package org.apache.syncope.core.misc.utils;

import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.AnyOperations;
import org.apache.syncope.common.lib.patch.AnyPatch;
import org.apache.syncope.common.lib.to.AnyObjectTO;
import org.apache.syncope.common.lib.to.AnyTO;
import org.apache.syncope.common.lib.to.AttrTO;
import org.apache.syncope.common.lib.to.ConnObjectTO;
import org.apache.syncope.common.lib.to.GroupTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.core.misc.policy.InvalidPasswordRuleConf;
import org.apache.syncope.core.misc.security.Encryptor;
import org.apache.syncope.core.misc.security.PasswordGenerator;
import org.apache.syncope.core.misc.security.SecureRandomUtils;
import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO;
import org.apache.syncope.core.persistence.api.dao.RealmDAO;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.entity.AnyUtils;
import org.apache.syncope.core.persistence.api.entity.Realm;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
import org.apache.syncope.core.persistence.api.entity.resource.MappingItem;
import org.apache.syncope.core.persistence.api.entity.resource.Provision;
import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.identityconnectors.common.Base64;
import org.identityconnectors.common.security.GuardedByteArray;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:org/apache/syncope/core/misc/utils/ConnObjectUtils.class */
public class ConnObjectUtils {
    private static final Logger LOG = LoggerFactory.getLogger(ConnObjectUtils.class);
    private static final Encryptor ENCRYPTOR = Encryptor.getInstance();

    @Autowired
    private TemplateUtils templateUtils;

    @Autowired
    private RealmDAO realmDAO;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private ExternalResourceDAO resourceDAO;

    @Autowired
    private PasswordGenerator passwordGenerator;

    @Autowired
    private MappingUtils mappingUtils;

    public static String getPassword(Object obj) {
        final StringBuilder sb = new StringBuilder();
        if (obj instanceof GuardedString) {
            ((GuardedString) obj).access(new GuardedString.Accessor() { // from class: org.apache.syncope.core.misc.utils.ConnObjectUtils.1
                public void access(char[] cArr) {
                    sb.append(cArr);
                }
            });
        } else if (obj instanceof GuardedByteArray) {
            ((GuardedByteArray) obj).access(new GuardedByteArray.Accessor() { // from class: org.apache.syncope.core.misc.utils.ConnObjectUtils.2
                public void access(byte[] bArr) {
                    sb.append(new String(bArr));
                }
            });
        } else if (obj instanceof String) {
            sb.append((String) obj);
        } else {
            sb.append(obj.toString());
        }
        return sb.toString();
    }

    @Transactional(readOnly = true)
    public <T extends AnyTO> T getAnyTO(ConnectorObject connectorObject, SyncTask syncTask, Provision provision, AnyUtils anyUtils) {
        String generateRandomPassword;
        UserTO anyTOFromConnObject = getAnyTOFromConnObject(connectorObject, syncTask, provision, anyUtils);
        if ((anyTOFromConnObject instanceof UserTO) && StringUtils.isBlank(anyTOFromConnObject.getPassword())) {
            UserTO userTO = anyTOFromConnObject;
            ArrayList arrayList = new ArrayList();
            Realm find = this.realmDAO.find(userTO.getRealm());
            if (find != null) {
                for (Realm realm : this.realmDAO.findAncestors(find)) {
                    if (realm.getPasswordPolicy() != null) {
                        arrayList.addAll(realm.getPasswordPolicy().getRuleConfs());
                    }
                }
            }
            Iterator it = userTO.getResources().iterator();
            while (it.hasNext()) {
                ExternalResource find2 = this.resourceDAO.find((String) it.next());
                if (find2 != null && find2.getPasswordPolicy() != null) {
                    arrayList.addAll(find2.getPasswordPolicy().getRuleConfs());
                }
            }
            try {
                generateRandomPassword = this.passwordGenerator.generate(arrayList);
            } catch (InvalidPasswordRuleConf e) {
                LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
                generateRandomPassword = SecureRandomUtils.generateRandomPassword(16);
            }
            userTO.setPassword(generateRandomPassword);
        }
        return anyTOFromConnObject;
    }

    @Transactional(readOnly = true)
    public <T extends AnyPatch> T getAnyPatch(Long l, ConnectorObject connectorObject, AnyTO anyTO, SyncTask syncTask, Provision provision, AnyUtils anyUtils) {
        UserTO anyTOFromConnObject = getAnyTOFromConnObject(connectorObject, syncTask, provision, anyUtils);
        anyTOFromConnObject.setKey(l.longValue());
        if (AnyTypeKind.USER == anyUtils.getAnyTypeKind()) {
            User authFind = this.userDAO.authFind(l);
            if (StringUtils.isBlank(anyTOFromConnObject.getPassword()) || ENCRYPTOR.verify(anyTOFromConnObject.getPassword(), authFind.getCipherAlgorithm(), authFind.getPassword())) {
                anyTOFromConnObject.setPassword((String) null);
            }
            return AnyOperations.diff(anyTOFromConnObject, (UserTO) anyTO, true);
        }
        if (AnyTypeKind.GROUP == anyUtils.getAnyTypeKind()) {
            return AnyOperations.diff((GroupTO) anyTOFromConnObject, (GroupTO) anyTO, true);
        }
        if (AnyTypeKind.ANY_OBJECT == anyUtils.getAnyTypeKind()) {
            return AnyOperations.diff((AnyObjectTO) anyTOFromConnObject, (AnyObjectTO) anyTO, true);
        }
        return null;
    }

    private <T extends AnyTO> T getAnyTOFromConnObject(ConnectorObject connectorObject, SyncTask syncTask, Provision provision, AnyUtils anyUtils) {
        T t = (T) anyUtils.newAnyTO();
        t.setType((String) provision.getAnyType().getKey());
        t.setRealm(syncTask.getDestinatioRealm().getFullPath());
        for (MappingItem mappingItem : MappingUtils.getSyncMappingItems(provision)) {
            this.mappingUtils.setIntValues(mappingItem, connectorObject.getAttributeByName(mappingItem.getExtAttrName()), t, anyUtils);
        }
        this.templateUtils.apply(t, syncTask.getTemplate(provision.getAnyType()));
        return t;
    }

    public ConnObjectTO getConnObjectTO(ConnectorObject connectorObject) {
        ConnObjectTO connObjectTO = new ConnObjectTO();
        for (Attribute attribute : connectorObject.getAttributes()) {
            AttrTO attrTO = new AttrTO();
            attrTO.setSchema(attribute.getName());
            if (attribute.getValue() != null) {
                for (Object obj : attribute.getValue()) {
                    if (obj != null) {
                        if ((obj instanceof GuardedString) || (obj instanceof GuardedByteArray)) {
                            attrTO.getValues().add(getPassword(obj));
                        } else if (obj instanceof byte[]) {
                            attrTO.getValues().add(Base64.encode((byte[]) obj));
                        } else {
                            attrTO.getValues().add(obj.toString());
                        }
                    }
                }
            }
            connObjectTO.getPlainAttrs().add(attrTO);
        }
        return connObjectTO;
    }
}
