package io.imunity.vaadin.auth.remote;

import com.google.common.collect.Lists;
import com.vaadin.flow.server.VaadinRequest;
import io.imunity.vaadin.auth.AuthNOption;
import io.imunity.vaadin.auth.AuthnsGridWidget;
import io.imunity.vaadin.auth.PreferredAuthenticationHelper;
import io.imunity.vaadin.auth.ProxyAuthenticationCapable;
import io.imunity.vaadin.auth.VaadinAuthentication;
import io.imunity.vaadin.auth.server.ProxyAuthenticationFilter;
import io.imunity.vaadin.endpoint.common.api.RemoteRegistrationGrid;
import io.imunity.vaadin.endpoint.common.api.RemoteRegistrationOption;
import io.imunity.vaadin.endpoint.common.api.RemoteRegistrationSignupHandler;
import io.imunity.vaadin.endpoint.common.forms.ResolvedInvitationParam;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.base.authn.AuthenticationOptionsSelector;
import pl.edu.icm.unity.base.message.MessageSource;
import pl.edu.icm.unity.base.registration.ExternalSignupSpec;
import pl.edu.icm.unity.base.registration.RegistrationForm;
import pl.edu.icm.unity.base.registration.layout.FormParameterElement;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstance;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorStepContext;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorSupportService;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;

/* loaded from: input_file:io/imunity/vaadin/auth/remote/RemoteRegistrationSignupHandlerImpl.class */
class RemoteRegistrationSignupHandlerImpl implements RemoteRegistrationSignupHandler {
    private static final Logger log = Log.getLogger("unity.server.web", RemoteRegistrationSignupHandlerImpl.class);
    private final AuthenticatorSupportService authnSupport;
    private final MessageSource msg;
    private final RegistrationForm form;
    private final ResolvedInvitationParam invitation;
    private final String regCodeProvided;
    private final Map<AuthenticationOptionKey, AuthNOption> remoteSignupOptions = resolveRemoteSignupOptions();

    /* JADX INFO: Access modifiers changed from: package-private */
    public RemoteRegistrationSignupHandlerImpl(AuthenticatorSupportService authenticatorSupportService, MessageSource messageSource, RegistrationForm registrationForm, ResolvedInvitationParam resolvedInvitationParam, String str) {
        this.authnSupport = authenticatorSupportService;
        this.msg = messageSource;
        this.form = registrationForm;
        this.invitation = resolvedInvitationParam;
        this.regCodeProvided = str;
    }

    public List<RemoteRegistrationOption> getOptions(FormParameterElement formParameterElement, boolean z) {
        return getSignupOptions((AuthenticationOptionsSelector) this.form.getExternalSignupSpec().getSpecs().get(formParameterElement.getIndex())).stream().map(authNOption -> {
            if (z) {
                authNOption.authenticatorUI.setAuthenticationCallback(new SignUpAuthnCallback(this.form, this.regCodeProvided, new AuthenticationOptionKey(authNOption.authenticator.getAuthenticatorId(), authNOption.authenticatorUI.getId())));
            } else {
                authNOption.authenticatorUI.getComponent().setEnabled(false);
            }
            VaadinAuthentication.VaadinAuthenticationUI vaadinAuthenticationUI = authNOption.authenticatorUI;
            Objects.requireNonNull(vaadinAuthenticationUI);
            return vaadinAuthenticationUI::getComponent;
        }).toList();
    }

    public RemoteRegistrationGrid getGrid(boolean z, int i) {
        List list = this.form.getExternalSignupGridSpec().getSpecs().stream().flatMap(authenticationOptionsSelector -> {
            return getSignupOptions(authenticationOptionsSelector).stream();
        }).toList();
        return new RemoteRegistrationGridImpl(this.msg, new AuthnsGridWidget(list, this.msg, new RegGridAuthnPanelFactory(this.form, this.regCodeProvided, z), i), list.isEmpty());
    }

    public boolean performAutomaticRemoteSignupIfNeeded() {
        Map<AuthenticationOptionKey, AuthNOption> resolveRemoteSignupOptions = resolveRemoteSignupOptions();
        if (!isAutomatedAuthenticationDesired() || resolveRemoteSignupOptions.size() <= 0) {
            return false;
        }
        String parameter = VaadinRequest.getCurrent().getParameter(PreferredAuthenticationHelper.IDP_SELECT_PARAM);
        if (resolveRemoteSignupOptions.size() > 1 && parameter == null) {
            log.warn("There are multiple remote signup options installed, and automated signup was requested without specifying (with {}) which one should be used. Automatic signup is skipped.", PreferredAuthenticationHelper.IDP_SELECT_PARAM);
            return false;
        }
        AuthNOption next = parameter != null ? resolveRemoteSignupOptions.get(AuthenticationOptionKey.valueOf(parameter)) : resolveRemoteSignupOptions.values().iterator().next();
        if (next == null) {
            log.warn("Remote signup option {} specified for auto signup is invalid. Automatic signup is skipped.", parameter);
            return false;
        }
        if (next.authenticator instanceof ProxyAuthenticationCapable) {
            ((ProxyAuthenticationCapable) next.authenticator).triggerAutomatedUIAuthentication(next.authenticatorUI);
            return true;
        }
        log.warn("Automatic signup was requested but the selected remote authenticator is not capable of automatic triggering");
        return false;
    }

    private boolean isAutomatedAuthenticationDesired() {
        return Boolean.parseBoolean(VaadinRequest.getCurrent().getParameter(ProxyAuthenticationFilter.TRIGGERING_PARAM));
    }

    private List<AuthNOption> getSignupOptions(AuthenticationOptionsSelector authenticationOptionsSelector) {
        return (List) this.remoteSignupOptions.entrySet().stream().filter(entry -> {
            return authenticationOptionsSelector.matchesAuthnOption((AuthenticationOptionKey) entry.getKey());
        }).map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.toList());
    }

    private Map<AuthenticationOptionKey, AuthNOption> resolveRemoteSignupOptions() {
        ExternalSignupSpec externalSignupSpec = this.form.getExternalSignupSpec();
        HashMap hashMap = new HashMap();
        if (!externalSignupSpec.isEnabled()) {
            return Map.of();
        }
        List<AuthenticationFlow> resolveAuthenticationFlows = this.authnSupport.resolveAuthenticationFlows(Lists.newArrayList((Set) externalSignupSpec.getSpecs().stream().map(authenticationOptionsSelector -> {
            return authenticationOptionsSelector.authenticatorKey;
        }).collect(Collectors.toSet())), VaadinAuthentication.NAME);
        HashSet hashSet = new HashSet(externalSignupSpec.getSpecs());
        for (AuthenticationFlow authenticationFlow : resolveAuthenticationFlows) {
            Iterator it = authenticationFlow.getFirstFactorAuthenticators().iterator();
            while (it.hasNext()) {
                VaadinAuthentication retrieval = ((AuthenticatorInstance) it.next()).getRetrieval();
                String authenticatorId = retrieval.getAuthenticatorId();
                for (VaadinAuthentication.VaadinAuthenticationUI vaadinAuthenticationUI : retrieval.createUIInstance(VaadinAuthentication.Context.REGISTRATION, new AuthenticatorStepContext(InvocationContext.getCurrent().getRealm(), authenticationFlow, (String) null, AuthenticatorStepContext.FactorOrder.FIRST))) {
                    AuthenticationOptionKey authenticationOptionKey = new AuthenticationOptionKey(authenticatorId, vaadinAuthenticationUI.getId());
                    if (hashSet.stream().anyMatch(authenticationOptionsSelector2 -> {
                        return authenticationOptionsSelector2.matchesAuthnOption(authenticationOptionKey);
                    })) {
                        AuthNOption authNOption = new AuthNOption(authenticationFlow, retrieval, vaadinAuthenticationUI);
                        setupExpectedIdentity(vaadinAuthenticationUI, this.invitation);
                        hashMap.put(authenticationOptionKey, authNOption);
                    }
                }
            }
        }
        return hashMap;
    }

    private void setupExpectedIdentity(VaadinAuthentication.VaadinAuthenticationUI vaadinAuthenticationUI, ResolvedInvitationParam resolvedInvitationParam) {
        if (resolvedInvitationParam == null || resolvedInvitationParam.getAsRegistration().getExpectedIdentity() == null) {
            return;
        }
        vaadinAuthenticationUI.setExpectedIdentity(resolvedInvitationParam.getAsRegistration().getExpectedIdentity());
    }
}
