package org.cloudfoundry.identity.uaa.resources.jdbc;

import com.unboundid.scim.sdk.InvalidResourceException;
import com.unboundid.scim.sdk.SCIMException;
import com.unboundid.scim.sdk.SCIMFilter;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.AbstractClientParametersAuthenticationFilter;
import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants;
import org.cloudfoundry.identity.uaa.resources.AttributeNameMapper;
import org.cloudfoundry.identity.uaa.resources.SimpleAttributeNameMapper;
import org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/resources/jdbc/SimpleSearchQueryConverter.class */
public class SimpleSearchQueryConverter implements SearchQueryConverter {
    public static final List<String> VALID_ATTRIBUTE_NAMES = Collections.unmodifiableList(Arrays.asList("id", "created", "lastmodified", "version", "username", "password", "email", "givenname", "familyname", "name.familyname", "name.givenname", "active", "phonenumber", "verified", "origin", "identity_zone_id", "passwd_lastmodified", "passwd_change_required", "last_logon_success_time", "previous_logon_success_time", "displayname", "scope", "group_id", "member_id", "member_type", "description", "client_id", "authorized_grant_types", "web_server_redirect_uri", OAuth2Utils.REDIRECT_URI, "access_token_validity", "refresh_token_validity", ClientConstants.AUTO_APPROVE, "show_on_home_page", "created_by", ClientConstants.REQUIRED_USER_GROUPS, "user_id", "meta.lastmodified", "meta.created", "meta.location", "meta.resourcetype", "meta.version", "emails.value", "groups.display", "phonenumbers.value", "gm.external_group", "gm.origin", "g.displayname", "g.id"));
    private static Log logger = LogFactory.getLog(SimpleSearchQueryConverter.class);
    private AttributeNameMapper mapper = new SimpleAttributeNameMapper(Collections.emptyMap());
    private boolean dbCaseInsensitive = false;

    public boolean isDbCaseInsensitive() {
        return this.dbCaseInsensitive;
    }

    public void setDbCaseInsensitive(boolean z) {
        this.dbCaseInsensitive = z;
    }

    public void setAttributeNameMapper(AttributeNameMapper attributeNameMapper) {
        this.mapper = attributeNameMapper;
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter
    public SearchQueryConverter.ProcessedFilter convert(String str, String str2, boolean z) {
        return convert(str, str2, z, this.mapper);
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter
    public SearchQueryConverter.ProcessedFilter convert(String str, String str2, boolean z, AttributeNameMapper attributeNameMapper) {
        String generateParameterPrefix = generateParameterPrefix(str);
        HashMap hashMap = new HashMap();
        SearchQueryConverter.ProcessedFilter processedFilter = new SearchQueryConverter.ProcessedFilter(StringUtils.hasText(str) ? getWhereClause(str, str2, z, hashMap, attributeNameMapper, generateParameterPrefix) : null, hashMap, StringUtils.hasText(str2));
        processedFilter.setParamPrefix(generateParameterPrefix);
        return processedFilter;
    }

    protected String generateParameterPrefix(String str) {
        String lowerCase;
        do {
            lowerCase = new RandomValueStringGenerator().generate().toLowerCase();
        } while (str.contains(lowerCase));
        return "__" + lowerCase + "_";
    }

    private String getWhereClause(String str, String str2, boolean z, Map<String, Object> map, AttributeNameMapper attributeNameMapper, String str3) {
        try {
            String createFilter = createFilter(scimFilter(str), map, attributeNameMapper, str3);
            if (str2 != null) {
                createFilter = createFilter + SearchQueryConverter.ProcessedFilter.ORDER_BY + attributeNameMapper.mapToInternal(str2) + (z ? " ASC" : " DESC");
            }
            return createFilter;
        } catch (SCIMException e) {
            logger.debug("Unable to parse " + str, e);
            throw new IllegalArgumentException("Invalid SCIM Filter:" + str + " Message:" + e.getMessage());
        }
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter
    public MultiValueMap<String, Object> getFilterValues(String str, List<String> list) throws IllegalArgumentException {
        try {
            SCIMFilter parse = SCIMFilter.parse(str);
            validateFilterAttributes(parse, list);
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            extractValues(parse, linkedMultiValueMap);
            return linkedMultiValueMap;
        } catch (SCIMException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    protected SCIMFilter scimFilter(String str) throws SCIMException {
        SCIMFilter parse;
        try {
            parse = SCIMFilter.parse(str);
        } catch (SCIMException e) {
            logger.debug("Attempting legacy scim filter conversion for [" + str + "]", e);
            parse = SCIMFilter.parse(str.replaceAll("'", XMLConstants.XML_DOUBLE_QUOTE));
        }
        validateFilterAttributes(parse, VALID_ATTRIBUTE_NAMES);
        return parse;
    }

    private void validateFilterAttributes(SCIMFilter sCIMFilter, List<String> list) throws SCIMException {
        LinkedList linkedList = new LinkedList();
        validateFilterAttributes(sCIMFilter, linkedList, list);
        if (!linkedList.isEmpty()) {
            throw new InvalidResourceException("Invalid filter attributes:" + StringUtils.collectionToCommaDelimitedString(linkedList));
        }
    }

    private void validateFilterAttributes(SCIMFilter sCIMFilter, List<String> list, List<String> list2) {
        if (sCIMFilter.getFilterAttribute() != null && sCIMFilter.getFilterAttribute().getAttributeName() != null) {
            String attributeName = sCIMFilter.getFilterAttribute().getAttributeName();
            if (sCIMFilter.getFilterAttribute().getSubAttributeName() != null) {
                attributeName = attributeName + "." + sCIMFilter.getFilterAttribute().getSubAttributeName();
            }
            if (!list2.contains(attributeName.toLowerCase())) {
                list.add(attributeName);
            }
        }
        Iterator it = ((List) Optional.ofNullable(sCIMFilter.getFilterComponents()).orElse(Collections.emptyList())).iterator();
        while (it.hasNext()) {
            validateFilterAttributes((SCIMFilter) it.next(), list, list2);
        }
    }

    private void extractValues(SCIMFilter sCIMFilter, MultiValueMap<String, Object> multiValueMap) throws SCIMException {
        switch (sCIMFilter.getFilterType()) {
            case AND:
                extractValues(sCIMFilter.getFilterComponents().get(0), multiValueMap);
                extractValues(sCIMFilter.getFilterComponents().get(1), multiValueMap);
                return;
            case OR:
                throw SCIMException.createException(400, "[or] operator is not supported.");
            case EQUALITY:
                multiValueMap.add(sCIMFilter.getFilterAttribute().getAttributeName(), getStringOrDate(sCIMFilter.getFilterValue()));
                return;
            case CONTAINS:
                throw SCIMException.createException(400, "[co] operator is not supported.");
            case STARTS_WITH:
                throw SCIMException.createException(400, "[sw] operator is not supported.");
            case PRESENCE:
                throw SCIMException.createException(400, "[pr] operator is not supported.");
            case GREATER_THAN:
                throw SCIMException.createException(400, "[gt] operator is not supported.");
            case GREATER_OR_EQUAL:
                throw SCIMException.createException(400, "[ge] operator is not supported.");
            case LESS_THAN:
                throw SCIMException.createException(400, "[lt] operator is not supported.");
            case LESS_OR_EQUAL:
                throw SCIMException.createException(400, "[le] operator is not supported.");
            default:
                throw SCIMException.createException(400, "Unknown filter operator:" + sCIMFilter.getFilterType());
        }
    }

    private String createFilter(SCIMFilter sCIMFilter, Map<String, Object> map, AttributeNameMapper attributeNameMapper, String str) {
        switch (sCIMFilter.getFilterType()) {
            case AND:
                return "(" + createFilter(sCIMFilter.getFilterComponents().get(0), map, attributeNameMapper, str) + " AND " + createFilter(sCIMFilter.getFilterComponents().get(1), map, attributeNameMapper, str) + ")";
            case OR:
                return "(" + createFilter(sCIMFilter.getFilterComponents().get(0), map, attributeNameMapper, str) + " OR " + createFilter(sCIMFilter.getFilterComponents().get(1), map, attributeNameMapper, str) + ")";
            case EQUALITY:
                return comparisonClause(sCIMFilter, XMLConstants.XML_EQUAL_SIGN, map, "", "", str);
            case CONTAINS:
                return comparisonClause(sCIMFilter, "LIKE", map, "%", "%", str);
            case STARTS_WITH:
                return comparisonClause(sCIMFilter, "LIKE", map, "", "%", str);
            case PRESENCE:
                return getAttributeName(sCIMFilter, attributeNameMapper) + " IS NOT NULL";
            case GREATER_THAN:
                return comparisonClause(sCIMFilter, XMLConstants.XML_CLOSE_TAG_END, map, "", "", str);
            case GREATER_OR_EQUAL:
                return comparisonClause(sCIMFilter, ">=", map, "", "", str);
            case LESS_THAN:
                return comparisonClause(sCIMFilter, XMLConstants.XML_OPEN_TAG_START, map, "", "", str);
            case LESS_OR_EQUAL:
                return comparisonClause(sCIMFilter, "<=", map, "", "", str);
            default:
                return null;
        }
    }

    protected String comparisonClause(SCIMFilter sCIMFilter, String str, Map<String, Object> map, String str2, String str3, String str4) {
        String paramName = getParamName(map, str4);
        String str5 = ":" + paramName;
        if (sCIMFilter.getFilterValue() == null) {
            return getAttributeName(sCIMFilter, this.mapper) + " IS NULL";
        }
        if (!sCIMFilter.isQuoteFilterValue()) {
            try {
                map.put(paramName, Double.valueOf(Double.parseDouble(sCIMFilter.getFilterValue())));
            } catch (NumberFormatException e) {
                if ("true".equalsIgnoreCase(sCIMFilter.getFilterValue())) {
                    map.put(paramName, Boolean.TRUE);
                } else {
                    if (!"false".equalsIgnoreCase(sCIMFilter.getFilterValue())) {
                        throw new IllegalArgumentException("Invalid non quoted value [" + sCIMFilter.getFilterAttribute() + " : " + sCIMFilter.getFilterValue() + "]");
                    }
                    map.put(paramName, Boolean.FALSE);
                }
            }
            return getAttributeName(sCIMFilter, this.mapper) + " " + str + " " + str5;
        }
        Object stringOrDate = getStringOrDate(sCIMFilter.getFilterValue());
        if (!(stringOrDate instanceof String)) {
            map.put(paramName, stringOrDate);
            return getAttributeName(sCIMFilter, this.mapper) + " " + str + " " + str5;
        }
        String lowerCase = sCIMFilter.getFilterAttribute().getAttributeName().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case 3522646:
                if (lowerCase.equals("salt")) {
                    z = 2;
                    break;
                }
                break;
            case 557813156:
                if (lowerCase.equals(AbstractClientParametersAuthenticationFilter.CLIENT_SECRET)) {
                    z = false;
                    break;
                }
                break;
            case 1216985755:
                if (lowerCase.equals("password")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                stringOrDate = "";
                break;
        }
        map.put(paramName, str2 + stringOrDate + str3);
        return isDbCaseInsensitive() ? "" + getAttributeName(sCIMFilter, this.mapper) + " " + str + " " + str5 + "" : "LOWER(" + getAttributeName(sCIMFilter, this.mapper) + ") " + str + " LOWER(" + str5 + ")";
    }

    protected String getAttributeName(SCIMFilter sCIMFilter, AttributeNameMapper attributeNameMapper) {
        String attributeName = sCIMFilter.getFilterAttribute().getAttributeName();
        String subAttributeName = sCIMFilter.getFilterAttribute().getSubAttributeName();
        if (StringUtils.hasText(subAttributeName)) {
            attributeName = attributeName + "." + subAttributeName;
        }
        return attributeNameMapper.mapToInternal(attributeName).replace("meta.", "");
    }

    protected String getParamName(Map<String, Object> map, String str) {
        return str + map.size();
    }

    protected Object getStringOrDate(String str) {
        try {
            return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(str);
        } catch (ParseException e) {
            return str;
        }
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter
    public String map(String str) {
        return StringUtils.hasText(str) ? this.mapper.mapToInternal(str) : str;
    }
}
