package de.uniba.minf.auth.authentication;

import de.uniba.minf.auth.Constants;
import de.uniba.minf.auth.config.saml.Attribute;
import de.uniba.minf.auth.config.saml.ConditionalAttributeGroup;
import de.uniba.minf.auth.config.saml.ServiceProvider;
import de.uniba.minf.auth.error.RequiredAttributesException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.saml.credentials.SAML2AuthenticationCredentials;
import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
import org.pac4j.saml.logout.impl.SAML2LogoutValidator;
import org.pac4j.saml.profile.api.SAML2ResponseValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/auth-core-5.1-SNAPSHOT.jar:de/uniba/minf/auth/authentication/SAMLRequiredAttributeAuthenticator.class */
public class SAMLRequiredAttributeAuthenticator extends SAML2Authenticator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SAMLRequiredAttributeAuthenticator.class);
    private final ServiceProvider spConfigProperties;

    public SAMLRequiredAttributeAuthenticator(SAML2ResponseValidator sAML2ResponseValidator, SAML2LogoutValidator sAML2LogoutValidator, String str, Map<String, String> map, ServiceProvider serviceProvider) {
        super(sAML2ResponseValidator, sAML2LogoutValidator, str, map);
        this.spConfigProperties = serviceProvider;
    }

    public SAMLRequiredAttributeAuthenticator(SAML2ResponseValidator sAML2ResponseValidator, SAML2LogoutValidator sAML2LogoutValidator, String str, ServiceProvider serviceProvider) {
        this(sAML2ResponseValidator, sAML2LogoutValidator, str, new HashMap(), serviceProvider);
    }

    @Override // org.pac4j.saml.credentials.authenticator.SAML2Authenticator, org.pac4j.core.credentials.authenticator.Authenticator
    public Optional<Credentials> validate(CallContext callContext, Credentials credentials) {
        Optional<Credentials> validate = super.validate(callContext, credentials);
        SAML2AuthenticationCredentials sAML2AuthenticationCredentials = (SAML2AuthenticationCredentials) validate.get();
        if (hasAllRequiredAttributes(sAML2AuthenticationCredentials.getAttributes())) {
            log.debug("Profile validated: {}", sAML2AuthenticationCredentials.getUserProfile());
            return validate;
        }
        log.warn("Profile misses required attributes: {}", sAML2AuthenticationCredentials.getUserProfile());
        throw new RequiredAttributesException("Profile missing required attributes");
    }

    public boolean hasAllRequiredAttributes(List<SAML2AuthenticationCredentials.SAMLAttribute> list) {
        List<ConditionalAttributeGroup> requiredAttributeGroups = this.spConfigProperties.getRequiredAttributeGroups();
        if (requiredAttributeGroups.isEmpty()) {
            return true;
        }
        if (list == null || list.isEmpty()) {
            return false;
        }
        for (ConditionalAttributeGroup conditionalAttributeGroup : requiredAttributeGroups) {
            boolean z = false;
            if (conditionalAttributeGroup.getAttributes() != null) {
                for (Attribute attribute : conditionalAttributeGroup.getAttributes()) {
                    boolean z2 = false;
                    for (SAML2AuthenticationCredentials.SAMLAttribute sAMLAttribute : list) {
                        if (sAMLAttribute.getNameFormat().equals(attribute.getNameFormat()) && sAMLAttribute.getName().equals(attribute.getName()) && ((attribute.getValue() != null && sAMLAttribute.getAttributeValues().contains(attribute.getValue())) || attribute.getValue() == null)) {
                            z2 = true;
                            z = true;
                            break;
                        }
                    }
                    if (!z2 && conditionalAttributeGroup.getCheck().equals(Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC.AND)) {
                        return false;
                    }
                    if (z && conditionalAttributeGroup.getCheck().equals(Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC.OR)) {
                        break;
                    }
                }
            }
            if (!z && conditionalAttributeGroup.getCheck().equals(Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC.OR)) {
                return false;
            }
        }
        return true;
    }
}
