package com.appiancorp.security.auth.saml;

import com.appiancorp.security.auth.AutoSyncUserData;
import com.appiancorp.security.auth.GroupServiceHelper;
import com.appiancorp.security.auth.UserSyncer;
import com.appiancorp.security.auth.saml.exception.InvalidAppianUserException;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserProfileService;
import com.appiancorp.suiteapi.personalization.UserService;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import org.apache.log4j.Logger;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.saml2.core.Assertion;

/* loaded from: input_file:com/appiancorp/security/auth/saml/SamlAuthenticator.class */
public class SamlAuthenticator {
    private static final Logger LOG = Logger.getLogger(SamlAuthenticator.class);
    private final UserProfileService adminUserProfileService;
    private final UserService adminUserService = ServiceLocator.getUserService(ServiceLocator.getAdministratorServiceContext());
    private final SamlMessageValidator samlMessageValidator;
    private final SamlConfiguration samlConfig;
    private final UserSyncer userSyncer;

    public SamlAuthenticator(UserProfileService userProfileService, SamlMessageValidator samlMessageValidator, SamlConfiguration samlConfiguration, UserSyncer userSyncer) {
        this.samlMessageValidator = samlMessageValidator;
        this.adminUserProfileService = userProfileService;
        this.samlConfig = samlConfiguration;
        this.userSyncer = userSyncer;
    }

    public UserProfile authenticateUser(SamlAuthToken samlAuthToken, boolean z) throws AutoSyncUserData.UserDataMissingException, MessageHandlerException {
        LOG.debug("Authenticating user: " + samlAuthToken.getName() + " with message id: " + samlAuthToken.m4010getCredentials().getMessageId());
        Optional<SamlAutoSyncUserData> userDataFromAttributes = getUserDataFromAttributes(this.samlMessageValidator.getTrustedAssertionFromMessage(samlAuthToken));
        Optional<UserProfile> appianUserProfile = getAppianUserProfile(samlAuthToken.getName(), z);
        if (!appianUserProfile.isPresent()) {
            LOG.debug("Creating User: " + samlAuthToken.getName() + " in Group: " + this.samlConfig.getGroupUuid());
            return this.userSyncer.createAppianUser(userDataFromAttributes.get(), this.samlConfig.getGroupUuid(), this.samlConfig.getAppianGroupTypeUuid(), this.samlConfig.getAppianGroupAttributeName());
        }
        UserProfile userProfile = appianUserProfile.get();
        if (userDataFromAttributes.isPresent()) {
            try {
                userProfile = this.userSyncer.updateAppianUser(userDataFromAttributes.get(), userProfile, this.samlConfig.getAppianGroupTypeUuid(), this.samlConfig.getAppianGroupAttributeName());
            } catch (Exception e) {
                throw new RuntimeException("Failed to sync user information", e);
            }
        }
        return userProfile;
    }

    private Optional<SamlAutoSyncUserData> getUserDataFromAttributes(Assertion assertion) throws AutoSyncUserData.UserDataMissingException {
        return (this.samlConfig.isAutoCreateUsersEnabled() || this.samlConfig.isAutoSyncUsersEnabled() || this.samlConfig.isAutoSyncUserGroupsEnabled()) ? Optional.of(new SamlAutoSyncUserData(this.samlConfig, assertion)) : Optional.empty();
    }

    public Optional<UserProfile> getAppianUserProfile(String str, boolean z) {
        Optional<UserProfile> empty = Optional.empty();
        try {
            empty = getUserProfileFromPotentialUsernames(GroupServiceHelper.getUsernamesToCheck(str, Boolean.valueOf(z)));
            if (empty.get().getStatus() == 0) {
                if (!this.samlConfig.isAutoReactivateUsersEnabled()) {
                    throw new InvalidAppianUserException("User " + str + " deactivated.");
                }
                try {
                    this.adminUserService.reactivateUsers(new String[]{empty.get().getUsername()});
                } catch (PrivilegeException e) {
                    LOG.error("PrivilegeException thrown for Admin user. This should never happen.", e);
                    throw new InvalidAppianUserException("User " + str + " deactivated.");
                }
            }
        } catch (InvalidUserException e2) {
            if (!this.samlConfig.isAutoCreateUsersEnabled()) {
                throw new InvalidAppianUserException("Invalid Username", e2);
            }
        }
        return empty;
    }

    private Optional<UserProfile> getUserProfileFromPotentialUsernames(Set<String> set) {
        Optional<UserProfile> empty = Optional.empty();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            try {
                empty = Optional.ofNullable(this.adminUserProfileService.getUser(it.next()));
            } catch (InvalidUserException e) {
            }
            if (empty.isPresent()) {
                break;
            }
        }
        if (empty.isPresent()) {
            return empty;
        }
        throw new InvalidUserException("User " + ((String[]) set.toArray(new String[set.size()]))[0] + " does not exist.");
    }
}
