package com.netflix.genie.web.security.saml;

import com.google.common.collect.Lists;
import com.netflix.spectator.api.Registry;
import com.netflix.spectator.api.Timer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml.SAMLCredential;
import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(value = {"genie.security.saml.enabled"}, havingValue = "true")
@Component
/* loaded from: input_file:com/netflix/genie/web/security/saml/SAMLUserDetailsServiceImpl.class */
public class SAMLUserDetailsServiceImpl implements SAMLUserDetailsService {
    private static final Logger log = LoggerFactory.getLogger(SAMLUserDetailsServiceImpl.class);
    private static final GrantedAuthority USER = new SimpleGrantedAuthority("ROLE_USER");
    private static final GrantedAuthority ADMIN = new SimpleGrantedAuthority("ROLE_ADMIN");
    private final SAMLProperties samlProperties;
    private final Timer loadTimer;

    @Autowired
    public SAMLUserDetailsServiceImpl(@NotNull SAMLProperties sAMLProperties, @NotNull Registry registry) {
        this.samlProperties = sAMLProperties;
        this.loadTimer = registry.timer("genie.security.saml.parse.timer");
    }

    public Object loadUserBySAML(SAMLCredential sAMLCredential) throws UsernameNotFoundException {
        long nanoTime = System.nanoTime();
        try {
            if (sAMLCredential == null) {
                throw new UsernameNotFoundException("No credential entered. Unable to get username.");
            }
            String name = this.samlProperties.getAttributes().getUser().getName();
            String attributeAsString = sAMLCredential.getAttributeAsString(name);
            if (StringUtils.isBlank(attributeAsString)) {
                throw new UsernameNotFoundException("No user id found using attribute: " + name);
            }
            ArrayList newArrayList = Lists.newArrayList(new GrantedAuthority[]{USER});
            String name2 = this.samlProperties.getAttributes().getGroups().getName();
            String admin = this.samlProperties.getAttributes().getGroups().getAdmin();
            String[] attributeAsStringArray = sAMLCredential.getAttributeAsStringArray(name2);
            if (attributeAsStringArray == null) {
                log.warn("No groups found. User will only get ROLE_USER by default.");
            } else if (Arrays.asList(attributeAsStringArray).contains(admin)) {
                newArrayList.add(ADMIN);
            }
            if (log.isDebugEnabled()) {
                log.debug("Attributes:");
                sAMLCredential.getAttributes().forEach(attribute -> {
                    log.debug("Attribute: {}", attribute.getName());
                    log.debug("Values: {}", StringUtils.join(sAMLCredential.getAttributeAsStringArray(attribute.getName()), ','));
                });
            }
            log.info("{} is logged in with authorities {}", attributeAsString, newArrayList);
            User user = new User(attributeAsString, "DUMMY", newArrayList);
            this.loadTimer.record(System.nanoTime() - nanoTime, TimeUnit.NANOSECONDS);
            return user;
        } catch (Throwable th) {
            this.loadTimer.record(System.nanoTime() - nanoTime, TimeUnit.NANOSECONDS);
            throw th;
        }
    }
}
