package org.craftercms.engine.util.spring.security.profile;

import java.beans.ConstructorProperties;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.engine.util.spring.security.headers.AbstractHeadersAuthenticationFilter;
import org.craftercms.profile.api.AttributeDefinition;
import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.Tenant;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.ProfileService;
import org.craftercms.profile.api.services.TenantService;
import org.craftercms.security.utils.tenant.TenantsResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/craftercms/engine/util/spring/security/profile/ProfileHeadersAuthenticationFilter.class */
public class ProfileHeadersAuthenticationFilter extends AbstractHeadersAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(ProfileHeadersAuthenticationFilter.class);
    protected final ProfileService profileService;
    protected final TenantService tenantService;
    protected final TenantsResolver tenantsResolver;

    @ConstructorProperties({"profileService", "tenantService", "tenantsResolver"})
    public ProfileHeadersAuthenticationFilter(ProfileService profileService, TenantService tenantService, TenantsResolver tenantsResolver) {
        super(null);
        setAlwaysEnabled(true);
        setSupportedPrincipalClass(ProfileUser.class);
        this.profileService = profileService;
        this.tenantService = tenantService;
        this.tenantsResolver = tenantsResolver;
    }

    @Override // org.craftercms.engine.util.spring.security.headers.AbstractHeadersAuthenticationFilter
    protected Object doGetPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(getUsernameHeaderName());
        if (!StringUtils.isNoneEmpty(new CharSequence[]{header, httpServletRequest.getHeader(getEmailHeaderName())})) {
            return null;
        }
        try {
            String[] tenants = this.tenantsResolver.getTenants();
            Tenant ssoEnabledTenant = getSsoEnabledTenant(tenants);
            if (ssoEnabledTenant == null) {
                logger.warn("A SSO login was attempted, but none of the tenants [{}] is enabled for SSO", tenants);
                return null;
            }
            Profile profileByUsername = this.profileService.getProfileByUsername(ssoEnabledTenant.getName(), header, new String[0]);
            if (profileByUsername == null) {
                profileByUsername = createProfileWithSsoInfo(header, ssoEnabledTenant, httpServletRequest);
            }
            return new ProfileUser(profileByUsername);
        } catch (ProfileException e) {
            logger.error("Error processing headers authentication for '{}'", header, e);
            return null;
        }
    }

    protected Tenant getSsoEnabledTenant(String[] strArr) throws ProfileException {
        for (String str : strArr) {
            Tenant tenant = this.tenantService.getTenant(str);
            if (tenant != null && tenant.isSsoEnabled()) {
                return tenant;
            }
        }
        return null;
    }

    protected Profile createProfileWithSsoInfo(String str, Tenant tenant, HttpServletRequest httpServletRequest) throws ProfileException {
        HashMap hashMap = null;
        List attributeDefinitions = tenant.getAttributeDefinitions();
        String header = httpServletRequest.getHeader(getEmailHeaderName());
        Iterator it = attributeDefinitions.iterator();
        while (it.hasNext()) {
            String name = ((AttributeDefinition) it.next()).getName();
            String header2 = httpServletRequest.getHeader(getHeaderPrefix() + name);
            if (StringUtils.isNotEmpty(header2)) {
                if (hashMap == null) {
                    hashMap = new HashMap();
                }
                hashMap.put(name, header2);
            }
        }
        logger.info("Creating new profile with SSO info: username={}, email={}, tenant={}, attributes={}", new Object[]{str, header, tenant.getName(), hashMap});
        return this.profileService.createProfile(tenant.getName(), str, (String) null, header, true, (Set) null, hashMap, (String) null);
    }
}
