package org.apereo.cas.authentication.principal.resolvers;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.handler.PrincipalNameTransformer;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.IPersonAttributes;
import org.apereo.services.persondir.support.StubPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-5.3.10.jar:org/apereo/cas/authentication/principal/resolvers/PersonDirectoryPrincipalResolver.class */
public class PersonDirectoryPrincipalResolver implements PrincipalResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PersonDirectoryPrincipalResolver.class);
    protected final IPersonAttributeDao attributeRepository;
    protected final PrincipalFactory principalFactory;
    protected final boolean returnNullIfNoAttributes;
    protected final PrincipalNameTransformer principalNameTransformer;
    protected final String principalAttributeNames;
    protected boolean useCurrentPrincipalId;

    public PersonDirectoryPrincipalResolver() {
        this(new StubPersonAttributeDao(new HashMap()), PrincipalFactoryUtils.newPrincipalFactory(), false, (v0) -> {
            return v0.trim();
        }, null);
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, String str) {
        this(iPersonAttributeDao, PrincipalFactoryUtils.newPrincipalFactory(), false, (v0) -> {
            return v0.trim();
        }, str);
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao) {
        this(iPersonAttributeDao, PrincipalFactoryUtils.newPrincipalFactory(), false, (v0) -> {
            return v0.trim();
        }, null);
    }

    public PersonDirectoryPrincipalResolver(boolean z, String str) {
        this(new StubPersonAttributeDao(new HashMap()), PrincipalFactoryUtils.newPrincipalFactory(), z, (v0) -> {
            return v0.trim();
        }, str);
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, PrincipalFactory principalFactory, boolean z, String str) {
        this(iPersonAttributeDao, principalFactory, z, str2 -> {
            return str2;
        }, str);
    }

    @Override // org.apereo.cas.authentication.principal.PrincipalResolver
    public boolean supports(Credential credential) {
        return (credential == null || credential.getId() == null) ? false : true;
    }

    @Override // org.apereo.cas.authentication.principal.PrincipalResolver
    public Principal resolve(Credential credential, Optional<Principal> optional, Optional<AuthenticationHandler> optional2) {
        LOGGER.debug("Attempting to resolve a principal...");
        String extractPrincipalId = extractPrincipalId(credential, optional);
        if (StringUtils.isBlank(extractPrincipalId)) {
            LOGGER.debug("Principal id [{}] could not be found", extractPrincipalId);
            return null;
        }
        if (this.principalNameTransformer != null) {
            extractPrincipalId = this.principalNameTransformer.transform(extractPrincipalId);
        }
        if (StringUtils.isBlank(extractPrincipalId)) {
            LOGGER.debug("Principal id [{}] could not be found", extractPrincipalId);
            return null;
        }
        LOGGER.debug("Creating principal for [{}]", extractPrincipalId);
        Map<String, List<Object>> retrievePersonAttributes = retrievePersonAttributes(extractPrincipalId, credential);
        if (retrievePersonAttributes != null && !retrievePersonAttributes.isEmpty()) {
            LOGGER.debug("Retrieved [{}] attribute(s) from the repository", Integer.valueOf(retrievePersonAttributes.size()));
            Pair<String, Map<String, Object>> convertPersonAttributesToPrincipal = convertPersonAttributesToPrincipal(extractPrincipalId, retrievePersonAttributes);
            return this.principalFactory.createPrincipal(convertPersonAttributesToPrincipal.getKey(), convertPersonAttributesToPrincipal.getValue());
        }
        LOGGER.debug("Principal id [{}] did not specify any attributes", extractPrincipalId);
        if (this.returnNullIfNoAttributes) {
            LOGGER.debug("[{}] is configured to return null if no attributes are found for [{}]", getClass().getName(), extractPrincipalId);
            return null;
        }
        LOGGER.debug("Returning the principal with id [{}] without any attributes", extractPrincipalId);
        return this.principalFactory.createPrincipal(extractPrincipalId);
    }

    protected Pair<String, Map<String, Object>> convertPersonAttributesToPrincipal(String str, Map<String, List<Object>> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        map.forEach((str2, list) -> {
            List list = (List) CollectionUtils.toCollection(list, ArrayList.class);
            LOGGER.debug("Found attribute [{}] with value(s) [{}]", str2, list);
            if (list.size() == 1) {
                linkedHashMap.put(str2, CollectionUtils.firstElement(list).get());
            } else {
                linkedHashMap.put(str2, list);
            }
        });
        String str3 = str;
        if (StringUtils.isNotBlank(this.principalAttributeNames)) {
            Stream<R> map2 = org.springframework.util.StringUtils.commaDelimitedListToSet(this.principalAttributeNames).stream().map((v0) -> {
                return v0.trim();
            });
            Objects.requireNonNull(map);
            Stream filter = map2.filter((v1) -> {
                return r1.containsKey(v1);
            });
            Objects.requireNonNull(map);
            Optional findFirst = filter.map((v1) -> {
                return r1.get(v1);
            }).findFirst();
            if (findFirst.isPresent()) {
                List list2 = (List) findFirst.get();
                if (!list2.isEmpty()) {
                    str3 = CollectionUtils.firstElement(list2).get().toString();
                    LOGGER.debug("Found principal id attribute value [{}] and removed it from the collection of attributes", str3);
                }
            } else {
                LOGGER.warn("Principal resolution is set to resolve the authenticated principal via attribute(s) [{}], and yet the collection of attributes retrieved [{}] do not contain any of those attributes. This is likely due to misconfiguration and CAS will switch to use [{}] as the final principal id", this.principalAttributeNames, map.keySet(), str3);
            }
        }
        return Pair.of(str3, linkedHashMap);
    }

    protected Map<String, List<Object>> retrievePersonAttributes(String str, Credential credential) {
        LOGGER.debug("Retrieving person attributes for principal id [{}]", str);
        IPersonAttributes person = this.attributeRepository.getPerson(str);
        Map<String, List<Object>> attributes = person == null ? null : person.getAttributes();
        LOGGER.debug("Found person attributes [{}] for principal id [{}]", attributes, str);
        return attributes;
    }

    protected String extractPrincipalId(Credential credential, Optional<Principal> optional) {
        LOGGER.debug("Extracting credential id based on existing credential [{}]", credential);
        if (optional != null && optional.isPresent()) {
            Principal principal = optional.get();
            LOGGER.debug("Principal is currently resolved as [{}]", principal);
            if (this.useCurrentPrincipalId) {
                LOGGER.debug("Using the existing resolved principal id [{}]", principal.getId());
                return principal.getId();
            }
        }
        String id = credential.getId();
        LOGGER.debug("Extracted principal id [{}]", id);
        return id;
    }

    @Generated
    public String toString() {
        return "PersonDirectoryPrincipalResolver(attributeRepository=" + this.attributeRepository + ", principalFactory=" + this.principalFactory + ", returnNullIfNoAttributes=" + this.returnNullIfNoAttributes + ", principalNameTransformer=" + this.principalNameTransformer + ", principalAttributeNames=" + this.principalAttributeNames + ", useCurrentPrincipalId=" + this.useCurrentPrincipalId + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END;
    }

    @Generated
    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, PrincipalFactory principalFactory, boolean z, PrincipalNameTransformer principalNameTransformer, String str) {
        this.attributeRepository = iPersonAttributeDao;
        this.principalFactory = principalFactory;
        this.returnNullIfNoAttributes = z;
        this.principalNameTransformer = principalNameTransformer;
        this.principalAttributeNames = str;
    }

    @Override // org.apereo.cas.authentication.principal.PrincipalResolver
    @Generated
    public IPersonAttributeDao getAttributeRepository() {
        return this.attributeRepository;
    }

    @Generated
    public PrincipalFactory getPrincipalFactory() {
        return this.principalFactory;
    }

    @Generated
    public boolean isReturnNullIfNoAttributes() {
        return this.returnNullIfNoAttributes;
    }

    @Generated
    public PrincipalNameTransformer getPrincipalNameTransformer() {
        return this.principalNameTransformer;
    }

    @Generated
    public String getPrincipalAttributeNames() {
        return this.principalAttributeNames;
    }

    @Generated
    public boolean isUseCurrentPrincipalId() {
        return this.useCurrentPrincipalId;
    }

    @Generated
    public void setUseCurrentPrincipalId(boolean z) {
        this.useCurrentPrincipalId = z;
    }
}
