package org.apereo.cas.authentication.support;

import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.services.DefaultRegisteredServiceCipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/authentication/support/DefaultCasProtocolAttributeEncoder.class */
public class DefaultCasProtocolAttributeEncoder extends AbstractProtocolAttributeEncoder {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasProtocolAttributeEncoder.class);
    private final CipherExecutor<String, String> cacheCredentialCipherExecutor;

    public DefaultCasProtocolAttributeEncoder(ServicesManager servicesManager, CipherExecutor cipherExecutor) {
        this(servicesManager, new DefaultRegisteredServiceCipherExecutor(), cipherExecutor);
    }

    public DefaultCasProtocolAttributeEncoder(ServicesManager servicesManager, RegisteredServiceCipherExecutor registeredServiceCipherExecutor, CipherExecutor cipherExecutor) {
        super(servicesManager, registeredServiceCipherExecutor);
        this.cacheCredentialCipherExecutor = cipherExecutor;
    }

    protected void encodeAndEncryptCredentialPassword(Map<String, Object> map, Map<String, String> map2, RegisteredServiceCipherExecutor registeredServiceCipherExecutor, RegisteredService registeredService) {
        if (map2.containsKey("credential")) {
            String str = (String) this.cacheCredentialCipherExecutor.decode(map2.get("credential"));
            map2.remove("credential");
            if (StringUtils.isNotBlank(str)) {
                map2.put("credential", str);
            }
        }
        encryptAndEncodeAndPutIntoAttributesMap(map, map2, "credential", registeredServiceCipherExecutor, registeredService);
    }

    protected void encodeAndEncryptProxyGrantingTicket(Map<String, Object> map, Map<String, String> map2, RegisteredServiceCipherExecutor registeredServiceCipherExecutor, RegisteredService registeredService) {
        encryptAndEncodeAndPutIntoAttributesMap(map, map2, "proxyGrantingTicket", registeredServiceCipherExecutor, registeredService);
    }

    protected void encryptAndEncodeAndPutIntoAttributesMap(Map<String, Object> map, Map<String, String> map2, String str, RegisteredServiceCipherExecutor registeredServiceCipherExecutor, RegisteredService registeredService) {
        String remove = map2.remove(str);
        if (!StringUtils.isNotBlank(remove)) {
            LOGGER.debug("[{}] is not available as a cached model attribute to encrypt...", str);
            return;
        }
        LOGGER.debug("Retrieved [{}] as a cached model attribute...", str);
        String encode = registeredServiceCipherExecutor.encode(remove, registeredService);
        if (!StringUtils.isNotBlank(encode)) {
            LOGGER.warn("Attribute [{}] cannot be encoded and is removed from the collection of attributes", str);
        } else {
            map.put(str, encode);
            LOGGER.debug("Encrypted and encoded [{}] as an attribute to [{}].", str, encode);
        }
    }

    @Override // org.apereo.cas.authentication.support.AbstractProtocolAttributeEncoder
    protected void encodeAttributesInternal(Map<String, Object> map, Map<String, String> map2, RegisteredServiceCipherExecutor registeredServiceCipherExecutor, RegisteredService registeredService) {
        encodeAndEncryptCredentialPassword(map, map2, registeredServiceCipherExecutor, registeredService);
        encodeAndEncryptProxyGrantingTicket(map, map2, registeredServiceCipherExecutor, registeredService);
        sanitizeAndTransformAttributeNames(map, registeredService);
    }

    private static void sanitizeAndTransformAttributeNames(Map<String, Object> map, RegisteredService registeredService) {
        LOGGER.debug("Sanitizing attribute names in preparation of the final validation response");
        Set set = (Set) map.keySet().stream().filter(str -> {
            return str.contains(":");
        }).map(str2 -> {
            return Pair.of(str2.replace(':', '_'), map.get(str2));
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            return;
        }
        LOGGER.debug("Found [{}] attribute(s) that need to be sanitized/encoded.", set);
        map.entrySet().removeIf(entry -> {
            return ((String) entry.getKey()).contains(":");
        });
        set.forEach(pair -> {
            LOGGER.debug("Sanitized attribute name to be [{}]", pair.getKey());
            map.put(pair.getKey(), pair.getValue());
        });
    }
}
