package org.apereo.cas.support.oauth.authenticator;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedHashSet;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationBuilder;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.metadata.BasicCredentialMetaData;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.oauth.OAuth20Constants;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.BasicUserProfile;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.5.5.jar:org/apereo/cas/support/oauth/authenticator/OAuth20DefaultCasAuthenticationBuilder.class */
public class OAuth20DefaultCasAuthenticationBuilder implements OAuth20CasAuthenticationBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OAuth20DefaultCasAuthenticationBuilder.class);
    protected final PrincipalFactory principalFactory;
    protected final ServiceFactory<WebApplicationService> webApplicationServiceServiceFactory;
    protected final OAuth20ProfileScopeToAttributesFilter scopeToAttributesFilter;
    protected final CasConfigurationProperties casProperties;

    @Override // org.apereo.cas.support.oauth.authenticator.OAuth20CasAuthenticationBuilder
    public Service buildService(OAuthRegisteredService oAuthRegisteredService, WebContext webContext, boolean z) {
        String str = "";
        if (z) {
            str = OAuth20Utils.getServiceRequestHeaderIfAny(webContext);
            LOGGER.debug("Located service based on request header is [{}]", str);
        }
        if (StringUtils.isBlank(str)) {
            str = oAuthRegisteredService.getClientId();
        }
        return this.webApplicationServiceServiceFactory.createService(str);
    }

    @Override // org.apereo.cas.support.oauth.authenticator.OAuth20CasAuthenticationBuilder
    public Authentication build(UserProfile userProfile, OAuthRegisteredService oAuthRegisteredService, WebContext webContext, Service service) {
        Principal createPrincipal = this.principalFactory.createPrincipal(userProfile.getId(), CoreAuthenticationUtils.convertAttributeValuesToMultiValuedObjects(new HashMap(userProfile.getAttributes())));
        LOGGER.debug("Created final principal [{}] after filtering attributes based on [{}]", createPrincipal, oAuthRegisteredService);
        String canonicalName = userProfile.getClass().getCanonicalName();
        BasicCredentialMetaData basicCredentialMetaData = new BasicCredentialMetaData(new BasicIdentifiableCredential(userProfile.getId()));
        DefaultAuthenticationHandlerExecutionResult defaultAuthenticationHandlerExecutionResult = new DefaultAuthenticationHandlerExecutionResult(canonicalName, basicCredentialMetaData, createPrincipal, new ArrayList(0));
        Collection<String> requestedScopes = OAuth20Utils.getRequestedScopes(webContext);
        String str = (String) webContext.getRequestParameter("state").map((v0) -> {
            return String.valueOf(v0);
        }).or(() -> {
            return OAuth20Utils.getRequestParameter(webContext, "state");
        }).orElse("");
        String str2 = (String) webContext.getRequestParameter("nonce").map((v0) -> {
            return String.valueOf(v0);
        }).or(() -> {
            return OAuth20Utils.getRequestParameter(webContext, "nonce");
        }).orElse("");
        LOGGER.debug("OAuth [{}] is [{}], and [{}] is [{}]", "state", str, "nonce", str2);
        AuthenticationBuilder newInstance = DefaultAuthenticationBuilder.newInstance();
        if (userProfile instanceof BasicUserProfile) {
            newInstance.addAttributes(((BasicUserProfile) userProfile).getAuthenticationAttributes());
        }
        newInstance.addAttribute("permissions", new LinkedHashSet(userProfile.getPermissions())).addAttribute("roles", new LinkedHashSet(userProfile.getRoles())).addAttribute("scopes", requestedScopes).addAttribute("state", str).addAttribute("nonce", str2).addAttribute("client_id", oAuthRegisteredService.getClientId()).addCredential(basicCredentialMetaData).setPrincipal(createPrincipal).setAuthenticationDate(ZonedDateTime.now(ZoneOffset.UTC)).addSuccess(userProfile.getClass().getCanonicalName(), defaultAuthenticationHandlerExecutionResult);
        webContext.getRequestParameter(OAuth20Constants.ACR_VALUES).ifPresent(str3 -> {
            newInstance.addAttribute(OAuth20Constants.ACR_VALUES, str3);
        });
        return newInstance.build();
    }

    @Generated
    public OAuth20DefaultCasAuthenticationBuilder(PrincipalFactory principalFactory, ServiceFactory<WebApplicationService> serviceFactory, OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, CasConfigurationProperties casConfigurationProperties) {
        this.principalFactory = principalFactory;
        this.webApplicationServiceServiceFactory = serviceFactory;
        this.scopeToAttributesFilter = oAuth20ProfileScopeToAttributesFilter;
        this.casProperties = casConfigurationProperties;
    }
}
