package org.apache.syncope.core.provisioning.java.propagation;

import java.util.HashSet;
import org.apache.commons.collections4.IterableUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.common.lib.types.ConnConfProperty;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.entity.ConnInstance;
import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/apache/syncope/core/provisioning/java/propagation/LDAPPasswordPropagationActions.class */
public class LDAPPasswordPropagationActions extends DefaultPropagationActions {
    private static final String CLEARTEXT = "CLEARTEXT";

    @Autowired
    private UserDAO userDAO;

    @Override // org.apache.syncope.core.provisioning.java.propagation.DefaultPropagationActions
    @Transactional(readOnly = true)
    public void before(PropagationTask propagationTask, ConnectorObject connectorObject) {
        User find;
        super.before(propagationTask, connectorObject);
        if (AnyTypeKind.USER != propagationTask.getAnyTypeKind() || (find = this.userDAO.find(propagationTask.getAnyKey())) == null || find.getPassword() == null) {
            return;
        }
        Attribute find2 = AttributeUtil.find("__MANDATORY_MISSING__", propagationTask.getAttributes());
        ConnInstance connector = propagationTask.getResource().getConnector();
        String cipherAlgorithm = getCipherAlgorithm(connector);
        if (find2 != null && find2.getValue() != null && find2.getValue().size() == 1 && find2.getValue().get(0).equals(OperationalAttributes.PASSWORD_NAME) && cipherAlgorithmMatches(getCipherAlgorithm(connector), find.getCipherAlgorithm())) {
            Attribute buildPassword = AttributeBuilder.buildPassword(new GuardedString(("{" + cipherAlgorithm.toLowerCase() + "}" + new String(Base64.encode(Hex.decode(find.getPassword().toLowerCase())))).toCharArray()));
            HashSet hashSet = new HashSet(propagationTask.getAttributes());
            hashSet.add(buildPassword);
            hashSet.remove(find2);
            propagationTask.setAttributes(hashSet);
        }
    }

    private String getCipherAlgorithm(ConnInstance connInstance) {
        ConnConfProperty connConfProperty = (ConnConfProperty) IterableUtils.find(connInstance.getConf(), new Predicate<ConnConfProperty>() { // from class: org.apache.syncope.core.provisioning.java.propagation.LDAPPasswordPropagationActions.1
            public boolean evaluate(ConnConfProperty connConfProperty2) {
                return (!"passwordHashAlgorithm".equals(connConfProperty2.getSchema().getName()) || connConfProperty2.getValues() == null || connConfProperty2.getValues().isEmpty()) ? false : true;
            }
        });
        return connConfProperty == null ? CLEARTEXT : (String) connConfProperty.getValues().get(0);
    }

    private boolean cipherAlgorithmMatches(String str, CipherAlgorithm cipherAlgorithm) {
        if (cipherAlgorithm == null) {
            return false;
        }
        if (str.equals(cipherAlgorithm.name())) {
            return true;
        }
        return "SHA".equals(str) && "SHA1".equals(cipherAlgorithm.name());
    }
}
