFunction) {
        this.propertyResolver = propertyResolver;
        this.syncUserData = consumer;
        this.privilegeMapper = biFunction;
    }

    public Saml2Authentication convert(OpenSaml4AuthenticationProvider.ResponseToken responseToken) {
        Assertion assertion = (Assertion) responseToken.getResponse().getAssertions().iterator().next();
        SimpleUserSamlBuilder simpleUserSamlBuilder = new SimpleUserSamlBuilder(this.propertyResolver);
        simpleUserSamlBuilder.setAssertionAttributes(assertion);
        simpleUserSamlBuilder.setNameID(assertion.getSubject().getNameID().getValue());
        User build = simpleUserSamlBuilder.build();
        this.syncUserData.accept(build);
        Collection<Privilege> apply = this.privilegeMapper.apply(build.getUsername(), build.getAuthorities());
        DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal = new DefaultSaml2AuthenticatedPrincipal(build.getUsername(), Collections.emptyMap());
        defaultSaml2AuthenticatedPrincipal.setRelyingPartyRegistrationId(responseToken.getToken().getRelyingPartyRegistration().getRegistrationId());
        return new Saml2Authentication(defaultSaml2AuthenticatedPrincipal, responseToken.getToken().getSaml2Response(), apply);
    }
}
