package io.gravitee.am.management.service.impl;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import io.gravitee.am.common.event.IdentityProviderEvent;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.identityprovider.api.UserProvider;
import io.gravitee.am.management.service.IdentityProviderManager;
import io.gravitee.am.management.service.InMemoryIdentityProviderListener;
import io.gravitee.am.management.service.impl.notifications.NotificationDefinitionUtils;
import io.gravitee.am.management.service.impl.upgrades.UpgraderOrder;
import io.gravitee.am.management.service.impl.utils.InlineOrganizationProviderConfiguration;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.plugins.idp.core.IdentityProviderPluginManager;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.RoleService;
import io.gravitee.am.service.authentication.crypto.password.PasswordEncoderOptions;
import io.gravitee.am.service.exception.PluginNotDeployedException;
import io.gravitee.am.service.model.NewIdentityProvider;
import io.gravitee.am.service.utils.BackendConfigurationUtils;
import io.gravitee.common.event.Event;
import io.gravitee.common.event.EventListener;
import io.gravitee.common.event.EventManager;
import io.gravitee.common.service.AbstractService;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:io/gravitee/am/management/service/impl/IdentityProviderManagerImpl.class */
public class IdentityProviderManagerImpl extends AbstractService<IdentityProviderManager> implements IdentityProviderManager, EventListener<IdentityProviderEvent, Payload> {
    public static final String IDP_GRAVITEE = "gravitee";
    private static final String DEFAULT_IDP_PREFIX = "default-idp-";
    private static final String DEFAULT_IDP_NAME = "Default Identity Provider";
    private static final String DEFAULT_MONGO_IDP_TYPE = "mongo-am-idp";
    private static final String DEFAULT_JDBC_IDP_TYPE = "jdbc-am-idp";
    private static final int TABLE_NAME_MAX_LENGTH = 50;
    private final ConcurrentMap<String, UserProvider> userProviders = new ConcurrentHashMap();
    private final ConcurrentMap<String, IdentityProvider> identityProviders = new ConcurrentHashMap();

    @Autowired
    private IdentityProviderPluginManager identityProviderPluginManager;

    @Autowired
    private IdentityProviderService identityProviderService;

    @Autowired
    private EventManager eventManager;

    @Autowired
    private Environment environment;

    @Autowired
    private RoleService roleService;
    private InMemoryIdentityProviderListener listener;
    private static final Set<String> SUPPORTED_PASSWORD_ENCODER = Set.of("BCrypt", "SHA-256", "SHA-384", "SHA-512", "SHA-256+MD5");
    private static final Logger logger = LoggerFactory.getLogger(IdentityProviderManagerImpl.class);

    /* renamed from: io.gravitee.am.management.service.impl.IdentityProviderManagerImpl$1, reason: invalid class name */
    /* loaded from: input_file:io/gravitee/am/management/service/impl/IdentityProviderManagerImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent = new int[IdentityProviderEvent.values().length];

        static {
            try {
                $SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent[IdentityProviderEvent.UNDEPLOY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public void setListener(InMemoryIdentityProviderListener inMemoryIdentityProviderListener) {
        this.listener = inMemoryIdentityProviderListener;
    }

    protected void doStart() throws Exception {
        super.doStart();
        logger.info("Register event listener for identity provider events for the management API");
        this.eventManager.subscribeForEvents(this, IdentityProviderEvent.class);
        logger.info("Initializing user providers");
        this.identityProviderService.findAll().flatMapMaybe(identityProvider -> {
            logger.info("\tInitializing user provider: {} [{}]", identityProvider.getName(), identityProvider.getType());
            return loadUserProvider(identityProvider);
        }).ignoreElements().blockingAwait();
    }

    public void onEvent(Event<IdentityProviderEvent, Payload> event) {
        switch (AnonymousClass1.$SwitchMap$io$gravitee$am$common$event$IdentityProviderEvent[event.type().ordinal()]) {
            case UpgraderOrder.DEFAULT_ROLE_UPGRADER /* 1 */:
                removeUserProvider(((Payload) event.content()).getId());
                return;
            default:
                logger.debug("{} event received for IdentityProvider {}, ignore it as it will be loaded on demand", event.type(), ((Payload) event.content()).getId());
                return;
        }
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public Completable loadIdentityProviders() {
        if (this.listener == null) {
            return Completable.complete();
        }
        IdentityProvider buildOrganizationUserIdentityProvider = buildOrganizationUserIdentityProvider();
        List<IdentityProvider> loadProvidersFromConfig = loadProvidersFromConfig();
        loadProvidersFromConfig.add(buildOrganizationUserIdentityProvider);
        InMemoryIdentityProviderListener inMemoryIdentityProviderListener = this.listener;
        Objects.requireNonNull(inMemoryIdentityProviderListener);
        loadProvidersFromConfig.forEach(inMemoryIdentityProviderListener::registerAuthenticationProvider);
        return loadUserProvider(buildOrganizationUserIdentityProvider).ignoreElement();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x003c. Please report as an issue. */
    private List<IdentityProvider> loadProvidersFromConfig() {
        ArrayList arrayList = new ArrayList();
        boolean z = true;
        int i = 0;
        while (z) {
            String property = this.environment.getProperty("security.providers[" + i + "].type");
            z = property != null;
            if (z) {
                boolean z2 = -1;
                switch (property.hashCode()) {
                    case -1077756671:
                        if (property.equals(InlineOrganizationProviderConfiguration.MEMORY_TYPE)) {
                            z2 = false;
                            break;
                        }
                        break;
                }
                switch (z2) {
                    case UpgraderOrder.INSTALLATION_UPGRADER /* 0 */:
                        InlineOrganizationProviderConfiguration inlineOrganizationProviderConfiguration = new InlineOrganizationProviderConfiguration(this.roleService, this.environment, i);
                        if (!inlineOrganizationProviderConfiguration.isEnabled()) {
                            break;
                        } else {
                            arrayList.add(inlineOrganizationProviderConfiguration.buildIdentityProvider());
                            break;
                        }
                    default:
                        logger.warn("Unsupported provider with type '{}'", property);
                        break;
                }
            }
            i++;
        }
        return arrayList;
    }

    private IdentityProvider buildOrganizationUserIdentityProvider() {
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId(IDP_GRAVITEE);
        identityProvider.setExternal(false);
        identityProvider.setType("gravitee-am-idp");
        identityProvider.setName(IDP_GRAVITEE);
        identityProvider.setReferenceId("DEFAULT");
        identityProvider.setReferenceType(ReferenceType.ORGANIZATION);
        identityProvider.setConfiguration("{}");
        return identityProvider;
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public Maybe<UserProvider> getUserProvider(String str) {
        return str == null ? Maybe.empty() : (IDP_GRAVITEE.equals(str) && this.userProviders.containsKey(str)) ? Maybe.just(this.userProviders.get(str)) : this.identityProviderService.findById(str).flatMap(identityProvider -> {
            UserProvider userProvider = this.userProviders.get(str);
            if (userProvider != null && this.identityProviders.containsKey(str) && this.identityProviders.get(str).getUpdatedAt().getTime() >= identityProvider.getUpdatedAt().getTime()) {
                return Maybe.just(userProvider);
            }
            removeUserProvider(str);
            return loadUserProvider(identityProvider);
        });
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public Optional<IdentityProvider> getIdentityProvider(String str) {
        return Optional.ofNullable(this.identityProviders.get(str));
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public Single<IdentityProvider> create(ReferenceType referenceType, String str) {
        NewIdentityProvider newIdentityProvider = new NewIdentityProvider();
        newIdentityProvider.setId("default-idp-" + str.toLowerCase());
        newIdentityProvider.setName(DEFAULT_IDP_NAME);
        if (useMongoRepositories()) {
            newIdentityProvider.setType(DEFAULT_MONGO_IDP_TYPE);
            newIdentityProvider.setConfiguration(createProviderConfig(str, null));
        } else {
            if (!useJdbcRepositories()) {
                return Single.error(new IllegalStateException("Unable to create Default IdentityProvider with " + managementBackend() + " backend"));
            }
            newIdentityProvider.setType(DEFAULT_JDBC_IDP_TYPE);
            newIdentityProvider.setConfiguration(createProviderConfig(str, newIdentityProvider));
        }
        return this.identityProviderService.create(referenceType, str, newIdentityProvider, (User) null, true);
    }

    private String createProviderConfig(String str, NewIdentityProvider newIdentityProvider) {
        try {
            return new ObjectMapper().writeValueAsString(createProviderConfiguration(str, newIdentityProvider));
        } catch (JsonProcessingException e) {
            throw new IllegalStateException("Unable to serialize the default idp configuration for domain '" + str + "'", e);
        }
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public Map<String, Object> createProviderConfiguration(String str, NewIdentityProvider newIdentityProvider) {
        Map<String, Object> linkedHashMap = new LinkedHashMap<>();
        String property = this.environment.getProperty("domains.identities.default.passwordEncoder.algorithm", "BCrypt");
        if (!SUPPORTED_PASSWORD_ENCODER.contains(property)) {
            throw new IllegalArgumentException("Invalid password encoder value '" + property + "'");
        }
        String lowerCase = str.toLowerCase();
        if (useMongoRepositories()) {
            Optional<String> mongoServers = getMongoServers();
            Object obj = null;
            Object obj2 = null;
            if (mongoServers.isEmpty()) {
                obj = this.environment.getProperty("management.mongodb.host", "localhost");
                obj2 = this.environment.getProperty("management.mongodb.port", "27017");
            }
            String property2 = this.environment.getProperty("management.mongodb.username");
            String property3 = this.environment.getProperty("management.mongodb.password");
            Object mongoDatabaseName = BackendConfigurationUtils.getMongoDatabaseName(this.environment);
            String str2 = "mongodb://";
            if (StringUtils.hasLength(property2) && StringUtils.hasLength(property3)) {
                str2 = str2 + property2 + ":" + property3 + "@";
            }
            linkedHashMap.put("uri", this.environment.getProperty("management.mongodb.uri", str2 + addOptionsToURI(mongoServers.orElse(obj + ":" + obj2))));
            linkedHashMap.put("host", obj != null ? obj : "");
            linkedHashMap.put("port", obj2);
            linkedHashMap.put("enableCredentials", false);
            linkedHashMap.put("database", mongoDatabaseName);
            linkedHashMap.put("usersCollection", "idp_users_" + lowerCase);
            linkedHashMap.put("findUserByUsernameQuery", "{username: ?}");
            linkedHashMap.put("findUserByEmailQuery", "{email: ?}");
            linkedHashMap.put("usernameField", "username");
            linkedHashMap.put("passwordField", "password");
            linkedHashMap.put("passwordEncoder", property);
            updatePasswordEncoderOptions(linkedHashMap, property);
        } else if (useJdbcRepositories()) {
            String replace = lowerCase.replace("-", "_");
            if (replace.length() > TABLE_NAME_MAX_LENGTH) {
                try {
                    logger.info("Table name 'idp_users_{}' will be too long, compute shortest unique name", replace);
                    replace = BaseEncoding.base16().encode(MessageDigest.getInstance("sha-256").digest(replace.getBytes())).substring(0, 40).toLowerCase();
                    if (newIdentityProvider != null) {
                        newIdentityProvider.setId("default-idp-" + replace);
                    }
                } catch (NoSuchAlgorithmException e) {
                    throw new IllegalStateException("Unable to compute digest of '" + lowerCase + "' due to unknown sha-256 algorithm", e);
                }
            }
            linkedHashMap.put("host", jdbcHost());
            linkedHashMap.put("port", jdbcPort());
            linkedHashMap.put("protocol", jdbcDriver());
            linkedHashMap.put("database", jdbcDatabase());
            linkedHashMap.put("usersTable", "idp_users_" + replace);
            linkedHashMap.put(NotificationDefinitionUtils.NOTIFIER_DATA_USER, jdbcUser());
            linkedHashMap.put("password", jdbcPassword() == null ? null : jdbcPassword());
            linkedHashMap.put("autoProvisioning", Boolean.valueOf(idpProvisioning()));
            linkedHashMap.put("selectUserByUsernameQuery", "SELECT * FROM idp_users_" + replace + " WHERE username = %s");
            linkedHashMap.put("selectUserByEmailQuery", "SELECT * FROM idp_users_" + replace + " WHERE email = %s");
            linkedHashMap.put("identifierAttribute", "id");
            linkedHashMap.put("usernameAttribute", "username");
            linkedHashMap.put("passwordAttribute", "password");
            linkedHashMap.put("passwordEncoder", property);
            updatePasswordEncoderOptions(linkedHashMap, property);
        }
        return linkedHashMap;
    }

    private void updatePasswordEncoderOptions(Map<String, Object> map, String str) {
        if ("bcrypt".equalsIgnoreCase(str)) {
            map.put("passwordEncoderOptions", new PasswordEncoderOptions(Integer.parseInt(this.environment.getProperty("domains.identities.default.passwordEncoder.properties.rounds", "10"))));
        } else if (str.toLowerCase().startsWith("sha")) {
            map.put("passwordEncoderOptions", new PasswordEncoderOptions(Integer.parseInt(this.environment.getProperty("domains.identities.default.passwordEncoder.properties.rounds", "1"))));
        }
    }

    private Optional<String> getMongoServers() {
        logger.debug("Looking for MongoDB server configuration...");
        boolean z = true;
        int i = 0;
        ArrayList arrayList = new ArrayList();
        while (z) {
            int i2 = i;
            int i3 = i + 1;
            String property = this.environment.getProperty("management.mongodb.servers[" + i2 + "].host");
            i = i3 + 1;
            int intValue = ((Integer) this.environment.getProperty("management.mongodb.servers[" + i3 + "].port", Integer.TYPE, 27017)).intValue();
            z = property != null;
            if (z) {
                arrayList.add(property + ":" + intValue);
            }
        }
        return arrayList.isEmpty() ? Optional.empty() : Optional.of((String) arrayList.stream().collect(Collectors.joining(",")));
    }

    public String addOptionsToURI(String str) {
        Integer num = (Integer) this.environment.getProperty("management.mongodb.connectTimeout", Integer.class, 1000);
        Integer num2 = (Integer) this.environment.getProperty("management.mongodb.socketTimeout", Integer.class, 1000);
        Integer num3 = (Integer) this.environment.getProperty("management.mongodb.maxConnectionIdleTime", Integer.class);
        Integer num4 = (Integer) this.environment.getProperty("management.mongodb.heartbeatFrequency", Integer.class);
        Boolean bool = (Boolean) this.environment.getProperty("management.mongodb.sslEnabled", Boolean.class);
        String str2 = (String) this.environment.getProperty("management.mongodb.authSource", String.class);
        String str3 = (str + (str.endsWith("/") ? "" : "/")) + "?connectTimeoutMS=" + num + "&socketTimeoutMS=" + num2;
        if (str2 != null) {
            str3 = str3 + "&authSource=" + str2;
        }
        if (num3 != null) {
            str3 = str3 + "&maxIdleTimeMS=" + num3;
        }
        if (num4 != null) {
            str3 = str3 + "&heartbeatFrequencyMS=" + num4;
        }
        if (bool != null) {
            str3 = str3 + "&ssl=" + bool;
        }
        return str3;
    }

    protected boolean useMongoRepositories() {
        return "mongodb".equalsIgnoreCase(managementBackend());
    }

    protected boolean useJdbcRepositories() {
        return "jdbc".equalsIgnoreCase(managementBackend());
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public Single<IdentityProvider> create(String str) {
        return create(ReferenceType.DOMAIN, str);
    }

    private void removeUserProvider(String str) {
        logger.info("Management API has received a undeploy identity provider event for {}", str);
        UserProvider remove = this.userProviders.remove(str);
        this.identityProviders.remove(str);
        if (remove != null) {
            try {
                remove.stop();
            } catch (Exception e) {
                logger.error("An error has occurred while stopping the user provider : {}", str, e);
            }
        }
    }

    private Maybe<UserProvider> loadUserProvider(IdentityProvider identityProvider) {
        return this.identityProviderPluginManager.create(identityProvider.getType(), identityProvider.getConfiguration(), identityProvider).flatMapMaybe(optional -> {
            if (optional.isPresent()) {
                this.userProviders.put(identityProvider.getId(), (UserProvider) optional.get());
                this.identityProviders.put(identityProvider.getId(), identityProvider);
                return Maybe.just((UserProvider) optional.get());
            }
            this.userProviders.remove(identityProvider.getId());
            this.identityProviders.remove(identityProvider.getId());
            return Maybe.empty();
        }).onErrorResumeNext(th -> {
            logger.error("An error has occurred while loading user provider: {} [{}]", new Object[]{identityProvider.getName(), identityProvider.getType(), th});
            this.userProviders.remove(identityProvider.getId());
            this.identityProviders.remove(identityProvider.getId());
            return Maybe.empty();
        });
    }

    @Override // io.gravitee.am.management.service.IdentityProviderManager
    public Completable checkPluginDeployment(String str) {
        if (this.identityProviderPluginManager.isPluginDeployed(str)) {
            return Completable.complete();
        }
        logger.debug("Plugin {} not deployed", str);
        return Completable.error(PluginNotDeployedException.forType(str));
    }

    private String managementBackend() {
        return this.environment.getProperty("management.type", "mongodb");
    }

    private String jdbcHost() {
        return this.environment.getProperty("management.jdbc.host", "localhost");
    }

    private String jdbcPort() {
        return this.environment.getProperty("management.jdbc.port");
    }

    private String jdbcDriver() {
        return this.environment.getProperty("management.jdbc.driver", "postgresql");
    }

    private String jdbcDatabase() {
        return this.environment.getProperty("management.jdbc.database", "gravitee_am");
    }

    private String jdbcUser() {
        return this.environment.getProperty("management.jdbc.username", "postgres");
    }

    private String jdbcPassword() {
        return this.environment.getProperty("management.jdbc.password");
    }

    private boolean idpProvisioning() {
        return ((Boolean) this.environment.getProperty("management.jdbc.identityProvider.provisioning", Boolean.class, true)).booleanValue();
    }
}
