package com.appiancorp.security.auth.oidc;

import com.appiancorp.process.common.validation.type.DataTypeValidatorFactory;
import com.appiancorp.security.auth.oidc.OidcAutoSyncUserData;
import com.appiancorp.security.auth.oidc.persistence.entities.OidcSettings;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.type.AppianTypeLong;
import com.google.common.base.Strings;
import java.util.Arrays;
import java.util.HashSet;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.oidc.AddressStandardClaim;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

/* loaded from: input_file:com/appiancorp/security/auth/oidc/OidcUserDataParser.class */
public final class OidcUserDataParser {
    private static final int NAME_FIELD_MAX_LENGTH = 35;
    private static final int EMAIL_FIELD_MAX_LENGTH = 320;
    private static final int GENERAL_FIELD_MAX_LENGTH = 5000;
    private static final int LOCATION_FIELD_MAX_LENGTH = 60;
    private static final int USERNAME_FIELD_MAX_LENGTH = 255;
    private static final String LOG_MSG_ELEMENT_NOT_FOUND = "Unable to find element {} in user data token.";
    private static final Logger LOG = LoggerFactory.getLogger(OidcUserDataParser.class);
    private static final HashSet<String> NESTED_ADDRESS_ATTRIBUTE_KEYS = new HashSet<>(Arrays.asList("address/formatted", "address/street_address", "address/locality", "address/region", "address/postal_code", "address/country"));

    private OidcUserDataParser() {
    }

    public static OidcAutoSyncUserData parse(OidcUser oidcUser, OidcSettings oidcSettings) throws OidcUserDataMissingException {
        try {
            LOG.trace("Attributes received in data tokens: {}", oidcUser.getClaims().keySet());
            OidcAutoSyncUserData.Builder withSyncUserGroups = new OidcAutoSyncUserData.Builder(validateAndReturnUsername(oidcUser, oidcSettings.getUsernameAttribute(), USERNAME_FIELD_MAX_LENGTH)).withAutoCreateUsers(oidcSettings.isAutoCreateUsers()).withSyncUserAttributes(oidcSettings.isAutoUpdateUsers()).withSyncUserGroups(oidcSettings.isAutoUpdateUserGroups());
            if (oidcSettings.isAutoCreateUsers() || oidcSettings.isAutoUpdateUsers()) {
                String firstNameAttribute = oidcSettings.getFirstNameAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, firstNameAttribute, withSyncUserGroups::withFirstName, NAME_FIELD_MAX_LENGTH);
                String lastNameAttribute = oidcSettings.getLastNameAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, lastNameAttribute, withSyncUserGroups::withLastName, NAME_FIELD_MAX_LENGTH);
                String emailAttribute = oidcSettings.getEmailAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaimForEmail(oidcUser, emailAttribute, withSyncUserGroups::withEmail, EMAIL_FIELD_MAX_LENGTH);
                String nicknameAttribute = oidcSettings.getNicknameAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, nicknameAttribute, withSyncUserGroups::withNickname, NAME_FIELD_MAX_LENGTH);
                String homePhoneAttribute = oidcSettings.getHomePhoneAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, homePhoneAttribute, withSyncUserGroups::withHomePhone, GENERAL_FIELD_MAX_LENGTH);
                String mobilePhoneAttribute = oidcSettings.getMobilePhoneAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, mobilePhoneAttribute, withSyncUserGroups::withMobilePhone, GENERAL_FIELD_MAX_LENGTH);
                String officePhoneAttribute = oidcSettings.getOfficePhoneAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, officePhoneAttribute, withSyncUserGroups::withOfficePhone, GENERAL_FIELD_MAX_LENGTH);
                String address1Attribute = oidcSettings.getAddress1Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, address1Attribute, withSyncUserGroups::withAddress1, LOCATION_FIELD_MAX_LENGTH);
                String address2Attribute = oidcSettings.getAddress2Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, address2Attribute, withSyncUserGroups::withAddress2, LOCATION_FIELD_MAX_LENGTH);
                String address3Attribute = oidcSettings.getAddress3Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, address3Attribute, withSyncUserGroups::withAddress3, LOCATION_FIELD_MAX_LENGTH);
                String cityAttribute = oidcSettings.getCityAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, cityAttribute, withSyncUserGroups::withCity, LOCATION_FIELD_MAX_LENGTH);
                String stateAttribute = oidcSettings.getStateAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, stateAttribute, withSyncUserGroups::withState, LOCATION_FIELD_MAX_LENGTH);
                String zipCodeAttribute = oidcSettings.getZipCodeAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, zipCodeAttribute, withSyncUserGroups::withZipCode, LOCATION_FIELD_MAX_LENGTH);
                String countryAttribute = oidcSettings.getCountryAttribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, countryAttribute, withSyncUserGroups::withCountry, LOCATION_FIELD_MAX_LENGTH);
                String customField1Attribute = oidcSettings.getCustomField1Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField1Attribute, withSyncUserGroups::withCustomField1, GENERAL_FIELD_MAX_LENGTH);
                String customField2Attribute = oidcSettings.getCustomField2Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField2Attribute, withSyncUserGroups::withCustomField2, GENERAL_FIELD_MAX_LENGTH);
                String customField3Attribute = oidcSettings.getCustomField3Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField3Attribute, withSyncUserGroups::withCustomField3, GENERAL_FIELD_MAX_LENGTH);
                String customField4Attribute = oidcSettings.getCustomField4Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField4Attribute, withSyncUserGroups::withCustomField4, GENERAL_FIELD_MAX_LENGTH);
                String customField5Attribute = oidcSettings.getCustomField5Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField5Attribute, withSyncUserGroups::withCustomField5, GENERAL_FIELD_MAX_LENGTH);
                String customField6Attribute = oidcSettings.getCustomField6Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField6Attribute, withSyncUserGroups::withCustomField6, GENERAL_FIELD_MAX_LENGTH);
                String customField7Attribute = oidcSettings.getCustomField7Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField7Attribute, withSyncUserGroups::withCustomField7, GENERAL_FIELD_MAX_LENGTH);
                String customField8Attribute = oidcSettings.getCustomField8Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField8Attribute, withSyncUserGroups::withCustomField8, GENERAL_FIELD_MAX_LENGTH);
                String customField9Attribute = oidcSettings.getCustomField9Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField9Attribute, withSyncUserGroups::withCustomField9, GENERAL_FIELD_MAX_LENGTH);
                String customField10Attribute = oidcSettings.getCustomField10Attribute();
                withSyncUserGroups.getClass();
                sanitizeValidateAndRetrieveClaim(oidcUser, customField10Attribute, withSyncUserGroups::withCustomField10, GENERAL_FIELD_MAX_LENGTH);
            }
            if (oidcSettings.isAutoUpdateUserGroups()) {
                withSyncUserGroups = withSyncUserGroups.withGroups(getMultiValueAttribute(oidcSettings.getGroupMappingAttribute(), oidcUser));
            } else {
                LOG.info("Ignoring group sync since auto group sync is disabled.");
            }
            return withSyncUserGroups.build();
        } catch (OidcUserDataMissingException e) {
            LOG.error("Missing user data.", e);
            throw e;
        }
    }

    public static String returnUsernameUsingSettings(OidcUser oidcUser, OidcSettings oidcSettings) {
        if (oidcUser == null) {
            LOG.error("Unexpected null value for OIDC user.");
            throw new OidcAuthenticationException("Unexpected null value for OIDC user.");
        }
        LOG.trace("Attributes received in data tokens: {}", oidcUser.getClaims().keySet());
        return validateAndReturnUsername(oidcUser, oidcSettings.getUsernameAttribute(), USERNAME_FIELD_MAX_LENGTH);
    }

    private static String validateAndReturnUsername(OidcUser oidcUser, String str, int i) {
        if (Strings.isNullOrEmpty(str)) {
            LOG.error("Empty username attribute in OIDC settings.");
            throw new NoSuchElementException();
        }
        String claimAsString = oidcUser.getClaimAsString(str);
        if (Strings.isNullOrEmpty(claimAsString)) {
            LOG.error("Unable to find username element {} in user data token.", str);
            throw new OidcAuthenticationException(String.format("Unable to find username element %s in user data token.", str));
        }
        int length = claimAsString.length();
        if (length <= i) {
            return claimAsString;
        }
        LOG.error("Invalid user data. Max length exceeded for {}. Length cannot exceed {}, length was {}.", new Object[]{str, Integer.valueOf(i), Integer.valueOf(length)});
        throw new OidcAuthenticationException(String.format("Invalid user data. Max length exceeded for %s. Length cannot exceed %d, length was %d.", str, Integer.valueOf(i), Integer.valueOf(length)));
    }

    private static void sanitizeValidateAndRetrieveClaim(OidcUser oidcUser, String str, Consumer<String> consumer, int i) {
        if (NESTED_ADDRESS_ATTRIBUTE_KEYS.contains(str)) {
            getNestedAddressClaims(oidcUser, str, consumer, i);
            return;
        }
        if (Strings.isNullOrEmpty(str) || !oidcUser.hasClaim(str)) {
            return;
        }
        try {
            String claimAsString = oidcUser.getClaimAsString(str);
            int length = claimAsString.length();
            if (length > i) {
                LOG.error("Invalid user data. Max length exceeded for {}. Length cannot exceed {}, length was {}.", new Object[]{str, Integer.valueOf(i), Integer.valueOf(length)});
                throw new OidcAuthenticationException(String.format("Invalid user data. Max length exceeded for %s. Length cannot exceed %d, length was %d.", str, Integer.valueOf(i), Integer.valueOf(length)));
            }
            consumer.accept(Strings.nullToEmpty(claimAsString));
        } catch (NoSuchElementException e) {
            LOG.error(LOG_MSG_ELEMENT_NOT_FOUND, str);
            throw e;
        }
    }

    private static void sanitizeValidateAndRetrieveClaimForEmail(OidcUser oidcUser, String str, Consumer<String> consumer, int i) {
        if (Strings.isNullOrEmpty(str)) {
            return;
        }
        try {
            if (DataTypeValidatorFactory.createDataTypeValidator(AppianTypeLong.EMAIL_ADDRESS).isValid(oidcUser.getClaimAsString(str), true, (ServiceContext) null)) {
                sanitizeValidateAndRetrieveClaim(oidcUser, str, consumer, i);
            } else {
                LOG.error("Invalid email address provided.");
                throw new OidcAuthenticationException("Invalid email address provided.");
            }
        } catch (NoSuchElementException e) {
            LOG.error(LOG_MSG_ELEMENT_NOT_FOUND, str);
            throw e;
        }
    }

    private static Optional<Set<String>> getMultiValueAttribute(String str, OidcUser oidcUser) {
        if (Strings.isNullOrEmpty(str)) {
            throw new OidcAuthenticationException("Null or empty attribute name.");
        }
        try {
            HashSet hashSet = new HashSet();
            if (oidcUser.hasClaim(str)) {
                hashSet.addAll(oidcUser.getClaimAsStringList(str));
                hashSet.removeIf((v0) -> {
                    return v0.isEmpty();
                });
                LOG.warn("Values for element '{}' = '{}'", str, hashSet.toString());
            } else {
                LOG.warn(LOG_MSG_ELEMENT_NOT_FOUND, str);
            }
            return Optional.of(hashSet);
        } catch (Exception e) {
            LOG.error("Unexpected error processing element '{}'", str, e);
            throw new OidcAuthenticationException(String.format("Unexpected error processing element '%s'", str), e);
        }
    }

    private static void getNestedAddressClaims(OidcUser oidcUser, String str, Consumer<String> consumer, int i) {
        String str2;
        if (Strings.isNullOrEmpty(str)) {
            LOG.error("Unexpected null value for OIDC user.");
            throw new OidcAuthenticationException("Null or empty attribute name.");
        }
        try {
            AddressStandardClaim address = oidcUser.getUserInfo().getAddress();
            if (address == null) {
                LOG.warn("Address is null inside claims.");
                return;
            }
            if (str.equals("address/formatted")) {
                str2 = address.getFormatted();
            } else if (str.equals("address/street_address")) {
                str2 = address.getStreetAddress();
            } else if (str.equals("address/locality")) {
                str2 = address.getLocality();
            } else if (str.equals("address/region")) {
                str2 = address.getRegion();
            } else if (str.equals("address/postal_code")) {
                str2 = address.getPostalCode();
            } else if (str.equals("address/country")) {
                str2 = address.getCountry();
            } else {
                str2 = null;
                LOG.warn(LOG_MSG_ELEMENT_NOT_FOUND, str);
            }
            if (str2 == null) {
                LOG.warn("Received null value for '{}'", str);
                return;
            }
            int length = str2.length();
            if (length > i) {
                LOG.error("Invalid user data. Max length exceeded for {}. Length cannot exceed {}, length was {}.", new Object[]{str, Integer.valueOf(i), Integer.valueOf(length)});
                throw new OidcAuthenticationException(String.format("Invalid user data. Max length exceeded for %s. Length cannot exceed %d, length was %d.", str, Integer.valueOf(i), Integer.valueOf(length)));
            }
            consumer.accept(Strings.nullToEmpty(str2));
        } catch (Exception e) {
            LOG.error("Unexpected error processing element '{}'", str, e);
            throw new OidcAuthenticationException(String.format("Unexpected error processing element '%s'", str), e);
        }
    }
}
