package org.squashtest.tm.plugin.saml;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
import org.squashtest.tm.plugin.saml.beans.ExtraAccountInformation;
import org.squashtest.tm.plugin.saml.beans.ExtraAccountInformationUser;
import org.squashtest.tm.plugin.saml.exception.DisabledUserException;
import org.squashtest.tm.plugin.saml.properties.UserMappingProperties;

/* loaded from: input_file:org/squashtest/tm/plugin/saml/SquashSAMLUserDetailsService.class */
public class SquashSAMLUserDetailsService {
    private static final Logger LOGGER = LoggerFactory.getLogger(SquashSAMLUserDetailsService.class);
    private static final String EMPTY_PASSWORD = "(not available)";
    private final UserMappingProperties userMapping;
    private final UserDetailsService manager;

    public SquashSAMLUserDetailsService(UserMappingProperties userMappingProperties, UserDetailsService userDetailsService) {
        this.userMapping = userMappingProperties;
        this.manager = userDetailsService;
    }

    public UserDetails loadUserBySAML(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal) throws UsernameNotFoundException {
        String findUsername = findUsername(defaultSaml2AuthenticatedPrincipal);
        LOGGER.debug("Fetching user details for user {}", findUsername);
        try {
            UserDetails loadUserByUsername = this.manager.loadUserByUsername(findUsername);
            if (!loadUserByUsername.isEnabled()) {
                throw new DisabledUserException("The authentication attempt has failed because the user account associated with this login request has been disabled. Please contact the system administrator for assistance or to reactivate your account.");
            }
            LOGGER.debug("found user details for user {}", findUsername);
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("user details for {} are : ", findUsername);
                LOGGER.trace(loadUserByUsername.toString());
            }
            return loadUserByUsername;
        } catch (UsernameNotFoundException unused) {
            return handleNewUser(findUsername, defaultSaml2AuthenticatedPrincipal);
        }
    }

    private String findUsername(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal) {
        String name;
        if (this.userMapping.isMappedAlternateUsername()) {
            String alternateUsername = this.userMapping.getAlternateUsername();
            LOGGER.debug("looking for alternate username instead of NameID, using SAML assertion attribute '{}'", alternateUsername);
            name = getAttribute(defaultSaml2AuthenticatedPrincipal, alternateUsername);
        } else {
            LOGGER.debug("using the NameID as Squash username");
            name = defaultSaml2AuthenticatedPrincipal.getName();
        }
        return name;
    }

    private User handleNewUser(String str, DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal) {
        LOGGER.debug("user details not found for user {}, returning stub user with default permissions", str);
        List emptyList = Collections.emptyList();
        return this.userMapping.requiresExtraAttributes() ? new ExtraAccountInformationUser(str, EMPTY_PASSWORD, emptyList, extractInformation(str, defaultSaml2AuthenticatedPrincipal)) : new User(str, EMPTY_PASSWORD, emptyList);
    }

    private ExtraAccountInformation extractInformation(String str, DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal) {
        String str2 = "";
        String str3 = "";
        String str4 = "";
        LOGGER.debug("retrieving extra account information from SAML assertion");
        logAvailableAttributes(defaultSaml2AuthenticatedPrincipal);
        if (this.userMapping.getFirstName() != null) {
            String firstName = this.userMapping.getFirstName();
            LOGGER.trace("looking for firstName in attribute '{}'", firstName);
            str2 = getAttribute(defaultSaml2AuthenticatedPrincipal, firstName);
            LOGGER.trace("firstName : '{}'", str2);
        }
        if (this.userMapping.getLastName() != null) {
            String lastName = this.userMapping.getLastName();
            LOGGER.trace("looking for lastName in attribute '{}'", lastName);
            str3 = getAttribute(defaultSaml2AuthenticatedPrincipal, lastName);
            LOGGER.trace("lastName : '{}'", str3);
        }
        if (this.userMapping.getEmail() != null) {
            String email = this.userMapping.getEmail();
            LOGGER.trace("looking for email in attribute '{}'", email);
            str4 = getAttribute(defaultSaml2AuthenticatedPrincipal, email);
            LOGGER.trace("email : '{}'", str4);
        }
        if (str2 == null || str3 == null || str4 == null) {
            warnEmptyAttributes();
        }
        if (StringUtils.isBlank(str3)) {
            LOGGER.trace("empty lastname found, however it cannot be null. Using the username instead.");
            str3 = str;
        }
        return new ExtraAccountInformation(str2, str3, str4);
    }

    private String getAttribute(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal, String str) {
        List list = (List) defaultSaml2AuthenticatedPrincipal.getAttributes().getOrDefault(str, Collections.emptyList());
        if (list.isEmpty()) {
            return null;
        }
        return list.get(0).toString();
    }

    private void logAvailableAttributes(DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal) {
        if (LOGGER.isTraceEnabled()) {
            for (Map.Entry entry : defaultSaml2AuthenticatedPrincipal.getAttributes().entrySet()) {
                LOGGER.trace("Attribute '{}': {}", entry.getKey(), entry.getValue());
            }
        }
    }

    private void warnEmptyAttributes() {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.warn("some requested attributes were not found in the assertion, please review the available attributes listed above then check your configuration");
        } else {
            LOGGER.warn("some requested attributes were not found in the assertion, please enable trace level for the logger '{}' to know more about what went wrong", getClass().getPackage().getName());
        }
    }
}
