package org.pac4j.saml.credentials.authenticator;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.profile.AttributeLocation;
import org.pac4j.core.profile.definition.ProfileDefinitionAware;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.credentials.SAML2AuthenticationCredentials;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.saml.logout.impl.SAML2LogoutValidator;
import org.pac4j.saml.profile.SAML2Profile;
import org.pac4j.saml.profile.SAML2ProfileDefinition;
import org.pac4j.saml.profile.api.SAML2ResponseValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-6.0.0-RC10-SNAPSHOT.jar:org/pac4j/saml/credentials/authenticator/SAML2Authenticator.class */
public class SAML2Authenticator extends ProfileDefinitionAware implements Authenticator {
    public static final String SAML_CONDITION_NOT_BEFORE_ATTRIBUTE = "notBefore";
    public static final String SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE = "notOnOrAfter";
    public static final String SESSION_INDEX = "sessionindex";
    public static final String ISSUER_ID = "issuerId";
    public static final String AUTHN_CONTEXT = "authnContext";
    public static final String AUTHN_CONTEXT_AUTHORITIES = "authnContextAuthorities";
    public static final String SAML_NAME_ID_FORMAT = "samlNameIdFormat";
    public static final String SAML_NAME_ID_NAME_QUALIFIER = "samlNameIdNameQualifier";
    public static final String SAML_NAME_ID_SP_NAME_QUALIFIER = "samlNameIdSpNameQualifier";
    public static final String SAML_NAME_ID_SP_PROVIDED_ID = "samlNameIdSpProvidedId";
    protected final Logger logger;
    private final SAML2ResponseValidator loginValidator;
    private final SAML2LogoutValidator logoutValidator;
    private final String attributeAsId;
    private final Map<String, String> mappedAttributes;

    public SAML2Authenticator(SAML2ResponseValidator sAML2ResponseValidator, SAML2LogoutValidator sAML2LogoutValidator, String str, Map<String, String> map) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.loginValidator = sAML2ResponseValidator;
        this.logoutValidator = sAML2LogoutValidator;
        this.attributeAsId = str;
        this.mappedAttributes = map;
    }

    public SAML2Authenticator(SAML2ResponseValidator sAML2ResponseValidator, SAML2LogoutValidator sAML2LogoutValidator, String str) {
        this(sAML2ResponseValidator, sAML2LogoutValidator, str, new HashMap());
    }

    @Override // org.pac4j.core.util.InitializableObject
    protected void internalInit(boolean z) {
        setProfileDefinitionIfUndefined(new SAML2ProfileDefinition());
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public Optional<Credentials> validate(CallContext callContext, Credentials credentials) {
        init();
        SAML2Credentials sAML2Credentials = (SAML2Credentials) credentials;
        SAML2MessageContext context = sAML2Credentials.getContext();
        if (!sAML2Credentials.isForAuthentication()) {
            this.logoutValidator.validate(context);
            return Optional.of(credentials);
        }
        SAML2AuthenticationCredentials sAML2AuthenticationCredentials = (SAML2AuthenticationCredentials) this.loginValidator.validate(context);
        buildProfile(sAML2AuthenticationCredentials);
        return Optional.of(sAML2AuthenticationCredentials);
    }

    protected void buildProfile(SAML2AuthenticationCredentials sAML2AuthenticationCredentials) {
        String str;
        SAML2Profile sAML2Profile = (SAML2Profile) getProfileDefinition().newProfile(new Object[0]);
        SAML2AuthenticationCredentials.SAMLNameID nameId = sAML2AuthenticationCredentials.getNameId();
        sAML2Profile.setId(nameId.getValue());
        sAML2Profile.addAuthenticationAttribute(SESSION_INDEX, sAML2AuthenticationCredentials.getSessionIndex());
        sAML2Profile.addAuthenticationAttribute(SAML_NAME_ID_FORMAT, nameId.getFormat());
        sAML2Profile.addAuthenticationAttribute(SAML_NAME_ID_NAME_QUALIFIER, nameId.getNameQualifier());
        sAML2Profile.addAuthenticationAttribute(SAML_NAME_ID_SP_NAME_QUALIFIER, nameId.getSpNameQualifier());
        sAML2Profile.addAuthenticationAttribute(SAML_NAME_ID_SP_PROVIDED_ID, nameId.getSpProviderId());
        for (SAML2AuthenticationCredentials.SAMLAttribute sAMLAttribute : sAML2AuthenticationCredentials.getAttributes()) {
            this.logger.debug("Processing profile attribute {}", sAMLAttribute);
            String name = sAMLAttribute.getName();
            String friendlyName = sAMLAttribute.getFriendlyName();
            List<String> attributeValues = sAMLAttribute.getAttributeValues();
            if (attributeValues.isEmpty()) {
                this.logger.debug("No attribute values found for {}", name);
            } else {
                if (CommonHelper.isNotBlank(this.attributeAsId) && (this.attributeAsId.equalsIgnoreCase(name) || this.attributeAsId.equalsIgnoreCase(friendlyName))) {
                    if (attributeValues.size() == 1) {
                        sAML2Profile.setId(attributeValues.get(0));
                    } else {
                        this.logger.warn("Will not add {} as id because it has multiple values: {}", this.attributeAsId, attributeValues);
                    }
                }
                if (this.mappedAttributes == null || this.mappedAttributes.isEmpty() || !this.mappedAttributes.containsKey(name)) {
                    str = name;
                    this.logger.debug("Adding attribute {} to profile with values {}", name, attributeValues);
                    getProfileDefinition().convertAndAdd(sAML2Profile, AttributeLocation.PROFILE_ATTRIBUTE, name, attributeValues);
                } else {
                    str = this.mappedAttributes.get(name);
                    this.logger.debug("Mapping attribute {} as {} with values {} to profile", name, str, attributeValues);
                    getProfileDefinition().convertAndAdd(sAML2Profile, AttributeLocation.PROFILE_ATTRIBUTE, str, attributeValues);
                }
                if (CommonHelper.isNotBlank(friendlyName) && CommonHelper.areNotEquals(friendlyName, str)) {
                    this.logger.debug("Adding attribute {} to profile with values {}", friendlyName, attributeValues);
                    getProfileDefinition().convertAndAdd(sAML2Profile, AttributeLocation.PROFILE_ATTRIBUTE, friendlyName, attributeValues);
                }
            }
        }
        sAML2Profile.addAuthenticationAttribute(ISSUER_ID, sAML2AuthenticationCredentials.getIssuerId());
        sAML2Profile.addAuthenticationAttribute(AUTHN_CONTEXT, sAML2AuthenticationCredentials.getAuthnContexts());
        sAML2Profile.addAuthenticationAttribute(AUTHN_CONTEXT_AUTHORITIES, sAML2AuthenticationCredentials.getAuthnContextAuthorities());
        SAML2AuthenticationCredentials.SAMLConditions conditions = sAML2AuthenticationCredentials.getConditions();
        if (conditions != null) {
            if (conditions.getNotBefore() != null) {
                sAML2Profile.addAttribute(SAML_CONDITION_NOT_BEFORE_ATTRIBUTE, conditions.getNotBefore());
                sAML2Profile.addAuthenticationAttribute(SAML_CONDITION_NOT_BEFORE_ATTRIBUTE, conditions.getNotBefore());
            }
            if (conditions.getNotOnOrAfter() != null) {
                sAML2Profile.addAttribute(SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE, conditions.getNotOnOrAfter());
                sAML2Profile.addAuthenticationAttribute(SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE, conditions.getNotOnOrAfter());
            }
        }
        sAML2AuthenticationCredentials.setUserProfile(sAML2Profile);
    }
}
