package org.apereo.cas.aup;

import java.util.Comparator;
import java.util.Map;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.tuple.Triple;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyProperties;
import org.apereo.cas.configuration.model.support.aup.LdapAcceptableUsagePolicyProperties;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapConnectionFactory;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.model.TriStateBoolean;
import org.apereo.cas.web.support.WebUtils;
import org.jooq.lambda.Unchecked;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.SearchResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/aup/LdapAcceptableUsagePolicyRepository.class */
public class LdapAcceptableUsagePolicyRepository extends BaseAcceptableUsagePolicyRepository implements DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapAcceptableUsagePolicyRepository.class);
    private static final long serialVersionUID = 1600024683199961892L;
    private final Map<String, ConnectionFactory> connectionFactoryList;

    public LdapAcceptableUsagePolicyRepository(TicketRegistrySupport ticketRegistrySupport, AcceptableUsagePolicyProperties acceptableUsagePolicyProperties, Map<String, ConnectionFactory> map) {
        super(ticketRegistrySupport, acceptableUsagePolicyProperties);
        this.connectionFactoryList = map;
    }

    public AcceptableUsagePolicyStatus verify(RequestContext requestContext) {
        AcceptableUsagePolicyStatus verify = super.verify(requestContext);
        if (!verify.isDenied()) {
            return verify;
        }
        Principal principal = WebUtils.getAuthentication(requestContext).getPrincipal();
        return (AcceptableUsagePolicyStatus) this.aupProperties.getLdap().stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).map(Unchecked.function(ldapAcceptableUsagePolicyProperties -> {
            return searchLdapForId(ldapAcceptableUsagePolicyProperties, principal.getId());
        })).filter((v0) -> {
            return v0.isPresent();
        }).findFirst().filter((v0) -> {
            return v0.isPresent();
        }).map(optional -> {
            return ((SearchResponse) ((Triple) optional.get()).getMiddle()).getEntry();
        }).map(ldapEntry -> {
            LdapAttribute attribute = ldapEntry.getAttribute(this.aupProperties.getCore().getAupAttributeName());
            return Boolean.valueOf(attribute != null && attribute.getStringValues().stream().anyMatch(str -> {
                return str.equalsIgnoreCase(getAcceptedAttributeValue());
            }));
        }).map(bool -> {
            return new AcceptableUsagePolicyStatus(TriStateBoolean.fromBoolean(bool.booleanValue()), verify.getPrincipal());
        }).orElseGet(() -> {
            return AcceptableUsagePolicyStatus.denied(verify.getPrincipal());
        });
    }

    protected Optional<Triple<ConnectionFactory, SearchResponse, LdapAcceptableUsagePolicyProperties>> searchLdapForId(LdapAcceptableUsagePolicyProperties ldapAcceptableUsagePolicyProperties, String str) throws Exception {
        FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(ldapAcceptableUsagePolicyProperties.getSearchFilter(), "user", CollectionUtils.wrap(str));
        LOGGER.debug("Constructed LDAP filter [{}]", newLdaptiveSearchFilter);
        LdapConnectionFactory ldapConnectionFactory = new LdapConnectionFactory(this.connectionFactoryList.get(ldapAcceptableUsagePolicyProperties.getLdapUrl()));
        SearchResponse executeSearchOperation = ldapConnectionFactory.executeSearchOperation(ldapAcceptableUsagePolicyProperties.getBaseDn(), newLdaptiveSearchFilter, ldapAcceptableUsagePolicyProperties.getPageSize());
        if (LdapUtils.containsResultEntry(executeSearchOperation)) {
            LOGGER.debug("LDAP query located an entry for [{}] and responded with [{}]", str, executeSearchOperation);
            return Optional.of(Triple.of(ldapConnectionFactory.connectionFactory(), executeSearchOperation, ldapAcceptableUsagePolicyProperties));
        }
        LOGGER.debug("LDAP query could not locate an entry for [{}]", str);
        return Optional.empty();
    }

    public boolean submit(RequestContext requestContext) {
        Principal principal = WebUtils.getAuthentication(requestContext).getPrincipal();
        Optional findFirst = this.aupProperties.getLdap().stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).map(Unchecked.function(ldapAcceptableUsagePolicyProperties -> {
            return searchLdapForId(ldapAcceptableUsagePolicyProperties, principal.getId());
        })).filter((v0) -> {
            return v0.isPresent();
        }).findFirst();
        if (!findFirst.isPresent()) {
            return false;
        }
        Triple triple = (Triple) ((Optional) findFirst.get()).get();
        String dn = ((SearchResponse) triple.getMiddle()).getEntry().getDn();
        LOGGER.debug("Updating [{}]", dn);
        return new LdapConnectionFactory((ConnectionFactory) triple.getLeft()).executeModifyOperation(dn, CollectionUtils.wrap(this.aupProperties.getCore().getAupAttributeName(), CollectionUtils.wrapSet(((LdapAcceptableUsagePolicyProperties) triple.getRight()).getAupAcceptedAttributeValue())));
    }

    public void destroy() {
        this.connectionFactoryList.forEach((str, connectionFactory) -> {
            connectionFactory.close();
        });
    }
}
