package org.apereo.cas.services;

import com.fasterxml.jackson.annotation.JsonInclude;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.Cipher;
import lombok.Generated;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.util.EncodingUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@JsonInclude(JsonInclude.Include.NON_DEFAULT)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-attributes-6.3.0-RC4.jar:org/apereo/cas/services/ReturnEncryptedAttributeReleasePolicy.class */
public class ReturnEncryptedAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ReturnEncryptedAttributeReleasePolicy.class);
    private static final long serialVersionUID = -5771481877391140569L;
    private List<String> allowedAttributes;

    @Override // org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
    public Map<String, List<Object>> getAttributesInternal(Principal principal, Map<String, List<Object>> map, RegisteredService registeredService, Service service) {
        return authorizeReleaseOfAllowedAttributes(principal, map, registeredService, service);
    }

    protected Map<String, List<Object>> authorizeReleaseOfAllowedAttributes(Principal principal, Map<String, List<Object>> map, RegisteredService registeredService, Service service) {
        RegisteredServicePublicKey publicKey = registeredService.getPublicKey();
        if (publicKey == null) {
            LOGGER.error("No public key is defined for service [{}]. No attributes will be released", registeredService);
            return new HashMap(0);
        }
        LOGGER.debug("Using service [{}] public key [{}] to initialize the cipher", registeredService.getServiceId(), publicKey);
        Cipher cipher = publicKey.toCipher();
        if (cipher == null) {
            LOGGER.error("Unable to initialize cipher given the public key algorithm [{}]", publicKey.getAlgorithm());
            return new HashMap(0);
        }
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        treeMap.putAll(map);
        HashMap hashMap = new HashMap();
        Stream<String> stream = getAllowedAttributes().stream();
        Objects.requireNonNull(treeMap);
        stream.filter((v1) -> {
            return r1.containsKey(v1);
        }).forEach(str -> {
            LOGGER.debug("Found attribute [{}] in the list of allowed attributes. Encoding...", str);
            hashMap.put(str, (List) ((List) treeMap.get(str)).stream().map(Unchecked.function(obj -> {
                LOGGER.trace("Encrypting attribute [{}] with value [{}]", str, obj);
                String encodeBase64 = EncodingUtils.encodeBase64(cipher.doFinal(obj.toString().getBytes(StandardCharsets.UTF_8)));
                LOGGER.trace("Encrypted attribute [{}] with value [{}]", str, encodeBase64);
                return encodeBase64;
            })).collect(Collectors.toList()));
        });
        return hashMap;
    }

    @Override // org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
    @Generated
    public String toString() {
        return "ReturnEncryptedAttributeReleasePolicy(super=" + super.toString() + ", allowedAttributes=" + this.allowedAttributes + ")";
    }

    @Generated
    public List<String> getAllowedAttributes() {
        return this.allowedAttributes;
    }

    @Generated
    public void setAllowedAttributes(List<String> list) {
        this.allowedAttributes = list;
    }

    @Override // org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof ReturnEncryptedAttributeReleasePolicy)) {
            return false;
        }
        ReturnEncryptedAttributeReleasePolicy returnEncryptedAttributeReleasePolicy = (ReturnEncryptedAttributeReleasePolicy) obj;
        if (!returnEncryptedAttributeReleasePolicy.canEqual(this) || !super.equals(obj)) {
            return false;
        }
        List<String> list = this.allowedAttributes;
        List<String> list2 = returnEncryptedAttributeReleasePolicy.allowedAttributes;
        return list == null ? list2 == null : list.equals(list2);
    }

    @Override // org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof ReturnEncryptedAttributeReleasePolicy;
    }

    @Override // org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
    @Generated
    public int hashCode() {
        int hashCode = super.hashCode();
        List<String> list = this.allowedAttributes;
        return (hashCode * 59) + (list == null ? 43 : list.hashCode());
    }

    @Generated
    public ReturnEncryptedAttributeReleasePolicy() {
        this.allowedAttributes = new ArrayList(0);
    }

    @Generated
    public ReturnEncryptedAttributeReleasePolicy(List<String> list) {
        this.allowedAttributes = new ArrayList(0);
        this.allowedAttributes = list;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
