package io.gravitee.am.service.impl;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.fasterxml.jackson.databind.node.TextNode;
import io.gravitee.am.common.event.Action;
import io.gravitee.am.common.event.Type;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.identityprovider.api.common.IdentityProviderConfigurationUtils;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.common.event.Event;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.repository.management.api.IdentityProviderRepository;
import io.gravitee.am.service.ApplicationService;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.EventService;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.PluginConfigurationValidationService;
import io.gravitee.am.service.exception.AbstractManagementException;
import io.gravitee.am.service.exception.IdentityProviderNotFoundException;
import io.gravitee.am.service.exception.IdentityProviderWithApplicationsException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.model.AssignPasswordPolicy;
import io.gravitee.am.service.model.NewIdentityProvider;
import io.gravitee.am.service.model.UpdateIdentityProvider;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.IdentityProviderAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Spliterators;
import java.util.stream.StreamSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;

@Component
@Primary
/* loaded from: input_file:io/gravitee/am/service/impl/IdentityProviderServiceImpl.class */
public class IdentityProviderServiceImpl implements IdentityProviderService {
    private final Logger LOGGER = LoggerFactory.getLogger(IdentityProviderServiceImpl.class);
    private final IdentityProviderRepository identityProviderRepository;
    private final ApplicationService applicationService;
    private final EventService eventService;
    private final AuditService auditService;
    private final ObjectMapper objectMapper;
    private final PluginConfigurationValidationService validationService;

    public IdentityProviderServiceImpl(@Lazy IdentityProviderRepository identityProviderRepository, ApplicationService applicationService, EventService eventService, AuditService auditService, ObjectMapper objectMapper, PluginConfigurationValidationService pluginConfigurationValidationService) {
        this.identityProviderRepository = identityProviderRepository;
        this.applicationService = applicationService;
        this.eventService = eventService;
        this.auditService = auditService;
        this.objectMapper = objectMapper;
        this.validationService = pluginConfigurationValidationService;
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Flowable<IdentityProvider> findAll() {
        this.LOGGER.debug("Find all identity providers");
        return this.identityProviderRepository.findAll().onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find all identity providers", th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find all identity providers", th));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Single<IdentityProvider> findById(ReferenceType referenceType, String str, String str2) {
        this.LOGGER.debug("Find identity provider by ID: {}", str2);
        return this.identityProviderRepository.findById(referenceType, str, str2).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find an identity provider using its ID: {}", str2, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find an identity provider using its ID: %s", str2), th));
        }).switchIfEmpty(Single.error(new IdentityProviderNotFoundException(str2)));
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Maybe<IdentityProvider> findById(String str) {
        this.LOGGER.debug("Find identity provider by ID: {}", str);
        return this.identityProviderRepository.findById(str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find an identity provider using its ID: {}", str, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find an identity provider using its ID: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Flowable<IdentityProvider> findAll(ReferenceType referenceType, String str) {
        this.LOGGER.debug("Find identity providers by {}: {}", referenceType, str);
        return this.identityProviderRepository.findAll(referenceType, str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find identity providers by domain", th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find identity providers by " + referenceType.name(), th));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Flowable<IdentityProvider> findAll(ReferenceType referenceType) {
        this.LOGGER.debug("Find identity providers by type {}", referenceType);
        return this.identityProviderRepository.findAll(referenceType);
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Flowable<IdentityProvider> findByDomain(String str) {
        return findAll(ReferenceType.DOMAIN, str);
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Single<IdentityProvider> create(ReferenceType referenceType, String str, NewIdentityProvider newIdentityProvider, User user, boolean z) {
        this.LOGGER.debug("Create a new identity provider {} for {} {}", new Object[]{newIdentityProvider, referenceType, str});
        return innerCreate(prepareIdp(newIdentityProvider, referenceType, str, z));
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Single<IdentityProvider> create(Domain domain, NewIdentityProvider newIdentityProvider, User user, boolean z) {
        this.LOGGER.debug("Create a new identity provider {} for domain {}", newIdentityProvider, domain.getId());
        IdentityProvider prepareIdp = prepareIdp(newIdentityProvider, ReferenceType.DOMAIN, domain.getId(), z);
        prepareIdp.setDataPlaneId(domain.getDataPlaneId());
        return innerCreate(prepareIdp);
    }

    private Single<IdentityProvider> innerCreate(IdentityProvider identityProvider) {
        return this.identityProviderRepository.create(identityProvider).flatMap(identityProvider2 -> {
            return this.eventService.create(new Event(Type.IDENTITY_PROVIDER, new Payload(identityProvider2.getId(), identityProvider2.getReferenceType(), identityProvider2.getReferenceId(), Action.CREATE))).flatMap(event -> {
                return Single.just(identityProvider2);
            });
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to create an identity provider", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to create an identity provider", th));
        });
    }

    private static IdentityProvider prepareIdp(NewIdentityProvider newIdentityProvider, ReferenceType referenceType, String str, boolean z) {
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId(newIdentityProvider.getId() == null ? RandomString.generate() : newIdentityProvider.getId());
        identityProvider.setReferenceType(referenceType);
        identityProvider.setReferenceId(str);
        identityProvider.setName(newIdentityProvider.getName());
        identityProvider.setType(newIdentityProvider.getType());
        identityProvider.setSystem(z);
        identityProvider.setConfiguration(IdentityProviderConfigurationUtils.sanitizeClientAuthCertificate(newIdentityProvider.getConfiguration()));
        identityProvider.setExternal(newIdentityProvider.isExternal());
        identityProvider.setDomainWhitelist((List) Optional.ofNullable(newIdentityProvider.getDomainWhitelist()).orElse(List.of()));
        identityProvider.setCreatedAt(new Date());
        identityProvider.setUpdatedAt(identityProvider.getCreatedAt());
        return identityProvider;
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Single<IdentityProvider> update(ReferenceType referenceType, String str, String str2, UpdateIdentityProvider updateIdentityProvider, User user, boolean z) {
        this.LOGGER.debug("Update an identity provider {} for {} {}", new Object[]{str2, referenceType, str});
        return this.identityProviderRepository.findById(referenceType, str, str2).switchIfEmpty(Single.error(new IdentityProviderNotFoundException(str2))).flatMap(identityProvider -> {
            IdentityProvider identityProvider = new IdentityProvider(identityProvider);
            identityProvider.setName(updateIdentityProvider.getName());
            if (!identityProvider.isSystem() || z) {
                identityProvider.setConfiguration(updateIdentityProvider.getConfiguration());
            }
            identityProvider.setMappers(updateIdentityProvider.getMappers());
            identityProvider.setRoleMapper(updateIdentityProvider.getRoleMapper());
            identityProvider.setGroupMapper(updateIdentityProvider.getGroupMapper());
            identityProvider.setDomainWhitelist((List) Optional.ofNullable(updateIdentityProvider.getDomainWhitelist()).orElse(List.of()));
            identityProvider.setUpdatedAt(new Date());
            identityProvider.setConfiguration(IdentityProviderConfigurationUtils.sanitizeClientAuthCertificate(identityProvider.getConfiguration()));
            this.validationService.validate(identityProvider.getType(), identityProvider.getConfiguration());
            return this.identityProviderRepository.update(identityProvider).flatMap(identityProvider2 -> {
                return this.eventService.create(new Event(Type.IDENTITY_PROVIDER, new Payload(identityProvider2.getId(), identityProvider2.getReferenceType(), identityProvider2.getReferenceId(), Action.UPDATE))).flatMap(event -> {
                    return Single.just(identityProvider2);
                });
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            this.LOGGER.error("An error occurs while trying to update an identity provider", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to update an identity provider", th));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Single<IdentityProvider> assignDataPlane(IdentityProvider identityProvider, String str) {
        this.LOGGER.debug("Assign dataPlaneId {} to identity provider {}", str, identityProvider.getId());
        IdentityProvider identityProvider2 = new IdentityProvider(identityProvider);
        identityProvider2.setDataPlaneId(str);
        identityProvider2.setUpdatedAt(new Date());
        identityProvider2.setConfiguration(IdentityProviderConfigurationUtils.sanitizeClientAuthCertificate(identityProvider2.getConfiguration()));
        this.validationService.validate(identityProvider2.getType(), identityProvider2.getConfiguration());
        return this.identityProviderRepository.update(identityProvider2).flatMap(identityProvider3 -> {
            return this.eventService.create(new Event(Type.IDENTITY_PROVIDER, new Payload(identityProvider3.getId(), identityProvider3.getReferenceType(), identityProvider3.getReferenceId(), Action.UPDATE))).flatMap(event -> {
                return Single.just(identityProvider3);
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            this.LOGGER.error("An error occurs while trying to update an identity provider", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to update an identity provider", th));
        }).doOnSuccess(identityProvider4 -> {
            this.auditService.report(((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).type("IDENTITY_PROVIDER_UPDATED")).oldValue(identityProvider)).identityProvider(identityProvider4));
        }).doOnError(th2 -> {
            this.auditService.report(((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).type("IDENTITY_PROVIDER_UPDATED")).reference(new Reference(identityProvider.getReferenceType(), identityProvider.getReferenceId()))).identityProvider(identityProvider).throwable(th2));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Completable delete(ReferenceType referenceType, String str, String str2, User user) {
        this.LOGGER.debug("Delete identity provider {}", str2);
        return this.identityProviderRepository.findById(referenceType, str, str2).switchIfEmpty(Maybe.error(new IdentityProviderNotFoundException(str2))).flatMapSingle(identityProvider -> {
            return this.applicationService.findByIdentityProvider(str2).count().flatMap(l -> {
                return l.longValue() > 0 ? Single.error(new IdentityProviderWithApplicationsException()) : Single.just(identityProvider);
            });
        }).flatMapCompletable(identityProvider2 -> {
            return Completable.fromSingle(this.identityProviderRepository.delete(str2).andThen(this.eventService.create(new Event(Type.IDENTITY_PROVIDER, new Payload(str2, referenceType, str, Action.DELETE))))).doOnComplete(() -> {
                this.auditService.report(((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).principal(user)).type("IDENTITY_PROVIDER_DELETED")).identityProvider(identityProvider2));
            }).doOnError(th -> {
                this.auditService.report(((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) ((IdentityProviderAuditBuilder) AuditBuilder.builder(IdentityProviderAuditBuilder.class)).principal(user)).type("IDENTITY_PROVIDER_DELETED")).reference(new Reference(referenceType, str))).identityProvider(identityProvider2).throwable(th));
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            this.LOGGER.error("An error occurs while trying to delete identity provider: {}", str2, th);
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to delete identity provider: %s", str2), th));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Flowable<IdentityProvider> findWithPasswordPolicy(ReferenceType referenceType, String str, String str2) {
        this.LOGGER.debug("Find identity provider with assigned password policy: {}", str2);
        return this.identityProviderRepository.findAllByPasswordPolicy(referenceType, str, str2).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find identity providers by password policy: {}", str2, th);
            return Flowable.error(new TechnicalManagementException(String.format("An error occurs while trying to find identity providers by password policy: %s", str2), th));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Single<IdentityProvider> updatePasswordPolicy(String str, String str2, AssignPasswordPolicy assignPasswordPolicy) {
        this.LOGGER.debug("Assigning Password Policy {} to IdentityProvider {} for domain {}", new Object[]{assignPasswordPolicy.getPasswordPolicy(), str2, str});
        return this.identityProviderRepository.findById(ReferenceType.DOMAIN, str, str2).switchIfEmpty(Single.error(() -> {
            return new IdentityProviderNotFoundException(str2);
        })).flatMap(identityProvider -> {
            IdentityProvider identityProvider = new IdentityProvider(identityProvider);
            identityProvider.setUpdatedAt(new Date());
            identityProvider.setPasswordPolicy(assignPasswordPolicy.getPasswordPolicy());
            return this.identityProviderRepository.update(identityProvider).flatMap(identityProvider2 -> {
                return this.eventService.create(new Event(Type.IDENTITY_PROVIDER, new Payload(identityProvider2.getId(), identityProvider2.getReferenceType(), identityProvider2.getReferenceId(), Action.UPDATE))).flatMap(event -> {
                    return Single.just(identityProvider2);
                });
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            this.LOGGER.error("An error occurs while trying to assign password policy to identity provider", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to assign password policy to identity provider", th));
        });
    }

    @Override // io.gravitee.am.service.IdentityProviderService
    public Flowable<IdentityProvider> findByCertificate(Reference reference, String str) {
        return this.identityProviderRepository.findAll(reference.type(), reference.id()).filter(identityProvider -> {
            return hasEntryReferringToCert(this.objectMapper.readTree(identityProvider.getConfiguration()), str);
        });
    }

    private boolean hasEntryReferringToCert(JsonNode jsonNode, String str) {
        return jsonNode.properties().stream().anyMatch(entry -> {
            return refersToCert(entry, str);
        });
    }

    private boolean refersToCert(Map.Entry<String, JsonNode> entry, String str) {
        ObjectNode value = entry.getValue();
        if (value instanceof ObjectNode) {
            return hasEntryReferringToCert(value, str);
        }
        ArrayNode value2 = entry.getValue();
        if (value2 instanceof ArrayNode) {
            return StreamSupport.stream(Spliterators.spliteratorUnknownSize(value2.elements(), 16), false).anyMatch(jsonNode -> {
                return refersToCert(Map.entry((String) entry.getKey(), jsonNode), str);
            });
        }
        TextNode value3 = entry.getValue();
        if (!(value3 instanceof TextNode)) {
            return false;
        }
        return entry.getKey().toLowerCase(Locale.ROOT).contains("cert") && value3.textValue().equals(str);
    }
}
