package de.uniba.minf.auth.profile.creator;

import de.uniba.minf.auth.Constants;
import de.uniba.minf.auth.config.BaseSecurityConfig;
import de.uniba.minf.auth.profile.AuthProfile;
import de.uniba.minf.auth.profile.AuthProfileDefinition;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Optional;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.profile.creator.ProfileCreator;
import org.pac4j.core.profile.definition.CommonProfileDefinition;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
import org.pac4j.saml.profile.SAML2Profile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/auth-core-5.1-SNAPSHOT.jar:de/uniba/minf/auth/profile/creator/SamlProfileCreator.class */
public class SamlProfileCreator implements ProfileCreator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SamlProfileCreator.class);
    private final PermissionConverter permissionConverter;
    private final SAML2Configuration configuration;
    private final SAML2Client client;
    protected final AuthProfileDefinition authProfileDefinition = new AuthProfileDefinition();

    public SamlProfileCreator(SAML2Configuration sAML2Configuration, SAML2Client sAML2Client, BaseSecurityConfig baseSecurityConfig) {
        this.configuration = sAML2Configuration;
        this.client = sAML2Client;
        this.permissionConverter = new PermissionConverter(sAML2Client.getName(), baseSecurityConfig.getPermissionDefinitions());
    }

    @Override // org.pac4j.core.profile.creator.ProfileCreator
    public Optional<UserProfile> create(CallContext callContext, Credentials credentials) {
        UserProfile userProfile = credentials.getUserProfile();
        if (userProfile == null || !SAML2Profile.class.isAssignableFrom(userProfile.getClass())) {
            return Optional.empty();
        }
        SAML2Profile sAML2Profile = (SAML2Profile) userProfile;
        AuthProfile authProfile = (AuthProfile) this.authProfileDefinition.newProfile(new Object[0]);
        authProfile.setClientName(this.client.getName());
        authProfile.setIssuer(sAML2Profile.getIssuerEntityID());
        setLinkedIdAndUsername(authProfile, sAML2Profile);
        assignExternalRoles(authProfile, sAML2Profile);
        authProfile.addAttribute("family_name", sAML2Profile.getFamilyName());
        authProfile.addAttribute(CommonProfileDefinition.FIRST_NAME, sAML2Profile.getFirstName());
        authProfile.addAttribute("email", sAML2Profile.getEmail());
        authProfile.addAttribute(CommonProfileDefinition.DISPLAY_NAME, sAML2Profile.getDisplayName());
        this.permissionConverter.mapAndAssignRoles(authProfile);
        Assert.notNull(authProfile.getLinkedId(), "LinkedID must be present in AuthProfile");
        Assert.notNull(authProfile.getIssuer(), "Issuer must be present in AuthProfile");
        Assert.notNull(authProfile.getUsername(), "Username must be present in AuthProfile");
        return Optional.ofNullable(authProfile);
    }

    private void setLinkedIdAndUsername(AuthProfile authProfile, SAML2Profile sAML2Profile) {
        if (sAML2Profile.getUsername() != null && !sAML2Profile.getUsername().isEmpty()) {
            authProfile.setLinkedId(sAML2Profile.getUsername());
            authProfile.addAttribute("username", sAML2Profile.getUsername());
            authProfile.setLinkedIdTransient(false);
            return;
        }
        boolean z = true;
        authProfile.setLinkedId(sAML2Profile.getId());
        authProfile.addAttribute("username", sAML2Profile.getId());
        try {
            if (sAML2Profile.getAuthenticationAttributes().containsKey(SAML2Authenticator.SAML_NAME_ID_FORMAT)) {
                z = ((String) sAML2Profile.getAuthenticationAttribute(SAML2Authenticator.SAML_NAME_ID_FORMAT, String.class)).equals("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
            }
        } catch (Exception e) {
            log.error("Failed to detect and process nameId format, assuming transient ID", (Throwable) e);
        }
        authProfile.setLinkedIdTransient(Boolean.valueOf(z));
    }

    private void assignExternalRoles(AuthProfile authProfile, SAML2Profile sAML2Profile) {
        try {
            List<String> list = (List) sAML2Profile.getAttribute(Constants.ATTRIBUTE_EXTERNAL_ROLES);
            if (list == null || list.isEmpty()) {
                return;
            }
            if (authProfile.getExternalRoles() != null) {
                for (String str : list) {
                    if (!authProfile.getExternalRoles().contains(str)) {
                        authProfile.getExternalRoles().add(str);
                    }
                }
            } else {
                authProfile.setExternalRoles(new LinkedHashSet(list));
            }
        } catch (Exception e) {
            log.warn("Unable to map memberOf attribute to external roles of the profile", (Throwable) e);
        }
    }

    public PermissionConverter getPermissionConverter() {
        return this.permissionConverter;
    }

    public SAML2Configuration getConfiguration() {
        return this.configuration;
    }

    public SAML2Client getClient() {
        return this.client;
    }

    public AuthProfileDefinition getAuthProfileDefinition() {
        return this.authProfileDefinition;
    }

    public String toString() {
        return "SamlProfileCreator(permissionConverter=" + getPermissionConverter() + ", configuration=" + getConfiguration() + ", client=" + getClient() + ", authProfileDefinition=" + getAuthProfileDefinition() + ")";
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof SamlProfileCreator)) {
            return false;
        }
        SamlProfileCreator samlProfileCreator = (SamlProfileCreator) obj;
        if (!samlProfileCreator.canEqual(this)) {
            return false;
        }
        PermissionConverter permissionConverter = getPermissionConverter();
        PermissionConverter permissionConverter2 = samlProfileCreator.getPermissionConverter();
        if (permissionConverter == null) {
            if (permissionConverter2 != null) {
                return false;
            }
        } else if (!permissionConverter.equals(permissionConverter2)) {
            return false;
        }
        SAML2Configuration configuration = getConfiguration();
        SAML2Configuration configuration2 = samlProfileCreator.getConfiguration();
        if (configuration == null) {
            if (configuration2 != null) {
                return false;
            }
        } else if (!configuration.equals(configuration2)) {
            return false;
        }
        SAML2Client client = getClient();
        SAML2Client client2 = samlProfileCreator.getClient();
        if (client == null) {
            if (client2 != null) {
                return false;
            }
        } else if (!client.equals(client2)) {
            return false;
        }
        AuthProfileDefinition authProfileDefinition = getAuthProfileDefinition();
        AuthProfileDefinition authProfileDefinition2 = samlProfileCreator.getAuthProfileDefinition();
        return authProfileDefinition == null ? authProfileDefinition2 == null : authProfileDefinition.equals(authProfileDefinition2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof SamlProfileCreator;
    }

    public int hashCode() {
        PermissionConverter permissionConverter = getPermissionConverter();
        int hashCode = (1 * 59) + (permissionConverter == null ? 43 : permissionConverter.hashCode());
        SAML2Configuration configuration = getConfiguration();
        int hashCode2 = (hashCode * 59) + (configuration == null ? 43 : configuration.hashCode());
        SAML2Client client = getClient();
        int hashCode3 = (hashCode2 * 59) + (client == null ? 43 : client.hashCode());
        AuthProfileDefinition authProfileDefinition = getAuthProfileDefinition();
        return (hashCode3 * 59) + (authProfileDefinition == null ? 43 : authProfileDefinition.hashCode());
    }
}
