package org.apereo.cas.authentication.rest;

import java.util.List;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.SurrogateAuthenticationException;
import org.apereo.cas.authentication.SurrogateUsernamePasswordCredential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties;
import org.apereo.cas.rest.factory.UsernamePasswordRestHttpRequestCredentialFactory;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:org/apereo/cas/authentication/rest/SurrogateAuthenticationRestHttpRequestCredentialFactory.class */
public class SurrogateAuthenticationRestHttpRequestCredentialFactory extends UsernamePasswordRestHttpRequestCredentialFactory {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SurrogateAuthenticationRestHttpRequestCredentialFactory.class);
    public static final String REQUEST_HEADER_SURROGATE_PRINCIPAL = "X-Surrogate-Principal";
    private final SurrogateAuthenticationService surrogateAuthenticationService;
    private final SurrogateAuthenticationProperties properties;

    public int getOrder() {
        return super.getOrder() - 1;
    }

    public List<Credential> fromRequest(HttpServletRequest httpServletRequest, MultiValueMap<String, String> multiValueMap) {
        List<Credential> fromRequest = super.fromRequest(httpServletRequest, multiValueMap);
        if (fromRequest.isEmpty()) {
            return fromRequest;
        }
        Credential credential = (SurrogateUsernamePasswordCredential) FunctionUtils.doUnchecked(() -> {
            return extractCredential(httpServletRequest, fromRequest);
        });
        if (credential == null) {
            LOGGER.trace("Not a surrogate authentication attempt, returning parent class credentials");
            return fromRequest;
        }
        if (this.surrogateAuthenticationService.getImpersonationAccounts(credential.getId()).contains(credential.getSurrogateUsername())) {
            return CollectionUtils.wrapList(new Credential[]{credential});
        }
        throw new SurrogateAuthenticationException("Unable to authorize surrogate authentication request for " + credential.getSurrogateUsername());
    }

    protected SurrogateUsernamePasswordCredential extractCredential(HttpServletRequest httpServletRequest, List<Credential> list) throws Exception {
        SurrogateUsernamePasswordCredential surrogateUsernamePasswordCredential = new SurrogateUsernamePasswordCredential();
        UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) UsernamePasswordCredential.class.cast(list.get(0));
        BeanUtils.copyProperties(surrogateUsernamePasswordCredential, usernamePasswordCredential);
        String header = httpServletRequest.getHeader(REQUEST_HEADER_SURROGATE_PRINCIPAL);
        if (StringUtils.isNotBlank(header)) {
            LOGGER.debug("Request surrogate principal [{}]", header);
            surrogateUsernamePasswordCredential.setSurrogateUsername(header);
            return surrogateUsernamePasswordCredential;
        }
        String username = usernamePasswordCredential.getUsername();
        if (!username.contains(this.properties.getSeparator())) {
            return null;
        }
        String substring = username.substring(0, username.indexOf(this.properties.getSeparator()));
        surrogateUsernamePasswordCredential.setUsername(username.substring(username.indexOf(this.properties.getSeparator()) + this.properties.getSeparator().length()));
        surrogateUsernamePasswordCredential.setSurrogateUsername(substring);
        surrogateUsernamePasswordCredential.assignPassword(usernamePasswordCredential.toPassword());
        return surrogateUsernamePasswordCredential;
    }

    @Generated
    public SurrogateAuthenticationRestHttpRequestCredentialFactory(SurrogateAuthenticationService surrogateAuthenticationService, SurrogateAuthenticationProperties surrogateAuthenticationProperties) {
        this.surrogateAuthenticationService = surrogateAuthenticationService;
        this.properties = surrogateAuthenticationProperties;
    }
}
