package org.craftercms.engine.security;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.engine.util.ConfigUtils;
import org.craftercms.profile.api.Profile;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.processors.RequestSecurityProcessorChain;
import org.craftercms.security.processors.impl.AuthenticationHeadersLoginProcessor;
import org.craftercms.security.utils.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/craftercms/engine/security/ConfigAwareAuthenticationHeadersLoginProcessor.class */
public class ConfigAwareAuthenticationHeadersLoginProcessor extends AuthenticationHeadersLoginProcessor {
    private static final Logger logger = LoggerFactory.getLogger(ConfigAwareAuthenticationHeadersLoginProcessor.class);
    public static final String SAML_CONFIG_KEY = "security.saml";
    public static final String SAML_TOKEN_CONFIG_KEY = "security.saml.token";
    public static final String SAML_ATTRS_CONFIG_KEY = "security.saml.attributes";
    public static final String SAML_GROUPS_CONFIG_KEY = "security.saml.groups";
    public static final String NAME_CONFIG_KEY = "name";
    public static final String FIELD_CONFIG_KEY = "field";
    public static final String ROLE_CONFIG_KEY = "role";
    public static final String DEFAULT_GROUPS_HEADER_NAME = "MELLON_groups";
    protected String groupsHeaderName = DEFAULT_GROUPS_HEADER_NAME;

    public void setGroupsHeaderName(String str) {
        this.groupsHeaderName = str;
    }

    public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
        HttpServletRequest request = requestContext.getRequest();
        Authentication authentication = SecurityUtils.getAuthentication(request);
        logger.debug("Checking authentication headers");
        String header = request.getHeader(this.usernameHeaderName);
        String header2 = request.getHeader(this.emailHeaderName);
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        if (!StringUtils.isNoneEmpty(new CharSequence[]{header, header2}) || !Objects.isNull(authentication) || !Objects.nonNull(currentConfig) || !currentConfig.containsKey(SAML_TOKEN_CONFIG_KEY) || !hasValidToken(request)) {
            logger.debug("Using Crafter Profile SAML authentication");
            super.processRequest(requestContext, requestSecurityProcessorChain);
            return;
        }
        logger.debug("Using site specific SAML authentication");
        logger.debug("Creating authentication object for '{}'", header);
        Profile profile = new Profile();
        profile.setUsername(header);
        profile.setEmail(header2);
        addAttributes(profile, request, currentConfig);
        addRoles(profile, request, currentConfig);
        SecurityUtils.setAuthentication(request, new PreAuthenticatedProfile(profile));
        requestSecurityProcessorChain.processRequest(requestContext);
    }

    protected void addRoles(Profile profile, HttpServletRequest httpServletRequest, HierarchicalConfiguration hierarchicalConfiguration) {
        Map emptyMap;
        String header = httpServletRequest.getHeader(this.groupsHeaderName);
        if (!StringUtils.isNotEmpty(header)) {
            logger.debug("Groups header '{}' was not present in the request", this.groupsHeaderName);
            return;
        }
        List childConfigurationsAt = hierarchicalConfiguration.childConfigurationsAt(SAML_GROUPS_CONFIG_KEY);
        if (CollectionUtils.isNotEmpty(childConfigurationsAt)) {
            emptyMap = new HashMap();
            childConfigurationsAt.forEach(hierarchicalConfiguration2 -> {
            });
        } else {
            logger.debug("No groups mapping found in site configuration");
            emptyMap = Collections.emptyMap();
        }
        Map map = emptyMap;
        profile.setRoles((Set) Arrays.stream(header.split(",")).map((v0) -> {
            return v0.trim();
        }).map(str -> {
            return (String) map.getOrDefault(str, str);
        }).collect(Collectors.toSet()));
    }

    protected void addAttributes(Profile profile, HttpServletRequest httpServletRequest, HierarchicalConfiguration hierarchicalConfiguration) {
        List childConfigurationsAt = hierarchicalConfiguration.childConfigurationsAt(SAML_ATTRS_CONFIG_KEY);
        if (CollectionUtils.isNotEmpty(childConfigurationsAt)) {
            childConfigurationsAt.forEach(hierarchicalConfiguration2 -> {
                String string = hierarchicalConfiguration2.getString("name");
                String string2 = hierarchicalConfiguration2.getString("field");
                String header = httpServletRequest.getHeader(this.mellonHeaderPrefix + string);
                if (!StringUtils.isNotEmpty(header)) {
                    logger.debug("Expected header '{}' was not present in the request", string);
                } else {
                    logger.debug("Adding attribute '{}' with value '{}'", string2, header);
                    profile.setAttribute(string2, header);
                }
            });
        }
    }

    public String getTokenExpectedValue() {
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        if (Objects.nonNull(currentConfig) && currentConfig.containsKey(SAML_TOKEN_CONFIG_KEY)) {
            return currentConfig.getString(SAML_TOKEN_CONFIG_KEY);
        }
        return null;
    }
}
