package org.apache.nifi.web.security.saml2.service.authentication;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.nifi.util.StringUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.saml.saml2.core.Assertion;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;

/* loaded from: input_file:org/apache/nifi/web/security/saml2/service/authentication/ResponseAuthenticationConverter.class */
public class ResponseAuthenticationConverter implements Converter<OpenSaml5AuthenticationProvider.ResponseToken, Saml2Authentication> {
    private static final Converter<OpenSaml5AuthenticationProvider.ResponseToken, Saml2Authentication> defaultConverter = OpenSaml5AuthenticationProvider.createDefaultResponseAuthenticationConverter();
    private final String groupAttributeName;

    public ResponseAuthenticationConverter(String str) {
        this.groupAttributeName = str;
    }

    public Saml2Authentication convert(OpenSaml5AuthenticationProvider.ResponseToken responseToken) {
        Objects.requireNonNull(responseToken, "Response Token required");
        List<Assertion> assertions = responseToken.getResponse().getAssertions();
        Saml2Authentication saml2Authentication = (Saml2Authentication) Objects.requireNonNull((Saml2Authentication) defaultConverter.convert(responseToken), "Authentication required");
        return new Saml2Authentication((Saml2AuthenticatedPrincipal) saml2Authentication.getPrincipal(), saml2Authentication.getSaml2Response(), getAuthorities(assertions));
    }

    private Collection<? extends GrantedAuthority> getAuthorities(List<Assertion> list) {
        return StringUtils.isBlank(this.groupAttributeName) ? Collections.emptyList() : (Collection) list.stream().flatMap(assertion -> {
            return assertion.getAttributeStatements().stream();
        }).flatMap(attributeStatement -> {
            return attributeStatement.getAttributes().stream();
        }).filter(attribute -> {
            return this.groupAttributeName.equals(attribute.getName());
        }).flatMap(attribute2 -> {
            return attribute2.getAttributeValues().stream();
        }).map(this::getAttributeValue).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
    }

    private String getAttributeValue(XMLObject xMLObject) {
        return xMLObject instanceof XSAny ? ((XSAny) xMLObject).getTextContent() : xMLObject instanceof XSString ? ((XSString) xMLObject).getValue() : null;
    }
}
