package org.apereo.cas.webauthn;

import com.fasterxml.jackson.core.type.TypeReference;
import com.yubico.data.CredentialRegistration;
import java.io.IOException;
import java.time.Clock;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnLdapMultifactorProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapConnectionFactory;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.webauthn.storage.BaseWebAuthnCredentialRepository;
import org.jooq.lambda.Unchecked;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.SearchResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;

/* loaded from: input_file:org/apereo/cas/webauthn/LdapWebAuthnCredentialRepository.class */
public class LdapWebAuthnCredentialRepository extends BaseWebAuthnCredentialRepository implements DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapWebAuthnCredentialRepository.class);
    private final LdapConnectionFactory connectionFactory;

    public LdapWebAuthnCredentialRepository(ConnectionFactory connectionFactory, CasConfigurationProperties casConfigurationProperties, CipherExecutor<String, String> cipherExecutor) {
        super(casConfigurationProperties, cipherExecutor);
        this.connectionFactory = new LdapConnectionFactory(connectionFactory);
    }

    public void destroy() {
        this.connectionFactory.close();
    }

    public Collection<CredentialRegistration> getRegistrationsByUsername(String str) {
        WebAuthnLdapMultifactorProperties ldap = getProperties().getAuthn().getMfa().getWebAuthn().getLdap();
        return (Collection) Stream.ofNullable(locateLdapEntryFor(str)).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(ldapEntry -> {
            return ldapEntry.getAttribute(ldap.getAccountAttributeName());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(ldapAttribute -> {
            return (Set) ldapAttribute.getStringValues().stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(StringUtils::trim).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).map(str2 -> {
                return (String) getCipherExecutor().decode(str2);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(LdapWebAuthnCredentialRepository::mapFromJson).filter((v0) -> {
                return Objects.nonNull(v0);
            }).flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toSet());
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
    }

    public Stream<CredentialRegistration> stream() {
        WebAuthnLdapMultifactorProperties ldap = getProperties().getAuthn().getMfa().getWebAuthn().getLdap();
        return locateLdapEntriesForAll().map(ldapEntry -> {
            return ldapEntry.getAttribute(ldap.getAccountAttributeName());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(ldapAttribute -> {
            return (Set) ldapAttribute.getStringValues().stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(StringUtils::trim).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).map(str -> {
                return (String) getCipherExecutor().decode(str);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(LdapWebAuthnCredentialRepository::mapFromJson).filter((v0) -> {
                return Objects.nonNull(v0);
            }).flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toSet());
        }).flatMap((v0) -> {
            return v0.stream();
        });
    }

    protected void update(String str, Collection<CredentialRegistration> collection) {
        if (collection.isEmpty()) {
            LOGGER.debug("No records are provided for [{}] so entry will be removed", str);
            executeModifyOperation(new HashSet(0), Optional.ofNullable(locateLdapEntryFor(str)));
        } else {
            List list = (List) collection.stream().map(credentialRegistration -> {
                return credentialRegistration.getRegistrationTime() == null ? credentialRegistration.withRegistrationTime(Instant.now(Clock.systemUTC())) : credentialRegistration;
            }).collect(Collectors.toList());
            executeModifyOperation((Set) list.stream().map(Unchecked.function(credentialRegistration2 -> {
                return WebAuthnUtils.getObjectMapper().writeValueAsString(list);
            })).map(str2 -> {
                return (String) getCipherExecutor().encode(str2);
            }).collect(Collectors.toSet()), Optional.ofNullable(locateLdapEntryFor(str)));
        }
    }

    private LdapEntry locateLdapEntryFor(String str) {
        try {
            WebAuthnLdapMultifactorProperties ldap = getProperties().getAuthn().getMfa().getWebAuthn().getLdap();
            FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("(" + ldap.getSearchFilter() + ")", CollectionUtils.wrapList(new String[]{str.trim().toLowerCase()}));
            LOGGER.debug("Locating LDAP entry via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, ldap.getAccountAttributeName());
            SearchResponse executeSearchOperation = this.connectionFactory.executeSearchOperation(ldap.getBaseDn(), newLdaptiveSearchFilter, ldap.getPageSize(), new String[]{ldap.getAccountAttributeName()});
            if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
                return null;
            }
            LdapEntry entry = executeSearchOperation.getEntry();
            LOGGER.debug("Located LDAP entry [{}]", entry);
            return entry;
        } catch (LdapException e) {
            LOGGER.debug(e.getMessage(), e);
            return null;
        }
    }

    private boolean executeModifyOperation(Set<String> set, Optional<LdapEntry> optional) {
        if (!optional.isPresent()) {
            return false;
        }
        LdapEntry ldapEntry = optional.get();
        WebAuthnLdapMultifactorProperties ldap = getProperties().getAuthn().getMfa().getWebAuthn().getLdap();
        HashMap hashMap = new HashMap();
        hashMap.put(ldap.getAccountAttributeName(), set);
        LOGGER.debug("Storing records [{}] at LDAP attribute [{}] for [{}]", new Object[]{set, hashMap.keySet(), ldapEntry.getDn()});
        return this.connectionFactory.executeModifyOperation(ldapEntry.getDn(), CollectionUtils.wrap(hashMap));
    }

    private Stream<LdapEntry> locateLdapEntriesForAll() {
        WebAuthnLdapMultifactorProperties ldap = getProperties().getAuthn().getMfa().getWebAuthn().getLdap();
        String accountAttributeName = ldap.getAccountAttributeName();
        FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("(" + accountAttributeName + "=*)");
        try {
            LOGGER.debug("Locating LDAP entries via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, accountAttributeName);
            SearchResponse executeSearchOperation = this.connectionFactory.executeSearchOperation(ldap.getBaseDn(), newLdaptiveSearchFilter, ldap.getPageSize(), new String[]{accountAttributeName});
            if (LdapUtils.containsResultEntry(executeSearchOperation)) {
                Collection entries = executeSearchOperation.getEntries();
                LOGGER.debug("Locating [{}] LDAP entries based on response [{}]", Integer.valueOf(entries.size()), executeSearchOperation);
                return entries.stream();
            }
        } catch (LdapException e) {
            LOGGER.debug(e.getMessage(), e);
        }
        LOGGER.debug("Unable to read entries from LDAP via filter [{}]", newLdaptiveSearchFilter);
        return Stream.empty();
    }

    private static List<CredentialRegistration> mapFromJson(String str) {
        try {
            LOGGER.trace("Mapping JSON value [{}]", str);
            String trim = str.trim();
            if (StringUtils.isNotBlank(trim)) {
                return (List) WebAuthnUtils.getObjectMapper().readValue(trim, new TypeReference<List<CredentialRegistration>>() { // from class: org.apereo.cas.webauthn.LdapWebAuthnCredentialRepository.1
                });
            }
        } catch (IOException e) {
            LOGGER.error(e.getMessage(), e);
        }
        return new ArrayList(0);
    }
}
