package org.apereo.cas.authentication;

import java.util.HashSet;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.services.persondir.IPersonAttributeDao;

/* loaded from: input_file:org/apereo/cas/authentication/SurrogatePrincipalBuilder.class */
public class SurrogatePrincipalBuilder {
    private final PrincipalFactory principalFactory;
    private final IPersonAttributeDao attributeRepository;
    private final SurrogateAuthenticationService surrogateAuthenticationService;

    public Principal buildSurrogatePrincipal(String str, Principal principal, Credential credential, RegisteredService registeredService) {
        HashSet hashSet = new HashSet(0);
        if (registeredService != null) {
            hashSet.addAll(registeredService.getAttributeReleasePolicy().getPrincipalAttributesRepository().getAttributeRepositoryIds());
        }
        return new SurrogatePrincipal(principal, this.principalFactory.createPrincipal(str, CoreAuthenticationUtils.retrieveAttributesFromAttributeRepository(this.attributeRepository, str, hashSet)));
    }

    public Optional<AuthenticationResultBuilder> buildSurrogateAuthenticationResult(AuthenticationResultBuilder authenticationResultBuilder, Credential credential, String str, RegisteredService registeredService) {
        Optional initialAuthentication = authenticationResultBuilder.getInitialAuthentication();
        if (!initialAuthentication.isPresent()) {
            return Optional.empty();
        }
        Authentication authentication = (Authentication) initialAuthentication.get();
        Principal principal = authentication.getPrincipal();
        if (authentication.getPrincipal() instanceof SurrogatePrincipal) {
            principal = ((SurrogatePrincipal) SurrogatePrincipal.class.cast(authentication.getPrincipal())).getPrimary();
        }
        if (!this.surrogateAuthenticationService.canAuthenticateAs(str, principal, (Service) null)) {
            throw new SurrogateAuthenticationException("Unable to authorize surrogate authentication request for " + str);
        }
        return Optional.of(authenticationResultBuilder.collect(DefaultAuthenticationBuilder.newInstance(authentication).setPrincipal(buildSurrogatePrincipal(str, principal, credential, registeredService)).build()));
    }

    @Generated
    public SurrogatePrincipalBuilder(PrincipalFactory principalFactory, IPersonAttributeDao iPersonAttributeDao, SurrogateAuthenticationService surrogateAuthenticationService) {
        this.principalFactory = principalFactory;
        this.attributeRepository = iPersonAttributeDao;
        this.surrogateAuthenticationService = surrogateAuthenticationService;
    }
}
