package org.alfresco.repo.security.authentication.identityservice;

import java.util.HashMap;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Predicate;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.notification.EMailNotificationProvider;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacade;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/alfresco/repo/security/authentication/identityservice/IdentityServiceJITProvisioningHandler.class */
public class IdentityServiceJITProvisioningHandler {
    private final IdentityServiceFacade identityServiceFacade;
    private final PersonService personService;
    private final TransactionService transactionService;
    private final Function<IdentityServiceFacade.DecodedAccessToken, Optional<? extends OIDCUserInfo>> mapTokenToUserInfoResponse = decodedAccessToken -> {
        Optional ofNullable = Optional.ofNullable(decodedAccessToken.getClaim("given_name"));
        Class<String> cls = String.class;
        String.class.getClass();
        Optional filter = ofNullable.filter(cls::isInstance);
        Class<String> cls2 = String.class;
        String.class.getClass();
        Optional map = filter.map(cls2::cast);
        Optional ofNullable2 = Optional.ofNullable(decodedAccessToken.getClaim("family_name"));
        Class<String> cls3 = String.class;
        String.class.getClass();
        Optional filter2 = ofNullable2.filter(cls3::isInstance);
        Class<String> cls4 = String.class;
        String.class.getClass();
        Optional map2 = filter2.map(cls4::cast);
        Optional ofNullable3 = Optional.ofNullable(decodedAccessToken.getClaim(EMailNotificationProvider.NAME));
        Class<String> cls5 = String.class;
        String.class.getClass();
        Optional filter3 = ofNullable3.filter(cls5::isInstance);
        Class<String> cls6 = String.class;
        String.class.getClass();
        Optional map3 = filter3.map(cls6::cast);
        Optional ofNullable4 = Optional.ofNullable(decodedAccessToken.getClaim("preferred_username"));
        Class<String> cls7 = String.class;
        String.class.getClass();
        Optional filter4 = ofNullable4.filter(cls7::isInstance);
        Class<String> cls8 = String.class;
        String.class.getClass();
        return filter4.map(cls8::cast).map(this::normalizeUserId).map(str -> {
            return new OIDCUserInfo(str, (String) map.orElse(""), (String) map2.orElse(""), (String) map3.orElse(""));
        });
    };

    public IdentityServiceJITProvisioningHandler(IdentityServiceFacade identityServiceFacade, PersonService personService, TransactionService transactionService) {
        this.identityServiceFacade = identityServiceFacade;
        this.personService = personService;
        this.transactionService = transactionService;
    }

    public Optional<OIDCUserInfo> extractUserInfoAndCreateUserIfNeeded(final String str) {
        final Optional<OIDCUserInfo> flatMap = Optional.ofNullable(str).filter(Predicate.not((v0) -> {
            return v0.isEmpty();
        })).flatMap(str2 -> {
            return extractUserInfoResponseFromAccessToken(str2).filter(oIDCUserInfo -> {
                return StringUtils.isNotEmpty(oIDCUserInfo.username());
            }).or(() -> {
                return extractUserInfoResponseFromEndpoint(str2);
            });
        });
        return (this.transactionService.isReadOnly() || flatMap.isEmpty()) ? flatMap : (Optional) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Optional<OIDCUserInfo>>() { // from class: org.alfresco.repo.security.authentication.identityservice.IdentityServiceJITProvisioningHandler.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public Optional<OIDCUserInfo> m856doWork() throws Exception {
                Optional optional = flatMap;
                String str3 = str;
                return optional.map(oIDCUserInfo -> {
                    if (oIDCUserInfo.username() != null && IdentityServiceJITProvisioningHandler.this.personService.createMissingPeople() && !IdentityServiceJITProvisioningHandler.this.personService.personExists(oIDCUserInfo.username())) {
                        if (!oIDCUserInfo.allFieldsNotEmpty()) {
                            oIDCUserInfo = (OIDCUserInfo) IdentityServiceJITProvisioningHandler.this.extractUserInfoResponseFromEndpoint(str3).orElse(oIDCUserInfo);
                        }
                        HashMap hashMap = new HashMap();
                        hashMap.put(ContentModel.PROP_USERNAME, oIDCUserInfo.username());
                        hashMap.put(ContentModel.PROP_FIRSTNAME, oIDCUserInfo.firstName());
                        hashMap.put(ContentModel.PROP_LASTNAME, oIDCUserInfo.lastName());
                        hashMap.put(ContentModel.PROP_EMAIL, oIDCUserInfo.email());
                        hashMap.put(ContentModel.PROP_ORGID, "");
                        hashMap.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, null);
                        hashMap.put(ContentModel.PROP_SIZE_CURRENT, 0L);
                        hashMap.put(ContentModel.PROP_SIZE_QUOTA, -1L);
                        IdentityServiceJITProvisioningHandler.this.personService.createPerson(hashMap);
                    }
                    return oIDCUserInfo;
                });
            }
        }, AuthenticationUtil.getSystemUserName());
    }

    private Optional<OIDCUserInfo> extractUserInfoResponseFromAccessToken(String str) {
        Optional ofNullable = Optional.ofNullable(str);
        IdentityServiceFacade identityServiceFacade = this.identityServiceFacade;
        identityServiceFacade.getClass();
        return ofNullable.map(identityServiceFacade::decodeToken).flatMap(this.mapTokenToUserInfoResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Optional<OIDCUserInfo> extractUserInfoResponseFromEndpoint(String str) {
        return this.identityServiceFacade.getUserInfo(str).filter(oIDCUserInfo -> {
            return (oIDCUserInfo.username() == null || oIDCUserInfo.username().isEmpty()) ? false : true;
        }).map(oIDCUserInfo2 -> {
            return new OIDCUserInfo(normalizeUserId(oIDCUserInfo2.username()), (String) Optional.ofNullable(oIDCUserInfo2.firstName()).orElse(""), (String) Optional.ofNullable(oIDCUserInfo2.lastName()).orElse(""), (String) Optional.ofNullable(oIDCUserInfo2.email()).orElse(""));
        });
    }

    private String normalizeUserId(final String str) {
        if (str == null) {
            return null;
        }
        String str2 = (String) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.repo.security.authentication.identityservice.IdentityServiceJITProvisioningHandler.2
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public String m857doWork() throws Exception {
                return IdentityServiceJITProvisioningHandler.this.personService.getUserIdentifier(str);
            }
        }, AuthenticationUtil.getSystemUserName());
        return str2 == null ? str : str2;
    }
}
