package com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.mapping;

import com.atlassian.plugins.authentication.api.config.JustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.oidc.OidcConfig;
import com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.JitException;
import com.google.common.collect.ImmutableSet;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.openid.connect.sdk.claims.PersonClaims;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.text.ParseException;
import java.util.List;
import java.util.function.Supplier;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/usercontext/impl/jit/mapping/OidcUserDataFromIdpMapper.class */
public class OidcUserDataFromIdpMapper {
    private static final Logger log = LoggerFactory.getLogger(OidcUserDataFromIdpMapper.class);

    public JitUserData mapUser(OIDCTokens oIDCTokens, String str, OidcConfig oidcConfig) {
        try {
            JustInTimeConfig justInTimeConfig = oidcConfig.getJustInTimeConfig();
            JWTClaimsSet jWTClaimsSet = oIDCTokens.getIDToken().getJWTClaimsSet();
            log.trace("Claims received in response for IdP: {}", jWTClaimsSet.getClaims().keySet());
            String subject = jWTClaimsSet.getSubject();
            if (subject == null) {
                throw new JitException("Subject not found");
            }
            String evaluateExpression = evaluateExpression(justInTimeConfig.getDisplayNameMappingExpression().orElseThrow(mappingConfigurationNotPresentException("display name")), jWTClaimsSet);
            String evaluateExpression2 = evaluateExpression(justInTimeConfig.getEmailMappingExpression().orElseThrow(mappingConfigurationNotPresentException(PersonClaims.EMAIL_CLAIM_NAME)), jWTClaimsSet);
            List<String> stringListClaim = jWTClaimsSet.getStringListClaim(justInTimeConfig.getGroupsMappingSource().orElseThrow(mappingConfigurationNotPresentException("groups")));
            if (stringListClaim == null) {
                throw new JitException(String.format("Received no groups claim in OIDC response, the group mapping may be incorrect. Mapping user '%s' for IdP '%s'", str, oidcConfig.getName()));
            }
            return new JitUserData(subject, str, evaluateExpression, evaluateExpression2, ImmutableSet.copyOf(stringListClaim));
        } catch (Exception e) {
            throw new JitException(e);
        }
    }

    private static Supplier<IllegalStateException> mappingConfigurationNotPresentException(String str) {
        return () -> {
            return new IllegalStateException("Configuration for " + str + " for OIDC is not set");
        };
    }

    private String evaluateExpression(String str, JWTClaimsSet jWTClaimsSet) {
        return new MappingExpression(str).evaluateWithValues(str2 -> {
            return getStringClaimOrFail(jWTClaimsSet, str2);
        });
    }

    private String getStringClaimOrFail(JWTClaimsSet jWTClaimsSet, String str) {
        try {
            String stringClaim = jWTClaimsSet.getStringClaim(str);
            if (stringClaim != null) {
                return stringClaim;
            }
            throw new JitException(String.format("Claim [%s] could not be found", str));
        } catch (ParseException e) {
            throw new JitException(String.format("Claim [%s] was not of type String", str));
        }
    }
}
