package io.gravitee.am.management.service.impl;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.management.service.AbstractSensitiveProxy;
import io.gravitee.am.management.service.IdentityProviderPluginService;
import io.gravitee.am.management.service.IdentityProviderServiceProxy;
import io.gravitee.am.management.service.exception.IdentityProviderPluginSchemaNotFoundException;
import io.gravitee.am.management.service.impl.utils.JsonNodeValidator;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.exception.IdentityProviderNotFoundException;
import io.gravitee.am.service.model.AssignPasswordPolicy;
import io.gravitee.am.service.model.NewIdentityProvider;
import io.gravitee.am.service.model.UpdateIdentityProvider;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.IdentityProviderAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.util.ArrayList;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collector;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/management/service/impl/IdentityProviderServiceProxyImpl.class */
public class IdentityProviderServiceProxyImpl extends AbstractSensitiveProxy implements IdentityProviderServiceProxy {
    private static final String KERBEROS_AM_IDP = "kerberos-am-idp";
    private static final String INLINE_AM_IDP = "inline-am-idp";
    private static final String USERNAME_INLINE_KEY = "username";
    private static final String PASSWORD_INLINE_KEY = "password";
    private static final Collector<JsonNode, ?, Map<String, String>> JSON_NODE_MAP_COLLECTOR = Collectors.toMap(jsonNode -> {
        return jsonNode.get(USERNAME_INLINE_KEY).asText();
    }, jsonNode2 -> {
        return jsonNode2.get("password").asText();
    });
    private static final String USERS_INLINE_CONFIG_FIELD = "users";

    @Autowired
    private IdentityProviderPluginService identityProviderPluginService;

    @Autowired
    private IdentityProviderService identityProviderService;

    @Autowired
    private AuditService auditService;

    @Autowired
    private ObjectMapper objectMapper;

    public Flowable<IdentityProvider> findAll() {
        return this.identityProviderService.findAll().flatMapSingle(this::filterSensitiveData);
    }

    public Single<IdentityProvider> findById(ReferenceType referenceType, String str, String str2) {
        return this.identityProviderService.findById(referenceType, str, str2).flatMap(this::filterSensitiveData);
    }

    public Maybe<IdentityProvider> findById(String str) {
        return this.identityProviderService.findById(str).flatMap(identityProvider -> {
            return filterSensitiveData(identityProvider).toMaybe();
        });
    }

    public Flowable<IdentityProvider> findAll(ReferenceType referenceType, String str) {
        return this.identityProviderService.findAll(referenceType, str).flatMapSingle(this::filterSensitiveData);
    }

    public Flowable<IdentityProvider> findAll(ReferenceType referenceType) {
        return this.identityProviderService.findAll(referenceType).flatMapSingle(this::filterSensitiveData);
    }

    public Flowable<IdentityProvider> findByDomain(String str) {
        return this.identityProviderService.findByDomain(str).flatMapSingle(this::filterSensitiveData);
    }

    public Single<IdentityProvider> create(ReferenceType referenceType, String str, NewIdentityProvider newIdentityProvider, User user, boolean z) {
        return this.identityProviderService.create(referenceType, str, newIdentityProvider, user, z).flatMap(this::filterSensitiveData).doOnSuccess(identityProvider -> {
            this.auditService.report(((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).principal(user).type("IDENTITY_PROVIDER_CREATED").identityProvider(identityProvider));
        }).doOnError(th -> {
            this.auditService.report(((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).principal(user).type("IDENTITY_PROVIDER_CREATED").reference(new Reference(referenceType, str)).throwable(th));
        });
    }

    public Single<IdentityProvider> update(ReferenceType referenceType, String str, String str2, UpdateIdentityProvider updateIdentityProvider, User user, boolean z) {
        return this.identityProviderService.findById(str2).switchIfEmpty(Single.error(new IdentityProviderNotFoundException(str2))).flatMap(identityProvider -> {
            return filterSensitiveData(identityProvider).flatMap(identityProvider -> {
                return updateSensitiveData(updateIdentityProvider, identityProvider).flatMap(updateIdentityProvider2 -> {
                    return this.identityProviderService.update(referenceType, str, str2, updateIdentityProvider2, user, z);
                }).flatMap(this::filterSensitiveData).doOnSuccess(identityProvider -> {
                    this.auditService.report(((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).principal(user).type("IDENTITY_PROVIDER_UPDATED").oldValue(identityProvider).identityProvider(identityProvider));
                }).doOnError(th -> {
                    this.auditService.report(((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).principal(user).type("IDENTITY_PROVIDER_UPDATED").reference(new Reference(referenceType, str)).throwable(th));
                });
            });
        });
    }

    public Completable delete(ReferenceType referenceType, String str, String str2, User user) {
        return this.identityProviderService.delete(referenceType, str, str2, user);
    }

    public Flowable<IdentityProvider> findWithPasswordPolicy(ReferenceType referenceType, String str, String str2) {
        return this.identityProviderService.findWithPasswordPolicy(referenceType, str, str2);
    }

    public Single<IdentityProvider> updatePasswordPolicy(String str, String str2, AssignPasswordPolicy assignPasswordPolicy) {
        return this.identityProviderService.updatePasswordPolicy(str, str2, assignPasswordPolicy);
    }

    public Flowable<IdentityProvider> findByCertificate(Reference reference, String str) {
        return this.identityProviderService.findByCertificate(reference, str);
    }

    private Single<IdentityProvider> filterSensitiveData(IdentityProvider identityProvider) {
        return this.identityProviderPluginService.getSchema(identityProvider.getType()).map((v0) -> {
            return Optional.ofNullable(v0);
        }).defaultIfEmpty(Optional.empty()).map(optional -> {
            IdentityProvider identityProvider2 = new IdentityProvider(identityProvider);
            if (optional.isPresent()) {
                JsonNode readTree = this.objectMapper.readTree((String) optional.get());
                JsonNode readTree2 = this.objectMapper.readTree(identityProvider2.getConfiguration());
                if (KERBEROS_AM_IDP.equals(identityProvider2.getType())) {
                    filterNestedSensitiveData(readTree, readTree2, "/properties/ldapConfig", "/ldapConfig");
                }
                if (INLINE_AM_IDP.equals(identityProvider2.getType())) {
                    filterSensitiveInlineIdpData(readTree2);
                }
                Objects.requireNonNull(identityProvider2);
                super.filterSensitiveData(readTree, readTree2, identityProvider2::setConfiguration);
            } else {
                identityProvider2.setConfiguration("{}");
            }
            return identityProvider2;
        });
    }

    private Single<UpdateIdentityProvider> updateSensitiveData(UpdateIdentityProvider updateIdentityProvider, IdentityProvider identityProvider) {
        return this.identityProviderPluginService.getSchema(identityProvider.getType()).switchIfEmpty(Single.error(new IdentityProviderPluginSchemaNotFoundException(identityProvider.getType()))).map(str -> {
            JsonNode readTree = this.objectMapper.readTree(updateIdentityProvider.getConfiguration());
            JsonNodeValidator.validateConfiguration(readTree);
            JsonNode readTree2 = this.objectMapper.readTree(identityProvider.getConfiguration());
            JsonNode readTree3 = this.objectMapper.readTree(str);
            if (KERBEROS_AM_IDP.equals(identityProvider.getType())) {
                updateNestedSensitiveData(readTree, readTree2, readTree3, "/properties/ldapConfig", "/ldapConfig");
            }
            if (INLINE_AM_IDP.equals(identityProvider.getType())) {
                handleUpdateInlineIdp(readTree, readTree2);
            }
            Objects.requireNonNull(updateIdentityProvider);
            super.updateSensitiveData(readTree, readTree2, readTree3, updateIdentityProvider::setConfiguration);
            return updateIdentityProvider;
        });
    }

    private void filterSensitiveInlineIdpData(JsonNode jsonNode) {
        if (jsonNode.has(USERS_INLINE_CONFIG_FIELD)) {
            jsonNode.get(USERS_INLINE_CONFIG_FIELD).forEach(jsonNode2 -> {
                ((ObjectNode) jsonNode2).put("password", "********");
            });
        }
    }

    private void handleUpdateInlineIdp(JsonNode jsonNode, JsonNode jsonNode2) {
        ArrayNode arrayNode = (ArrayNode) jsonNode.get(USERS_INLINE_CONFIG_FIELD);
        ArrayNode arrayNode2 = (ArrayNode) jsonNode2.get(USERS_INLINE_CONFIG_FIELD);
        if (areUserRemoved(arrayNode) || noPriorUsers(arrayNode2)) {
            return;
        }
        ArrayList arrayList = new ArrayList(jsonNode2.size());
        Objects.requireNonNull(arrayList);
        arrayNode2.forEach((v1) -> {
            r1.add(v1);
        });
        Map map = (Map) arrayList.stream().collect(JSON_NODE_MAP_COLLECTOR);
        arrayNode.forEach(jsonNode3 -> {
            String asText = jsonNode3.get(USERNAME_INLINE_KEY).asText();
            String asText2 = jsonNode3.get("password").asText();
            String str = (String) map.get(asText);
            if (str == null || !SENSITIVE_VALUE_PATTERN.matcher(asText2).matches()) {
                return;
            }
            ((ObjectNode) jsonNode3).put("password", str);
        });
    }

    private boolean noPriorUsers(ArrayNode arrayNode) {
        return arrayNode == null || arrayNode.isEmpty();
    }

    private boolean areUserRemoved(ArrayNode arrayNode) {
        return arrayNode == null || arrayNode.isEmpty();
    }
}
