package org.apereo.cas.support.oauth.authenticator;

import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationBuilder;
import org.apereo.cas.authentication.BasicCredentialMetaData;
import org.apereo.cas.authentication.BasicIdentifiableCredential;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.util.CollectionUtils;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/oauth/authenticator/OAuth20CasAuthenticationBuilder.class */
public class OAuth20CasAuthenticationBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth20CasAuthenticationBuilder.class);
    protected final PrincipalFactory principalFactory;
    protected final ServiceFactory<WebApplicationService> webApplicationServiceServiceFactory;
    protected final OAuth20ProfileScopeToAttributesFilter scopeToAttributesFilter;
    protected final CasConfigurationProperties casProperties;

    public Service buildService(OAuthRegisteredService oAuthRegisteredService, J2EContext j2EContext, boolean z) {
        String str = null;
        if (z) {
            str = OAuth20Utils.getServiceRequestHeaderIfAny(j2EContext.getRequest());
            LOGGER.debug("Located service based on request header is [{}]", str);
        }
        if (StringUtils.isBlank(str)) {
            str = oAuthRegisteredService.getClientId();
        }
        return this.webApplicationServiceServiceFactory.createService(str);
    }

    public Authentication build(UserProfile userProfile, OAuthRegisteredService oAuthRegisteredService, J2EContext j2EContext, Service service) {
        Principal createPrincipal = this.principalFactory.createPrincipal(userProfile.getId(), getPrincipalAttributesFromProfile(userProfile));
        LOGGER.debug("Created final principal [{}] after filtering attributes based on [{}]", createPrincipal, oAuthRegisteredService);
        String canonicalName = userProfile.getClass().getCanonicalName();
        BasicCredentialMetaData basicCredentialMetaData = new BasicCredentialMetaData(new BasicIdentifiableCredential(userProfile.getId()));
        DefaultAuthenticationHandlerExecutionResult defaultAuthenticationHandlerExecutionResult = new DefaultAuthenticationHandlerExecutionResult(canonicalName, basicCredentialMetaData, createPrincipal, new ArrayList());
        Set collection = CollectionUtils.toCollection(j2EContext.getRequest().getParameterValues("scope"));
        String str = (String) StringUtils.defaultIfBlank(j2EContext.getRequestParameter("state"), "");
        String str2 = (String) StringUtils.defaultIfBlank(j2EContext.getRequestParameter("nonce"), "");
        LOGGER.debug("OAuth [{}] is [{}], and [{}] is [{}]", new Object[]{"state", str, "nonce", str2});
        AuthenticationBuilder addSuccess = DefaultAuthenticationBuilder.newInstance().addAttribute("permissions", new HashSet(userProfile.getPermissions())).addAttribute("roles", new HashSet(userProfile.getRoles())).addAttribute("scopes", collection).addAttribute("state", str).addAttribute("nonce", str2).addCredential(basicCredentialMetaData).setPrincipal(createPrincipal).setAuthenticationDate(ZonedDateTime.now()).addSuccess(userProfile.getClass().getCanonicalName(), defaultAuthenticationHandlerExecutionResult);
        collectionAuthenticationAttributesIfNecessary(userProfile, addSuccess);
        return addSuccess.build();
    }

    private static Map<String, Object> getPrincipalAttributesFromProfile(UserProfile userProfile) {
        HashMap hashMap = new HashMap(userProfile.getAttributes());
        hashMap.remove("isFromNewLogin");
        hashMap.remove("longTermAuthenticationRequestTokenUsed");
        hashMap.remove("authenticationMethod");
        hashMap.remove("successfulAuthenticationHandlers");
        hashMap.remove("authenticationDate");
        return hashMap;
    }

    private void collectionAuthenticationAttributesIfNecessary(UserProfile userProfile, AuthenticationBuilder authenticationBuilder) {
        if (this.casProperties.getAuthn().getOauth().getAccessToken().isReleaseProtocolAttributes()) {
            addAuthenticationAttribute("authenticationMethod", authenticationBuilder, userProfile);
            addAuthenticationAttribute("isFromNewLogin", authenticationBuilder, userProfile);
            addAuthenticationAttribute("longTermAuthenticationRequestTokenUsed", authenticationBuilder, userProfile);
            addAuthenticationAttribute("authenticationDate", authenticationBuilder, userProfile);
            addAuthenticationAttribute("successfulAuthenticationHandlers", authenticationBuilder, userProfile);
        }
    }

    private static void addAuthenticationAttribute(String str, AuthenticationBuilder authenticationBuilder, UserProfile userProfile) {
        authenticationBuilder.addAttribute(str, userProfile.getAttribute(str));
        LOGGER.debug("Added attribute [{}] to the authentication", str);
    }

    @Generated
    public OAuth20CasAuthenticationBuilder(PrincipalFactory principalFactory, ServiceFactory<WebApplicationService> serviceFactory, OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, CasConfigurationProperties casConfigurationProperties) {
        this.principalFactory = principalFactory;
        this.webApplicationServiceServiceFactory = serviceFactory;
        this.scopeToAttributesFilter = oAuth20ProfileScopeToAttributesFilter;
        this.casProperties = casConfigurationProperties;
    }
}
