package org.apereo.cas.integration.pac4j.authentication.handler.support;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.ClientCustomPropertyConstants;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-authentication-6.5.3.jar:org/apereo/cas/integration/pac4j/authentication/handler/support/AbstractPac4jAuthenticationHandler.class */
public abstract class AbstractPac4jAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractPac4jAuthenticationHandler.class);
    protected final SessionStore sessionStore;
    private String principalAttributeId;
    private boolean isTypedIdUsed;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractPac4jAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, SessionStore sessionStore) {
        super(str, servicesManager, principalFactory, num);
        this.sessionStore = sessionStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationHandlerExecutionResult createResult(ClientCredential clientCredential, UserProfile userProfile, BaseClient baseClient) throws GeneralSecurityException {
        if (userProfile == null) {
            throw new FailedLoginException("Authentication did not produce a user profile for: " + clientCredential);
        }
        String determinePrincipalIdFrom = determinePrincipalIdFrom(userProfile, baseClient);
        if (StringUtils.isBlank(determinePrincipalIdFrom)) {
            throw new FailedLoginException("No identifier found for this user profile: " + userProfile);
        }
        clientCredential.setUserProfile(userProfile);
        clientCredential.setTypedIdUsed(this.isTypedIdUsed);
        Principal createPrincipal = this.principalFactory.createPrincipal(determinePrincipalIdFrom, CoreAuthenticationUtils.convertAttributeValuesToMultiValuedObjects(userProfile.getAttributes()));
        LOGGER.debug("Constructed authenticated principal [{}] based on user profile [{}]", createPrincipal, userProfile);
        return finalizeAuthenticationHandlerResult(clientCredential, createPrincipal, userProfile, baseClient);
    }

    protected AuthenticationHandlerExecutionResult finalizeAuthenticationHandlerResult(ClientCredential clientCredential, Principal principal, UserProfile userProfile, BaseClient baseClient) {
        preFinalizeAuthenticationHandlerResult(clientCredential, principal, userProfile, baseClient);
        return createHandlerResult(clientCredential, principal, new ArrayList(0));
    }

    protected void preFinalizeAuthenticationHandlerResult(ClientCredential clientCredential, Principal principal, UserProfile userProfile, BaseClient baseClient) {
    }

    protected String determinePrincipalIdFrom(UserProfile userProfile, BaseClient baseClient) {
        String id = userProfile.getId();
        Map<String, Object> customProperties = baseClient != null ? baseClient.getCustomProperties() : new HashMap<>(0);
        if (baseClient != null && customProperties.containsKey(ClientCustomPropertyConstants.CLIENT_CUSTOM_PROPERTY_PRINCIPAL_ATTRIBUTE_ID)) {
            Object obj = customProperties.get(ClientCustomPropertyConstants.CLIENT_CUSTOM_PROPERTY_PRINCIPAL_ATTRIBUTE_ID);
            if (obj != null) {
                String obj2 = obj.toString();
                if (userProfile.containsAttribute(obj2)) {
                    Optional<Object> firstElement = CollectionUtils.firstElement(userProfile.getAttribute(obj2));
                    if (firstElement.isPresent()) {
                        id = typePrincipalId(firstElement.get().toString(), userProfile);
                    }
                    LOGGER.debug("Authentication indicates usage of client principal attribute [{}] for the identifier [{}]", obj2, id);
                } else {
                    LOGGER.warn("Authentication cannot find attribute [{}] to use as principal id", obj2);
                }
            } else {
                LOGGER.warn("No custom principal attribute was provided by the client [{}]. Using the default id [{}]", baseClient, id);
            }
        } else if (StringUtils.isNotBlank(this.principalAttributeId)) {
            if (userProfile.containsAttribute(this.principalAttributeId)) {
                Optional<Object> firstElement2 = CollectionUtils.firstElement(userProfile.getAttribute(this.principalAttributeId));
                if (firstElement2.isPresent()) {
                    id = typePrincipalId(firstElement2.get().toString(), userProfile);
                }
            } else {
                LOGGER.warn("CAS cannot use [{}] as the principal attribute id, since the profile attributes do not contain the attribute. Either adjust the CAS configuration to use a different attribute, or contact the authentication provider noted by [{}] to release the expected attribute to CAS", this.principalAttributeId, userProfile.getAttributes());
            }
            LOGGER.debug("Authentication indicates usage of attribute [{}] for the identifier [{}]", this.principalAttributeId, id);
        } else if (this.isTypedIdUsed) {
            id = userProfile.getTypedId();
            LOGGER.debug("Authentication indicates usage of typed profile id [{}]", id);
        }
        LOGGER.debug("Final principal id determined based on client [{}] and user profile [{}] is [{}]", userProfile, baseClient, id);
        return id;
    }

    private String typePrincipalId(String str, UserProfile userProfile) {
        return this.isTypedIdUsed ? userProfile.getClass().getName() + "#" + str : str;
    }

    protected void storeUserProfile(WebContext webContext, UserProfile userProfile) {
        new ProfileManager(webContext, this.sessionStore).save(true, userProfile, false);
    }

    @Generated
    public void setPrincipalAttributeId(String str) {
        this.principalAttributeId = str;
    }

    @Generated
    public void setTypedIdUsed(boolean z) {
        this.isTypedIdUsed = z;
    }
}
