package org.apereo.cas.authentication.principal.resolvers;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher;
import org.apereo.cas.authentication.handler.PrincipalNameTransformer;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.support.StubPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.3.7.4.jar:org/apereo/cas/authentication/principal/resolvers/PersonDirectoryPrincipalResolver.class */
public class PersonDirectoryPrincipalResolver implements PrincipalResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PersonDirectoryPrincipalResolver.class);
    protected final IPersonAttributeDao attributeRepository;
    protected final PrincipalFactory principalFactory;
    protected final boolean returnNullIfNoAttributes;
    protected final PrincipalNameTransformer principalNameTransformer;
    protected final String principalAttributeNames;
    protected final boolean useCurrentPrincipalId;
    protected final boolean resolveAttributes;
    protected final Set<String> activeAttributeRepositoryIdentifiers;
    private int order;

    public PersonDirectoryPrincipalResolver() {
        this(new StubPersonAttributeDao(new HashMap(0)), PrincipalFactoryUtils.newPrincipalFactory(), false, (v0) -> {
            return v0.trim();
        }, null, false, true, CollectionUtils.wrapSet("*"));
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, String str) {
        this(iPersonAttributeDao, PrincipalFactoryUtils.newPrincipalFactory(), false, str2 -> {
            return str2;
        }, str, false, true, CollectionUtils.wrapSet("*"));
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao) {
        this(iPersonAttributeDao, PrincipalFactoryUtils.newPrincipalFactory(), false, str -> {
            return str;
        }, null, false, true, CollectionUtils.wrapSet("*"));
    }

    public PersonDirectoryPrincipalResolver(boolean z, String str) {
        this(new StubPersonAttributeDao(new HashMap(0)), PrincipalFactoryUtils.newPrincipalFactory(), z, (v0) -> {
            return v0.trim();
        }, str, false, true, CollectionUtils.wrapSet("*"));
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, PrincipalFactory principalFactory, boolean z, String str, boolean z2) {
        this(iPersonAttributeDao, principalFactory, z, str2 -> {
            return str2;
        }, str, z2, true, CollectionUtils.wrapSet("*"));
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, PrincipalFactory principalFactory, boolean z, String str, boolean z2, boolean z3) {
        this(iPersonAttributeDao, principalFactory, z, str2 -> {
            return str2;
        }, str, z2, z3, CollectionUtils.wrapSet("*"));
    }

    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, PrincipalFactory principalFactory, boolean z, String str, boolean z2, boolean z3, Set<String> set) {
        this(iPersonAttributeDao, principalFactory, z, str2 -> {
            return str2;
        }, str, z2, z3, set);
    }

    @Override // org.apereo.cas.authentication.principal.PrincipalResolver
    public Principal resolve(Credential credential, Optional<Principal> optional, Optional<AuthenticationHandler> optional2) {
        LOGGER.trace("Attempting to resolve a principal via [{}]", getName());
        String extractPrincipalId = extractPrincipalId(credential, optional);
        if (StringUtils.isBlank(extractPrincipalId)) {
            LOGGER.debug("Principal id [{}] could not be found", extractPrincipalId);
            return null;
        }
        if (this.principalNameTransformer != null) {
            extractPrincipalId = this.principalNameTransformer.transform(extractPrincipalId);
        }
        LOGGER.trace("Creating principal for [{}]", extractPrincipalId);
        if (!this.resolveAttributes) {
            Principal buildResolvedPrincipal = buildResolvedPrincipal(extractPrincipalId, new HashMap(0), credential, optional, optional2);
            LOGGER.debug("Final resolved principal by [{}] without resolving attributes is [{}]", getName(), buildResolvedPrincipal);
            return buildResolvedPrincipal;
        }
        Map<String, List<Object>> retrievePersonAttributes = retrievePersonAttributes(extractPrincipalId, credential, optional, new HashMap());
        if (retrievePersonAttributes != null && !retrievePersonAttributes.isEmpty()) {
            LOGGER.debug("Retrieved [{}] attribute(s) from the repository", Integer.valueOf(retrievePersonAttributes.size()));
            Pair<String, Map<String, List<Object>>> convertPersonAttributesToPrincipal = convertPersonAttributesToPrincipal(extractPrincipalId, optional, retrievePersonAttributes);
            Principal buildResolvedPrincipal2 = buildResolvedPrincipal(convertPersonAttributesToPrincipal.getKey(), convertPersonAttributesToPrincipal.getValue(), credential, optional, optional2);
            LOGGER.debug("Final resolved principal by [{}] is [{}]", getName(), buildResolvedPrincipal2);
            return buildResolvedPrincipal2;
        }
        LOGGER.debug("Principal id [{}] did not specify any attributes", extractPrincipalId);
        if (this.returnNullIfNoAttributes) {
            LOGGER.debug("[{}] is configured to return null if no attributes are found for [{}]", getClass().getName(), extractPrincipalId);
            return null;
        }
        Principal buildResolvedPrincipal3 = buildResolvedPrincipal(extractPrincipalId, new HashMap(0), credential, optional, optional2);
        LOGGER.debug("Returning the principal with id [{}] without any attributes", buildResolvedPrincipal3);
        return buildResolvedPrincipal3;
    }

    @Override // org.apereo.cas.authentication.principal.PrincipalResolver
    public boolean supports(Credential credential) {
        return (credential == null || credential.getId() == null) ? false : true;
    }

    protected Principal buildResolvedPrincipal(String str, Map<String, List<Object>> map, Credential credential, Optional<Principal> optional, Optional<AuthenticationHandler> optional2) {
        return this.principalFactory.createPrincipal(str, map);
    }

    protected Pair<String, Map<String, List<Object>>> convertPersonAttributesToPrincipal(String str, Optional<Principal> optional, Map<String, List<Object>> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        map.forEach((str2, list) -> {
            List list = (List) ((List) CollectionUtils.toCollection(list, ArrayList.class)).stream().filter(Objects::nonNull).collect(Collectors.toList());
            LOGGER.debug("Found attribute [{}] with value(s) [{}]", str2, list);
            linkedHashMap.put(str2, list);
        });
        String str3 = str;
        if (StringUtils.isNotBlank(this.principalAttributeNames)) {
            Set<String> commaDelimitedListToSet = org.springframework.util.StringUtils.commaDelimitedListToSet(this.principalAttributeNames);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(map);
            if (isUseCurrentPrincipalId() && optional.isPresent()) {
                Map<String, List<Object>> attributes = optional.get().getAttributes();
                LOGGER.trace("Merging current principal attributes [{}] with resolved attributes [{}]", attributes, linkedHashMap2);
                CoreAuthenticationUtils.getAttributeMerger("replace").mergeAttributes(linkedHashMap2, attributes);
            }
            LOGGER.debug("Using principal attributes [{}] to determine principal id", linkedHashMap2);
            Stream<R> map2 = commaDelimitedListToSet.stream().map((v0) -> {
                return v0.trim();
            });
            Objects.requireNonNull(linkedHashMap2);
            Stream filter = map2.filter((v1) -> {
                return r1.containsKey(v1);
            });
            Objects.requireNonNull(linkedHashMap2);
            Optional findFirst = filter.map((v1) -> {
                return r1.get(v1);
            }).findFirst();
            if (findFirst.isPresent()) {
                List list2 = (List) findFirst.get();
                if (!list2.isEmpty()) {
                    str3 = (String) CollectionUtils.firstElement(list2).map((v0) -> {
                        return v0.toString();
                    }).orElseThrow();
                    LOGGER.debug("Found principal id attribute value [{}]", str3);
                }
            } else {
                LOGGER.warn("Principal resolution is set to resolve users via attribute(s) [{}], and yet the collection of attributes retrieved [{}] do not contain any of those attributes. This is likely due to misconfiguration and CAS will use [{}] as the final principal id", this.principalAttributeNames, linkedHashMap2.keySet(), str3);
            }
        }
        return Pair.of(str3, linkedHashMap);
    }

    protected Map<String, List<Object>> retrievePersonAttributes(String str, Credential credential, Optional<Principal> optional, Map<String, List<Object>> map) {
        return PrincipalAttributeRepositoryFetcher.builder().attributeRepository(this.attributeRepository).principalId(str).activeAttributeRepositoryIdentifiers(this.activeAttributeRepositoryIdentifiers).currentPrincipal(optional.orElse(null)).queryAttributes(map).build().retrieve();
    }

    protected String extractPrincipalId(Credential credential, Optional<Principal> optional) {
        LOGGER.debug("Extracting credential id based on existing credential [{}]", credential);
        String id = credential.getId();
        if (optional.isPresent()) {
            Principal principal = optional.get();
            LOGGER.debug("Principal is currently resolved as [{}]", principal);
            if (this.useCurrentPrincipalId) {
                LOGGER.debug("Using the existing resolved principal id [{}]", principal.getId());
                return principal.getId();
            }
            LOGGER.debug("CAS will NOT be using the identifier from the resolved principal [{}] as it's not configured to use the currently-resolved principal id and will fall back onto using the identifier for the credential, that is [{}], for principal resolution", principal, id);
        } else {
            LOGGER.debug("No principal is currently resolved and available. Falling back onto using the identifier  for the credential, that is [{}], for principal resolution", id);
        }
        LOGGER.debug("Extracted principal id [{}]", id);
        return id;
    }

    @Generated
    public String toString() {
        return "PersonDirectoryPrincipalResolver(attributeRepository=" + this.attributeRepository + ", principalFactory=" + this.principalFactory + ", returnNullIfNoAttributes=" + this.returnNullIfNoAttributes + ", principalNameTransformer=" + this.principalNameTransformer + ", principalAttributeNames=" + this.principalAttributeNames + ", useCurrentPrincipalId=" + this.useCurrentPrincipalId + ", resolveAttributes=" + this.resolveAttributes + ", activeAttributeRepositoryIdentifiers=" + this.activeAttributeRepositoryIdentifiers + ", order=" + this.order + ")";
    }

    @Generated
    public PersonDirectoryPrincipalResolver(IPersonAttributeDao iPersonAttributeDao, PrincipalFactory principalFactory, boolean z, PrincipalNameTransformer principalNameTransformer, String str, boolean z2, boolean z3, Set<String> set) {
        this.attributeRepository = iPersonAttributeDao;
        this.principalFactory = principalFactory;
        this.returnNullIfNoAttributes = z;
        this.principalNameTransformer = principalNameTransformer;
        this.principalAttributeNames = str;
        this.useCurrentPrincipalId = z2;
        this.resolveAttributes = z3;
        this.activeAttributeRepositoryIdentifiers = set;
    }

    @Override // org.apereo.cas.authentication.principal.PrincipalResolver
    @Generated
    public IPersonAttributeDao getAttributeRepository() {
        return this.attributeRepository;
    }

    @Generated
    public PrincipalFactory getPrincipalFactory() {
        return this.principalFactory;
    }

    @Generated
    public boolean isReturnNullIfNoAttributes() {
        return this.returnNullIfNoAttributes;
    }

    @Generated
    public PrincipalNameTransformer getPrincipalNameTransformer() {
        return this.principalNameTransformer;
    }

    @Generated
    public String getPrincipalAttributeNames() {
        return this.principalAttributeNames;
    }

    @Generated
    public boolean isUseCurrentPrincipalId() {
        return this.useCurrentPrincipalId;
    }

    @Generated
    public boolean isResolveAttributes() {
        return this.resolveAttributes;
    }

    @Generated
    public Set<String> getActiveAttributeRepositoryIdentifiers() {
        return this.activeAttributeRepositoryIdentifiers;
    }

    @Override // org.apereo.cas.authentication.principal.PrincipalResolver, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }
}
