package org.apereo.cas.support.saml.services;

import com.fasterxml.jackson.annotation.JsonIgnore;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext;
import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlIdPConstants;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:org/apereo/cas/support/saml/services/BaseSamlRegisteredServiceAttributeReleasePolicy.class */
public abstract class BaseSamlRegisteredServiceAttributeReleasePolicy extends ReturnAllowedAttributeReleasePolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseSamlRegisteredServiceAttributeReleasePolicy.class);
    private static final long serialVersionUID = -3301632236702329694L;

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getEntityIdFromRequest(Service service) {
        HttpServletRequest httpServletRequestFromRequestAttributes = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
        if (httpServletRequestFromRequestAttributes == null || service == null) {
            LOGGER.debug("No http request could be identified to locate the entity id");
            return null;
        }
        LOGGER.debug("Attempting to determine entity id for service [{}]", service);
        List list = (List) service.getAttributes().get("entityId");
        if (list != null && !list.isEmpty()) {
            LOGGER.debug("Found entity id [{}] as a service attribute", list);
            return (String) CollectionUtils.firstElement(list).map((v0) -> {
                return v0.toString();
            }).orElseThrow();
        }
        List list2 = (List) service.getAttributes().get(SamlIdPConstants.PROVIDER_ID);
        if (list2 != null && !list2.isEmpty()) {
            LOGGER.debug("Found provider entity id [{}] as a service attribute", list2);
            return (String) CollectionUtils.firstElement(list2).map((v0) -> {
                return v0.toString();
            }).orElseThrow();
        }
        List list3 = (List) service.getAttributes().get("SAMLRequest");
        if (list3 == null || list3.isEmpty()) {
            String parameter = httpServletRequestFromRequestAttributes.getParameter("entityId");
            if (StringUtils.isNotBlank(parameter)) {
                LOGGER.debug("Found entity id [{}] as a request parameter", parameter);
                return parameter;
            }
            String parameter2 = httpServletRequestFromRequestAttributes.getParameter("service");
            return (String) FunctionUtils.doIf(StringUtils.isNotBlank(parameter2), () -> {
                return (String) FunctionUtils.doAndHandle(obj -> {
                    return (String) new URIBuilder(parameter2).getQueryParams().stream().filter(nameValuePair -> {
                        return nameValuePair.getName().equals("entityId");
                    }).map((v0) -> {
                        return v0.getValue();
                    }).findFirst().orElse("");
                }, th -> {
                    LoggingUtils.error(LOGGER, th);
                    return null;
                }).apply(parameter2);
            }, () -> {
                return null;
            }).get();
        }
        SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver = (SamlRegisteredServiceCachingMetadataResolver) ApplicationContextProvider.getApplicationContext().getBean(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME, SamlRegisteredServiceCachingMetadataResolver.class);
        String str = (String) CollectionUtils.firstElement(list3).map((v0) -> {
            return v0.toString();
        }).orElseThrow();
        OpenSamlConfigBean openSamlConfigBean = samlRegisteredServiceCachingMetadataResolver.getOpenSamlConfigBean();
        RequestAbstractType retrieveSamlRequest = SamlIdPUtils.retrieveSamlRequest(openSamlConfigBean, RequestAbstractType.class, str);
        openSamlConfigBean.logObject(retrieveSamlRequest);
        String issuerFromSamlObject = SamlIdPUtils.getIssuerFromSamlObject(retrieveSamlRequest);
        LOGGER.debug("Found entity id [{}] from SAML request issuer", issuerFromSamlObject);
        return issuerFromSamlObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Optional<AuthnRequest> getSamlAuthnRequest(ApplicationContext applicationContext) {
        OpenSamlConfigBean openSamlConfigBean = (OpenSamlConfigBean) applicationContext.getBean("shibboleth.OpenSAMLConfig", OpenSamlConfigBean.class);
        return Optional.of((AuthnRequest) SamlIdPUtils.retrieveSamlRequest(new JEEContext(HttpRequestUtils.getHttpServletRequestFromRequestAttributes(), HttpRequestUtils.getHttpServletResponseFromRequestAttributes()), (SessionStore) applicationContext.getBean("samlIdPDistributedSessionStore", SessionStore.class), openSamlConfigBean, AuthnRequest.class).orElseThrow(() -> {
            return new IllegalArgumentException("SAML request could not be determined from session store");
        }).getLeft());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @JsonIgnore
    public static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> determineServiceProviderMetadataFacade(SamlRegisteredService samlRegisteredService, String str) {
        return SamlRegisteredServiceServiceProviderMetadataFacade.get((SamlRegisteredServiceCachingMetadataResolver) ApplicationContextProvider.getApplicationContext().getBean(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME, SamlRegisteredServiceCachingMetadataResolver.class), samlRegisteredService, str);
    }

    public Map<String, List<Object>> getAttributesInternal(RegisteredServiceAttributeReleasePolicyContext registeredServiceAttributeReleasePolicyContext, Map<String, List<Object>> map) {
        if (!(registeredServiceAttributeReleasePolicyContext.getRegisteredService() instanceof SamlRegisteredService)) {
            return authorizeReleaseOfAllowedAttributes(registeredServiceAttributeReleasePolicyContext, map);
        }
        SamlRegisteredService registeredService = registeredServiceAttributeReleasePolicyContext.getRegisteredService();
        ApplicationContext applicationContext = ApplicationContextProvider.getApplicationContext();
        SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver = (SamlRegisteredServiceCachingMetadataResolver) applicationContext.getBean(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME, SamlRegisteredServiceCachingMetadataResolver.class);
        String entityIdFromRequest = getEntityIdFromRequest(registeredServiceAttributeReleasePolicyContext.getService());
        Optional<SamlRegisteredServiceServiceProviderMetadataFacade> empty = StringUtils.isBlank(entityIdFromRequest) ? Optional.empty() : determineServiceProviderMetadataFacade(registeredService, entityIdFromRequest);
        if (!empty.isEmpty()) {
            return getAttributesForSamlRegisteredService(map, applicationContext, samlRegisteredServiceCachingMetadataResolver, empty.get(), empty.get().getEntityDescriptor(), registeredServiceAttributeReleasePolicyContext);
        }
        LOGGER.warn("Could not locate metadata for [{}] to process attributes", entityIdFromRequest);
        return new HashMap(0);
    }

    protected abstract Map<String, List<Object>> getAttributesForSamlRegisteredService(Map<String, List<Object>> map, ApplicationContext applicationContext, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, EntityDescriptor entityDescriptor, RegisteredServiceAttributeReleasePolicyContext registeredServiceAttributeReleasePolicyContext);
}
