package org.cloudfoundry.identity.uaa.impl.config;

import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.provider.AbstractIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.KeystoneIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.LockoutPolicy;
import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;
import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderConfigurator;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.util.LdapUtils;
import org.cloudfoundry.identity.uaa.util.UaaMapUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.json.JSONException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.env.AbstractEnvironment;
import org.springframework.core.env.Environment;
import org.springframework.dao.EmptyResultDataAccessException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.9.1.jar:org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.class */
public class IdentityProviderBootstrap implements InitializingBean {
    private IdentityProviderProvisioning provisioning;
    private List<IdentityProvider> providers = new LinkedList();
    private BootstrapSamlIdentityProviderConfigurator configurator;
    private Map<String, AbstractXOAuthIdentityProviderDefinition> oauthIdpDefintions;
    private Map<String, Object> ldapConfig;
    private Map<String, Object> keystoneConfig;
    private Environment environment;
    private PasswordPolicy defaultPasswordPolicy;
    private LockoutPolicy defaultLockoutPolicy;
    private boolean disableInternalUserManagement;

    public IdentityProviderBootstrap(IdentityProviderProvisioning identityProviderProvisioning, Environment environment) {
        if (identityProviderProvisioning == null) {
            throw new NullPointerException("Constructor argument can't be null.");
        }
        this.provisioning = identityProviderProvisioning;
        this.environment = environment;
    }

    private void addOauthProviders() {
        if (this.oauthIdpDefintions == null) {
            return;
        }
        for (Map.Entry<String, AbstractXOAuthIdentityProviderDefinition> entry : this.oauthIdpDefintions.entrySet()) {
            validateDuplicateAlias(entry.getKey());
            IdentityProvider identityProvider = new IdentityProvider();
            if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(entry.getValue().getClass())) {
                identityProvider.setType(OriginKeys.OAUTH20);
            } else {
                if (!OIDCIdentityProviderDefinition.class.isAssignableFrom(entry.getValue().getClass())) {
                    throw new IllegalArgumentException("Unknown provider type.");
                }
                identityProvider.setType(OriginKeys.OIDC10);
            }
            identityProvider.setOriginKey(entry.getKey());
            identityProvider.setName("UAA Oauth Identity Provider[" + identityProvider.getOriginKey() + "]");
            identityProvider.setActive(true);
            try {
                identityProvider.setConfig(entry.getValue());
                this.providers.add(identityProvider);
            } catch (JsonUtils.JsonUtilException e) {
                throw new RuntimeException("Non serializable Oauth config");
            }
        }
    }

    public void validateDuplicateAlias(String str) {
        Iterator<IdentityProvider> it = this.providers.iterator();
        while (it.hasNext()) {
            if (it.next().getOriginKey().equals(str)) {
                throw new IllegalArgumentException("Provider alias " + str + " is not unique.");
            }
        }
    }

    public void setSamlProviders(BootstrapSamlIdentityProviderConfigurator bootstrapSamlIdentityProviderConfigurator) {
        this.configurator = bootstrapSamlIdentityProviderConfigurator;
    }

    protected void addSamlProviders() {
        if (this.configurator == null) {
            return;
        }
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition : this.configurator.getIdentityProviderDefinitions()) {
            validateDuplicateAlias(samlIdentityProviderDefinition.getIdpEntityAlias());
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setType(OriginKeys.SAML);
            identityProvider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias());
            identityProvider.setName("UAA SAML Identity Provider[" + identityProvider.getOriginKey() + "]");
            identityProvider.setActive(true);
            try {
                identityProvider.setConfig(samlIdentityProviderDefinition);
                this.providers.add(identityProvider);
            } catch (JsonUtils.JsonUtilException e) {
                throw new RuntimeException("Non serializable SAML config");
            }
        }
    }

    public void setLdapConfig(HashMap<String, Object> hashMap) {
        this.ldapConfig = hashMap;
    }

    protected void addLdapProvider() {
        boolean contains = Arrays.asList(this.environment.getActiveProfiles()).contains("ldap");
        if (this.ldapConfig != null || contains) {
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setActive(contains);
            identityProvider.setOriginKey("ldap");
            identityProvider.setType("ldap");
            identityProvider.setName("UAA LDAP Provider");
            HashMap hashMap = new HashMap();
            hashMap.put("ldap", this.ldapConfig);
            LdapIdentityProviderDefinition ldapConfigAsDefinition = getLdapConfigAsDefinition(hashMap);
            identityProvider.setConfig(ldapConfigAsDefinition);
            identityProvider.setActive(contains && ldapConfigAsDefinition.isConfigured().booleanValue());
            this.providers.add(identityProvider);
        }
    }

    protected LdapIdentityProviderDefinition getLdapConfigAsDefinition(Map<String, Object> map) {
        Map<String, Object> flatten = UaaMapUtils.flatten(map);
        populateLdapEnvironment(flatten);
        return flatten.isEmpty() ? new LdapIdentityProviderDefinition() : LdapUtils.fromConfig(flatten);
    }

    protected void populateLdapEnvironment(Map<String, Object> map) {
        AbstractEnvironment abstractEnvironment = (AbstractEnvironment) this.environment;
        for (String str : LdapIdentityProviderDefinition.LDAP_PROPERTY_NAMES) {
            if (abstractEnvironment.containsProperty(str) && LdapIdentityProviderDefinition.LDAP_PROPERTY_TYPES.get(str) != null) {
                map.put(str, abstractEnvironment.getProperty(str, LdapIdentityProviderDefinition.LDAP_PROPERTY_TYPES.get(str)));
            }
        }
        for (Map.Entry<String, Object> entry : UaaMapUtils.getPropertiesStartingWith(abstractEnvironment, LdapIdentityProviderDefinition.LDAP_PREFIX).entrySet()) {
            if (!LdapIdentityProviderDefinition.LDAP_PROPERTY_NAMES.contains(entry.getKey())) {
                map.put(entry.getKey(), entry.getValue());
            }
        }
    }

    public void setKeystoneConfig(HashMap<String, Object> hashMap) {
        this.keystoneConfig = hashMap;
    }

    protected AbstractIdentityProviderDefinition getKeystoneDefinition(Map<String, Object> map) {
        return new KeystoneIdentityProviderDefinition(map);
    }

    protected void addKeystoneProvider() {
        boolean contains = Arrays.asList(this.environment.getActiveProfiles()).contains(OriginKeys.KEYSTONE);
        if (this.keystoneConfig != null || contains) {
            boolean z = contains && this.keystoneConfig != null;
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setOriginKey(OriginKeys.KEYSTONE);
            identityProvider.setType(OriginKeys.KEYSTONE);
            identityProvider.setName("UAA Keystone Provider");
            identityProvider.setActive(z);
            identityProvider.setConfig(getKeystoneDefinition(this.keystoneConfig));
            this.providers.add(identityProvider);
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.providers.clear();
        addLdapProvider();
        addSamlProviders();
        addOauthProviders();
        addKeystoneProvider();
        String id = IdentityZone.getUaa().getId();
        deactivateUnusedProviders(id);
        for (IdentityProvider identityProvider : this.providers) {
            IdentityProvider identityProvider2 = null;
            try {
                identityProvider2 = this.provisioning.retrieveByOrigin(identityProvider.getOriginKey(), id);
            } catch (EmptyResultDataAccessException e) {
            }
            identityProvider.setIdentityZoneId(id);
            if (identityProvider2 == null) {
                this.provisioning.create(identityProvider);
            } else {
                identityProvider.setId(identityProvider2.getId());
                identityProvider.setCreated(identityProvider2.getCreated());
                identityProvider.setVersion(identityProvider2.getVersion());
                identityProvider.setLastModified(new Date(System.currentTimeMillis()));
                this.provisioning.update(identityProvider);
            }
        }
        updateDefaultZoneUaaIDP();
    }

    private void deactivateUnusedProviders(String str) {
        for (IdentityProvider identityProvider : this.provisioning.retrieveAll(false, str)) {
            if (!OriginKeys.UAA.equals(identityProvider.getType()) && !isAmongProviders(identityProvider.getOriginKey(), identityProvider.getType())) {
                identityProvider.setActive(false);
                this.provisioning.update(identityProvider);
            }
        }
    }

    protected void updateDefaultZoneUaaIDP() throws JSONException {
        IdentityProvider retrieveByOrigin = this.provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId());
        retrieveByOrigin.setConfig(new UaaIdentityProviderDefinition(this.defaultPasswordPolicy, this.defaultLockoutPolicy, this.disableInternalUserManagement));
        retrieveByOrigin.setActive(!getBooleanValue(this.environment.getProperty("disableInternalAuth"), false));
        this.provisioning.update(retrieveByOrigin);
    }

    protected boolean getBooleanValue(String str, boolean z) {
        return str != null ? Boolean.valueOf(str).booleanValue() : z;
    }

    private boolean isAmongProviders(String str, String str2) {
        for (IdentityProvider identityProvider : this.providers) {
            if (identityProvider.getOriginKey().equals(str) && identityProvider.getType().equals(str2)) {
                return true;
            }
        }
        return false;
    }

    public void setDefaultPasswordPolicy(PasswordPolicy passwordPolicy) {
        this.defaultPasswordPolicy = passwordPolicy;
    }

    public void setDefaultLockoutPolicy(LockoutPolicy lockoutPolicy) {
        this.defaultLockoutPolicy = lockoutPolicy;
    }

    public boolean isDisableInternalUserManagement() {
        return this.disableInternalUserManagement;
    }

    public void setDisableInternalUserManagement(boolean z) {
        this.disableInternalUserManagement = z;
    }

    public void setOauthIdpDefinitions(Map<String, AbstractXOAuthIdentityProviderDefinition> map) {
        this.oauthIdpDefintions = map;
    }
}
