package pl.edu.icm.unity.engine.authn;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.attribute.Attribute;
import pl.edu.icm.unity.base.attribute.AttributeExt;
import pl.edu.icm.unity.base.attribute.IllegalAttributeValueException;
import pl.edu.icm.unity.base.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.base.authn.CredentialPublicInformation;
import pl.edu.icm.unity.base.authn.LocalCredentialState;
import pl.edu.icm.unity.base.entity.Entity;
import pl.edu.icm.unity.base.entity.EntityParam;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.identity.Identity;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.AttributeValueConverter;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstance;
import pl.edu.icm.unity.engine.api.authn.DynamicPolicyConfigurationMVELContextKey;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthnMetadata;
import pl.edu.icm.unity.engine.attribute.AttributesHelper;
import pl.edu.icm.unity.store.api.tx.TransactionalRunner;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/authn/AuthenticationFlowPolicyConfigMVELContextBuilder.class */
class AuthenticationFlowPolicyConfigMVELContextBuilder {
    private static final Logger log = Log.getLogger("unity.server.authn", AuthenticationFlowPolicyConfigMVELContextBuilder.class);
    private final AttributesHelper attributesHelper;
    private final EntityManagement identitiesMan;
    private final AttributeValueConverter attrConverter;
    private final TransactionalRunner tx;

    AuthenticationFlowPolicyConfigMVELContextBuilder(AttributesHelper attributesHelper, @Qualifier("insecure") EntityManagement entityManagement, AttributeValueConverter attributeValueConverter, TransactionalRunner transactionalRunner) {
        this.attributesHelper = attributesHelper;
        this.identitiesMan = entityManagement;
        this.attrConverter = attributeValueConverter;
        this.tx = transactionalRunner;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, Object> createMvelContext(AuthenticationOptionKey authenticationOptionKey, AuthenticationResult authenticationResult, boolean z, AuthenticationFlow authenticationFlow) throws EngineException {
        EntityParam entityParam = new EntityParam(authenticationResult.getSuccessResult().authenticatedEntity.getEntityId());
        Entity entity = this.identitiesMan.getEntity(entityParam);
        List<String> list = (List) this.identitiesMan.getGroupsForPresentation(entityParam).stream().map(group -> {
            return group.getName();
        }).collect(Collectors.toList());
        Collection<AttributeExt> collection = (Collection) this.tx.runInTransactionRetThrowing(() -> {
            return this.attributesHelper.getAttributesInternal(entityParam.getEntityId().longValue(), true, "/", (String) null, false);
        });
        RemoteAuthnMetadata remoteAuthnMetadata = null;
        if (authenticationResult.isRemote()) {
            remoteAuthnMetadata = authenticationResult.asRemote().getSuccessResult().getRemotelyAuthenticatedPrincipal().getAuthnInput().getRemoteAuthnMetadata();
        }
        return setupContext(entity, remoteAuthnMetadata, collection, list, z, authenticationFlow, authenticationOptionKey);
    }

    private Map<String, Object> setupContext(Entity entity, RemoteAuthnMetadata remoteAuthnMetadata, Collection<AttributeExt> collection, List<String> list, boolean z, AuthenticationFlow authenticationFlow, AuthenticationOptionKey authenticationOptionKey) throws EngineException {
        HashMap hashMap = new HashMap();
        addAttributesToContext(DynamicPolicyConfigurationMVELContextKey.attr.name(), DynamicPolicyConfigurationMVELContextKey.attrObj.name(), hashMap, collection, this.attrConverter);
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.idsByType.name(), getIdentitiesByType(entity));
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.groups.name(), list);
        hashMap.putAll(getAuthnContextMvelVariables(remoteAuthnMetadata));
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.userOptIn.name(), Boolean.valueOf(z));
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.authentication1F.name(), authenticationOptionKey.getAuthenticatorKey());
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.hasValid2FCredential.name(), Boolean.valueOf(hasValid2FCredential(entity, authenticationFlow)));
        log.debug("Created MVEL context for entity {}: {}", entity.getId(), hashMap);
        return hashMap;
    }

    private Map<String, List<String>> getIdentitiesByType(Entity entity) {
        HashMap hashMap = new HashMap();
        for (Identity identity : entity.getIdentities()) {
            List list = (List) hashMap.get(identity.getTypeId());
            if (list == null) {
                list = new ArrayList();
                hashMap.put(identity.getTypeId(), list);
            }
            list.add(identity.getValue());
        }
        return hashMap;
    }

    private Map<String, Object> getAuthnContextMvelVariables(RemoteAuthnMetadata remoteAuthnMetadata) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        String str = "local";
        String str2 = null;
        if (remoteAuthnMetadata != null) {
            arrayList.addAll(remoteAuthnMetadata.classReferences());
            str2 = remoteAuthnMetadata.remoteIdPId();
            str = remoteAuthnMetadata.protocol().name();
        }
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.upstreamACRs.name(), arrayList);
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.upstreamProtocol.name(), str);
        hashMap.put(DynamicPolicyConfigurationMVELContextKey.upstreamIdP.name(), str2);
        return hashMap;
    }

    private void addAttributesToContext(String str, String str2, Map<String, Object> map, Collection<AttributeExt> collection, AttributeValueConverter attributeValueConverter) throws IllegalAttributeValueException {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Attribute attribute : collection) {
            List internalValuesToExternal = attributeValueConverter.internalValuesToExternal(attribute.getName(), attribute.getValues());
            hashMap.put(attribute.getName(), internalValuesToExternal.isEmpty() ? "" : (String) internalValuesToExternal.get(0));
            hashMap2.put(attribute.getName(), internalValuesToExternal.isEmpty() ? "" : attributeValueConverter.internalValuesToObjectValues(attribute.getName(), attribute.getValues()));
        }
        map.put(str, hashMap);
        map.put(str2, hashMap2);
    }

    private boolean hasValid2FCredential(Entity entity, AuthenticationFlow authenticationFlow) throws EngineException {
        Map<String, CredentialPublicInformation> credentialsState = entity.getCredentialInfo().getCredentialsState();
        for (AuthenticatorInstance authenticatorInstance : authenticationFlow.getSecondFactorAuthenticators()) {
            if (authenticatorInstance.getMetadata().getLocalCredentialName() != null && userHasValidCredential(credentialsState, authenticatorInstance.getMetadata().getLocalCredentialName())) {
                return true;
            }
        }
        return false;
    }

    private boolean userHasValidCredential(Map<String, CredentialPublicInformation> map, String str) throws EngineException {
        CredentialPublicInformation credentialPublicInformation = map.get(str);
        return credentialPublicInformation != null && credentialPublicInformation.getState().equals(LocalCredentialState.correct);
    }
}
