package io.gravitee.am.management.service.impl;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.BaseEncoding;
import io.gravitee.am.common.env.RepositoriesEnvironment;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.management.service.DefaultIdentityProviderService;
import io.gravitee.am.management.service.impl.notifications.NotificationDefinitionUtils;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.repository.Scope;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.authentication.crypto.password.PasswordEncoderOptions;
import io.gravitee.am.service.model.NewIdentityProvider;
import io.gravitee.am.service.utils.BackendConfigurationUtils;
import io.reactivex.rxjava3.core.Single;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:io/gravitee/am/management/service/impl/DefaultIdentityProviderServiceImpl.class */
public class DefaultIdentityProviderServiceImpl implements DefaultIdentityProviderService {
    public static final String DEFAULT_IDP_PREFIX = "default-idp-";
    private static final String DEFAULT_IDP_NAME = "Default Identity Provider";
    private static final String DEFAULT_MONGO_IDP_TYPE = "mongo-am-idp";
    private static final String DEFAULT_JDBC_IDP_TYPE = "jdbc-am-idp";
    private static final int TABLE_NAME_MAX_LENGTH = 50;
    public static final String PASSWORD = "password";
    private final IdentityProviderService identityProviderService;
    private final RepositoriesEnvironment environment;
    private final ObjectMapper objectMapper = new ObjectMapper();

    @Generated
    private static final Logger log = LoggerFactory.getLogger(DefaultIdentityProviderServiceImpl.class);
    private static final Set<String> SUPPORTED_PASSWORD_ENCODER = Set.of("BCrypt", "SHA-256", "SHA-384", "SHA-512", "SHA-256+MD5");

    public DefaultIdentityProviderServiceImpl(IdentityProviderService identityProviderService, RepositoriesEnvironment repositoriesEnvironment) {
        this.identityProviderService = identityProviderService;
        this.environment = repositoriesEnvironment;
    }

    @Override // io.gravitee.am.management.service.DefaultIdentityProviderService
    public Single<IdentityProvider> create(String str) {
        NewIdentityProvider newIdentityProvider = new NewIdentityProvider();
        newIdentityProvider.setId("default-idp-" + str.toLowerCase());
        newIdentityProvider.setName(DEFAULT_IDP_NAME);
        if (useMongoRepositories()) {
            newIdentityProvider.setType(DEFAULT_MONGO_IDP_TYPE);
            newIdentityProvider.setConfiguration(createProviderConfig(str, null));
        } else {
            if (!useJdbcRepositories()) {
                return Single.error(new IllegalStateException("Unable to create Default IdentityProvider with " + managementBackend() + " backend"));
            }
            newIdentityProvider.setType(DEFAULT_JDBC_IDP_TYPE);
            newIdentityProvider.setConfiguration(createProviderConfig(str, newIdentityProvider));
        }
        return this.identityProviderService.create(ReferenceType.DOMAIN, str, newIdentityProvider, (User) null, true);
    }

    @Override // io.gravitee.am.management.service.DefaultIdentityProviderService
    public Map<String, Object> createProviderConfiguration(String str, NewIdentityProvider newIdentityProvider) {
        Map<String, Object> linkedHashMap = new LinkedHashMap<>();
        String property = this.environment.getProperty("domains.identities.default.passwordEncoder.algorithm", "BCrypt");
        if (!SUPPORTED_PASSWORD_ENCODER.contains(property)) {
            throw new IllegalArgumentException("Invalid password encoder value '" + property + "'");
        }
        String lowerCase = str.toLowerCase();
        if (useMongoRepositories()) {
            Optional<String> mongoServers = getMongoServers();
            Object obj = null;
            Object obj2 = null;
            if (mongoServers.isEmpty()) {
                obj = this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.host", "localhost");
                obj2 = this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.port", "27017");
            }
            String property2 = this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.username");
            String property3 = this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.password");
            Object mongoDatabaseName = BackendConfigurationUtils.getMongoDatabaseName(this.environment);
            String str2 = "mongodb://";
            if (StringUtils.hasLength(property2) && StringUtils.hasLength(property3)) {
                str2 = str2 + property2 + ":" + property3 + "@";
            }
            linkedHashMap.put("uri", this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.uri", str2 + addOptionsToURI(mongoServers.orElse(obj + ":" + obj2))));
            linkedHashMap.put("host", obj != null ? obj : "");
            linkedHashMap.put("port", obj2);
            linkedHashMap.put("enableCredentials", false);
            linkedHashMap.put("database", mongoDatabaseName);
            linkedHashMap.put("usersCollection", "idp_users_" + lowerCase);
            linkedHashMap.put("findUserByUsernameQuery", "{username: ?}");
            linkedHashMap.put("findUserByEmailQuery", "{email: ?}");
            linkedHashMap.put("usernameField", "username");
            linkedHashMap.put("passwordField", PASSWORD);
            linkedHashMap.put("passwordEncoder", property);
            updatePasswordEncoderOptions(linkedHashMap, property);
        } else if (useJdbcRepositories()) {
            String replace = lowerCase.replace("-", "_");
            if (replace.length() > TABLE_NAME_MAX_LENGTH) {
                try {
                    log.info("Table name 'idp_users_{}' will be too long, compute shortest unique name", replace);
                    replace = BaseEncoding.base16().encode(MessageDigest.getInstance("sha-256").digest(replace.getBytes())).substring(0, 40).toLowerCase();
                    if (newIdentityProvider != null) {
                        newIdentityProvider.setId("default-idp-" + replace);
                    }
                } catch (NoSuchAlgorithmException e) {
                    throw new IllegalStateException("Unable to compute digest of '" + lowerCase + "' due to unknown sha-256 algorithm", e);
                }
            }
            linkedHashMap.put("host", jdbcHost());
            linkedHashMap.put("port", jdbcPort());
            linkedHashMap.put("protocol", jdbcDriver());
            linkedHashMap.put("database", jdbcDatabase());
            linkedHashMap.put("usersTable", "idp_users_" + replace);
            linkedHashMap.put(NotificationDefinitionUtils.NOTIFIER_DATA_USER, jdbcUser());
            linkedHashMap.put(PASSWORD, jdbcPassword() == null ? null : jdbcPassword());
            linkedHashMap.put("autoProvisioning", Boolean.valueOf(idpProvisioning()));
            linkedHashMap.put("selectUserByUsernameQuery", "SELECT * FROM idp_users_" + replace + " WHERE username = %s");
            linkedHashMap.put("selectUserByEmailQuery", "SELECT * FROM idp_users_" + replace + " WHERE email = %s");
            linkedHashMap.put("identifierAttribute", "id");
            linkedHashMap.put("usernameAttribute", "username");
            linkedHashMap.put("passwordAttribute", PASSWORD);
            linkedHashMap.put("passwordEncoder", property);
            updatePasswordEncoderOptions(linkedHashMap, property);
        }
        return linkedHashMap;
    }

    public String addOptionsToURI(String str) {
        Integer num = (Integer) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.connectTimeout", Integer.class, 1000);
        Integer num2 = (Integer) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.socketTimeout", Integer.class, 1000);
        Integer num3 = (Integer) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.maxConnectionIdleTime", Integer.class);
        Integer num4 = (Integer) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.heartbeatFrequency", Integer.class);
        Boolean bool = (Boolean) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.sslEnabled", Boolean.class);
        String str2 = (String) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.authSource", String.class);
        String str3 = (str + (str.endsWith("/") ? "" : "/")) + "?connectTimeoutMS=" + num + "&socketTimeoutMS=" + num2;
        if (str2 != null) {
            str3 = str3 + "&authSource=" + str2;
        }
        if (num3 != null) {
            str3 = str3 + "&maxIdleTimeMS=" + num3;
        }
        if (num4 != null) {
            str3 = str3 + "&heartbeatFrequencyMS=" + num4;
        }
        if (bool != null) {
            str3 = str3 + "&ssl=" + bool;
        }
        return str3;
    }

    private String createProviderConfig(String str, NewIdentityProvider newIdentityProvider) {
        try {
            return this.objectMapper.writeValueAsString(createProviderConfiguration(str, newIdentityProvider));
        } catch (JsonProcessingException e) {
            throw new IllegalStateException("Unable to serialize the default idp configuration for domain '" + str + "'", e);
        }
    }

    private void updatePasswordEncoderOptions(Map<String, Object> map, String str) {
        if ("bcrypt".equalsIgnoreCase(str)) {
            map.put("passwordEncoderOptions", new PasswordEncoderOptions(Integer.parseInt(this.environment.getProperty("domains.identities.default.passwordEncoder.properties.rounds", "10"))));
        } else if (str.toLowerCase().startsWith("sha")) {
            map.put("passwordEncoderOptions", new PasswordEncoderOptions(Integer.parseInt(this.environment.getProperty("domains.identities.default.passwordEncoder.properties.rounds", "1"))));
        }
    }

    protected boolean useMongoRepositories() {
        return "mongodb".equalsIgnoreCase(managementBackend());
    }

    protected boolean useJdbcRepositories() {
        return "jdbc".equalsIgnoreCase(managementBackend());
    }

    private Optional<String> getMongoServers() {
        log.debug("Looking for MongoDB server configuration...");
        boolean z = true;
        int i = 0;
        ArrayList arrayList = new ArrayList();
        while (z) {
            int i2 = i;
            int i3 = i + 1;
            String property = this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.servers[" + i2 + "].host");
            i = i3 + 1;
            int intValue = ((Integer) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".mongodb.servers[" + i3 + "].port", Integer.TYPE, 27017)).intValue();
            z = property != null;
            if (z) {
                arrayList.add(property + ":" + intValue);
            }
        }
        return arrayList.isEmpty() ? Optional.empty() : Optional.of(String.join(",", arrayList));
    }

    private String managementBackend() {
        return this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".type", "mongodb");
    }

    private String jdbcHost() {
        return this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".jdbc.host", "localhost");
    }

    private String jdbcPort() {
        return this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".jdbc.port");
    }

    private String jdbcDriver() {
        return this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".jdbc.driver", "postgresql");
    }

    private String jdbcDatabase() {
        return this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".jdbc.database", "gravitee_am");
    }

    private String jdbcUser() {
        return this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".jdbc.username", "postgres");
    }

    private String jdbcPassword() {
        return this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".jdbc.password");
    }

    private boolean idpProvisioning() {
        return ((Boolean) this.environment.getProperty(Scope.MANAGEMENT.getRepositoryPropertyKey() + ".jdbc.identityProvider.provisioning", Boolean.class, true)).booleanValue();
    }
}
