package org.apereo.cas.services;

import com.fasterxml.jackson.annotation.JsonInclude;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TreeMap;
import javax.persistence.PostLoad;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.RegisteredServicePrincipalAttributesRepository;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@JsonInclude(JsonInclude.Include.NON_DEFAULT)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-attributes-6.4.6.jar:org/apereo/cas/services/AbstractRegisteredServiceAttributeReleasePolicy.class */
public abstract class AbstractRegisteredServiceAttributeReleasePolicy implements RegisteredServiceAttributeReleasePolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractRegisteredServiceAttributeReleasePolicy.class);
    private static final long serialVersionUID = 5325460875620586503L;
    private RegisteredServiceAttributeFilter attributeFilter;
    private boolean authorizedToReleaseCredentialPassword;
    private boolean authorizedToReleaseProxyGrantingTicket;
    private boolean excludeDefaultAttributes;
    private String principalIdAttribute;
    private int order;
    private RegisteredServicePrincipalAttributesRepository principalAttributesRepository = new DefaultPrincipalAttributesRepository();
    private RegisteredServiceConsentPolicy consentPolicy = new DefaultRegisteredServiceConsentPolicy();
    private boolean authorizedToReleaseAuthenticationAttributes = true;

    @PostLoad
    public void postLoad() {
        if (this.principalAttributesRepository == null) {
            this.principalAttributesRepository = new DefaultPrincipalAttributesRepository();
        }
        if (this.consentPolicy == null) {
            this.consentPolicy = new DefaultRegisteredServiceConsentPolicy();
        }
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public Map<String, List<Object>> getAttributes(Principal principal, Service service, RegisteredService registeredService) {
        LOGGER.debug("Initiating attributes release phase for principal [{}] accessing service [{}] defined by registered service [{}]...", principal.getId(), service, registeredService.getServiceId());
        LOGGER.trace("Locating principal attributes for [{}]", principal.getId());
        Map<String, List<Object>> resolveAttributesFromPrincipalAttributeRepository = resolveAttributesFromPrincipalAttributeRepository(principal, registeredService);
        LOGGER.debug("Found principal attributes [{}] for [{}]", resolveAttributesFromPrincipalAttributeRepository, principal.getId());
        Map<String, List<Object>> resolveAttributesFromAttributeDefinitionStore = resolveAttributesFromAttributeDefinitionStore(principal, resolveAttributesFromPrincipalAttributeRepository, registeredService, service);
        LOGGER.trace("Resolved principal attributes [{}] for [{}] from attribute definition store", resolveAttributesFromAttributeDefinitionStore, principal.getId());
        getRegisteredServicePrincipalAttributesRepository().ifPresent(registeredServicePrincipalAttributesRepository -> {
            registeredServicePrincipalAttributesRepository.update(principal.getId(), resolveAttributesFromAttributeDefinitionStore, registeredService);
        });
        LOGGER.trace("Updating principal attributes repository cache for [{}] with [{}]", principal.getId(), resolveAttributesFromAttributeDefinitionStore);
        LOGGER.trace("Calling attribute policy [{}] to process attributes for [{}]", getClass().getSimpleName(), principal.getId());
        Map<String, List<Object>> attributesInternal = getAttributesInternal(principal, resolveAttributesFromAttributeDefinitionStore, registeredService, service);
        LOGGER.debug("Attribute policy [{}] allows release of [{}] for [{}]", getClass().getSimpleName(), attributesInternal, principal.getId());
        LOGGER.trace("Attempting to merge policy attributes and default attributes");
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        if (isExcludeDefaultAttributes()) {
            LOGGER.debug("Ignoring default attribute policy attributes");
        } else {
            LOGGER.trace("Checking default attribute policy attributes");
            Map<String, List<Object>> releasedByDefaultAttributes = getReleasedByDefaultAttributes(principal, resolveAttributesFromAttributeDefinitionStore);
            LOGGER.debug("Default attributes found to be released are [{}]", releasedByDefaultAttributes);
            if (!releasedByDefaultAttributes.isEmpty()) {
                LOGGER.debug("Adding default attributes first to the released set of attributes");
                treeMap.putAll(releasedByDefaultAttributes);
            }
        }
        LOGGER.trace("Adding policy attributes to the released set of attributes");
        treeMap.putAll(attributesInternal);
        insertPrincipalIdAsAttributeIfNeeded(principal, treeMap, service, registeredService);
        if (getAttributeFilter() != null) {
            LOGGER.debug("Invoking attribute filter [{}] on the final set of attributes", getAttributeFilter());
            return getAttributeFilter().filter(treeMap);
        }
        LOGGER.debug("Finalizing attributes release phase for principal [{}] accessing service [{}] defined by registered service [{}]...", principal.getId(), service, registeredService.getServiceId());
        return returnFinalAttributesCollection(treeMap, registeredService);
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public Map<String, List<Object>> getConsentableAttributes(Principal principal, Service service, RegisteredService registeredService) {
        Map<String, List<Object>> attributes = getAttributes(principal, service, registeredService);
        LOGGER.debug("Initial set of consentable attributes are [{}]", attributes);
        if (this.consentPolicy != null) {
            LOGGER.debug("Activating consent policy [{}] for service [{}]", this.consentPolicy, registeredService);
            Set<String> excludedAttributes = this.consentPolicy.getExcludedAttributes();
            if (excludedAttributes == null || excludedAttributes.isEmpty()) {
                LOGGER.debug("No attributes are defined per the consent policy to be excluded from the consentable attributes");
            } else {
                Objects.requireNonNull(attributes);
                excludedAttributes.forEach((v1) -> {
                    r1.remove(v1);
                });
                LOGGER.debug("Consentable attributes after removing excluded attributes are [{}]", attributes);
            }
            Set<String> includeOnlyAttributes = this.consentPolicy.getIncludeOnlyAttributes();
            if (includeOnlyAttributes == null || includeOnlyAttributes.isEmpty()) {
                LOGGER.debug("No attributes are defined per the consent policy to forcefully be included in the consentable attributes");
            } else {
                attributes.keySet().retainAll(includeOnlyAttributes);
                LOGGER.debug("Consentable attributes after force-including attributes are [{}]", attributes);
            }
        } else {
            LOGGER.debug("No consent policy is defined for service [{}]. Using the collection of attributes released for consent", registeredService);
        }
        LOGGER.debug("Finalized set of consentable attributes are [{}]", attributes);
        return attributes;
    }

    public abstract Map<String, List<Object>> getAttributesInternal(Principal principal, Map<String, List<Object>> map, RegisteredService registeredService, Service service);

    protected Map<String, List<Object>> resolveAttributesFromAttributeDefinitionStore(Principal principal, Map<String, List<Object>> map, RegisteredService registeredService, Service service) {
        LOGGER.trace("Retrieving attribute definition store and attribute definitions...");
        return (Map) ApplicationContextProvider.getAttributeDefinitionStore().map(attributeDefinitionStore -> {
            if (attributeDefinitionStore.isEmpty()) {
                LOGGER.trace("No attribute definitions are defined in the attribute definition store");
                return map;
            }
            List<String> determineRequestedAttributeDefinitions = determineRequestedAttributeDefinitions(principal, registeredService, service);
            if (!determineRequestedAttributeDefinitions.isEmpty()) {
                LOGGER.trace("Finding requested attribute definitions [{}]", determineRequestedAttributeDefinitions);
                determineRequestedAttributeDefinitions.stream().filter(str -> {
                    return attributeDefinitionStore.locateAttributeDefinition(str).isPresent();
                }).forEach(str2 -> {
                    map.putIfAbsent(str2, List.of());
                });
            }
            return attributeDefinitionStore.resolveAttributeValues(map, registeredService);
        }).orElseGet(() -> {
            LOGGER.trace("No attribute definition store is available in application context");
            return map;
        });
    }

    protected Map<String, List<Object>> resolveAttributesFromPrincipalAttributeRepository(Principal principal, RegisteredService registeredService) {
        Optional<U> map = getRegisteredServicePrincipalAttributesRepository().map(registeredServicePrincipalAttributesRepository -> {
            LOGGER.debug("Using principal attribute repository [{}] to retrieve attributes", registeredServicePrincipalAttributesRepository);
            return registeredServicePrincipalAttributesRepository.getAttributes(principal, registeredService);
        });
        Objects.requireNonNull(principal);
        return (Map) map.orElseGet(principal::getAttributes);
    }

    protected void insertPrincipalIdAsAttributeIfNeeded(Principal principal, Map<String, List<Object>> map, Service service, RegisteredService registeredService) {
        if (StringUtils.isNotBlank(getPrincipalIdAttribute())) {
            LOGGER.debug("Attempting to resolve the principal id for service [{}]", registeredService.getServiceId());
            RegisteredServiceUsernameAttributeProvider usernameAttributeProvider = registeredService.getUsernameAttributeProvider();
            if (usernameAttributeProvider != null) {
                LOGGER.debug("Releasing resolved principal id [{}] as attribute [{}]", usernameAttributeProvider.resolveUsername(principal, service, registeredService), getPrincipalIdAttribute());
                map.put(getPrincipalIdAttribute(), CollectionUtils.wrapList(principal.getId()));
            }
        }
    }

    protected Map<String, List<Object>> returnFinalAttributesCollection(Map<String, List<Object>> map, RegisteredService registeredService) {
        LOGGER.debug("Final collection of attributes allowed are: [{}]", map);
        return map;
    }

    protected Map<String, List<Object>> getReleasedByDefaultAttributes(Principal principal, Map<String, List<Object>> map) {
        return (Map) ApplicationContextProvider.getCasConfigurationProperties().map(casConfigurationProperties -> {
            Set<String> defaultAttributesToRelease = casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getDefaultAttributesToRelease();
            LOGGER.debug("Default attributes for release are: [{}]", defaultAttributesToRelease);
            TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
            defaultAttributesToRelease.forEach(str -> {
                if (map.containsKey(str)) {
                    LOGGER.debug("Found and added default attribute for release: [{}]", str);
                    treeMap.put(str, (List) map.get(str));
                }
            });
            return treeMap;
        }).orElse(new TreeMap());
    }

    protected List<String> determineRequestedAttributeDefinitions(Principal principal, RegisteredService registeredService, Service service) {
        return new ArrayList();
    }

    private Optional<RegisteredServicePrincipalAttributesRepository> getRegisteredServicePrincipalAttributesRepository() {
        return Optional.ofNullable(this.principalAttributesRepository).or(ApplicationContextProvider::getPrincipalAttributesRepository);
    }

    @Generated
    public String toString() {
        return "AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=" + this.attributeFilter + ", principalAttributesRepository=" + this.principalAttributesRepository + ", consentPolicy=" + this.consentPolicy + ", authorizedToReleaseCredentialPassword=" + this.authorizedToReleaseCredentialPassword + ", authorizedToReleaseProxyGrantingTicket=" + this.authorizedToReleaseProxyGrantingTicket + ", excludeDefaultAttributes=" + this.excludeDefaultAttributes + ", authorizedToReleaseAuthenticationAttributes=" + this.authorizedToReleaseAuthenticationAttributes + ", principalIdAttribute=" + this.principalIdAttribute + ", order=" + this.order + ")";
    }

    @Generated
    public RegisteredServiceAttributeFilter getAttributeFilter() {
        return this.attributeFilter;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    @Generated
    public RegisteredServicePrincipalAttributesRepository getPrincipalAttributesRepository() {
        return this.principalAttributesRepository;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    @Generated
    public RegisteredServiceConsentPolicy getConsentPolicy() {
        return this.consentPolicy;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    @Generated
    public boolean isAuthorizedToReleaseCredentialPassword() {
        return this.authorizedToReleaseCredentialPassword;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    @Generated
    public boolean isAuthorizedToReleaseProxyGrantingTicket() {
        return this.authorizedToReleaseProxyGrantingTicket;
    }

    @Generated
    public boolean isExcludeDefaultAttributes() {
        return this.excludeDefaultAttributes;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    @Generated
    public boolean isAuthorizedToReleaseAuthenticationAttributes() {
        return this.authorizedToReleaseAuthenticationAttributes;
    }

    @Generated
    public String getPrincipalIdAttribute() {
        return this.principalIdAttribute;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    @Generated
    public void setAttributeFilter(RegisteredServiceAttributeFilter registeredServiceAttributeFilter) {
        this.attributeFilter = registeredServiceAttributeFilter;
    }

    @Generated
    public void setPrincipalAttributesRepository(RegisteredServicePrincipalAttributesRepository registeredServicePrincipalAttributesRepository) {
        this.principalAttributesRepository = registeredServicePrincipalAttributesRepository;
    }

    @Generated
    public void setConsentPolicy(RegisteredServiceConsentPolicy registeredServiceConsentPolicy) {
        this.consentPolicy = registeredServiceConsentPolicy;
    }

    @Generated
    public void setAuthorizedToReleaseCredentialPassword(boolean z) {
        this.authorizedToReleaseCredentialPassword = z;
    }

    @Generated
    public void setAuthorizedToReleaseProxyGrantingTicket(boolean z) {
        this.authorizedToReleaseProxyGrantingTicket = z;
    }

    @Generated
    public void setExcludeDefaultAttributes(boolean z) {
        this.excludeDefaultAttributes = z;
    }

    @Generated
    public void setAuthorizedToReleaseAuthenticationAttributes(boolean z) {
        this.authorizedToReleaseAuthenticationAttributes = z;
    }

    @Generated
    public void setPrincipalIdAttribute(String str) {
        this.principalIdAttribute = str;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public AbstractRegisteredServiceAttributeReleasePolicy() {
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof AbstractRegisteredServiceAttributeReleasePolicy)) {
            return false;
        }
        AbstractRegisteredServiceAttributeReleasePolicy abstractRegisteredServiceAttributeReleasePolicy = (AbstractRegisteredServiceAttributeReleasePolicy) obj;
        if (!abstractRegisteredServiceAttributeReleasePolicy.canEqual(this) || this.authorizedToReleaseCredentialPassword != abstractRegisteredServiceAttributeReleasePolicy.authorizedToReleaseCredentialPassword || this.authorizedToReleaseProxyGrantingTicket != abstractRegisteredServiceAttributeReleasePolicy.authorizedToReleaseProxyGrantingTicket || this.excludeDefaultAttributes != abstractRegisteredServiceAttributeReleasePolicy.excludeDefaultAttributes || this.authorizedToReleaseAuthenticationAttributes != abstractRegisteredServiceAttributeReleasePolicy.authorizedToReleaseAuthenticationAttributes || this.order != abstractRegisteredServiceAttributeReleasePolicy.order) {
            return false;
        }
        RegisteredServiceAttributeFilter registeredServiceAttributeFilter = this.attributeFilter;
        RegisteredServiceAttributeFilter registeredServiceAttributeFilter2 = abstractRegisteredServiceAttributeReleasePolicy.attributeFilter;
        if (registeredServiceAttributeFilter == null) {
            if (registeredServiceAttributeFilter2 != null) {
                return false;
            }
        } else if (!registeredServiceAttributeFilter.equals(registeredServiceAttributeFilter2)) {
            return false;
        }
        RegisteredServicePrincipalAttributesRepository registeredServicePrincipalAttributesRepository = this.principalAttributesRepository;
        RegisteredServicePrincipalAttributesRepository registeredServicePrincipalAttributesRepository2 = abstractRegisteredServiceAttributeReleasePolicy.principalAttributesRepository;
        if (registeredServicePrincipalAttributesRepository == null) {
            if (registeredServicePrincipalAttributesRepository2 != null) {
                return false;
            }
        } else if (!registeredServicePrincipalAttributesRepository.equals(registeredServicePrincipalAttributesRepository2)) {
            return false;
        }
        RegisteredServiceConsentPolicy registeredServiceConsentPolicy = this.consentPolicy;
        RegisteredServiceConsentPolicy registeredServiceConsentPolicy2 = abstractRegisteredServiceAttributeReleasePolicy.consentPolicy;
        if (registeredServiceConsentPolicy == null) {
            if (registeredServiceConsentPolicy2 != null) {
                return false;
            }
        } else if (!registeredServiceConsentPolicy.equals(registeredServiceConsentPolicy2)) {
            return false;
        }
        String str = this.principalIdAttribute;
        String str2 = abstractRegisteredServiceAttributeReleasePolicy.principalIdAttribute;
        return str == null ? str2 == null : str.equals(str2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof AbstractRegisteredServiceAttributeReleasePolicy;
    }

    @Generated
    public int hashCode() {
        int i = (((((((((1 * 59) + (this.authorizedToReleaseCredentialPassword ? 79 : 97)) * 59) + (this.authorizedToReleaseProxyGrantingTicket ? 79 : 97)) * 59) + (this.excludeDefaultAttributes ? 79 : 97)) * 59) + (this.authorizedToReleaseAuthenticationAttributes ? 79 : 97)) * 59) + this.order;
        RegisteredServiceAttributeFilter registeredServiceAttributeFilter = this.attributeFilter;
        int hashCode = (i * 59) + (registeredServiceAttributeFilter == null ? 43 : registeredServiceAttributeFilter.hashCode());
        RegisteredServicePrincipalAttributesRepository registeredServicePrincipalAttributesRepository = this.principalAttributesRepository;
        int hashCode2 = (hashCode * 59) + (registeredServicePrincipalAttributesRepository == null ? 43 : registeredServicePrincipalAttributesRepository.hashCode());
        RegisteredServiceConsentPolicy registeredServiceConsentPolicy = this.consentPolicy;
        int hashCode3 = (hashCode2 * 59) + (registeredServiceConsentPolicy == null ? 43 : registeredServiceConsentPolicy.hashCode());
        String str = this.principalIdAttribute;
        return (hashCode3 * 59) + (str == null ? 43 : str.hashCode());
    }
}
