package org.cloudfoundry.identity.uaa.impl.config;

import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent;
import org.cloudfoundry.identity.uaa.authentication.SystemAuthentication;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.provider.AbstractIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderWrapper;
import org.cloudfoundry.identity.uaa.provider.KeystoneIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.LockoutPolicy;
import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;
import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderData;
import org.cloudfoundry.identity.uaa.util.LdapUtils;
import org.cloudfoundry.identity.uaa.util.UaaMapUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.json.JSONException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.core.env.AbstractEnvironment;
import org.springframework.core.env.Environment;
import org.springframework.dao.EmptyResultDataAccessException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.11.0.jar:org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.class */
public class IdentityProviderBootstrap implements InitializingBean, ApplicationListener<ContextRefreshedEvent>, ApplicationEventPublisherAware {
    private static Log logger = LogFactory.getLog(IdentityProviderBootstrap.class);
    private IdentityProviderProvisioning provisioning;
    private BootstrapSamlIdentityProviderData configurator;
    private List<IdentityProviderWrapper> oauthIdpDefintions;
    private Map<String, Object> ldapConfig;
    private Map<String, Object> keystoneConfig;
    private Environment environment;
    private PasswordPolicy defaultPasswordPolicy;
    private LockoutPolicy defaultLockoutPolicy;
    private boolean disableInternalUserManagement;
    private ApplicationEventPublisher publisher;
    private List<IdentityProviderWrapper> providers = new LinkedList();
    private List<String> originsToDelete = null;

    public IdentityProviderBootstrap(IdentityProviderProvisioning identityProviderProvisioning, Environment environment) {
        if (identityProviderProvisioning == null) {
            throw new NullPointerException("Constructor argument can't be null.");
        }
        this.provisioning = identityProviderProvisioning;
        this.environment = environment;
    }

    private void addOauthProviders() {
        if (this.oauthIdpDefintions == null) {
            return;
        }
        for (IdentityProviderWrapper identityProviderWrapper : this.oauthIdpDefintions) {
            validateDuplicateAlias(identityProviderWrapper.getProvider().getOriginKey());
            this.providers.add(identityProviderWrapper);
        }
    }

    public void validateDuplicateAlias(String str) {
        Iterator it = ((List) this.providers.stream().map((v0) -> {
            return v0.getProvider();
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            if (((IdentityProvider) it.next()).getOriginKey().equals(str)) {
                throw new IllegalArgumentException("Provider alias " + str + " is not unique.");
            }
        }
    }

    public void setSamlProviders(BootstrapSamlIdentityProviderData bootstrapSamlIdentityProviderData) {
        this.configurator = bootstrapSamlIdentityProviderData;
    }

    protected void addSamlProviders() {
        if (this.configurator == null) {
            return;
        }
        for (IdentityProviderWrapper<SamlIdentityProviderDefinition> identityProviderWrapper : this.configurator.getSamlProviders()) {
            validateDuplicateAlias(identityProviderWrapper.getProvider().getOriginKey());
            this.providers.add(identityProviderWrapper);
        }
    }

    public void setLdapConfig(HashMap<String, Object> hashMap) {
        this.ldapConfig = hashMap;
    }

    protected void addLdapProvider() {
        boolean contains = Arrays.asList(this.environment.getActiveProfiles()).contains("ldap");
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setActive(contains);
        identityProvider.setOriginKey("ldap");
        identityProvider.setType("ldap");
        identityProvider.setName("UAA LDAP Provider");
        HashMap hashMap = new HashMap();
        hashMap.put("ldap", this.ldapConfig);
        LdapIdentityProviderDefinition ldapConfigAsDefinition = getLdapConfigAsDefinition(hashMap);
        identityProvider.setConfig(ldapConfigAsDefinition);
        identityProvider.setActive(contains && ldapConfigAsDefinition.isConfigured().booleanValue());
        boolean booleanValue = (this.ldapConfig == null || this.ldapConfig.get("override") == null) ? true : ((Boolean) this.ldapConfig.get("override")).booleanValue();
        if (!booleanValue) {
            IdentityProvider providerByOrigin = getProviderByOrigin("ldap", IdentityZone.getUaa().getId());
            booleanValue = providerByOrigin == null || providerByOrigin.getConfig() == null;
        }
        IdentityProviderWrapper identityProviderWrapper = new IdentityProviderWrapper(identityProvider);
        identityProviderWrapper.setOverride(booleanValue);
        this.providers.add(identityProviderWrapper);
    }

    protected LdapIdentityProviderDefinition getLdapConfigAsDefinition(Map<String, Object> map) {
        Map<String, Object> flatten = UaaMapUtils.flatten(map);
        populateLdapEnvironment(flatten);
        return flatten.isEmpty() ? new LdapIdentityProviderDefinition() : LdapUtils.fromConfig(flatten);
    }

    protected void populateLdapEnvironment(Map<String, Object> map) {
        AbstractEnvironment abstractEnvironment = (AbstractEnvironment) this.environment;
        for (String str : LdapIdentityProviderDefinition.LDAP_PROPERTY_NAMES) {
            if (abstractEnvironment.containsProperty(str) && LdapIdentityProviderDefinition.LDAP_PROPERTY_TYPES.get(str) != null) {
                map.put(str, abstractEnvironment.getProperty(str, LdapIdentityProviderDefinition.LDAP_PROPERTY_TYPES.get(str)));
            }
        }
        for (Map.Entry<String, Object> entry : UaaMapUtils.getPropertiesStartingWith(abstractEnvironment, LdapIdentityProviderDefinition.LDAP_PREFIX).entrySet()) {
            if (!LdapIdentityProviderDefinition.LDAP_PROPERTY_NAMES.contains(entry.getKey())) {
                map.put(entry.getKey(), entry.getValue());
            }
        }
    }

    public void setKeystoneConfig(HashMap<String, Object> hashMap) {
        this.keystoneConfig = hashMap;
    }

    protected AbstractIdentityProviderDefinition getKeystoneDefinition(Map<String, Object> map) {
        return new KeystoneIdentityProviderDefinition(map);
    }

    protected void addKeystoneProvider() {
        boolean contains = Arrays.asList(this.environment.getActiveProfiles()).contains(OriginKeys.KEYSTONE);
        if (this.keystoneConfig != null || contains) {
            boolean z = contains && this.keystoneConfig != null;
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setOriginKey(OriginKeys.KEYSTONE);
            identityProvider.setType(OriginKeys.KEYSTONE);
            identityProvider.setName("UAA Keystone Provider");
            identityProvider.setActive(z);
            identityProvider.setConfig(getKeystoneDefinition(this.keystoneConfig));
            this.providers.add(new IdentityProviderWrapper(identityProvider));
        }
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.publisher = applicationEventPublisher;
    }

    @Override // org.springframework.context.ApplicationListener
    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
        deleteIdentityProviders(IdentityZone.getUaa().getId());
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.providers.clear();
        addLdapProvider();
        addSamlProviders();
        addOauthProviders();
        addKeystoneProvider();
        String id = IdentityZone.getUaa().getId();
        for (IdentityProviderWrapper identityProviderWrapper : this.providers) {
            IdentityProvider provider = identityProviderWrapper.getProvider();
            if (!getOriginsToDelete().contains(provider.getOriginKey())) {
                IdentityProvider providerByOrigin = getProviderByOrigin(provider.getOriginKey(), id);
                provider.setIdentityZoneId(id);
                if (providerByOrigin == null) {
                    this.provisioning.create(provider, id);
                } else if (identityProviderWrapper.isOverride()) {
                    provider.setId(providerByOrigin.getId());
                    provider.setCreated(providerByOrigin.getCreated());
                    provider.setVersion(providerByOrigin.getVersion());
                    provider.setLastModified(new Date(System.currentTimeMillis()));
                    this.provisioning.update(provider, id);
                }
            }
        }
        updateDefaultZoneUaaIDP();
    }

    public IdentityProvider getProviderByOrigin(String str, String str2) {
        try {
            return this.provisioning.retrieveByOrigin(str, str2);
        } catch (EmptyResultDataAccessException e) {
            return null;
        }
    }

    private void deleteIdentityProviders(String str) {
        for (String str2 : getOriginsToDelete()) {
            if (!OriginKeys.UAA.equals(str2) && !"ldap".equals(str2)) {
                try {
                    logger.debug("Attempting to deactivating identity provider:" + str2);
                    EntityDeletedEvent entityDeletedEvent = new EntityDeletedEvent(this.provisioning.retrieveByOrigin(str2, str), SystemAuthentication.SYSTEM_AUTHENTICATION);
                    if (this.publisher != null) {
                        this.publisher.publishEvent((ApplicationEvent) entityDeletedEvent);
                        logger.debug("Identity provider deactivated:" + str2);
                    } else {
                        logger.warn(String.format("Unable to delete identity provider with origin '%s', no application publisher", str2));
                    }
                } catch (EmptyResultDataAccessException e) {
                }
            }
        }
    }

    protected void updateDefaultZoneUaaIDP() throws JSONException {
        String id = IdentityZone.getUaa().getId();
        IdentityProvider retrieveByOrigin = this.provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId());
        retrieveByOrigin.setConfig(new UaaIdentityProviderDefinition(this.defaultPasswordPolicy, this.defaultLockoutPolicy, this.disableInternalUserManagement));
        retrieveByOrigin.setActive(!getBooleanValue(this.environment.getProperty("disableInternalAuth"), false));
        this.provisioning.update(retrieveByOrigin, id);
    }

    protected boolean getBooleanValue(String str, boolean z) {
        return str != null ? Boolean.valueOf(str).booleanValue() : z;
    }

    public void setDefaultPasswordPolicy(PasswordPolicy passwordPolicy) {
        this.defaultPasswordPolicy = passwordPolicy;
    }

    public void setDefaultLockoutPolicy(LockoutPolicy lockoutPolicy) {
        this.defaultLockoutPolicy = lockoutPolicy;
    }

    public boolean isDisableInternalUserManagement() {
        return this.disableInternalUserManagement;
    }

    public void setDisableInternalUserManagement(boolean z) {
        this.disableInternalUserManagement = z;
    }

    public void setOauthIdpDefinitions(List<IdentityProviderWrapper> list) {
        this.oauthIdpDefintions = list;
    }

    public void setOriginsToDelete(List<String> list) {
        this.originsToDelete = list;
    }

    public List<String> getOriginsToDelete() {
        return (List) Optional.ofNullable(this.originsToDelete).orElse(Collections.emptyList());
    }
}
