package org.apache.nifi.web.security.saml2.web.authentication;

import java.net.URI;
import java.time.Duration;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.nifi.authorization.util.IdentityMapping;
import org.apache.nifi.authorization.util.IdentityMappingUtil;
import org.apache.nifi.web.security.cookie.ApplicationCookieName;
import org.apache.nifi.web.security.cookie.ApplicationCookieService;
import org.apache.nifi.web.security.cookie.StandardApplicationCookieService;
import org.apache.nifi.web.security.jwt.provider.BearerTokenProvider;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
import org.apache.nifi.web.util.RequestUriBuilder;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

/* loaded from: input_file:org/apache/nifi/web/security/saml2/web/authentication/Saml2AuthenticationSuccessHandler.class */
public class Saml2AuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    private static final String UI_PATH = "/nifi/";
    private static final String ROOT_PATH = "/";
    private final BearerTokenProvider bearerTokenProvider;
    private final List<IdentityMapping> userIdentityMappings;
    private final List<IdentityMapping> groupIdentityMappings;
    private final Duration expiration;
    private final String issuer;
    private final ApplicationCookieService applicationCookieService = new StandardApplicationCookieService();
    private Converter<Saml2AuthenticatedPrincipal, String> identityConverter = (v0) -> {
        return v0.getName();
    };

    public Saml2AuthenticationSuccessHandler(BearerTokenProvider bearerTokenProvider, List<IdentityMapping> list, List<IdentityMapping> list2, Duration duration, String str) {
        this.bearerTokenProvider = (BearerTokenProvider) Objects.requireNonNull(bearerTokenProvider, "Bearer Token Provider required");
        this.userIdentityMappings = (List) Objects.requireNonNull(list, "User Identity Mappings required");
        this.groupIdentityMappings = (List) Objects.requireNonNull(list2, "Group Identity Mappings required");
        this.expiration = (Duration) Objects.requireNonNull(duration, "Expiration required");
        this.issuer = (String) Objects.requireNonNull(str, "Issuer required");
    }

    public void setIdentityConverter(Converter<Saml2AuthenticatedPrincipal, String> converter) {
        this.identityConverter = (Converter) Objects.requireNonNull(converter, "Converter required");
    }

    public String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        processAuthentication(httpServletResponse, authentication, RequestUriBuilder.fromHttpServletRequest(httpServletRequest).path(ROOT_PATH).build());
        return RequestUriBuilder.fromHttpServletRequest(httpServletRequest).path(UI_PATH).build().toString();
    }

    private void processAuthentication(HttpServletResponse httpServletResponse, Authentication authentication, URI uri) {
        this.applicationCookieService.addSessionCookie(uri, httpServletResponse, ApplicationCookieName.AUTHORIZATION_BEARER, getBearerToken(getIdentity(authentication), getGroups(authentication)));
    }

    private String getBearerToken(String str, Set<String> set) {
        return this.bearerTokenProvider.getBearerToken(new LoginAuthenticationToken(str, str, this.expiration.toMillis(), this.issuer, (Set) set.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet())));
    }

    private String getIdentity(Authentication authentication) {
        String name;
        Object principal = authentication.getPrincipal();
        if (principal instanceof Saml2AuthenticatedPrincipal) {
            name = (String) this.identityConverter.convert((Saml2AuthenticatedPrincipal) principal);
        } else {
            name = authentication.getName();
        }
        return IdentityMappingUtil.mapIdentity(name, this.userIdentityMappings);
    }

    private Set<String> getGroups(Authentication authentication) {
        return (Set) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).map(str -> {
            return IdentityMappingUtil.mapIdentity(str, this.groupIdentityMappings);
        }).collect(Collectors.toSet());
    }
}
