package uk.gov.ida.saml.hub.transformers.inbound;

import java.text.MessageFormat;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AuthnStatement;
import uk.gov.ida.saml.core.domain.AuthnContext;
import uk.gov.ida.saml.core.domain.FraudDetectedDetails;
import uk.gov.ida.saml.core.domain.PassthroughAssertion;
import uk.gov.ida.saml.core.domain.PersistentId;
import uk.gov.ida.saml.core.transformers.AuthnContextFactory;
import uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer;

/* loaded from: input_file:uk/gov/ida/saml/hub/transformers/inbound/PassthroughAssertionUnmarshaller.class */
public class PassthroughAssertionUnmarshaller {
    private static final List<String> VALID_GPG45_STATUSES = List.of("DF01", "FI01", "IT01");
    private final XmlObjectToBase64EncodedStringTransformer<Assertion> assertionStringTransformer;
    private final AuthnContextFactory authnContextFactory;

    public PassthroughAssertionUnmarshaller(XmlObjectToBase64EncodedStringTransformer<Assertion> xmlObjectToBase64EncodedStringTransformer, AuthnContextFactory authnContextFactory) {
        this.assertionStringTransformer = xmlObjectToBase64EncodedStringTransformer;
        this.authnContextFactory = authnContextFactory;
    }

    public PassthroughAssertion fromAssertion(Assertion assertion) {
        PersistentId persistentId = new PersistentId(assertion.getSubject().getNameID().getValue());
        Optional empty = Optional.empty();
        Optional<String> principalIpAddress = getPrincipalIpAddress(assertion.getAttributeStatements());
        if (!assertion.getAuthnStatements().isEmpty()) {
            empty = Optional.ofNullable(this.authnContextFactory.authnContextForLevelOfAssurance(((AuthnStatement) assertion.getAuthnStatements().get(0)).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef()));
        }
        String str = (String) this.assertionStringTransformer.apply(assertion);
        Optional empty2 = Optional.empty();
        if (empty.isPresent() && ((AuthnContext) empty.get()).equals(AuthnContext.LEVEL_X)) {
            empty2 = Optional.of(new FraudDetectedDetails(getIdpFraudEventId(assertion.getAttributeStatements()), gpg45Status(assertion.getAttributeStatements())));
        }
        return new PassthroughAssertion(persistentId, empty, str, empty2, principalIpAddress);
    }

    private Optional<String> getPrincipalIpAddress(List<AttributeStatement> list) {
        Optional<XMLObject> attributeNamed = getAttributeNamed(list, "TXN_IPaddress");
        return attributeNamed.isEmpty() ? Optional.empty() : Optional.ofNullable(attributeNamed.get().getValue());
    }

    private String gpg45Status(List<AttributeStatement> list) {
        Optional<XMLObject> attributeNamed = getAttributeNamed(list, "FECI_GPG45Status");
        if (!attributeNamed.isPresent()) {
            throw new IllegalStateException("Fraud assertion found with no fraud indicator.");
        }
        String value = attributeNamed.get().getValue();
        if (VALID_GPG45_STATUSES.contains(value)) {
            return value;
        }
        throw new IllegalStateException(MessageFormat.format("Gpg45 status {0} is not recognised", value));
    }

    private String getIdpFraudEventId(List<AttributeStatement> list) {
        Optional<XMLObject> attributeNamed = getAttributeNamed(list, "FECI_IDPFraudEventID");
        if (attributeNamed.isPresent()) {
            return attributeNamed.get().getValue();
        }
        throw new IllegalStateException("Fraud assertion found with no Idp Fraud Event Id");
    }

    private Optional<XMLObject> getAttributeNamed(List<AttributeStatement> list, String str) {
        Iterator<AttributeStatement> it = list.iterator();
        while (it.hasNext()) {
            for (Attribute attribute : it.next().getAttributes()) {
                if (attribute.getName().equals(str)) {
                    return Optional.ofNullable((XMLObject) attribute.getAttributeValues().get(0));
                }
            }
        }
        return Optional.empty();
    }
}
