package com.atlassian.crowd.sso.saml.impl.opensaml.action;

import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails;
import com.atlassian.crowd.manager.sso.ApplicationSamlConfigurationService;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.sso.NameIdFormat;
import com.atlassian.crowd.sso.saml.impl.opensaml.action.email.EmailIdentifierProvider;
import com.atlassian.crowd.sso.saml.impl.opensaml.action.generator.ChainingSAML2NameIDGenerator;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.ApplicationContext;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.AuthorizationContext;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiFunction;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLException;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator;
import org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/sso/saml/impl/opensaml/action/AddNameIdAction.class */
public class AddNameIdAction extends AddNameIDToSubjects {
    private final Logger logger = LoggerFactory.getLogger(AddNameIdAction.class);
    private final ChainingSAML2NameIDGenerator nameIDGenerator;

    public AddNameIdAction(ApplicationSamlConfigurationService applicationSamlConfigurationService, EmailIdentifierProvider emailIdentifierProvider) throws ComponentInitializationException {
        ChainingSAML2NameIDGenerator.ChainingSAML2NameIDGeneratorBuilder builder = ChainingSAML2NameIDGenerator.builder();
        Objects.requireNonNull(emailIdentifierProvider);
        this.nameIDGenerator = builder.withGenerator(createNameIdGenerator("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", emailIdentifierProvider::getValidEmail)).withGenerator(createNameIdGenerator("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", (crowdUserDetails, application) -> {
            return crowdUserDetails.getUsername();
        })).build();
        setFormatLookupStrategy(profileRequestContext -> {
            AuthnRequest authnRequest = (AuthnRequest) profileRequestContext.getInboundMessageContext().getMessage();
            return (List) applicationSamlConfigurationService.findByAssertionConsumerAndAudience(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getIssuer().getValue()).map((v0) -> {
                return v0.getNameIdFormat();
            }).flatMap(nameIdFormat -> {
                return nameIdFormat == NameIdFormat.UNSPECIFIED ? Optional.of("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified") : nameIdFormat == NameIdFormat.EMAIL ? Optional.of("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress") : Optional.empty();
            }).map((v0) -> {
                return Collections.singletonList(v0);
            }).orElseGet(() -> {
                this.logger.warn("Could not determine NameID format for assertionConsumerServiceUrl: {}, issuer: {}, returning default: {}", new Object[]{authnRequest.getAssertionConsumerServiceURL(), authnRequest.getIssuer().getValue(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"});
                return Collections.singletonList("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            });
        });
        setNameIDGenerator(this.nameIDGenerator);
    }

    protected void doInitialize() throws ComponentInitializationException {
        this.nameIDGenerator.initialize();
    }

    protected void doDestroy() {
        this.nameIDGenerator.destroy();
    }

    private AbstractSAML2NameIDGenerator createNameIdGenerator(String str, final BiFunction<CrowdUserDetails, Application, String> biFunction) {
        AbstractSAML2NameIDGenerator abstractSAML2NameIDGenerator = new AbstractSAML2NameIDGenerator() { // from class: com.atlassian.crowd.sso.saml.impl.opensaml.action.AddNameIdAction.1
            @Nullable
            protected String getIdentifier(@Nonnull ProfileRequestContext profileRequestContext) throws SAMLException {
                return (String) biFunction.apply(((AuthorizationContext) profileRequestContext.getSubcontext(AuthorizationContext.class)).getCrowdUserDetails(), ((ApplicationContext) profileRequestContext.getSubcontext(ApplicationContext.class)).getApplication());
            }
        };
        abstractSAML2NameIDGenerator.setFormat(str);
        abstractSAML2NameIDGenerator.setId(AbstractSAML2NameIDGenerator.class.getName() + str);
        return abstractSAML2NameIDGenerator;
    }
}
