package org.apache.syncope.core.provisioning.java.pushpull;

import org.apache.commons.collections4.IterableUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.syncope.common.lib.patch.AnyPatch;
import org.apache.syncope.common.lib.patch.PasswordPatch;
import org.apache.syncope.common.lib.patch.UserPatch;
import org.apache.syncope.common.lib.to.EntityTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.common.lib.types.ConnConfProperty;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.entity.ConnInstance;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.Connector;
import org.apache.syncope.core.provisioning.api.pushpull.ProvisioningProfile;
import org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport;
import org.identityconnectors.framework.common.objects.SyncDelta;
import org.quartz.JobExecutionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/apache/syncope/core/provisioning/java/pushpull/DBPasswordPullActions.class */
public class DBPasswordPullActions extends DefaultPullActions {
    private static final Logger LOG = LoggerFactory.getLogger(DBPasswordPullActions.class);
    private static final String CLEARTEXT = "CLEARTEXT";

    @Autowired
    private UserDAO userDAO;
    private String encodedPassword;
    private CipherAlgorithm cipher;

    @Override // org.apache.syncope.core.provisioning.java.pushpull.DefaultPullActions
    @Transactional(readOnly = true)
    public void beforeProvision(ProvisioningProfile<?, ?> provisioningProfile, SyncDelta syncDelta, EntityTO entityTO) throws JobExecutionException {
        if (entityTO instanceof UserTO) {
            parseEncodedPassword(((UserTO) entityTO).getPassword(), provisioningProfile.getConnector());
        }
    }

    @Override // org.apache.syncope.core.provisioning.java.pushpull.DefaultPullActions
    @Transactional(readOnly = true)
    public <M extends AnyPatch> void beforeUpdate(ProvisioningProfile<?, ?> provisioningProfile, SyncDelta syncDelta, EntityTO entityTO, M m) throws JobExecutionException {
        if (m instanceof UserPatch) {
            PasswordPatch password = ((UserPatch) m).getPassword();
            parseEncodedPassword(password == null ? null : (String) password.getValue(), provisioningProfile.getConnector());
        }
    }

    private void parseEncodedPassword(String str, Connector connector) {
        if (str != null) {
            String cipherAlgorithm = getCipherAlgorithm(connector.getConnInstance());
            if (CLEARTEXT.equals(cipherAlgorithm)) {
                return;
            }
            try {
                this.encodedPassword = str;
                this.cipher = CipherAlgorithm.valueOf(cipherAlgorithm);
            } catch (IllegalArgumentException e) {
                LOG.error("Cipher algorithm not allowed: {}", cipherAlgorithm, e);
                this.encodedPassword = null;
            }
        }
    }

    private String getCipherAlgorithm(ConnInstance connInstance) {
        ConnConfProperty connConfProperty = (ConnConfProperty) IterableUtils.find(connInstance.getConf(), new Predicate<ConnConfProperty>() { // from class: org.apache.syncope.core.provisioning.java.pushpull.DBPasswordPullActions.1
            public boolean evaluate(ConnConfProperty connConfProperty2) {
                return (!"cipherAlgorithm".equals(connConfProperty2.getSchema().getName()) || connConfProperty2.getValues() == null || connConfProperty2.getValues().isEmpty()) ? false : true;
            }
        });
        return connConfProperty == null ? CLEARTEXT : (String) connConfProperty.getValues().get(0);
    }

    @Override // org.apache.syncope.core.provisioning.java.pushpull.DefaultPullActions
    @Transactional
    public void after(ProvisioningProfile<?, ?> provisioningProfile, SyncDelta syncDelta, EntityTO entityTO, ProvisioningReport provisioningReport) throws JobExecutionException {
        if (!(entityTO instanceof UserTO) || this.encodedPassword == null || this.cipher == null) {
            return;
        }
        User find = this.userDAO.find(entityTO.getKey());
        if (find != null) {
            find.setEncodedPassword(this.encodedPassword.toUpperCase(), this.cipher);
        }
        this.encodedPassword = null;
        this.cipher = null;
    }
}
