package org.apereo.cas.oidc.services;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcRegisteredServiceAttributeReleasePolicy;
import org.apereo.cas.oidc.scopes.OidcAttributeReleasePolicyFactory;
import org.apereo.cas.services.ChainingAttributeReleasePolicy;
import org.apereo.cas.services.DenyAllAttributeReleasePolicy;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
import org.apereo.cas.services.RegisteredServiceChainingAttributeReleasePolicy;
import org.apereo.cas.services.ServiceRegistryListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/services/OidcServiceRegistryListener.class */
public class OidcServiceRegistryListener implements ServiceRegistryListener {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcServiceRegistryListener.class);
    private static final long serialVersionUID = -2492163812728091841L;
    private final OidcAttributeReleasePolicyFactory attributeReleasePolicyFactory;

    /* JADX INFO: Access modifiers changed from: private */
    public static void addAttributeReleasePolicy(RegisteredServiceChainingAttributeReleasePolicy registeredServiceChainingAttributeReleasePolicy, BaseOidcScopeAttributeReleasePolicy baseOidcScopeAttributeReleasePolicy, String str, OidcRegisteredService oidcRegisteredService) {
        LOGGER.debug("Mapped [{}] to attribute release policy [{}]", str, baseOidcScopeAttributeReleasePolicy.getClass().getSimpleName());
        RegisteredServiceAttributeReleasePolicy attributeReleasePolicy = oidcRegisteredService.getAttributeReleasePolicy();
        ArrayList arrayList = new ArrayList();
        if (attributeReleasePolicy instanceof RegisteredServiceChainingAttributeReleasePolicy) {
            Stream<RegisteredServiceAttributeReleasePolicy> filter = ((RegisteredServiceChainingAttributeReleasePolicy) attributeReleasePolicy).getPolicies().stream().filter(registeredServiceAttributeReleasePolicy -> {
                return registeredServiceAttributeReleasePolicy instanceof OidcRegisteredServiceAttributeReleasePolicy;
            });
            Class<OidcRegisteredServiceAttributeReleasePolicy> cls = OidcRegisteredServiceAttributeReleasePolicy.class;
            Objects.requireNonNull(OidcRegisteredServiceAttributeReleasePolicy.class);
            arrayList.addAll((Collection) filter.map((v1) -> {
                return r2.cast(v1);
            }).filter(oidcRegisteredServiceAttributeReleasePolicy -> {
                return oidcRegisteredServiceAttributeReleasePolicy.getScopeType().equalsIgnoreCase(str);
            }).collect(Collectors.toList()));
        } else if (attributeReleasePolicy instanceof OidcRegisteredServiceAttributeReleasePolicy) {
            OidcRegisteredServiceAttributeReleasePolicy oidcRegisteredServiceAttributeReleasePolicy2 = (OidcRegisteredServiceAttributeReleasePolicy) attributeReleasePolicy;
            if (oidcRegisteredServiceAttributeReleasePolicy2.getScopeType().equalsIgnoreCase(str)) {
                arrayList.add(oidcRegisteredServiceAttributeReleasePolicy2);
            }
        }
        if (!arrayList.isEmpty()) {
            registeredServiceChainingAttributeReleasePolicy.addPolicies(arrayList);
            return;
        }
        baseOidcScopeAttributeReleasePolicy.setConsentPolicy(attributeReleasePolicy.getConsentPolicy());
        baseOidcScopeAttributeReleasePolicy.setPrincipalAttributesRepository(attributeReleasePolicy.getPrincipalAttributesRepository());
        registeredServiceChainingAttributeReleasePolicy.addPolicies(baseOidcScopeAttributeReleasePolicy);
    }

    @Override // org.apereo.cas.services.ServiceRegistryListener
    public RegisteredService postLoad(RegisteredService registeredService) {
        return registeredService instanceof OidcRegisteredService ? reconcile((OidcRegisteredService) registeredService) : registeredService;
    }

    protected RegisteredService reconcile(OidcRegisteredService oidcRegisteredService) {
        LOGGER.trace("Reconciling OpenId Connect scopes and claims for [{}]", oidcRegisteredService.getServiceId());
        Set<String> scopes = oidcRegisteredService.getScopes();
        if (scopes.isEmpty()) {
            LOGGER.trace("Registered service [{}] does not define any scopes to control attribute release policies. CAS will allow the existing attribute release policies assigned to the service to operate without a scope.", oidcRegisteredService.getServiceId());
            return oidcRegisteredService;
        }
        Collection<OidcCustomScopeAttributeReleasePolicy> userDefinedScopes = this.attributeReleasePolicyFactory.getUserDefinedScopes();
        ArrayList arrayList = new ArrayList();
        ChainingAttributeReleasePolicy chainingAttributeReleasePolicy = new ChainingAttributeReleasePolicy();
        scopes.forEach(str -> {
            LOGGER.trace("Reviewing scope [{}] for [{}]", str, oidcRegisteredService.getServiceId());
            if (Arrays.stream(OidcConstants.StandardScopes.values()).noneMatch(standardScopes -> {
                return standardScopes.getScope().trim().equalsIgnoreCase(str.trim());
            })) {
                LOGGER.debug("[{}] appears to be a user-defined scope and does not match any of the predefined standard scopes. Checking [{}] against user-defined scopes provided as [{}]", str, str, userDefinedScopes);
                userDefinedScopes.stream().filter(oidcCustomScopeAttributeReleasePolicy -> {
                    return oidcCustomScopeAttributeReleasePolicy.getScopeName().equals(str.trim());
                }).findFirst().ifPresentOrElse(oidcCustomScopeAttributeReleasePolicy2 -> {
                    addAttributeReleasePolicy(chainingAttributeReleasePolicy, oidcCustomScopeAttributeReleasePolicy2, str, oidcRegisteredService);
                }, () -> {
                    arrayList.add(str.trim());
                });
                return;
            }
            OidcConstants.StandardScopes valueOf = OidcConstants.StandardScopes.valueOf(str.trim().toUpperCase());
            switch (valueOf) {
                case EMAIL:
                case ADDRESS:
                case PROFILE:
                case PHONE:
                    addAttributeReleasePolicy(chainingAttributeReleasePolicy, this.attributeReleasePolicyFactory.get(valueOf), str, oidcRegisteredService);
                    return;
                case OPENID:
                    LOGGER.debug("Scope [{}] is found for service [{}]", str, Long.valueOf(oidcRegisteredService.getId()));
                    return;
                case OFFLINE_ACCESS:
                    LOGGER.debug("Given scope [{}], service [{}] is marked to generate refresh tokens", str, Long.valueOf(oidcRegisteredService.getId()));
                    oidcRegisteredService.setGenerateRefreshToken(true);
                    return;
                default:
                    return;
            }
        });
        if (!arrayList.isEmpty()) {
            OidcCustomScopeAttributeReleasePolicy custom = this.attributeReleasePolicyFactory.custom(OidcConstants.CUSTOM_SCOPE_TYPE, arrayList);
            addAttributeReleasePolicy(chainingAttributeReleasePolicy, custom, custom.getScopeName(), oidcRegisteredService);
        }
        if (scopes.isEmpty() || (scopes.size() == 1 && scopes.contains(OidcConstants.StandardScopes.OPENID.getScope()))) {
            LOGGER.trace("Service definition [{}] will use the assigned attribute release policy without scopes", oidcRegisteredService.getName());
            if (oidcRegisteredService.getAttributeReleasePolicy() instanceof RegisteredServiceChainingAttributeReleasePolicy) {
                chainingAttributeReleasePolicy.addPolicies((RegisteredServiceAttributeReleasePolicy[]) ((RegisteredServiceChainingAttributeReleasePolicy) oidcRegisteredService.getAttributeReleasePolicy()).getPolicies().toArray(new RegisteredServiceAttributeReleasePolicy[0]));
            } else {
                chainingAttributeReleasePolicy.addPolicies(oidcRegisteredService.getAttributeReleasePolicy());
            }
        }
        if (chainingAttributeReleasePolicy.getPolicies().isEmpty()) {
            LOGGER.debug("No attribute release policy could be determined based on given scopes. No claims/attributes will be released to [{}]", oidcRegisteredService.getServiceId());
            oidcRegisteredService.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
        } else if (chainingAttributeReleasePolicy.size() == 1) {
            oidcRegisteredService.setAttributeReleasePolicy(chainingAttributeReleasePolicy.getPolicies().get(0));
        } else {
            oidcRegisteredService.setAttributeReleasePolicy(chainingAttributeReleasePolicy);
        }
        LOGGER.trace("Scope/claim reconciliation for service [{}] resulted in the following attribute release policy [{}]", oidcRegisteredService.getServiceId(), oidcRegisteredService.getAttributeReleasePolicy());
        return oidcRegisteredService;
    }

    @Generated
    public OidcServiceRegistryListener(OidcAttributeReleasePolicyFactory oidcAttributeReleasePolicyFactory) {
        this.attributeReleasePolicyFactory = oidcAttributeReleasePolicyFactory;
    }
}
