package org.apereo.cas.pm;

import java.io.Serializable;
import java.util.ArrayDeque;
import java.util.Comparator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.validator.routines.EmailValidator;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.configuration.model.support.pm.LdapPasswordManagementProperties;
import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
import org.apereo.cas.pm.impl.BasePasswordManagementService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapConnectionFactory;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.jooq.lambda.Unchecked;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.SearchResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;

/* loaded from: input_file:org/apereo/cas/pm/LdapPasswordManagementService.class */
public class LdapPasswordManagementService extends BasePasswordManagementService implements DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapPasswordManagementService.class);
    private final List<LdapPasswordManagementProperties> ldapProperties;
    private final Map<String, ConnectionFactory> connectionFactoryMap;

    public LdapPasswordManagementService(CipherExecutor<Serializable, String> cipherExecutor, String str, PasswordManagementProperties passwordManagementProperties, PasswordHistoryService passwordHistoryService, Map<String, ConnectionFactory> map) {
        super(passwordManagementProperties, cipherExecutor, str, passwordHistoryService);
        this.ldapProperties = passwordManagementProperties.getLdap();
        this.connectionFactoryMap = map;
    }

    public void destroy() {
        this.connectionFactoryMap.forEach((str, connectionFactory) -> {
            connectionFactory.close();
        });
    }

    public String findEmail(PasswordManagementQuery passwordManagementQuery) {
        String findAttribute = findAttribute(passwordManagementQuery, List.of(this.properties.getReset().getMail().getAttributeName()), CollectionUtils.wrap(passwordManagementQuery.getUsername()));
        if (EmailValidator.getInstance().isValid(findAttribute)) {
            LOGGER.debug("Email address [{}] for [{}] appears valid", findAttribute, passwordManagementQuery.getUsername());
            return findAttribute;
        }
        LOGGER.warn("Email address [{}] for [{}] is not valid", findAttribute, passwordManagementQuery.getUsername());
        return null;
    }

    public String findPhone(PasswordManagementQuery passwordManagementQuery) {
        return findAttribute(passwordManagementQuery, List.of(this.properties.getReset().getSms().getAttributeName()), CollectionUtils.wrap(passwordManagementQuery.getUsername()));
    }

    public String findUsername(PasswordManagementQuery passwordManagementQuery) {
        return findAttribute(passwordManagementQuery, (List) this.properties.getLdap().stream().map((v0) -> {
            return v0.getUsernameAttribute();
        }).collect(Collectors.toList()), CollectionUtils.wrap(passwordManagementQuery.getEmail()));
    }

    public void updateSecurityQuestions(PasswordManagementQuery passwordManagementQuery) {
        findEntries(CollectionUtils.wrap(passwordManagementQuery.getUsername())).forEach((ldapEntry, ldapPasswordManagementProperties) -> {
            LOGGER.debug("Located LDAP entry [{}] in the response", ldapEntry);
            ArrayDeque arrayDeque = new ArrayDeque(ldapPasswordManagementProperties.getSecurityQuestionsAttributes().entrySet());
            LOGGER.debug("Security question attributes are defined to be [{}]", arrayDeque);
            LdapConnectionFactory ldapConnectionFactory = new LdapConnectionFactory(this.connectionFactoryMap.get(ldapPasswordManagementProperties.getLdapUrl()));
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            passwordManagementQuery.getSecurityQuestions().forEach((str, list) -> {
                Map.Entry entry = (Map.Entry) arrayDeque.pop();
                linkedHashMap.put((String) entry.getKey(), Set.of(str));
                linkedHashMap.put((String) entry.getValue(), Set.copyOf(list));
            });
            ldapConnectionFactory.executeModifyOperation(ldapEntry.getDn(), linkedHashMap);
        });
    }

    public boolean unlockAccount(Credential credential) {
        findEntries(CollectionUtils.wrap(credential.getId())).forEach((ldapEntry, ldapPasswordManagementProperties) -> {
            LOGGER.debug("Located LDAP entry [{}] in the response", ldapEntry);
            LdapConnectionFactory ldapConnectionFactory = new LdapConnectionFactory(this.connectionFactoryMap.get(ldapPasswordManagementProperties.getLdapUrl()));
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(ldapPasswordManagementProperties.getAccountLockedAttribute(), Set.of("false"));
            ldapConnectionFactory.executeModifyOperation(ldapEntry.getDn(), linkedHashMap);
        });
        return true;
    }

    public Map<String, String> getSecurityQuestions(PasswordManagementQuery passwordManagementQuery) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(0);
        findEntries(CollectionUtils.wrap(passwordManagementQuery.getUsername())).forEach((ldapEntry, ldapPasswordManagementProperties) -> {
            LOGGER.debug("Located LDAP entry [{}] in the response", ldapEntry);
            Map securityQuestionsAttributes = ldapPasswordManagementProperties.getSecurityQuestionsAttributes();
            LOGGER.debug("Security question attributes are defined to be [{}]", securityQuestionsAttributes);
            securityQuestionsAttributes.forEach((str, str2) -> {
                LdapAttribute attribute = ldapEntry.getAttribute(str);
                LdapAttribute attribute2 = ldapEntry.getAttribute(str2);
                if (attribute == null || attribute2 == null) {
                    return;
                }
                String stringValue = attribute.getStringValue();
                String stringValue2 = attribute2.getStringValue();
                if (StringUtils.isNotBlank(stringValue) && StringUtils.isNotBlank(stringValue2)) {
                    LOGGER.debug("Added security question [{}] with answer [{}]", stringValue, stringValue2);
                    linkedHashMap.put(stringValue, stringValue2);
                }
            });
        });
        return linkedHashMap;
    }

    public boolean changeInternal(Credential credential, PasswordChangeRequest passwordChangeRequest) {
        return ((Boolean) FunctionUtils.doAndHandle(() -> {
            return Boolean.valueOf(findEntries(CollectionUtils.wrap(credential.getId())).entrySet().stream().map(entry -> {
                String dn = ((LdapEntry) entry.getKey()).getDn();
                LOGGER.debug("Updating account password for [{}]", dn);
                if (new LdapConnectionFactory(this.connectionFactoryMap.get(((LdapPasswordManagementProperties) entry.getValue()).getLdapUrl())).executePasswordModifyOperation(dn, ((UsernamePasswordCredential) credential).toPassword(), passwordChangeRequest.getPassword(), ((LdapPasswordManagementProperties) entry.getValue()).getType())) {
                    LOGGER.debug("Successfully updated the account password for [{}]", dn);
                    return Boolean.TRUE;
                }
                LOGGER.error("Could not update the LDAP entry's password for [{}]", dn);
                return Boolean.FALSE;
            }).toList().stream().allMatch(bool -> {
                return bool.booleanValue();
            }));
        }, th -> {
            return false;
        }).get()).booleanValue();
    }

    protected String findAttribute(PasswordManagementQuery passwordManagementQuery, List<String> list, List<String> list2) {
        return (String) findEntries(list2).keySet().stream().map(ldapEntry -> {
            LOGGER.debug("Found LDAP entry [{}] to use", ldapEntry);
            return (String) list.stream().map(str -> {
                LdapAttribute attribute = ldapEntry.getAttribute(str);
                if (attribute == null) {
                    LOGGER.warn("Could not locate LDAP attribute [{}] for [{}]", str, ldapEntry.getDn());
                    return null;
                }
                String stringValue = attribute.getStringValue();
                LOGGER.debug("Found [{}] [{}] for user [{}].", new Object[]{str, stringValue, passwordManagementQuery.getUsername()});
                return stringValue;
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).findFirst().orElse(null);
    }

    private Map<LdapEntry, LdapPasswordManagementProperties> findEntries(List<String> list) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(0);
        this.ldapProperties.stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).forEach(Unchecked.consumer(ldapPasswordManagementProperties -> {
            FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(ldapPasswordManagementProperties.getSearchFilter(), "user", list);
            LOGGER.debug("Constructed LDAP filter [{}]", newLdaptiveSearchFilter);
            SearchResponse executeSearchOperation = new LdapConnectionFactory(this.connectionFactoryMap.get(ldapPasswordManagementProperties.getLdapUrl())).executeSearchOperation(ldapPasswordManagementProperties.getBaseDn(), newLdaptiveSearchFilter, ldapPasswordManagementProperties.getPageSize());
            LOGGER.debug("LDAP response [{}]", executeSearchOperation);
            if (LdapUtils.containsResultEntry(executeSearchOperation)) {
                linkedHashMap.put(executeSearchOperation.getEntry(), ldapPasswordManagementProperties);
            }
        }));
        return linkedHashMap;
    }
}
