package eu.dariah.de.dariahsp.authentication;

import eu.dariah.de.dariahsp.Constants;
import eu.dariah.de.dariahsp.config.saml.Attribute;
import eu.dariah.de.dariahsp.config.saml.ConditionalAttributeGroup;
import eu.dariah.de.dariahsp.config.saml.ServiceProvider;
import eu.dariah.de.dariahsp.error.RequiredAttributesException;
import java.util.List;
import java.util.Map;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dariahsp-core-4.1-SNAPSHOT.jar:eu/dariah/de/dariahsp/authentication/SAMLRequiredAttributeAuthenticator.class */
public class SAMLRequiredAttributeAuthenticator extends SAML2Authenticator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SAMLRequiredAttributeAuthenticator.class);
    private final ServiceProvider spConfigProperties;

    public SAMLRequiredAttributeAuthenticator(String str, ServiceProvider serviceProvider) {
        super(str);
        this.spConfigProperties = serviceProvider;
    }

    public SAMLRequiredAttributeAuthenticator(String str, Map<String, String> map, ServiceProvider serviceProvider) {
        super(str, map);
        this.spConfigProperties = serviceProvider;
    }

    @Override // org.pac4j.saml.credentials.authenticator.SAML2Authenticator, org.pac4j.core.credentials.authenticator.Authenticator
    public void validate(Credentials credentials, WebContext webContext, SessionStore sessionStore) {
        super.validate(credentials, webContext, sessionStore);
        if (hasAllRequiredAttributes(((SAML2Credentials) credentials).getAttributes())) {
            log.debug("Profile validated: {}", credentials.getUserProfile());
        } else {
            log.warn("Profile misses required attributes: {}", credentials.getUserProfile());
            throw new RequiredAttributesException("Profile missing required attributes");
        }
    }

    public boolean hasAllRequiredAttributes(List<SAML2Credentials.SAMLAttribute> list) {
        List<ConditionalAttributeGroup> requiredAttributeGroups = this.spConfigProperties.getRequiredAttributeGroups();
        if (requiredAttributeGroups.isEmpty()) {
            return true;
        }
        if (list == null || list.isEmpty()) {
            return false;
        }
        for (ConditionalAttributeGroup conditionalAttributeGroup : requiredAttributeGroups) {
            boolean z = false;
            if (conditionalAttributeGroup.getAttributes() != null) {
                for (Attribute attribute : conditionalAttributeGroup.getAttributes()) {
                    boolean z2 = false;
                    for (SAML2Credentials.SAMLAttribute sAMLAttribute : list) {
                        if (sAMLAttribute.getNameFormat().equals(attribute.getNameFormat()) && sAMLAttribute.getName().equals(attribute.getName()) && ((attribute.getValue() != null && sAMLAttribute.getAttributeValues().contains(attribute.getValue())) || attribute.getValue() == null)) {
                            z2 = true;
                            z = true;
                            break;
                        }
                    }
                    if (!z2 && conditionalAttributeGroup.getCheck().equals(Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC.AND)) {
                        return false;
                    }
                    if (z && conditionalAttributeGroup.getCheck().equals(Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC.OR)) {
                        break;
                    }
                }
            }
            if (!z && conditionalAttributeGroup.getCheck().equals(Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC.OR)) {
                return false;
            }
        }
        return true;
    }
}
