package eu.openanalytics.containerproxy.auth.impl.saml;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;

/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/auth/impl/saml/ResponseAuthenticationConverter.class */
public class ResponseAuthenticationConverter implements Converter<OpenSaml4AuthenticationProvider.ResponseToken, AbstractAuthenticationToken> {
    private final Boolean logAttributes;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final String nameAttribute;
    private final String rolesAttribute;

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/auth/impl/saml/ResponseAuthenticationConverter$Saml2AuthenticatedPrincipal.class */
    public static class Saml2AuthenticatedPrincipal extends DefaultSaml2AuthenticatedPrincipal {
        private final String nameId;

        public Saml2AuthenticatedPrincipal(String str, String str2, Map<String, List<Object>> map) {
            super(str2, map);
            this.nameId = str;
        }

        public String getNameId() {
            return this.nameId;
        }
    }

    public ResponseAuthenticationConverter(Environment environment) {
        this.logAttributes = (Boolean) environment.getProperty(SAMLConfiguration.PROP_LOG_ATTRIBUTES, Boolean.class, false);
        this.nameAttribute = environment.getProperty(SAMLConfiguration.PROP_NAME_ATTRIBUTE, SAMLConfiguration.DEFAULT_NAME_ATTRIBUTE);
        this.rolesAttribute = environment.getProperty(SAMLConfiguration.PROP_ROLES_ATTRIBUTE);
    }

    @Override // org.springframework.core.convert.converter.Converter
    /* renamed from: convert, reason: avoid collision after fix types in other method */
    public AbstractAuthenticationToken convert2(@Nonnull OpenSaml4AuthenticationProvider.ResponseToken responseToken) {
        Saml2Authentication convert2 = OpenSaml4AuthenticationProvider.createDefaultResponseAuthenticationConverter().convert2(responseToken);
        if (convert2 == null || convert2.getPrincipal() == null) {
            throw new IllegalStateException("No authentication found to convert");
        }
        DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal = (DefaultSaml2AuthenticatedPrincipal) convert2.getPrincipal();
        String name = defaultSaml2AuthenticatedPrincipal.getName();
        if (this.logAttributes.booleanValue()) {
            logAttributes(defaultSaml2AuthenticatedPrincipal);
        }
        Optional<String> ofNullable = this.nameAttribute.equalsIgnoreCase(SAMLConfiguration.NAME_ATTRIBUTE_NAME_ID_VALUE) ? Optional.ofNullable(name) : getSingleAttributeValue(defaultSaml2AuthenticatedPrincipal, this.nameAttribute);
        if (ofNullable.isEmpty()) {
            throw new UsernameNotFoundException(String.format("[SAML] User: \"%s\" => name attribute missing from SAML assertion", name));
        }
        Collection arrayList = new ArrayList();
        if (this.rolesAttribute != null && !this.rolesAttribute.trim().isEmpty()) {
            Optional<List<String>> multipleAttributeValues = getMultipleAttributeValues(defaultSaml2AuthenticatedPrincipal, this.rolesAttribute);
            if (multipleAttributeValues.isEmpty()) {
                this.logger.warn("[SAML] User: \"{}\" => roles attribute missing from SAML assertion", name);
            } else {
                arrayList = multipleAttributeValues.get().stream().map(str -> {
                    if (!str.startsWith("ROLE_")) {
                        str = "ROLE_" + str;
                    }
                    return new SimpleGrantedAuthority(str);
                }).toList();
            }
        }
        if (this.logAttributes.booleanValue()) {
            this.logger.warn("[SAML] User: \"{}\" => has roles \"{}\"", name, arrayList);
        }
        return new Saml2Authentication(new Saml2AuthenticatedPrincipal(name, ofNullable.get(), defaultSaml2AuthenticatedPrincipal.getAttributes()), convert2.getSaml2Response(), arrayList);
    }

    private void logAttributes(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal) {
        for (Map.Entry<String, List<Object>> entry : defaultSaml2AuthenticatedPrincipal.getAttributes().entrySet()) {
            this.logger.info(String.format("[SAML] User: \"%s\" => attribute => name=\"%s\" => value \"%s\"", defaultSaml2AuthenticatedPrincipal.getName(), entry.getKey(), entry.getValue().stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining(", "))));
        }
    }

    private Optional<String> getSingleAttributeValue(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal, String str) {
        Optional<List<Object>> attributeIgnoringCase = getAttributeIgnoringCase(defaultSaml2AuthenticatedPrincipal, str);
        return (attributeIgnoringCase.isEmpty() || attributeIgnoringCase.get().isEmpty()) ? Optional.empty() : Optional.of(attributeIgnoringCase.get().getFirst().toString());
    }

    private Optional<List<String>> getMultipleAttributeValues(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal, String str) {
        return getAttributeIgnoringCase(defaultSaml2AuthenticatedPrincipal, str).map(list -> {
            return list.stream().map((v0) -> {
                return v0.toString();
            }).toList();
        });
    }

    private Optional<List<Object>> getAttributeIgnoringCase(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal, String str) {
        return defaultSaml2AuthenticatedPrincipal.getAttributes().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).equalsIgnoreCase(str);
        }).findAny().map((v0) -> {
            return v0.getValue();
        });
    }
}
