package org.apereo.cas.gauth.credential;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.OneTimeTokenAccount;
import org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapConnectionFactory;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.SearchResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;

/* loaded from: input_file:org/apereo/cas/gauth/credential/LdapGoogleAuthenticatorTokenCredentialRepository.class */
public class LdapGoogleAuthenticatorTokenCredentialRepository extends BaseGoogleAuthenticatorTokenCredentialRepository implements DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapGoogleAuthenticatorTokenCredentialRepository.class);
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();
    private final LdapConnectionFactory connectionFactory;
    private final LdapGoogleAuthenticatorMultifactorProperties ldapProperties;

    public LdapGoogleAuthenticatorTokenCredentialRepository(CipherExecutor<String, String> cipherExecutor, CipherExecutor<Number, Number> cipherExecutor2, IGoogleAuthenticator iGoogleAuthenticator, ConnectionFactory connectionFactory, LdapGoogleAuthenticatorMultifactorProperties ldapGoogleAuthenticatorMultifactorProperties) {
        super(cipherExecutor, cipherExecutor2, iGoogleAuthenticator);
        this.connectionFactory = new LdapConnectionFactory(connectionFactory);
        this.ldapProperties = ldapGoogleAuthenticatorMultifactorProperties;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String mapToJson(Collection<OneTimeTokenAccount> collection) {
        return (String) FunctionUtils.doUnchecked(() -> {
            String writeValueAsString = MAPPER.writeValueAsString(collection);
            LOGGER.trace("Transformed object [{}] as JSON value [{}]", collection, writeValueAsString);
            return writeValueAsString;
        });
    }

    private static List<OneTimeTokenAccount> mapFromJson(String str) {
        return (List) FunctionUtils.doUnchecked(() -> {
            LOGGER.trace("Mapping JSON value [{}]", str);
            String trim = str.trim();
            return StringUtils.isNotBlank(trim) ? (ArrayList) MAPPER.readValue(trim, new TypeReference<ArrayList<OneTimeTokenAccount>>() { // from class: org.apereo.cas.gauth.credential.LdapGoogleAuthenticatorTokenCredentialRepository.1
            }) : new ArrayList(0);
        });
    }

    public OneTimeTokenAccount get(long j) {
        return load().stream().filter(oneTimeTokenAccount -> {
            return oneTimeTokenAccount.getId() == j;
        }).findFirst().orElse(null);
    }

    public OneTimeTokenAccount get(String str, long j) {
        return get(str).stream().filter(oneTimeTokenAccount -> {
            return oneTimeTokenAccount.getId() == j;
        }).findFirst().orElse(null);
    }

    public Collection<? extends OneTimeTokenAccount> get(String str) {
        LdapAttribute attribute;
        LdapEntry locateLdapEntryFor = locateLdapEntryFor(str);
        if (locateLdapEntryFor == null || (attribute = locateLdapEntryFor.getAttribute(this.ldapProperties.getAccountAttributeName())) == null) {
            return new ArrayList(0);
        }
        LOGGER.debug("Located accounts for [{}] at attribute [{}]", str, this.ldapProperties.getAccountAttributeName());
        return (Collection) attribute.getStringValues().stream().map(LdapGoogleAuthenticatorTokenCredentialRepository::mapFromJson).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap((v0) -> {
            return v0.stream();
        }).map(this::decode).collect(Collectors.toList());
    }

    public Collection<? extends OneTimeTokenAccount> load() {
        Collection<LdapEntry> locateLdapEntriesForAll = locateLdapEntriesForAll();
        if (!locateLdapEntriesForAll.isEmpty()) {
            return mapAccountsFromLdapEntries(locateLdapEntriesForAll);
        }
        LOGGER.debug("No decision could be found");
        return new HashSet(0);
    }

    public OneTimeTokenAccount save(OneTimeTokenAccount oneTimeTokenAccount) {
        return update(oneTimeTokenAccount);
    }

    public OneTimeTokenAccount update(OneTimeTokenAccount oneTimeTokenAccount) {
        if (oneTimeTokenAccount.getId() < 0) {
            oneTimeTokenAccount.setId(RandomUtils.nextLong());
        }
        LOGGER.debug("Storing account [{}]", oneTimeTokenAccount);
        LdapEntry locateLdapEntryFor = locateLdapEntryFor(oneTimeTokenAccount.getUsername());
        LdapAttribute attribute = ((LdapEntry) Objects.requireNonNull(locateLdapEntryFor, (Supplier<String>) () -> {
            return String.format("Unable to locate LDAP entry for %s", oneTimeTokenAccount.getUsername());
        })).getAttribute(this.ldapProperties.getAccountAttributeName());
        if (attribute == null || attribute.getStringValues().isEmpty()) {
            LOGGER.debug("Adding new account for LDAP entry [{}]", locateLdapEntryFor);
            updateAccount(oneTimeTokenAccount, locateLdapEntryFor);
        } else {
            Set set = (Set) attribute.getStringValues().stream().map(LdapGoogleAuthenticatorTokenCredentialRepository::mapFromJson).filter((v0) -> {
                return Objects.nonNull(v0);
            }).flatMap((v0) -> {
                return v0.stream();
            }).map(this::decode).collect(Collectors.toSet());
            set.stream().filter(oneTimeTokenAccount2 -> {
                return oneTimeTokenAccount2.getId() == oneTimeTokenAccount.getId();
            }).findFirst().ifPresentOrElse(oneTimeTokenAccount3 -> {
                oneTimeTokenAccount3.setValidationCode(oneTimeTokenAccount.getValidationCode());
                oneTimeTokenAccount3.setScratchCodes(oneTimeTokenAccount.getScratchCodes());
                oneTimeTokenAccount3.setSecretKey(oneTimeTokenAccount.getSecretKey());
            }, () -> {
                set.add(oneTimeTokenAccount);
            });
            executeModifyOperation((Set) set.stream().map(oneTimeTokenAccount4 -> {
                return encode(oneTimeTokenAccount);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(oneTimeTokenAccount5 -> {
                return mapToJson(CollectionUtils.wrapArrayList(new OneTimeTokenAccount[]{oneTimeTokenAccount5}));
            }).collect(Collectors.toSet()), locateLdapEntryFor);
        }
        return oneTimeTokenAccount;
    }

    public void deleteAll() {
        locateLdapEntriesForAll().forEach(ldapEntry -> {
            executeModifyOperation(Set.of(), ldapEntry);
        });
    }

    public void delete(String str) {
        LOGGER.debug("Deleting accounts for principal [{}]", str);
        LdapEntry locateLdapEntryFor = locateLdapEntryFor(str);
        if (locateLdapEntryFor == null || !executeModifyOperation(Set.of(), locateLdapEntryFor)) {
            return;
        }
        LOGGER.debug("Successfully deleted accounts for [{}]", str);
    }

    public void delete(long j) {
        LdapEntry searchLdapAccountsBy = searchLdapAccountsBy(j);
        if (searchLdapAccountsBy != null) {
            List<OneTimeTokenAccount> mapAccountsFromLdapEntries = mapAccountsFromLdapEntries(List.of(searchLdapAccountsBy));
            mapAccountsFromLdapEntries.removeIf(oneTimeTokenAccount -> {
                return oneTimeTokenAccount.getId() == j;
            });
            updateAccounts(mapAccountsFromLdapEntries, searchLdapAccountsBy);
        }
    }

    public long count() {
        return locateLdapEntriesForAll().size();
    }

    public long count(String str) {
        return get(str).size();
    }

    public void destroy() {
        this.connectionFactory.close();
    }

    private void updateAccount(OneTimeTokenAccount oneTimeTokenAccount, LdapEntry ldapEntry) {
        updateAccounts(List.of(oneTimeTokenAccount), ldapEntry);
    }

    private void updateAccounts(Collection<OneTimeTokenAccount> collection, LdapEntry ldapEntry) {
        String mapToJson = mapToJson((List) collection.stream().map(this::encode).collect(Collectors.toList()));
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(mapToJson);
        executeModifyOperation(linkedHashSet, ldapEntry);
    }

    private List<OneTimeTokenAccount> mapAccountsFromLdapEntries(Collection<LdapEntry> collection) {
        return (List) collection.stream().map(ldapEntry -> {
            return ldapEntry.getAttribute(this.ldapProperties.getAccountAttributeName());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(ldapAttribute -> {
            return (Set) ldapAttribute.getStringValues().stream().map(LdapGoogleAuthenticatorTokenCredentialRepository::mapFromJson).filter((v0) -> {
                return Objects.nonNull(v0);
            }).flatMap((v0) -> {
                return v0.stream();
            }).map(this::decode).collect(Collectors.toSet());
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toList());
    }

    private boolean executeModifyOperation(Set<String> set, LdapEntry ldapEntry) {
        HashMap hashMap = new HashMap();
        hashMap.put(this.ldapProperties.getAccountAttributeName(), set);
        LOGGER.debug("Storing records [{}] at LDAP attribute [{}] for [{}]", new Object[]{set, hashMap.keySet(), ldapEntry.getDn()});
        return this.connectionFactory.executeModifyOperation(ldapEntry.getDn(), CollectionUtils.wrap(hashMap));
    }

    private Collection<LdapEntry> locateLdapEntriesForAll() {
        return (Collection) FunctionUtils.doUnchecked(() -> {
            String accountAttributeName = this.ldapProperties.getAccountAttributeName();
            FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("(" + accountAttributeName + "=*)");
            LOGGER.debug("Locating LDAP entries via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, accountAttributeName);
            SearchResponse executeSearchOperation = this.connectionFactory.executeSearchOperation(this.ldapProperties.getBaseDn(), newLdaptiveSearchFilter, this.ldapProperties.getPageSize(), new String[]{accountAttributeName});
            if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
                LOGGER.debug("Unable to read entries from LDAP via filter [{}]", newLdaptiveSearchFilter);
                return new HashSet(0);
            }
            Collection entries = executeSearchOperation.getEntries();
            LOGGER.debug("Locating [{}] LDAP entries based on response [{}]", Integer.valueOf(entries.size()), executeSearchOperation);
            return entries;
        });
    }

    private LdapEntry locateLdapEntryFor(String str) {
        return (LdapEntry) FunctionUtils.doUnchecked(() -> {
            FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("(" + this.ldapProperties.getSearchFilter() + ")", CollectionUtils.wrapList(new String[]{str}));
            LOGGER.debug("Locating LDAP entry via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, this.ldapProperties.getAccountAttributeName());
            SearchResponse executeSearchOperation = this.connectionFactory.executeSearchOperation(this.ldapProperties.getBaseDn(), newLdaptiveSearchFilter, this.ldapProperties.getPageSize(), new String[]{this.ldapProperties.getAccountAttributeName()});
            if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
                return null;
            }
            LdapEntry entry = executeSearchOperation.getEntry();
            LOGGER.debug("Located LDAP entry [{}]", entry);
            return entry;
        });
    }

    private LdapEntry searchLdapAccountsBy(long j) {
        return (LdapEntry) FunctionUtils.doUnchecked(() -> {
            FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(String.format("(%s=*\"id\":%s*)", this.ldapProperties.getAccountAttributeName(), Long.valueOf(j)));
            LOGGER.debug("Locating LDAP entry via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, this.ldapProperties.getAccountAttributeName());
            SearchResponse executeSearchOperation = this.connectionFactory.executeSearchOperation(this.ldapProperties.getBaseDn(), newLdaptiveSearchFilter, this.ldapProperties.getPageSize(), new String[]{this.ldapProperties.getAccountAttributeName()});
            if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
                return null;
            }
            LdapEntry entry = executeSearchOperation.getEntry();
            LOGGER.debug("Located LDAP entry [{}]", entry);
            return entry;
        });
    }

    @Generated
    public LdapConnectionFactory getConnectionFactory() {
        return this.connectionFactory;
    }

    @Generated
    public LdapGoogleAuthenticatorMultifactorProperties getLdapProperties() {
        return this.ldapProperties;
    }
}
