package com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.mapping;

import com.atlassian.plugins.authentication.api.config.JustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.saml.SamlConfig;
import com.atlassian.plugins.authentication.sso.web.saml.provider.SamlResponse;
import com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.JitException;
import com.google.common.collect.ImmutableSet;
import com.nimbusds.openid.connect.sdk.claims.PersonClaims;
import java.util.Set;
import java.util.function.Supplier;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/usercontext/impl/jit/mapping/SamlUserDataFromIdpMapper.class */
public class SamlUserDataFromIdpMapper {
    private static final Logger log = LoggerFactory.getLogger(SamlUserDataFromIdpMapper.class);

    public JitUserData mapUser(SamlResponse samlResponse, String str, SamlConfig samlConfig) {
        JustInTimeConfig justInTimeConfig = samlConfig.getJustInTimeConfig();
        String nameId = samlResponse.getNameId();
        if (nameId == null) {
            throw new JitException("NameID not found");
        }
        return new JitUserData(nameId, str, evaluateExpression(justInTimeConfig.getDisplayNameMappingExpression().orElseThrow(mappingConfigurationNotPresentException("display name")), samlResponse), evaluateExpression(justInTimeConfig.getEmailMappingExpression().orElseThrow(mappingConfigurationNotPresentException(PersonClaims.EMAIL_CLAIM_NAME)), samlResponse), mapGroups(justInTimeConfig.getGroupsMappingSource().orElseThrow(mappingConfigurationNotPresentException("groups")), samlResponse));
    }

    private static Supplier<JitException> mappingConfigurationNotPresentException(String str) {
        return () -> {
            return new JitException("Configuration for " + str + " for SAML is not set");
        };
    }

    private String extractAttribute(SamlResponse samlResponse, String str) {
        Iterable<String> attribute = samlResponse.getAttribute(str);
        if (attribute != null && attribute.iterator().hasNext()) {
            return attribute.iterator().next();
        }
        log.error("Could not find {} in the SAML response, it could mean that there is misconfiguration", str);
        throw new JitException(String.format("Attribute [%s] could not be found", str));
    }

    private String evaluateExpression(String str, SamlResponse samlResponse) {
        return new MappingExpression(str).evaluateWithValues(str2 -> {
            return str2.equalsIgnoreCase("NameId") ? samlResponse.getNameId() : extractAttribute(samlResponse, str2);
        });
    }

    private Set<String> mapGroups(String str, SamlResponse samlResponse) {
        Iterable<String> attribute = samlResponse.getAttribute(str);
        if (attribute == null) {
            throw new JitException(String.format("Attribute [%s] could not be found", str));
        }
        return ImmutableSet.copyOf(attribute);
    }
}
