package org.apereo.cas.consent;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.model.support.consent.LdapConsentProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.hjson.JsonValue;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.SearchResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;

/* loaded from: input_file:org/apereo/cas/consent/LdapConsentRepository.class */
public class LdapConsentRepository implements ConsentRepository, DisposableBean {
    private static final long serialVersionUID = 8561763114482490L;
    private final ConnectionFactory connectionFactory;
    private final LdapConsentProperties ldapProperties;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapConsentRepository.class);
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();

    private static ConsentDecision mapFromJson(String str) {
        try {
            LOGGER.trace("Mapping JSON value [{}] to consent object", str);
            return (ConsentDecision) MAPPER.readValue(JsonValue.readHjson(str).toString(), ConsentDecision.class);
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return null;
        }
    }

    private static String mapToJson(ConsentDecision consentDecision) {
        String writeValueAsString = MAPPER.writeValueAsString(consentDecision);
        LOGGER.trace("Transformed consent object [{}] as JSON value [{}]", consentDecision, writeValueAsString);
        return writeValueAsString;
    }

    private static Set<String> mergeDecision(LdapAttribute ldapAttribute, ConsentDecision consentDecision) {
        if (consentDecision.getId() < 0) {
            consentDecision.setId(System.currentTimeMillis());
        }
        if (ldapAttribute != null) {
            Set<String> removeDecision = removeDecision(ldapAttribute, consentDecision.getId());
            removeDecision.add(mapToJson(consentDecision));
            LOGGER.debug("Merged consent decision [{}] with LDAP attribute [{}]", consentDecision, ldapAttribute.getName());
            return CollectionUtils.wrap(removeDecision);
        }
        String mapToJson = mapToJson(consentDecision);
        HashSet hashSet = new HashSet(1);
        hashSet.add(mapToJson);
        return hashSet;
    }

    private static Set<String> removeDecision(LdapAttribute ldapAttribute, long j) {
        return removeDecisions(ldapAttribute, consentDecision -> {
            return consentDecision.getId() != j;
        });
    }

    private static Set<String> removeDecisions(LdapAttribute ldapAttribute, Predicate<ConsentDecision> predicate) {
        return ldapAttribute.size() != 0 ? (Set) ldapAttribute.getStringValues().stream().map(LdapConsentRepository::mapFromJson).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(predicate).map(LdapConsentRepository::mapToJson).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet()) : new HashSet(0);
    }

    public ConsentDecision findConsentDecision(Service service, RegisteredService registeredService, Authentication authentication) {
        LdapAttribute attribute;
        String id = authentication.getPrincipal().getId();
        LdapEntry readConsentEntry = readConsentEntry(id);
        if (readConsentEntry == null || (attribute = readConsentEntry.getAttribute(this.ldapProperties.getConsentAttributeName())) == null) {
            return null;
        }
        Collection stringValues = attribute.getStringValues();
        LOGGER.debug("Locating consent decision(s) for [{}] and service [{}]", id, service.getId());
        return (ConsentDecision) stringValues.stream().map(LdapConsentRepository::mapFromJson).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(consentDecision -> {
            return consentDecision.getService().equals(service.getId());
        }).findFirst().orElse(null);
    }

    public Collection<? extends ConsentDecision> findConsentDecisions(String str) {
        LdapAttribute attribute;
        LdapEntry readConsentEntry = readConsentEntry(str);
        if (readConsentEntry == null || (attribute = readConsentEntry.getAttribute(this.ldapProperties.getConsentAttributeName())) == null) {
            return new HashSet(0);
        }
        LOGGER.debug("Located consent decision for [{}] at attribute [{}]", str, this.ldapProperties.getConsentAttributeName());
        return (Collection) attribute.getStringValues().stream().map(LdapConsentRepository::mapFromJson).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
    }

    public Collection<? extends ConsentDecision> findConsentDecisions() {
        Collection<LdapEntry> readConsentEntries = readConsentEntries();
        if (!readConsentEntries.isEmpty()) {
            return (Collection) readConsentEntries.stream().map(ldapEntry -> {
                return ldapEntry.getAttribute(this.ldapProperties.getConsentAttributeName());
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(ldapAttribute -> {
                return (Set) ldapAttribute.getStringValues().stream().map(LdapConsentRepository::mapFromJson).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).collect(Collectors.toSet());
            }).flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toList());
        }
        LOGGER.debug("No consent decision could be found");
        return new HashSet(0);
    }

    public ConsentDecision storeConsentDecision(ConsentDecision consentDecision) {
        LOGGER.debug("Storing consent decision [{}]", consentDecision);
        LdapEntry readConsentEntry = readConsentEntry(consentDecision.getPrincipal());
        if (readConsentEntry != null && executeModifyOperation(mergeDecision(readConsentEntry.getAttribute(this.ldapProperties.getConsentAttributeName()), consentDecision), readConsentEntry)) {
            return consentDecision;
        }
        LOGGER.debug("Unable to read consent entry for [{}]. Consent decision is not stored", consentDecision.getPrincipal());
        return null;
    }

    public boolean deleteConsentDecision(long j, String str) {
        LOGGER.debug("Deleting consent decision [{}] for principal [{}]", Long.valueOf(j), str);
        LdapEntry readConsentEntry = readConsentEntry(str);
        if (readConsentEntry != null) {
            return executeModifyOperation(removeDecision(readConsentEntry.getAttribute(this.ldapProperties.getConsentAttributeName()), j), readConsentEntry);
        }
        return false;
    }

    public void deleteAll() {
        Collection<LdapEntry> readConsentEntries = readConsentEntries();
        if (readConsentEntries.isEmpty()) {
            return;
        }
        readConsentEntries.forEach(ldapEntry -> {
            executeModifyOperation(Set.of(), ldapEntry);
        });
    }

    public boolean deleteConsentDecisions(String str) {
        LOGGER.debug("Deleting consent decisions for principal [{}]", str);
        LdapEntry readConsentEntry = readConsentEntry(str);
        return readConsentEntry != null && executeModifyOperation(new HashSet(), readConsentEntry);
    }

    public void destroy() {
        this.connectionFactory.close();
    }

    private boolean executeModifyOperation(Set<String> set, LdapEntry ldapEntry) {
        HashMap hashMap = new HashMap();
        hashMap.put(this.ldapProperties.getConsentAttributeName(), set);
        LOGGER.debug("Storing consent decisions [{}] at LDAP attribute [{}] for [{}]", new Object[]{set, hashMap.keySet(), ldapEntry.getDn()});
        return LdapUtils.executeModifyOperation(ldapEntry.getDn(), this.connectionFactory, CollectionUtils.wrap(hashMap));
    }

    private LdapEntry readConsentEntry(String str) {
        try {
            FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("(" + this.ldapProperties.getSearchFilter() + ")", CollectionUtils.wrapList(new String[]{str}));
            LOGGER.debug("Locating consent LDAP entry via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, this.ldapProperties.getConsentAttributeName());
            SearchResponse executeSearchOperation = LdapUtils.executeSearchOperation(this.connectionFactory, this.ldapProperties.getBaseDn(), newLdaptiveSearchFilter, this.ldapProperties.getPageSize(), new String[]{this.ldapProperties.getConsentAttributeName()});
            if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
                return null;
            }
            LdapEntry entry = executeSearchOperation.getEntry();
            LOGGER.debug("Locating consent LDAP entry [{}]", entry);
            return entry;
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return null;
        }
    }

    private Collection<LdapEntry> readConsentEntries() {
        String consentAttributeName = this.ldapProperties.getConsentAttributeName();
        try {
            FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("(" + consentAttributeName + "=*)");
            LOGGER.debug("Locating consent LDAP entries via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, consentAttributeName);
            SearchResponse executeSearchOperation = LdapUtils.executeSearchOperation(this.connectionFactory, this.ldapProperties.getBaseDn(), newLdaptiveSearchFilter, this.ldapProperties.getPageSize(), new String[]{consentAttributeName});
            if (LdapUtils.containsResultEntry(executeSearchOperation)) {
                Collection<LdapEntry> entries = executeSearchOperation.getEntries();
                LOGGER.debug("Locating [{}] consent LDAP entries based on response [{}]", Integer.valueOf(entries.size()), executeSearchOperation);
                return entries;
            }
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
        }
        LOGGER.debug("Unable to read consent entries from LDAP for attribute [{}]", consentAttributeName);
        return new HashSet(0);
    }

    @Generated
    public LdapConsentRepository(ConnectionFactory connectionFactory, LdapConsentProperties ldapConsentProperties) {
        this.connectionFactory = connectionFactory;
        this.ldapProperties = ldapConsentProperties;
    }
}
