package org.apereo.cas.authentication;

import com.google.common.base.Splitter;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Multimap;
import groovy.lang.GroovyClassLoader;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.adaptive.intel.DefaultIPAddressIntelligenceService;
import org.apereo.cas.authentication.adaptive.intel.GroovyIPAddressIntelligenceService;
import org.apereo.cas.authentication.adaptive.intel.IPAddressIntelligenceService;
import org.apereo.cas.authentication.adaptive.intel.RestfulIPAddressIntelligenceService;
import org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy;
import org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy;
import org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver;
import org.apereo.cas.authentication.support.password.DefaultPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.password.GroovyPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.password.RejectResultCodePasswordPolicyHandlingStrategy;
import org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationIPIntelligenceProperties;
import org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties;
import org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties;
import org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.validation.Assertion;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.IPersonAttributeDaoFilter;
import org.apereo.services.persondir.IPersonAttributes;
import org.apereo.services.persondir.support.merger.BaseAdditiveAttributeMerger;
import org.apereo.services.persondir.support.merger.IAttributeMerger;
import org.apereo.services.persondir.support.merger.MultivaluedAttributeMerger;
import org.apereo.services.persondir.support.merger.NoncollidingAttributeAdder;
import org.apereo.services.persondir.support.merger.ReplacingAttributeAdder;
import org.codehaus.groovy.control.CompilerConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.context.ApplicationContext;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.Resource;
import org.springframework.web.context.support.GroovyWebApplicationContext;
import org.thymeleaf.standard.processor.StandardReplaceTagProcessor;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.3.0-RC4.jar:org/apereo/cas/authentication/CoreAuthenticationUtils.class */
public final class CoreAuthenticationUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CoreAuthenticationUtils.class);

    public static Map<String, List<Object>> convertAttributeValuesToMultiValuedObjects(Map<String, Object> map) {
        return (Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return (List) CollectionUtils.toCollection(entry.getValue(), ArrayList.class);
        }));
    }

    public static Map<String, List<Object>> retrieveAttributesFromAttributeRepository(IPersonAttributeDao iPersonAttributeDao, String str, Set<String> set, Optional<Principal> optional) {
        IPersonAttributeDaoFilter alwaysChoose = IPersonAttributeDaoFilter.alwaysChoose();
        if (set != null && !set.isEmpty()) {
            String[] strArr = (String[]) set.toArray(ArrayUtils.EMPTY_STRING_ARRAY);
            alwaysChoose = iPersonAttributeDao2 -> {
                return Arrays.stream(iPersonAttributeDao2.getId()).anyMatch(str2 -> {
                    return str2.equalsIgnoreCase("*") || StringUtils.equalsAnyIgnoreCase(str2, strArr) || StringUtils.equalsAnyIgnoreCase("*", strArr);
                });
            };
        }
        IPersonAttributes person = iPersonAttributeDao.getPerson(str, alwaysChoose);
        return person == null ? new HashMap(0) : person.getAttributes();
    }

    public static IAttributeMerger getAttributeMerger(String str) {
        String lowerCase = str.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1663556903:
                if (lowerCase.equals("multi_valued")) {
                    z = true;
                    break;
                }
                break;
            case -745078901:
                if (lowerCase.equals("overwrite")) {
                    z = 6;
                    break;
                }
                break;
            case 96417:
                if (lowerCase.equals("add")) {
                    z = 4;
                    break;
                }
                break;
            case 3387192:
                if (lowerCase.equals("none")) {
                    z = 8;
                    break;
                }
                break;
            case 103785528:
                if (lowerCase.equals(BeanDefinitionParserDelegate.MERGE_ATTRIBUTE)) {
                    z = 3;
                    break;
                }
                break;
            case 529996748:
                if (lowerCase.equals("override")) {
                    z = 7;
                    break;
                }
                break;
            case 724296588:
                if (lowerCase.equals("multivalued")) {
                    z = false;
                    break;
                }
                break;
            case 950074687:
                if (lowerCase.equals("combine")) {
                    z = 2;
                    break;
                }
                break;
            case 1094496948:
                if (lowerCase.equals(StandardReplaceTagProcessor.ATTR_NAME)) {
                    z = 5;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
                return new MultivaluedAttributeMerger();
            case true:
                return new NoncollidingAttributeAdder();
            case true:
            case true:
            case true:
                return new ReplacingAttributeAdder();
            case true:
                return new BaseAdditiveAttributeMerger() { // from class: org.apereo.cas.authentication.CoreAuthenticationUtils.1
                    @Override // org.apereo.services.persondir.support.merger.BaseAdditiveAttributeMerger
                    protected Map<String, List<Object>> mergePersonAttributes(Map<String, List<Object>> map, Map<String, List<Object>> map2) {
                        return new LinkedHashMap(map);
                    }
                };
            default:
                throw new IllegalArgumentException("Unsupported merging policy [" + str + "]");
        }
    }

    public static boolean isRememberMeAuthentication(Authentication authentication, Assertion assertion) {
        List<Object> list = authentication.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME);
        return list != null && list.contains(Boolean.TRUE) && assertion.isFromNewLogin();
    }

    public static Map<String, List<Object>> mergeAttributes(Map<String, List<Object>> map, Map<String, List<Object>> map2) {
        MultivaluedAttributeMerger multivaluedAttributeMerger = new MultivaluedAttributeMerger();
        multivaluedAttributeMerger.setDistinctValues(true);
        Map<String, List<Object>> map3 = (Map) map.entrySet().stream().map(entry -> {
            return Pair.of((String) entry.getKey(), (ArrayList) CollectionUtils.toCollection(entry.getValue(), ArrayList.class));
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        Map<String, List<Object>> map4 = (Map) map2.entrySet().stream().map(entry2 -> {
            return Pair.of((String) entry2.getKey(), (ArrayList) CollectionUtils.toCollection(entry2.getValue(), ArrayList.class));
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        LOGGER.trace("Merging current attributes [{}] with [{}]", map3, map4);
        Map<String, List<Object>> mergeAttributes = multivaluedAttributeMerger.mergeAttributes(map3, map4);
        LOGGER.debug("Merged attributes with the final result as [{}]", mergeAttributes);
        return mergeAttributes;
    }

    public static Map<String, Object> transformPrincipalAttributesListIntoMap(List<String> list) {
        return CollectionUtils.wrap((Multimap) transformPrincipalAttributesListIntoMultiMap(list));
    }

    public static Multimap<String, Object> transformPrincipalAttributesListIntoMultiMap(List<String> list) {
        ArrayListMultimap create = ArrayListMultimap.create();
        if (list.isEmpty()) {
            LOGGER.debug("No principal attributes are defined");
        } else {
            list.forEach(str -> {
                String trim = str.trim();
                if (!trim.contains(":")) {
                    LOGGER.debug("Mapped principal attribute name [{}]", trim);
                    create.put(trim, trim);
                    return;
                }
                List<String> splitToList = Splitter.on(":").splitToList(trim);
                String trim2 = splitToList.get(0).trim();
                String trim3 = splitToList.get(1).trim();
                LOGGER.debug("Mapped principal attribute name [{}] to [{}]", trim2, trim3);
                create.put(trim2, trim3);
            });
        }
        return create;
    }

    public static Predicate<Credential> newCredentialSelectionPredicate(String str) {
        try {
            if (StringUtils.isBlank(str)) {
                return credential -> {
                    return true;
                };
            }
            if (!str.endsWith(GroovyWebApplicationContext.DEFAULT_CONFIG_LOCATION_SUFFIX)) {
                return (Predicate) ClassUtils.getClass(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            }
            String iOUtils = IOUtils.toString(new DefaultResourceLoader().getResource(str).getInputStream(), StandardCharsets.UTF_8);
            return (Predicate) ((Class) AccessController.doPrivileged(() -> {
                return new GroovyClassLoader(Beans.class.getClassLoader(), new CompilerConfiguration(), true).parseClass(iOUtils);
            })).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        } catch (Exception e) {
            Predicate<String> asPredicate = Pattern.compile(str).asPredicate();
            return credential2 -> {
                return asPredicate.test(credential2.getId());
            };
        }
    }

    public static AuthenticationPasswordPolicyHandlingStrategy newPasswordPolicyHandlingStrategy(PasswordPolicyProperties passwordPolicyProperties, ApplicationContext applicationContext) {
        if (passwordPolicyProperties.getStrategy() == PasswordPolicyProperties.PasswordPolicyHandlingOptions.REJECT_RESULT_CODE) {
            LOGGER.debug("Created password policy handling strategy based on blocked authentication result codes");
            return new RejectResultCodePasswordPolicyHandlingStrategy();
        }
        Resource location = passwordPolicyProperties.getGroovy().getLocation();
        if (passwordPolicyProperties.getStrategy() != PasswordPolicyProperties.PasswordPolicyHandlingOptions.GROOVY || location == null) {
            LOGGER.trace("Created default password policy handling strategy");
            return new DefaultPasswordPolicyHandlingStrategy();
        }
        LOGGER.debug("Created password policy handling strategy based on Groovy script [{}]", location);
        return new GroovyPasswordPolicyHandlingStrategy(location, applicationContext);
    }

    public static PrincipalResolver newPersonDirectoryPrincipalResolver(PrincipalFactory principalFactory, IPersonAttributeDao iPersonAttributeDao, PersonDirectoryPrincipalResolverProperties... personDirectoryPrincipalResolverPropertiesArr) {
        return new PersonDirectoryPrincipalResolver(iPersonAttributeDao, principalFactory, Arrays.stream(personDirectoryPrincipalResolverPropertiesArr).anyMatch((v0) -> {
            return v0.isReturnNull();
        }), (String) Arrays.stream(personDirectoryPrincipalResolverPropertiesArr).filter(personDirectoryPrincipalResolverProperties -> {
            return StringUtils.isNotBlank(personDirectoryPrincipalResolverProperties.getPrincipalAttribute());
        }).map((v0) -> {
            return v0.getPrincipalAttribute();
        }).findFirst().orElse(""), Arrays.stream(personDirectoryPrincipalResolverPropertiesArr).anyMatch((v0) -> {
            return v0.isUseExistingPrincipalId();
        }), Arrays.stream(personDirectoryPrincipalResolverPropertiesArr).anyMatch((v0) -> {
            return v0.isAttributeResolutionEnabled();
        }), (Set) Arrays.stream(personDirectoryPrincipalResolverPropertiesArr).filter(personDirectoryPrincipalResolverProperties2 -> {
            return StringUtils.isNotBlank(personDirectoryPrincipalResolverProperties2.getActiveAttributeRepositoryIds());
        }).map(personDirectoryPrincipalResolverProperties3 -> {
            return org.springframework.util.StringUtils.commaDelimitedListToSet(personDirectoryPrincipalResolverProperties3.getActiveAttributeRepositoryIds());
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet()));
    }

    public static Collection<AuthenticationPolicy> newAuthenticationPolicy(AuthenticationPolicyProperties authenticationPolicyProperties) {
        if (authenticationPolicyProperties.getReq().isEnabled()) {
            LOGGER.trace("Activating authentication policy [{}]", RequiredAuthenticationHandlerAuthenticationPolicy.class.getSimpleName());
            return CollectionUtils.wrapList(new RequiredAuthenticationHandlerAuthenticationPolicy(org.springframework.util.StringUtils.commaDelimitedListToSet(authenticationPolicyProperties.getReq().getHandlerName()), authenticationPolicyProperties.getReq().isTryAll()));
        }
        if (authenticationPolicyProperties.getAllHandlers().isEnabled()) {
            LOGGER.trace("Activating authentication policy [{}]", AllAuthenticationHandlersSucceededAuthenticationPolicy.class.getSimpleName());
            return CollectionUtils.wrapList(new AllAuthenticationHandlersSucceededAuthenticationPolicy());
        }
        if (authenticationPolicyProperties.getAll().isEnabled()) {
            LOGGER.trace("Activating authentication policy [{}]", AllCredentialsValidatedAuthenticationPolicy.class.getSimpleName());
            return CollectionUtils.wrapList(new AllCredentialsValidatedAuthenticationPolicy());
        }
        if (authenticationPolicyProperties.getNotPrevented().isEnabled()) {
            LOGGER.trace("Activating authentication policy [{}]", NotPreventedAuthenticationPolicy.class.getSimpleName());
            return CollectionUtils.wrapList(new NotPreventedAuthenticationPolicy());
        }
        if (!authenticationPolicyProperties.getGroovy().isEmpty()) {
            LOGGER.trace("Activating authentication policy [{}]", GroovyScriptAuthenticationPolicy.class.getSimpleName());
            return (Collection) authenticationPolicyProperties.getGroovy().stream().map(groovyAuthenticationPolicyProperties -> {
                return new GroovyScriptAuthenticationPolicy(groovyAuthenticationPolicyProperties.getScript());
            }).collect(Collectors.toList());
        }
        if (!authenticationPolicyProperties.getRest().isEmpty()) {
            LOGGER.trace("Activating authentication policy [{}]", RestfulAuthenticationPolicy.class.getSimpleName());
            return (Collection) authenticationPolicyProperties.getRest().stream().map(restAuthenticationPolicyProperties -> {
                return new RestfulAuthenticationPolicy(restAuthenticationPolicyProperties.getUrl(), restAuthenticationPolicyProperties.getBasicAuthUsername(), restAuthenticationPolicyProperties.getBasicAuthPassword());
            }).collect(Collectors.toList());
        }
        if (!authenticationPolicyProperties.getAny().isEnabled()) {
            return new ArrayList();
        }
        LOGGER.trace("Activating authentication policy [{}]", AtLeastOneCredentialValidatedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AtLeastOneCredentialValidatedAuthenticationPolicy(authenticationPolicyProperties.getAny().isTryAll()));
    }

    public static IPAddressIntelligenceService newIpAddressIntelligenceService(AdaptiveAuthenticationProperties adaptiveAuthenticationProperties) {
        AdaptiveAuthenticationIPIntelligenceProperties ipIntel = adaptiveAuthenticationProperties.getIpIntel();
        return StringUtils.isNotBlank(ipIntel.getRest().getUrl()) ? new RestfulIPAddressIntelligenceService(adaptiveAuthenticationProperties) : ipIntel.getGroovy().getLocation() != null ? new GroovyIPAddressIntelligenceService(adaptiveAuthenticationProperties) : StringUtils.isNotBlank(ipIntel.getBlackDot().getEmailAddress()) ? new RestfulIPAddressIntelligenceService(adaptiveAuthenticationProperties) : new DefaultIPAddressIntelligenceService(adaptiveAuthenticationProperties);
    }

    @Generated
    private CoreAuthenticationUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
