package org.apereo.cas.consent;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.Serializable;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.DigestUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.hjson.JsonValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/consent/DefaultConsentDecisionBuilder.class */
public class DefaultConsentDecisionBuilder implements ConsentDecisionBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultConsentDecisionBuilder.class);
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();
    private static final long serialVersionUID = 8220243983483982326L;
    private final transient CipherExecutor<Serializable, String> consentCipherExecutor;

    public ConsentDecision update(ConsentDecision consentDecision, Map<String, List<Object>> map) {
        consentDecision.setAttributes(buildAndEncodeConsentAttributes(map));
        consentDecision.setCreatedDate(LocalDateTime.now(ZoneId.systemDefault()));
        return consentDecision;
    }

    public ConsentDecision build(Service service, RegisteredService registeredService, String str, Map<String, List<Object>> map) {
        ConsentDecision consentDecision = new ConsentDecision();
        consentDecision.setPrincipal(str);
        consentDecision.setService(service.getId());
        return update(consentDecision, map);
    }

    public boolean doesAttributeReleaseRequireConsent(ConsentDecision consentDecision, Map<String, List<Object>> map) {
        Map<String, List<Object>> consentableAttributesFrom = getConsentableAttributesFrom(consentDecision);
        if (consentDecision.getOptions() == ConsentReminderOptions.ATTRIBUTE_NAME) {
            return !StringUtils.equals(sha512ConsentAttributeNames(consentableAttributesFrom), sha512ConsentAttributeNames(map));
        }
        if (consentDecision.getOptions() == ConsentReminderOptions.ATTRIBUTE_VALUE) {
            return (StringUtils.equals(sha512ConsentAttributeNames(consentableAttributesFrom), sha512ConsentAttributeNames(map)) && StringUtils.equals(sha512ConsentAttributeValues(consentableAttributesFrom), sha512ConsentAttributeValues(map))) ? false : true;
        }
        return true;
    }

    public Map<String, List<Object>> getConsentableAttributesFrom(ConsentDecision consentDecision) {
        try {
            String str = (String) this.consentCipherExecutor.decode(consentDecision.getAttributes());
            if (StringUtils.isBlank(str)) {
                LOGGER.warn("Unable to decipher attributes from consent decision [{}]", Long.valueOf(consentDecision.getId()));
                return new HashMap(0);
            }
            return (Map) MAPPER.readValue(JsonValue.readHjson(EncodingUtils.decodeBase64ToString(str)).toString(), Map.class);
        } catch (Exception e) {
            throw new IllegalArgumentException("Could not serialize attributes for consent decision");
        }
    }

    private static String sha512ConsentAttributeNames(Map<String, List<Object>> map) {
        return DigestUtils.sha512(String.join("|", map.keySet()));
    }

    private static String sha512ConsentAttributeValues(Map<String, List<Object>> map) {
        return DigestUtils.sha512((String) map.values().stream().map((v0) -> {
            return CollectionUtils.toCollection(v0);
        }).map(set -> {
            return (String) set.stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining());
        }).collect(Collectors.joining("|")));
    }

    protected String buildAndEncodeConsentAttributes(Map<String, List<Object>> map) {
        try {
            String writeValueAsString = MAPPER.writer(new MinimalPrettyPrinter()).writeValueAsString(Objects.requireNonNull(map));
            LOGGER.trace("Consentable attributes are [{}]", writeValueAsString);
            return (String) this.consentCipherExecutor.encode(EncodingUtils.encodeBase64((String) Objects.requireNonNull(writeValueAsString)));
        } catch (Exception e) {
            throw new IllegalArgumentException("Could not serialize attributes for consent decision");
        }
    }

    @Generated
    public DefaultConsentDecisionBuilder(CipherExecutor<Serializable, String> cipherExecutor) {
        this.consentCipherExecutor = cipherExecutor;
    }
}
