package com.atlassian.crowd.sso.saml.impl.opensaml.action;

import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails;
import com.atlassian.crowd.manager.sso.ApplicationSamlConfigurationService;
import com.atlassian.crowd.model.application.ApplicationType;
import com.atlassian.crowd.sso.saml.SamlProperties;
import com.atlassian.crowd.sso.saml.SsoSamlConfiguration;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.ApplicationContext;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.AuthorizationContext;
import com.atlassian.crowd.sso.saml.impl.opensaml.util.XMLObjectBuilders;
import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.function.Function;
import javax.annotation.Nonnull;
import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSBooleanValue;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.AbstractConditionalProfileAction;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.impl.AttributeBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/sso/saml/impl/opensaml/action/AddAttributesAction.class */
public class AddAttributesAction extends AbstractConditionalProfileAction<AuthnRequest, Response> {
    private static final Logger log = LoggerFactory.getLogger(AddAttributesAction.class);
    private final SamlProperties samlProperties;
    private final ApplicationSamlConfigurationService applicationSamlConfigurationService;
    private final Function<ProfileRequestContext, SAMLObject> responseLookupStrategy = new OutboundMessageContextLookup().andThen(new MessageLookup(SAMLObject.class));

    public AddAttributesAction(SamlProperties samlProperties, ApplicationSamlConfigurationService applicationSamlConfigurationService) {
        this.samlProperties = samlProperties;
        this.applicationSamlConfigurationService = applicationSamlConfigurationService;
        setActivationCondition(profileRequestContext -> {
            return ((ApplicationContext) profileRequestContext.getSubcontext(ApplicationContext.class)).getApplication().getType() == ApplicationType.GENERIC_APPLICATION;
        });
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        Response response = (SAMLObject) this.responseLookupStrategy.apply(profileRequestContext);
        if (!(response instanceof Response)) {
            log.debug("{} Message returned by lookup strategy was not a SAML Response", getLogPrefix());
            return false;
        }
        if (!response.getAssertions().isEmpty()) {
            return true;
        }
        log.debug("{} No assertions available, nothing to do", getLogPrefix());
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        SAMLObject apply = this.responseLookupStrategy.apply(profileRequestContext);
        CrowdUserDetails crowdUserDetails = ((AuthorizationContext) profileRequestContext.getSubcontext(AuthorizationContext.class)).getCrowdUserDetails();
        AuthnRequest authnRequest = (AuthnRequest) profileRequestContext.getInboundMessageContext().getMessage();
        getAssertions(apply).forEach(assertion -> {
            assertion.getAttributeStatements().add(buildAttributeStatement(crowdUserDetails, (AuthorizationContext) profileRequestContext.getSubcontext(AuthorizationContext.class), authnRequest));
        });
    }

    private List<Assertion> getAssertions(SAMLObject sAMLObject) {
        return sAMLObject instanceof Response ? ((Response) sAMLObject).getAssertions() : ImmutableList.of();
    }

    private AttributeStatement buildAttributeStatement(CrowdUserDetails crowdUserDetails, AuthorizationContext authorizationContext, AuthnRequest authnRequest) {
        AttributeStatement buildSAMLObjectOrThrow = XMLObjectBuilders.buildSAMLObjectOrThrow(AttributeStatement.TYPE_NAME);
        if (authorizationContext != null) {
            buildSAMLObjectOrThrow.getAttributes().add(buildBooleanAttribute("atl.crowd.properties.remember_me", authorizationContext.isRememberMe()));
        }
        if (isAddUserAttributesForApp(authnRequest)) {
            buildSAMLObjectOrThrow.getAttributes().add(buildStringAttribute(SsoSamlConfiguration.UNIQUE_NAME_ATTRIBUTE_KEY, crowdUserDetails.getUsername()));
            buildSAMLObjectOrThrow.getAttributes().add(buildStringAttribute(SsoSamlConfiguration.GIVEN_NAME_ATTRIBUTE_KEY, crowdUserDetails.getFirstName()));
            buildSAMLObjectOrThrow.getAttributes().add(buildStringAttribute(SsoSamlConfiguration.SURNAME_ATTRIBUTE_KEY, crowdUserDetails.getLastName()));
        }
        return buildSAMLObjectOrThrow;
    }

    private boolean isAddUserAttributesForApp(AuthnRequest authnRequest) {
        return ((Boolean) this.applicationSamlConfigurationService.findByAssertionConsumerAndAudience(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getIssuer().getValue()).map((v0) -> {
            return v0.isAddUserAttributesEnabled();
        }).orElseGet(() -> {
            log.warn("Could not determine SAML addUserAttributes flag for assertionConsumerServiceURL '{}' and issuer '{}'.Falling back to default: false", authnRequest.getAssertionConsumerServiceURL(), authnRequest.getIssuer().getValue());
            return false;
        })).booleanValue();
    }

    private Attribute buildBooleanAttribute(String str, boolean z) {
        Attribute buildSAMLObjectOrThrow = XMLObjectBuilders.buildSAMLObjectOrThrow(Attribute.TYPE_NAME);
        XSBoolean buildXMLObjectOrThrow = XMLObjectBuilders.buildXMLObjectOrThrow(XSBoolean.TYPE_NAME, AttributeValue.DEFAULT_ELEMENT_NAME, XSBoolean.TYPE_NAME);
        buildSAMLObjectOrThrow.setName(str);
        buildXMLObjectOrThrow.setValue(new XSBooleanValue(Boolean.valueOf(z), false));
        buildSAMLObjectOrThrow.getAttributeValues().add(buildXMLObjectOrThrow);
        return buildSAMLObjectOrThrow;
    }

    private Attribute buildStringAttribute(String str, String str2) {
        Attribute buildObject = new AttributeBuilder().buildObject();
        XSString buildXMLObjectOrThrow = XMLObjectBuilders.buildXMLObjectOrThrow(XSString.TYPE_NAME, AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        buildXMLObjectOrThrow.setValue(str2);
        buildObject.setName(str);
        buildObject.getAttributeValues().add(buildXMLObjectOrThrow);
        return buildObject;
    }
}
