package org.apereo.cas.mgmt.authentication;

import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import lombok.Generated;
import org.apereo.cas.mgmt.domain.MgmtUserProfile;
import org.apereo.cas.mgmt.util.CasManagementUtils;
import org.apereo.cas.services.RegisteredService;
import org.pac4j.core.profile.CommonProfile;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/lib/cas-mgmt-core-authentication-6.5.3.jar:org/apereo/cas/mgmt/authentication/CasUserProfile.class */
public class CasUserProfile extends CommonProfile implements MgmtUserProfile {
    private static final long serialVersionUID = -6308325782274816263L;
    private final boolean administrator;
    private final boolean delegate;

    public CasUserProfile() {
        this.administrator = false;
        this.delegate = false;
    }

    public CasUserProfile(Authentication authentication) {
        this((CommonProfile) authentication.getPrincipal(), List.of("ROLE_ADMIN"));
    }

    public CasUserProfile(CommonProfile commonProfile, Collection<String> collection) {
        build(commonProfile.getId(), commonProfile.getAttributes());
        setClientName(commonProfile.getClientName());
        setLinkedId(commonProfile.getId());
        setRemembered(commonProfile.isRemembered());
        addRoles(commonProfile.getRoles());
        addPermissions(commonProfile.getPermissions());
        this.administrator = collection.stream().anyMatch(str -> {
            return getRoles().contains(str);
        });
        this.delegate = getRoles().contains("ROLE_USER");
    }

    public static CasUserProfile from(Authentication authentication) {
        return new CasUserProfile(authentication);
    }

    @Override // org.apereo.cas.mgmt.domain.MgmtUserProfile
    public String getDepartment() {
        return findFirstMatchingAttribute("department|ou");
    }

    @Override // org.apereo.cas.mgmt.domain.MgmtUserProfile
    public String getPhone() {
        return findFirstMatchingAttribute("phone|phoneNumber|telephoneNumber|primaryPhone|primaryPhoneNumber");
    }

    @Override // org.pac4j.core.profile.CommonProfile, org.pac4j.core.profile.BasicUserProfile, org.pac4j.core.profile.UserProfile, org.apereo.cas.mgmt.domain.MgmtUserProfile
    public String getUsername() {
        return findFirstMatchingAttribute("username|id");
    }

    @Override // org.pac4j.core.profile.CommonProfile, org.apereo.cas.mgmt.domain.MgmtUserProfile
    public String getFamilyName() {
        return findFirstMatchingAttribute("family_name|familyName");
    }

    @Override // org.pac4j.core.profile.CommonProfile, org.apereo.cas.mgmt.domain.MgmtUserProfile
    public String getFirstName() {
        return findFirstMatchingAttribute("first_name|firstName|given_name");
    }

    @Override // org.pac4j.core.profile.CommonProfile, org.apereo.cas.mgmt.domain.MgmtUserProfile
    public String getEmail() {
        return findFirstMatchingAttribute("email|mail");
    }

    private String findFirstMatchingAttribute(String str) {
        return (String) getAttributes().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).matches(str);
        }).map(entry2 -> {
            return entry2.getValue().toString();
        }).findFirst().orElse(null);
    }

    public boolean hasPermission(String str) {
        Set<String> permissions = getPermissions();
        if (!isAdministrator() && !permissions.contains("*")) {
            Stream<String> stream = permissions.stream();
            Objects.requireNonNull(str);
            if (!stream.anyMatch(str::endsWith)) {
                return false;
            }
        }
        return true;
    }

    public <T extends RegisteredService> boolean hasPermission(T t) {
        Set<String> permissions = getPermissions();
        if (isAdministrator() || permissions.contains("*")) {
            return true;
        }
        return Arrays.stream(t.getServiceId().split("|")).map(CasManagementUtils::extractDomain).anyMatch(str -> {
            Stream stream = permissions.stream();
            Objects.requireNonNull(str);
            return stream.anyMatch(str::endsWith);
        });
    }

    public boolean isUser() {
        return isAdministrator() || isDelegate();
    }

    @Override // org.apereo.cas.mgmt.domain.MgmtUserProfile
    @Generated
    public boolean isAdministrator() {
        return this.administrator;
    }

    @Generated
    public boolean isDelegate() {
        return this.delegate;
    }
}
