package org.apache.syncope.core.provisioning.java.utils;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.AnyOperations;
import org.apache.syncope.common.lib.patch.AnyPatch;
import org.apache.syncope.common.lib.patch.UserPatch;
import org.apache.syncope.common.lib.to.AnyObjectTO;
import org.apache.syncope.common.lib.to.AnyTO;
import org.apache.syncope.common.lib.to.AttrTO;
import org.apache.syncope.common.lib.to.ConnObjectTO;
import org.apache.syncope.common.lib.to.GroupTO;
import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO;
import org.apache.syncope.core.persistence.api.dao.RealmDAO;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.entity.AnyTemplate;
import org.apache.syncope.core.persistence.api.entity.AnyUtils;
import org.apache.syncope.core.persistence.api.entity.Realm;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
import org.apache.syncope.core.persistence.api.entity.resource.Item;
import org.apache.syncope.core.persistence.api.entity.resource.OrgUnit;
import org.apache.syncope.core.persistence.api.entity.resource.Provision;
import org.apache.syncope.core.persistence.api.entity.task.PullTask;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.MappingManager;
import org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf;
import org.apache.syncope.core.spring.security.Encryptor;
import org.apache.syncope.core.spring.security.PasswordGenerator;
import org.apache.syncope.core.spring.security.SecureRandomUtils;
import org.identityconnectors.common.Base64;
import org.identityconnectors.common.security.GuardedByteArray;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.common.security.SecurityUtil;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:org/apache/syncope/core/provisioning/java/utils/ConnObjectUtils.class */
public class ConnObjectUtils {
    private static final Logger LOG = LoggerFactory.getLogger(ConnObjectUtils.class);
    private static final Encryptor ENCRYPTOR = Encryptor.getInstance();

    @Autowired
    private TemplateUtils templateUtils;

    @Autowired
    private RealmDAO realmDAO;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private ExternalResourceDAO resourceDAO;

    @Autowired
    private PasswordGenerator passwordGenerator;

    @Autowired
    private MappingManager mappingManager;

    /* renamed from: org.apache.syncope.core.provisioning.java.utils.ConnObjectUtils$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/syncope/core/provisioning/java/utils/ConnObjectUtils$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$syncope$common$lib$types$AnyTypeKind = new int[AnyTypeKind.values().length];

        static {
            try {
                $SwitchMap$org$apache$syncope$common$lib$types$AnyTypeKind[AnyTypeKind.USER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$syncope$common$lib$types$AnyTypeKind[AnyTypeKind.GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$syncope$common$lib$types$AnyTypeKind[AnyTypeKind.ANY_OBJECT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public static String getPassword(Object obj) {
        StringBuilder sb = new StringBuilder();
        if (obj instanceof GuardedString) {
            sb.append(SecurityUtil.decrypt((GuardedString) obj));
        } else if (obj instanceof GuardedByteArray) {
            sb.append(SecurityUtil.decrypt((GuardedByteArray) obj));
        } else if (obj instanceof String) {
            sb.append((String) obj);
        } else {
            sb.append(obj.toString());
        }
        return sb.toString();
    }

    public static ConnObjectTO getConnObjectTO(ConnectorObject connectorObject) {
        return connectorObject == null ? new ConnObjectTO() : getConnObjectTO((Set<Attribute>) connectorObject.getAttributes());
    }

    public static ConnObjectTO getConnObjectTO(Set<Attribute> set) {
        ConnObjectTO connObjectTO = new ConnObjectTO();
        if (set != null) {
            for (Attribute attribute : set) {
                AttrTO attrTO = new AttrTO();
                attrTO.setSchema(attribute.getName());
                if (attribute.getValue() != null) {
                    for (Object obj : attribute.getValue()) {
                        if (obj != null) {
                            if ((obj instanceof GuardedString) || (obj instanceof GuardedByteArray)) {
                                attrTO.getValues().add(getPassword(obj));
                            } else if (obj instanceof byte[]) {
                                attrTO.getValues().add(Base64.encode((byte[]) obj));
                            } else {
                                attrTO.getValues().add(obj.toString());
                            }
                        }
                    }
                }
                connObjectTO.getAttrs().add(attrTO);
            }
        }
        return connObjectTO;
    }

    @Transactional(readOnly = true)
    public <T extends AnyTO> T getAnyTO(ConnectorObject connectorObject, PullTask pullTask, Provision provision, AnyUtils anyUtils) {
        String generateRandomPassword;
        UserTO anyTOFromConnObject = getAnyTOFromConnObject(connectorObject, pullTask, provision, anyUtils);
        if ((anyTOFromConnObject instanceof UserTO) && StringUtils.isBlank(anyTOFromConnObject.getPassword()) && provision.getResource().isRandomPwdIfNotProvided()) {
            UserTO userTO = anyTOFromConnObject;
            ArrayList arrayList = new ArrayList();
            Realm findByFullPath = this.realmDAO.findByFullPath(userTO.getRealm());
            if (findByFullPath != null) {
                for (Realm realm : this.realmDAO.findAncestors(findByFullPath)) {
                    if (realm.getPasswordPolicy() != null) {
                        arrayList.addAll(realm.getPasswordPolicy().getRuleConfs());
                    }
                }
            }
            Iterator it = userTO.getResources().iterator();
            while (it.hasNext()) {
                ExternalResource find = this.resourceDAO.find((String) it.next());
                if (find != null && find.getPasswordPolicy() != null) {
                    arrayList.addAll(find.getPasswordPolicy().getRuleConfs());
                }
            }
            try {
                generateRandomPassword = this.passwordGenerator.generate(arrayList);
            } catch (InvalidPasswordRuleConf e) {
                LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
                generateRandomPassword = SecureRandomUtils.generateRandomPassword(16);
            }
            userTO.setPassword(generateRandomPassword);
        }
        return anyTOFromConnObject;
    }

    public RealmTO getRealmTO(ConnectorObject connectorObject, PullTask pullTask, OrgUnit orgUnit) {
        RealmTO realmTO = new RealmTO();
        for (Item item : MappingUtils.getPullItems(orgUnit.getItems())) {
            this.mappingManager.setIntValues(item, connectorObject.getAttributeByName(item.getExtAttrName()), realmTO);
        }
        return realmTO;
    }

    @Transactional(readOnly = true)
    public <T extends AnyPatch> T getAnyPatch(String str, ConnectorObject connectorObject, AnyTO anyTO, PullTask pullTask, Provision provision, AnyUtils anyUtils) {
        UserTO anyTOFromConnObject = getAnyTOFromConnObject(connectorObject, pullTask, provision, anyUtils);
        anyTOFromConnObject.setKey(str);
        UserPatch userPatch = null;
        if (null != anyUtils.anyTypeKind()) {
            switch (AnonymousClass1.$SwitchMap$org$apache$syncope$common$lib$types$AnyTypeKind[anyUtils.anyTypeKind().ordinal()]) {
                case 1:
                    UserTO userTO = (UserTO) anyTO;
                    UserTO userTO2 = anyTOFromConnObject;
                    if (StringUtils.isBlank(userTO2.getUsername())) {
                        userTO2.setUsername(userTO.getUsername());
                    }
                    User authFind = this.userDAO.authFind(str);
                    if (StringUtils.isBlank(userTO2.getPassword()) || ENCRYPTOR.verify(userTO2.getPassword(), authFind.getCipherAlgorithm(), authFind.getPassword())) {
                        userTO2.setPassword((String) null);
                    }
                    userTO2.setSecurityQuestion(userTO2.getSecurityQuestion());
                    userTO2.setMustChangePassword(userTO.isMustChangePassword());
                    userPatch = AnyOperations.diff(userTO2, userTO, true);
                    break;
                case 2:
                    GroupTO groupTO = (GroupTO) anyTO;
                    GroupTO groupTO2 = (GroupTO) anyTOFromConnObject;
                    if (StringUtils.isBlank(groupTO2.getName())) {
                        groupTO2.setName(groupTO.getName());
                    }
                    groupTO2.setUserOwner(groupTO.getUserOwner());
                    groupTO2.setGroupOwner(groupTO.getGroupOwner());
                    groupTO2.setUDynMembershipCond(groupTO.getUDynMembershipCond());
                    groupTO2.getADynMembershipConds().putAll(groupTO.getADynMembershipConds());
                    groupTO2.getTypeExtensions().addAll(groupTO.getTypeExtensions());
                    userPatch = AnyOperations.diff(groupTO2, groupTO, true);
                    break;
                case 3:
                    AnyObjectTO anyObjectTO = (AnyObjectTO) anyTO;
                    AnyObjectTO anyObjectTO2 = (AnyObjectTO) anyTOFromConnObject;
                    if (StringUtils.isBlank(anyObjectTO2.getName())) {
                        anyObjectTO2.setName(anyObjectTO.getName());
                    }
                    userPatch = AnyOperations.diff(anyObjectTO2, anyObjectTO, true);
                    break;
            }
        }
        if (userPatch != null) {
            AnyOperations.cleanEmptyAttrs(anyTOFromConnObject, userPatch);
        }
        return userPatch;
    }

    private <T extends AnyTO> T getAnyTOFromConnObject(ConnectorObject connectorObject, PullTask pullTask, Provision provision, AnyUtils anyUtils) {
        T t = (T) anyUtils.newAnyTO();
        t.setType(provision.getAnyType().getKey());
        t.setRealm(pullTask.getDestinatioRealm().getFullPath());
        for (Item item : MappingUtils.getPullItems(provision.getMapping().getItems())) {
            this.mappingManager.setIntValues(item, connectorObject.getAttributeByName(item.getExtAttrName()), t);
        }
        this.templateUtils.apply((TemplateUtils) t, (AnyTemplate) pullTask.getTemplate(provision.getAnyType()));
        return t;
    }
}
