package org.cloudfoundry.identity.uaa.config;

import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.login.saml.IdentityProviderConfigurator;
import org.cloudfoundry.identity.uaa.login.saml.IdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityProvider;
import org.cloudfoundry.identity.uaa.zone.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.UaaIdentityProviderDefinition;
import org.json.JSONException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.env.Environment;
import org.springframework.dao.EmptyResultDataAccessException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.4.0.jar:org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrap.class */
public class IdentityProviderBootstrap implements InitializingBean {
    public static final String DEFAULT_MAP = "{\"default\":\"default\"}";
    private IdentityProviderProvisioning provisioning;
    private List<IdentityProvider> providers = new LinkedList();
    private IdentityProviderConfigurator configurator;
    private HashMap<String, Object> ldapConfig;
    private HashMap<String, Object> keystoneConfig;
    private Environment environment;
    private PasswordPolicy defaultPasswordPolicy;
    private LockoutPolicy defaultLockoutPolicy;

    public IdentityProviderBootstrap(IdentityProviderProvisioning identityProviderProvisioning, Environment environment) {
        if (identityProviderProvisioning == null) {
            throw new NullPointerException("Constructor argument can't be null.");
        }
        this.provisioning = identityProviderProvisioning;
        this.environment = environment;
    }

    public void setSamlProviders(IdentityProviderConfigurator identityProviderConfigurator) {
        this.configurator = identityProviderConfigurator;
    }

    protected void addSamlProviders() {
        if (this.configurator == null) {
            return;
        }
        for (IdentityProviderDefinition identityProviderDefinition : this.configurator.getIdentityProviderDefinitions()) {
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setType(Origin.SAML);
            identityProvider.setOriginKey(identityProviderDefinition.getIdpEntityAlias());
            identityProvider.setName("UAA SAML Identity Provider[" + identityProvider.getOriginKey() + "]");
            try {
                identityProvider.setConfig(JsonUtils.writeValueAsString(identityProviderDefinition));
                this.providers.add(identityProvider);
            } catch (JsonUtils.JsonUtilException e) {
                throw new RuntimeException("Non serializable LDAP config");
            }
        }
    }

    public void setLdapConfig(HashMap<String, Object> hashMap) {
        this.ldapConfig = hashMap;
    }

    protected void addLdapProvider() {
        boolean contains = Arrays.asList(this.environment.getActiveProfiles()).contains(Origin.LDAP);
        if (this.ldapConfig != null || contains) {
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setOriginKey(Origin.LDAP);
            identityProvider.setType(Origin.LDAP);
            identityProvider.setName("UAA LDAP Provider");
            identityProvider.setConfig(this.ldapConfig != null ? JsonUtils.writeValueAsString(this.ldapConfig) : DEFAULT_MAP);
            this.providers.add(identityProvider);
        }
    }

    public void setKeystoneConfig(HashMap<String, Object> hashMap) {
        this.keystoneConfig = hashMap;
    }

    protected void addKeystoneProvider() {
        boolean contains = Arrays.asList(this.environment.getActiveProfiles()).contains(Origin.KEYSTONE);
        if (this.keystoneConfig != null || contains) {
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setOriginKey(Origin.KEYSTONE);
            identityProvider.setType(Origin.KEYSTONE);
            identityProvider.setName("UAA LDAP Provider");
            identityProvider.setConfig(this.keystoneConfig != null ? JsonUtils.writeValueAsString(this.keystoneConfig) : DEFAULT_MAP);
            this.providers.add(identityProvider);
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.providers.clear();
        addLdapProvider();
        addSamlProviders();
        addKeystoneProvider();
        String id = IdentityZone.getUaa().getId();
        deactivateUnusedProviders(id);
        for (IdentityProvider identityProvider : this.providers) {
            IdentityProvider identityProvider2 = null;
            try {
                identityProvider2 = this.provisioning.retrieveByOrigin(identityProvider.getOriginKey(), id);
            } catch (EmptyResultDataAccessException e) {
            }
            identityProvider.setIdentityZoneId(id);
            identityProvider.setActive(true);
            if (identityProvider2 == null) {
                this.provisioning.create(identityProvider);
            } else {
                identityProvider.setId(identityProvider2.getId());
                identityProvider.setCreated(identityProvider2.getCreated());
                identityProvider.setVersion(identityProvider2.getVersion());
                identityProvider.setLastModified(new Date(System.currentTimeMillis()));
                this.provisioning.update(identityProvider);
            }
        }
        addPoliciesToDefaultZoneUaaIDP();
    }

    private void deactivateUnusedProviders(String str) {
        for (IdentityProvider identityProvider : this.provisioning.retrieveAll(false, str)) {
            if (Origin.SAML.equals(identityProvider.getType()) || Origin.LDAP.equals(identityProvider.getType()) || Origin.KEYSTONE.equals(identityProvider.getType())) {
                if (!isAmongProviders(identityProvider.getOriginKey())) {
                    identityProvider.setActive(false);
                    this.provisioning.update(identityProvider);
                }
            }
        }
    }

    protected void addPoliciesToDefaultZoneUaaIDP() throws JSONException {
        IdentityProvider retrieveByOrigin = this.provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId());
        retrieveByOrigin.setConfig(JsonUtils.writeValueAsString(new UaaIdentityProviderDefinition(this.defaultPasswordPolicy, this.defaultLockoutPolicy)));
        this.provisioning.update(retrieveByOrigin);
    }

    private boolean isAmongProviders(String str) {
        Iterator<IdentityProvider> it = this.providers.iterator();
        while (it.hasNext()) {
            if (it.next().getOriginKey().equals(str)) {
                return true;
            }
        }
        return false;
    }

    public void setDefaultPasswordPolicy(PasswordPolicy passwordPolicy) {
        this.defaultPasswordPolicy = passwordPolicy;
    }

    public void setDefaultLockoutPolicy(LockoutPolicy lockoutPolicy) {
        this.defaultLockoutPolicy = lockoutPolicy;
    }
}
