package org.apereo.cas.services;

import java.io.Serializable;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.persistence.PostLoad;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalAttributesRepository;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:BOOT-INF/lib/cas-server-core-authentication-attributes-5.2.7.jar:org/apereo/cas/services/AbstractRegisteredServiceAttributeReleasePolicy.class */
public abstract class AbstractRegisteredServiceAttributeReleasePolicy implements RegisteredServiceAttributeReleasePolicy, Serializable {
    private static final long serialVersionUID = 5325460875620586503L;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractRegisteredServiceAttributeReleasePolicy.class);
    private RegisteredServiceAttributeFilter registeredServiceAttributeFilter;
    private boolean authorizedToReleaseCredentialPassword;
    private boolean authorizedToReleaseProxyGrantingTicket;
    private boolean excludeDefaultAttributes;
    private String principalIdAttribute;
    private PrincipalAttributesRepository principalAttributesRepository = new DefaultPrincipalAttributesRepository();
    private RegisteredServiceConsentPolicy consentPolicy = new DefaultRegisteredServiceConsentPolicy();
    private boolean authorizedToReleaseAuthenticationAttributes = true;

    @PostLoad
    public void postLoad() {
        if (this.principalAttributesRepository == null) {
            this.principalAttributesRepository = new DefaultPrincipalAttributesRepository();
        }
        if (this.consentPolicy == null) {
            this.consentPolicy = new DefaultRegisteredServiceConsentPolicy();
        }
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public void setAttributeFilter(RegisteredServiceAttributeFilter registeredServiceAttributeFilter) {
        this.registeredServiceAttributeFilter = registeredServiceAttributeFilter;
    }

    public void setPrincipalAttributesRepository(PrincipalAttributesRepository principalAttributesRepository) {
        this.principalAttributesRepository = principalAttributesRepository;
    }

    public PrincipalAttributesRepository getPrincipalAttributesRepository() {
        return this.principalAttributesRepository;
    }

    public RegisteredServiceAttributeFilter getAttributeFilter() {
        return this.registeredServiceAttributeFilter;
    }

    public String getPrincipalIdAttribute() {
        return this.principalIdAttribute;
    }

    public void setPrincipalIdAttribute(String str) {
        this.principalIdAttribute = str;
    }

    public RegisteredServiceConsentPolicy getConsentPolicy() {
        return this.consentPolicy;
    }

    public void setConsentPolicy(RegisteredServiceConsentPolicy registeredServiceConsentPolicy) {
        this.consentPolicy = registeredServiceConsentPolicy;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public boolean isAuthorizedToReleaseCredentialPassword() {
        return this.authorizedToReleaseCredentialPassword;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public boolean isAuthorizedToReleaseProxyGrantingTicket() {
        return this.authorizedToReleaseProxyGrantingTicket;
    }

    public void setAuthorizedToReleaseCredentialPassword(boolean z) {
        this.authorizedToReleaseCredentialPassword = z;
    }

    public void setAuthorizedToReleaseProxyGrantingTicket(boolean z) {
        this.authorizedToReleaseProxyGrantingTicket = z;
    }

    public boolean isExcludeDefaultAttributes() {
        return this.excludeDefaultAttributes;
    }

    public void setExcludeDefaultAttributes(boolean z) {
        this.excludeDefaultAttributes = z;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public boolean isAuthorizedToReleaseAuthenticationAttributes() {
        return this.authorizedToReleaseAuthenticationAttributes;
    }

    public void setAuthorizedToReleaseAuthenticationAttributes(boolean z) {
        this.authorizedToReleaseAuthenticationAttributes = z;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public Map<String, Object> getConsentableAttributes(Principal principal, Service service, RegisteredService registeredService) {
        if (this.consentPolicy != null && !this.consentPolicy.isEnabled()) {
            LOGGER.debug("Consent is disabled for service [{}]", registeredService);
            return new LinkedHashMap(0);
        }
        Map<String, Object> attributes = getAttributes(principal, service, registeredService);
        LOGGER.debug("Initial set of consentable attributes are [{}]", attributes);
        if (this.consentPolicy != null) {
            LOGGER.debug("Activating consent policy [{}] for service [{}]", this.consentPolicy, registeredService);
            if (this.consentPolicy.getExcludedAttributes() == null || this.consentPolicy.getExcludedAttributes().isEmpty()) {
                LOGGER.debug("No attributes are defined per the consent policy to be excluded from the consentable attributes");
            } else {
                Set<String> excludedAttributes = this.consentPolicy.getExcludedAttributes();
                attributes.getClass();
                excludedAttributes.forEach((v1) -> {
                    r1.remove(v1);
                });
                LOGGER.debug("Consentable attributes after removing excluded attributes are [{}]", attributes);
            }
            if (this.consentPolicy.getIncludeOnlyAttributes() == null || this.consentPolicy.getIncludeOnlyAttributes().isEmpty()) {
                LOGGER.debug("No attributes are defined per the consent policy to forcefully be included in the consentable attributes");
            } else {
                attributes.keySet().retainAll(this.consentPolicy.getIncludeOnlyAttributes());
                LOGGER.debug("Consentable attributes after force-including attributes are [{}]", attributes);
            }
        } else {
            LOGGER.debug("No consent policy is defined for service [{}]. Using the collection of attributes released for consent", registeredService);
        }
        LOGGER.debug("Finalized set of consentable attributes are [{}]", attributes);
        return attributes;
    }

    @Override // org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy
    public Map<String, Object> getAttributes(Principal principal, Service service, RegisteredService registeredService) {
        LOGGER.debug("Initiating attributes release phase for principal [{}] accessing service [{}] defined by registered service [{}]...", principal.getId(), service.getId(), registeredService.getServiceId());
        LOGGER.debug("Locating principal attributes for [{}]", principal.getId());
        Map<String, Object> attributes = getPrincipalAttributesRepository() == null ? principal.getAttributes() : getPrincipalAttributesRepository().getAttributes(principal);
        LOGGER.debug("Found principal attributes [{}] for [{}]", attributes, principal.getId());
        LOGGER.debug("Calling attribute policy [{}] to process attributes for [{}]", getClass().getSimpleName(), principal.getId());
        Map<String, Object> attributesInternal = getAttributesInternal(principal, attributes, registeredService);
        LOGGER.debug("Attribute policy [{}] allows release of [{}] for [{}]", getClass().getSimpleName(), attributesInternal, principal.getId());
        LOGGER.debug("Attempting to merge policy attributes and default attributes");
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        if (isExcludeDefaultAttributes()) {
            LOGGER.debug("Ignoring default attribute policy attributes");
        } else {
            LOGGER.debug("Checking default attribute policy attributes");
            Map<String, Object> releasedByDefaultAttributes = getReleasedByDefaultAttributes(principal, attributes);
            LOGGER.debug("Default attributes found to be released are [{}]", releasedByDefaultAttributes);
            LOGGER.debug("Adding default attributes first to the released set of attributes");
            treeMap.putAll(releasedByDefaultAttributes);
        }
        LOGGER.debug("Adding policy attributes to the released set of attributes");
        treeMap.putAll(attributesInternal);
        insertPrincipalIdAsAttributeIfNeeded(principal, treeMap, service, registeredService);
        if (getAttributeFilter() != null) {
            LOGGER.debug("Invoking attribute filter [{}] on the final set of attributes", getAttributeFilter());
            return getAttributeFilter().filter(treeMap);
        }
        LOGGER.debug("Finalizing attributes release phase for principal [{}] accessing service [{}] defined by registered service [{}]...", principal.getId(), service.getId(), registeredService.getServiceId());
        return returnFinalAttributesCollection(treeMap, registeredService);
    }

    protected void insertPrincipalIdAsAttributeIfNeeded(Principal principal, Map<String, Object> map, Service service, RegisteredService registeredService) {
        if (StringUtils.isNotBlank(getPrincipalIdAttribute())) {
            LOGGER.debug("Attempting to resolve the principal id for service [{}]", registeredService.getServiceId());
            LOGGER.debug("Releasing resolved principal id [{}] as attribute [{}]", registeredService.getUsernameAttributeProvider().resolveUsername(principal, service, registeredService), getPrincipalIdAttribute());
            map.put(getPrincipalIdAttribute(), principal.getId());
        }
    }

    protected Map<String, Object> returnFinalAttributesCollection(Map<String, Object> map, RegisteredService registeredService) {
        LOGGER.debug("Final collection of attributes allowed are: [{}]", map);
        return map;
    }

    protected Map<String, Object> getReleasedByDefaultAttributes(Principal principal, Map<String, Object> map) {
        ApplicationContext applicationContext = ApplicationContextProvider.getApplicationContext();
        if (applicationContext == null) {
            return new TreeMap();
        }
        LOGGER.debug("Located application context. Retrieving default attributes for release, if any");
        Set<String> defaultAttributesToRelease = ((CasConfigurationProperties) applicationContext.getAutowireCapableBeanFactory().getBean(CasConfigurationProperties.class)).getAuthn().getAttributeRepository().getDefaultAttributesToRelease();
        LOGGER.debug("Default attributes for release are: [{}]", defaultAttributesToRelease);
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        defaultAttributesToRelease.stream().forEach(str -> {
            if (map.containsKey(str)) {
                LOGGER.debug("Found and added default attribute for release: [{}]", str);
                treeMap.put(str, map.get(str));
            }
        });
        return treeMap;
    }

    protected abstract Map<String, Object> getAttributesInternal(Principal principal, Map<String, Object> map, RegisteredService registeredService);

    public int hashCode() {
        return new HashCodeBuilder(13, 133).append(getAttributeFilter()).append(isAuthorizedToReleaseCredentialPassword()).append(isAuthorizedToReleaseProxyGrantingTicket()).append(getPrincipalAttributesRepository()).append(isExcludeDefaultAttributes()).append(getPrincipalIdAttribute()).append(getConsentPolicy()).append(isAuthorizedToReleaseAuthenticationAttributes()).toHashCode();
    }

    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof AbstractRegisteredServiceAttributeReleasePolicy)) {
            return false;
        }
        AbstractRegisteredServiceAttributeReleasePolicy abstractRegisteredServiceAttributeReleasePolicy = (AbstractRegisteredServiceAttributeReleasePolicy) obj;
        return new EqualsBuilder().append(getAttributeFilter(), abstractRegisteredServiceAttributeReleasePolicy.getAttributeFilter()).append(isAuthorizedToReleaseCredentialPassword(), abstractRegisteredServiceAttributeReleasePolicy.isAuthorizedToReleaseCredentialPassword()).append(isAuthorizedToReleaseProxyGrantingTicket(), abstractRegisteredServiceAttributeReleasePolicy.isAuthorizedToReleaseProxyGrantingTicket()).append(getPrincipalAttributesRepository(), abstractRegisteredServiceAttributeReleasePolicy.getPrincipalAttributesRepository()).append(isExcludeDefaultAttributes(), abstractRegisteredServiceAttributeReleasePolicy.isExcludeDefaultAttributes()).append(getPrincipalIdAttribute(), abstractRegisteredServiceAttributeReleasePolicy.getPrincipalIdAttribute()).append(getConsentPolicy(), abstractRegisteredServiceAttributeReleasePolicy.getConsentPolicy()).append(isAuthorizedToReleaseAuthenticationAttributes(), abstractRegisteredServiceAttributeReleasePolicy.isAuthorizedToReleaseAuthenticationAttributes()).isEquals();
    }

    public String toString() {
        return new ToStringBuilder(this).append("attributeFilter", getAttributeFilter()).append("principalAttributesRepository", getPrincipalAttributesRepository()).append("authorizedToReleaseCredentialPassword", isAuthorizedToReleaseCredentialPassword()).append("authorizedToReleaseAuthenticationAttributes", isAuthorizedToReleaseAuthenticationAttributes()).append("authorizedToReleaseProxyGrantingTicket", isAuthorizedToReleaseProxyGrantingTicket()).append("excludeDefaultAttributes", isExcludeDefaultAttributes()).append("principalIdAttribute", getPrincipalIdAttribute()).append("consentPolicy", getConsentPolicy()).toString();
    }
}
