package org.wso2.carbon.identity.api.server.idp.v1.impl;

import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.identity.api.server.common.ContextLoader;
import org.wso2.carbon.identity.api.server.common.Util;
import org.wso2.carbon.identity.api.server.idp.common.Constants;
import org.wso2.carbon.identity.api.server.idp.common.IdentityProviderServiceHolder;
import org.wso2.carbon.identity.api.server.idp.v1.model.AuthenticationType;
import org.wso2.carbon.identity.api.server.idp.v1.model.Endpoint;
import org.wso2.carbon.identity.api.server.idp.v1.model.FederatedAuthenticator;
import org.wso2.carbon.identity.api.server.idp.v1.model.FederatedAuthenticatorListItem;
import org.wso2.carbon.identity.api.server.idp.v1.model.FederatedAuthenticatorPUTRequest;
import org.wso2.carbon.identity.api.server.idp.v1.model.Property;
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.UserDefinedAuthenticatorEndpointConfig;
import org.wso2.carbon.identity.application.common.model.UserDefinedFederatedAuthenticatorConfig;
import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementClientException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementServerException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.idp.v1-1.3.15.jar:org/wso2/carbon/identity/api/server/idp/v1/impl/FederatedAuthenticatorConfigBuilderFactory.class */
public class FederatedAuthenticatorConfigBuilderFactory {
    private static Function<Property, org.wso2.carbon.identity.application.common.model.Property> propertyToInternal = property -> {
        org.wso2.carbon.identity.application.common.model.Property property = new org.wso2.carbon.identity.application.common.model.Property();
        property.setName(property.getKey());
        property.setValue(property.getValue());
        if (StringUtils.equals(Constants.GOOGLE_PRIVATE_KEY, property.getKey())) {
            property.setType("BLOB");
        }
        return property;
    };
    private static Function<org.wso2.carbon.identity.application.common.model.Property, Property> propertyToExternal = property -> {
        Property property = new Property();
        property.setKey(property.getName());
        property.setValue(property.getValue());
        return property;
    };

    /* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.idp.v1-1.3.15.jar:org/wso2/carbon/identity/api/server/idp/v1/impl/FederatedAuthenticatorConfigBuilderFactory$Config.class */
    public static class Config {
        private final AuthenticatorPropertyConstants.DefinedByType definedByType;
        private final String authenticatorName;
        private final String displayName;
        private final Endpoint endpoint;
        private final List<org.wso2.carbon.identity.application.common.model.Property> properties;
        private final Boolean isEnabled;

        public Config(String str, String str2, Endpoint endpoint, List<org.wso2.carbon.identity.application.common.model.Property> list, Boolean bool, AuthenticatorPropertyConstants.DefinedByType definedByType) {
            this.authenticatorName = str;
            this.displayName = str2;
            this.endpoint = endpoint;
            this.properties = list;
            this.isEnabled = bool;
            this.definedByType = definedByType;
        }
    }

    public static FederatedAuthenticatorConfig build(FederatedAuthenticatorPUTRequest federatedAuthenticatorPUTRequest, String str, AuthenticatorPropertyConstants.DefinedByType definedByType) throws IdentityProviderManagementClientException {
        List list = (List) Optional.ofNullable(federatedAuthenticatorPUTRequest.getProperties()).map(list2 -> {
            return (List) list2.stream().map(propertyToInternal).collect(Collectors.toList());
        }).orElse(null);
        validateAuthPropForFederatedAuthenticatorPUTRequest(str, list);
        return createFederatedAuthenticatorConfig(new Config(str, getDisplayNameOfAuthenticator(str), federatedAuthenticatorPUTRequest.getEndpoint(), list, federatedAuthenticatorPUTRequest.getIsEnabled(), definedByType));
    }

    public static FederatedAuthenticatorConfig build(FederatedAuthenticator federatedAuthenticator, String str, AuthenticatorPropertyConstants.DefinedByType definedByType) throws IdentityProviderManagementClientException {
        List list = (List) Optional.ofNullable(federatedAuthenticator.getProperties()).map(list2 -> {
            return (List) list2.stream().map(propertyToInternal).collect(Collectors.toList());
        }).orElse(null);
        validateAuthPropForFederatedAuthenticator(str, list);
        return createFederatedAuthenticatorConfig(new Config(str, getDisplayNameOfAuthenticator(str), federatedAuthenticator.getEndpoint(), list, federatedAuthenticator.getIsEnabled(), definedByType));
    }

    public static FederatedAuthenticator build(FederatedAuthenticatorConfig federatedAuthenticatorConfig) throws IdentityProviderManagementServerException {
        FederatedAuthenticator federatedAuthenticator = new FederatedAuthenticator();
        federatedAuthenticator.setName(federatedAuthenticatorConfig.getName());
        federatedAuthenticator.setIsEnabled(Boolean.valueOf(federatedAuthenticatorConfig.isEnabled()));
        String[] resolveAuthenticatorTags = resolveAuthenticatorTags(federatedAuthenticatorConfig);
        if (ArrayUtils.isNotEmpty(resolveAuthenticatorTags)) {
            federatedAuthenticator.setTags(Arrays.asList(resolveAuthenticatorTags));
        }
        if (AuthenticatorPropertyConstants.DefinedByType.SYSTEM == federatedAuthenticatorConfig.getDefinedByType()) {
            federatedAuthenticator.setDefinedBy(FederatedAuthenticator.DefinedByEnum.SYSTEM);
            federatedAuthenticator.setProperties((List) Arrays.stream(federatedAuthenticatorConfig.getProperties()).map(propertyToExternal).collect(Collectors.toList()));
        } else {
            federatedAuthenticator.setDefinedBy(FederatedAuthenticator.DefinedByEnum.USER);
            resolveEndpointConfiguration(federatedAuthenticator, federatedAuthenticatorConfig);
        }
        return federatedAuthenticator;
    }

    public static List<FederatedAuthenticatorListItem> build(FederatedAuthenticatorConfig[] federatedAuthenticatorConfigArr, String str) {
        ArrayList arrayList = new ArrayList();
        for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : federatedAuthenticatorConfigArr) {
            FederatedAuthenticatorListItem federatedAuthenticatorListItem = new FederatedAuthenticatorListItem();
            federatedAuthenticatorListItem.setAuthenticatorId(Util.base64URLEncode(federatedAuthenticatorConfig.getName()));
            federatedAuthenticatorListItem.setName(federatedAuthenticatorConfig.getName());
            federatedAuthenticatorListItem.setIsEnabled(Boolean.valueOf(federatedAuthenticatorConfig.isEnabled()));
            federatedAuthenticatorListItem.definedBy(FederatedAuthenticatorListItem.DefinedByEnum.valueOf(federatedAuthenticatorConfig.getDefinedByType().toString()));
            String[] resolveAuthenticatorTags = resolveAuthenticatorTags(federatedAuthenticatorConfig);
            if (ArrayUtils.isNotEmpty(resolveAuthenticatorTags)) {
                federatedAuthenticatorListItem.setTags(Arrays.asList(resolveAuthenticatorTags));
            }
            federatedAuthenticatorListItem.setSelf(ContextLoader.buildURIForBody(String.format("/v1/identity-providers/%s/federated-authenticators/%s", str, Util.base64URLEncode(federatedAuthenticatorConfig.getName()))).toString());
            arrayList.add(federatedAuthenticatorListItem);
        }
        return arrayList;
    }

    private static FederatedAuthenticatorConfig createFederatedAuthenticatorConfig(Config config) throws IdentityProviderManagementClientException {
        FederatedAuthenticatorConfig createSystemDefinedFederatedAuthenticator = AuthenticatorPropertyConstants.DefinedByType.SYSTEM == config.definedByType ? createSystemDefinedFederatedAuthenticator(config) : createUserDefinedFederatedAuthenticator(config);
        createSystemDefinedFederatedAuthenticator.setName(config.authenticatorName);
        createSystemDefinedFederatedAuthenticator.setDisplayName(config.displayName);
        createSystemDefinedFederatedAuthenticator.setEnabled(config.isEnabled.booleanValue());
        return createSystemDefinedFederatedAuthenticator;
    }

    private static FederatedAuthenticatorConfig createSystemDefinedFederatedAuthenticator(Config config) throws IdentityProviderManagementClientException {
        validateSystemDefinedFederatedAuthenticatorModel(config);
        FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
        federatedAuthenticatorConfig.setDefinedByType(AuthenticatorPropertyConstants.DefinedByType.SYSTEM);
        federatedAuthenticatorConfig.setProperties((org.wso2.carbon.identity.application.common.model.Property[]) config.properties.toArray(new org.wso2.carbon.identity.application.common.model.Property[0]));
        return federatedAuthenticatorConfig;
    }

    private static void validateSystemDefinedFederatedAuthenticatorModel(Config config) throws IdentityProviderManagementClientException {
        if (config.endpoint != null) {
            Constants.ErrorMessage errorMessage = Constants.ErrorMessage.ERROR_CODE_ENDPOINT_PROVIDED_FOR_SYSTEM_AUTH;
            throw new IdentityProviderManagementClientException(errorMessage.getCode(), errorMessage.getMessage(), String.format(errorMessage.getDescription(), config.authenticatorName));
        }
    }

    private static UserDefinedFederatedAuthenticatorConfig createUserDefinedFederatedAuthenticator(Config config) throws IdentityProviderManagementClientException {
        validateUserDefinedFederatedAuthenticatorModel(config);
        try {
            UserDefinedFederatedAuthenticatorConfig userDefinedFederatedAuthenticatorConfig = new UserDefinedFederatedAuthenticatorConfig();
            UserDefinedAuthenticatorEndpointConfig.UserDefinedAuthenticatorEndpointConfigBuilder userDefinedAuthenticatorEndpointConfigBuilder = new UserDefinedAuthenticatorEndpointConfig.UserDefinedAuthenticatorEndpointConfigBuilder();
            userDefinedAuthenticatorEndpointConfigBuilder.uri(config.endpoint.getUri());
            userDefinedAuthenticatorEndpointConfigBuilder.authenticationType(config.endpoint.getAuthentication().getType().toString());
            userDefinedAuthenticatorEndpointConfigBuilder.authenticationProperties((Map) config.endpoint.getAuthentication().getProperties().entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return entry.getValue().toString();
            })));
            userDefinedFederatedAuthenticatorConfig.setEndpointConfig(userDefinedAuthenticatorEndpointConfigBuilder.build());
            return userDefinedFederatedAuthenticatorConfig;
        } catch (IllegalArgumentException | NoSuchElementException e) {
            throw new IdentityProviderManagementClientException(Constants.ErrorMessage.ERROR_CODE_INVALID_INPUT.getCode(), Constants.ErrorMessage.ERROR_CODE_INVALID_INPUT.getMessage(), e.getMessage());
        }
    }

    private static void validateUserDefinedFederatedAuthenticatorModel(Config config) throws IdentityProviderManagementClientException {
        if (config.properties != null) {
            Constants.ErrorMessage errorMessage = Constants.ErrorMessage.ERROR_CODE_PROPERTIES_PROVIDED_FOR_USER_AUTH;
            throw new IdentityProviderManagementClientException(errorMessage.getCode(), errorMessage.getMessage(), String.format(errorMessage.getDescription(), config.authenticatorName));
        }
        if (config.endpoint == null) {
            Constants.ErrorMessage errorMessage2 = Constants.ErrorMessage.ERROR_CODE_NO_ENDPOINT_PROVIDED;
            throw new IdentityProviderManagementClientException(errorMessage2.getCode(), errorMessage2.getMessage(), String.format(errorMessage2.getDescription(), config.authenticatorName));
        }
    }

    private static void validateAuthPropForFederatedAuthenticator(String str, List<org.wso2.carbon.identity.application.common.model.Property> list) throws IdentityProviderManagementClientException {
        if (list == null) {
            return;
        }
        if ("SAMLSSOAuthenticator".equals(str)) {
            validateSamlMetadata(list);
        }
        if (areAllDistinct(list)) {
            return;
        }
        Constants.ErrorMessage errorMessage = Constants.ErrorMessage.ERROR_CODE_INVALID_INPUT;
        throw new IdentityProviderManagementClientException(errorMessage.getCode(), errorMessage.getMessage(), String.format(errorMessage.getDescription(), " Duplicate properties are found in the request."));
    }

    private static void validateAuthPropForFederatedAuthenticatorPUTRequest(String str, List<org.wso2.carbon.identity.application.common.model.Property> list) throws IdentityProviderManagementClientException {
        if (list == null) {
            return;
        }
        if ("SAMLSSOAuthenticator".equals(str)) {
            validateSamlMetadata(list);
        }
        if ("OpenIDConnectAuthenticator".equals(str)) {
            validateDuplicateOpenIDConnectScopes(list);
            validateDefaultOpenIDConnectScopes(list);
        }
    }

    private static void validateSamlMetadata(List<org.wso2.carbon.identity.application.common.model.Property> list) throws IdentityProviderManagementClientException {
        if (list != null) {
            for (org.wso2.carbon.identity.application.common.model.Property property : list) {
                if (Constants.SELECT_MODE.equals(property.getName()) && Constants.SELECT_MODE_METADATA.equals(property.getValue())) {
                    boolean z = false;
                    String str = null;
                    int i = -1;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= list.size()) {
                            break;
                        }
                        if (Constants.META_DATA_SAML.equals(list.get(i2).getName()) && StringUtils.isNotBlank(list.get(i2).getValue())) {
                            z = true;
                            str = list.get(i2).getValue();
                            i = i2;
                            break;
                        }
                        i2++;
                    }
                    if (!z) {
                        Constants.ErrorMessage errorMessage = Constants.ErrorMessage.ERROR_CODE_INVALID_SAML_METADATA;
                        throw new IdentityProviderManagementClientException(errorMessage.getCode(), errorMessage.getMessage(), errorMessage.getDescription());
                    }
                    String str2 = new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8);
                    org.wso2.carbon.identity.application.common.model.Property property2 = list.get(i);
                    property2.setValue(str2);
                    list.set(i, property2);
                }
            }
        }
    }

    private static void validateDuplicateOpenIDConnectScopes(List<org.wso2.carbon.identity.application.common.model.Property> list) throws IdentityProviderManagementClientException {
        if (list != null) {
            boolean z = false;
            boolean z2 = false;
            for (org.wso2.carbon.identity.application.common.model.Property property : list) {
                if ("Scopes".equals(property.getName()) && StringUtils.isNotBlank(property.getValue())) {
                    z = true;
                }
                if ("commonAuthQueryParams".equals(property.getName()) && property.getValue().contains("scope=")) {
                    z2 = true;
                }
            }
            if (z && z2) {
                Constants.ErrorMessage errorMessage = Constants.ErrorMessage.ERROR_CODE_DUPLICATE_OIDC_SCOPES;
                throw new IdentityProviderManagementClientException(errorMessage.getCode(), errorMessage.getMessage(), errorMessage.getDescription());
            }
        }
    }

    private static void validateDefaultOpenIDConnectScopes(List<org.wso2.carbon.identity.application.common.model.Property> list) throws IdentityProviderManagementClientException {
        if (list != null) {
            for (org.wso2.carbon.identity.application.common.model.Property property : list) {
                if ("Scopes".equals(property.getName())) {
                    String value = property.getValue();
                    if (StringUtils.isNotBlank(value) && !value.contains("openid")) {
                        Constants.ErrorMessage errorMessage = Constants.ErrorMessage.ERROR_CODE_INVALID_OIDC_SCOPES;
                        throw new IdentityProviderManagementClientException(errorMessage.getCode(), errorMessage.getMessage(), errorMessage.getDescription());
                    }
                }
            }
        }
    }

    static boolean areAllDistinct(List<org.wso2.carbon.identity.application.common.model.Property> list) {
        return list.stream().map((v0) -> {
            return v0.getName();
        }).distinct().count() == ((long) list.size());
    }

    private static String getDisplayNameOfAuthenticator(String str) throws IdentityProviderManagementClientException {
        try {
            for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : IdentityProviderServiceHolder.getIdentityProviderManager().getAllFederatedAuthenticators()) {
                if (StringUtils.equals(federatedAuthenticatorConfig.getName(), str)) {
                    return federatedAuthenticatorConfig.getDisplayName();
                }
            }
            return null;
        } catch (IdentityProviderManagementException e) {
            Constants.ErrorMessage errorMessage = Constants.ErrorMessage.ERROR_CODE_ERROR_ADDING_IDP;
            throw new IdentityProviderManagementClientException(errorMessage.getCode(), errorMessage.getMessage(), errorMessage.getDescription());
        }
    }

    private static void resolveEndpointConfiguration(FederatedAuthenticator federatedAuthenticator, FederatedAuthenticatorConfig federatedAuthenticatorConfig) throws IdentityProviderManagementServerException {
        try {
            UserDefinedAuthenticatorEndpointConfig endpointConfig = ((UserDefinedFederatedAuthenticatorConfig) federatedAuthenticatorConfig).getEndpointConfig();
            AuthenticationType authenticationType = new AuthenticationType();
            authenticationType.setType(AuthenticationType.TypeEnum.fromValue(endpointConfig.getEndpointConfig().getAuthentication().getType().toString()));
            authenticationType.setProperties(null);
            Endpoint endpoint = new Endpoint();
            endpoint.setUri(endpointConfig.getEndpointConfig().getUri());
            endpoint.setAuthentication(authenticationType);
            federatedAuthenticator.setEndpoint(endpoint);
        } catch (ClassCastException e) {
            throw new IdentityProviderManagementServerException(String.format("Error occurred while resolving endpoint configuration of the authenticator %s.", federatedAuthenticator.getName()), e);
        }
    }

    private static String[] resolveAuthenticatorTags(FederatedAuthenticatorConfig federatedAuthenticatorConfig) {
        if (AuthenticatorPropertyConstants.DefinedByType.USER == federatedAuthenticatorConfig.getDefinedByType()) {
            return federatedAuthenticatorConfig.getTags();
        }
        FederatedAuthenticatorConfig federatedAuthenticatorByName = ApplicationAuthenticatorService.getInstance().getFederatedAuthenticatorByName(federatedAuthenticatorConfig.getName());
        return federatedAuthenticatorByName != null ? federatedAuthenticatorByName.getTags() : new String[0];
    }
}
