package com.adobe.granite.auth.saml.extidp;

import com.adobe.granite.auth.saml.spi.SamlCredentials;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;

/* loaded from: input_file:com/adobe/granite/auth/saml/extidp/SamlIdentityPovider.class */
public class SamlIdentityPovider implements ExternalIdentityProvider, PrincipalNameResolver, CredentialsSupport {
    private final String name;
    private final boolean idpNameInUserId;

    /* loaded from: input_file:com/adobe/granite/auth/saml/extidp/SamlIdentityPovider$SamlGroup.class */
    static class SamlGroup implements ExternalGroup {
        private final ExternalIdentityRef ref;
        private final String id;

        public SamlGroup(ExternalIdentityRef externalIdentityRef) {
            this.ref = externalIdentityRef;
            this.id = externalIdentityRef.getString();
        }

        public ExternalIdentityRef getExternalId() {
            return this.ref;
        }

        public String getId() {
            return this.id;
        }

        public String getPrincipalName() {
            return this.id;
        }

        public String getIntermediatePath() {
            return null;
        }

        public Iterable<ExternalIdentityRef> getDeclaredGroups() throws ExternalIdentityException {
            return Collections.emptyList();
        }

        public Map<String, ?> getProperties() {
            return Collections.emptyMap();
        }

        public Iterable<ExternalIdentityRef> getDeclaredMembers() throws ExternalIdentityException {
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:com/adobe/granite/auth/saml/extidp/SamlIdentityPovider$SamlGroupRef.class */
    static class SamlGroupRef extends ExternalIdentityRef {
        public SamlGroupRef(String str, String str2) {
            super(str, str2);
        }
    }

    /* loaded from: input_file:com/adobe/granite/auth/saml/extidp/SamlIdentityPovider$SamlUser.class */
    static class SamlUser implements ExternalUser {
        private final SamlCredentials creds;
        private final String id;
        private final boolean idpNameInUserId;

        SamlUser(SamlCredentials samlCredentials, boolean z) {
            this.creds = samlCredentials;
            this.id = samlCredentials.getUserId();
            this.idpNameInUserId = z;
        }

        public ExternalIdentityRef getExternalId() {
            return this.idpNameInUserId ? new ExternalIdentityRef(this.id, this.creds.getIdp()) : ExternalIdentityRef.fromString(this.id + ";" + this.creds.getIdp());
        }

        public String getId() {
            return this.id;
        }

        public String getPrincipalName() {
            return this.id;
        }

        public String getIntermediatePath() {
            return null;
        }

        public Iterable<ExternalIdentityRef> getDeclaredGroups() throws ExternalIdentityException {
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = this.creds.getSamlGroupIds().iterator();
            while (it.hasNext()) {
                arrayList.add(new SamlGroupRef(it.next(), this.creds.getIdp()));
            }
            return arrayList;
        }

        public Map<String, ?> getProperties() {
            return this.creds.getAttributes();
        }
    }

    public SamlIdentityPovider(String str, boolean z) {
        this.name = str;
        this.idpNameInUserId = z;
    }

    public String getName() {
        return this.name;
    }

    public ExternalUser authenticate(Credentials credentials) throws ExternalIdentityException, LoginException {
        if (!(credentials instanceof SamlCredentials)) {
            return null;
        }
        SamlCredentials samlCredentials = (SamlCredentials) credentials;
        if (isSameIdp(samlCredentials)) {
            return new SamlUser(samlCredentials, this.idpNameInUserId);
        }
        return null;
    }

    public ExternalIdentity getIdentity(ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
        if (isSameIdp(externalIdentityRef) && (externalIdentityRef instanceof SamlGroupRef)) {
            return new SamlGroup(externalIdentityRef);
        }
        return null;
    }

    public ExternalUser getUser(String str) throws ExternalIdentityException {
        throw new UnsupportedOperationException();
    }

    public ExternalGroup getGroup(String str) throws ExternalIdentityException {
        throw new UnsupportedOperationException();
    }

    public Iterator<ExternalUser> listUsers() throws ExternalIdentityException {
        throw new UnsupportedOperationException();
    }

    public Iterator<ExternalGroup> listGroups() throws ExternalIdentityException {
        throw new UnsupportedOperationException();
    }

    @Nonnull
    public String fromExternalIdentityRef(@Nonnull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
        if (isSameIdp(externalIdentityRef)) {
            return externalIdentityRef.getString();
        }
        throw new ExternalIdentityException("Foreign IDP " + externalIdentityRef.getString());
    }

    private boolean isSameIdp(@Nonnull ExternalIdentityRef externalIdentityRef) {
        return getName().equals(externalIdentityRef.getProviderName());
    }

    private boolean isSameIdp(@Nonnull SamlCredentials samlCredentials) {
        return getName().equals(samlCredentials.getIdp());
    }

    public Set<Class> getCredentialClasses() {
        return Collections.singleton(SamlCredentials.class);
    }

    public String getUserId(Credentials credentials) {
        if (credentials instanceof SamlCredentials) {
            return ((SamlCredentials) credentials).getUserId();
        }
        return null;
    }

    public Map<String, ?> getAttributes(Credentials credentials) {
        return credentials instanceof SamlCredentials ? Collections.singletonMap(SamlIdpUserSync.TOKEN_ATTRIBUTE, "") : Collections.emptyMap();
    }

    public boolean setAttributes(Credentials credentials, Map<String, ?> map) {
        if (!(credentials instanceof SamlCredentials) || map == null) {
            return false;
        }
        SamlCredentials samlCredentials = (SamlCredentials) credentials;
        for (Map.Entry<String, ?> entry : map.entrySet()) {
            samlCredentials.setAttribute(entry.getKey(), entry.getValue());
        }
        return true;
    }
}
