package org.wso2.carbon.identity.provisioning.connector.scim;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.provisioning.AbstractOutboundProvisioningConnector;
import org.wso2.carbon.identity.provisioning.IdentityProvisioningException;
import org.wso2.carbon.identity.provisioning.ProvisionedIdentifier;
import org.wso2.carbon.identity.provisioning.ProvisioningEntity;
import org.wso2.carbon.identity.provisioning.ProvisioningEntityType;
import org.wso2.carbon.identity.provisioning.ProvisioningOperation;
import org.wso2.carbon.identity.provisioning.ProvisioningUtil;
import org.wso2.carbon.identity.scim.common.impl.ProvisioningClient;
import org.wso2.carbon.identity.scim.common.utils.AttributeMapper;
import org.wso2.charon.core.config.SCIMProvider;
import org.wso2.charon.core.exceptions.CharonException;
import org.wso2.charon.core.objects.Group;
import org.wso2.charon.core.objects.User;

/* loaded from: input_file:org/wso2/carbon/identity/provisioning/connector/scim/SCIMProvisioningConnector.class */
public class SCIMProvisioningConnector extends AbstractOutboundProvisioningConnector {
    private static final long serialVersionUID = -2800777564581005554L;
    private static Log log = LogFactory.getLog(SCIMProvisioningConnector.class);
    private SCIMProvider scimProvider;
    private String userStoreDomainName;

    public void init(Property[] propertyArr) throws IdentityProvisioningException {
        this.scimProvider = new SCIMProvider();
        if (propertyArr == null || propertyArr.length <= 0) {
            return;
        }
        for (Property property : propertyArr) {
            if (SCIMProvisioningConnectorConstants.SCIM_USER_EP.equals(property.getName())) {
                populateSCIMProvider(property, "userEndpoint");
            } else if (SCIMProvisioningConnectorConstants.SCIM_GROUP_EP.equals(property.getName())) {
                populateSCIMProvider(property, "groupEndpoint");
            } else if (SCIMProvisioningConnectorConstants.SCIM_USERNAME.equals(property.getName())) {
                populateSCIMProvider(property, "userName");
            } else if (SCIMProvisioningConnectorConstants.SCIM_PASSWORD.equals(property.getName())) {
                populateSCIMProvider(property, "password");
            } else if (SCIMProvisioningConnectorConstants.SCIM_USERSTORE_DOMAIN.equals(property.getName())) {
                this.userStoreDomainName = property.getValue() != null ? property.getValue() : property.getDefaultValue();
            } else if (SCIMProvisioningConnectorConstants.SCIM_ENABLE_PASSWORD_PROVISIONING.equals(property.getName())) {
                populateSCIMProvider(property, SCIMProvisioningConnectorConstants.SCIM_ENABLE_PASSWORD_PROVISIONING);
            } else if (SCIMProvisioningConnectorConstants.SCIM_DEFAULT_PASSWORD.equals(property.getName())) {
                populateSCIMProvider(property, SCIMProvisioningConnectorConstants.SCIM_DEFAULT_PASSWORD);
            }
            if ("jitProvisioningEnabled".equals(property.getName()) && "1".equals(property.getValue())) {
                this.jitProvisioningEnabled = true;
            }
        }
    }

    public ProvisionedIdentifier provision(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        if (provisioningEntity == null) {
            return null;
        }
        if (provisioningEntity.isJitProvisioning() && !isJitProvisioningEnabled()) {
            log.debug("JIT provisioning disabled for SCIM connector");
            return null;
        }
        if (provisioningEntity.getEntityType() == ProvisioningEntityType.USER) {
            if (provisioningEntity.getOperation() == ProvisioningOperation.DELETE) {
                deleteUser(provisioningEntity);
                return null;
            }
            if (provisioningEntity.getOperation() == ProvisioningOperation.POST) {
                createUser(provisioningEntity);
                return null;
            }
            if (provisioningEntity.getOperation() == ProvisioningOperation.PUT) {
                updateUser(provisioningEntity, ProvisioningOperation.PUT);
                return null;
            }
            if (provisioningEntity.getOperation() == ProvisioningOperation.PATCH) {
                updateUser(provisioningEntity, ProvisioningOperation.PATCH);
                return null;
            }
            log.warn("Unsupported provisioning opertaion.");
            return null;
        }
        if (provisioningEntity.getEntityType() != ProvisioningEntityType.GROUP) {
            log.warn("Unsupported provisioning entity.");
            return null;
        }
        if (provisioningEntity.getOperation() == ProvisioningOperation.DELETE) {
            deleteGroup(provisioningEntity);
            return null;
        }
        if (provisioningEntity.getOperation() == ProvisioningOperation.POST) {
            createGroup(provisioningEntity);
            return null;
        }
        if (provisioningEntity.getOperation() == ProvisioningOperation.PUT) {
            updateGroup(provisioningEntity);
            return null;
        }
        if (provisioningEntity.getOperation() == ProvisioningOperation.PATCH) {
            updateGroup(provisioningEntity);
            return null;
        }
        log.warn("Unsupported provisioning operation.");
        return null;
    }

    private void updateUser(ProvisioningEntity provisioningEntity, ProvisioningOperation provisioningOperation) throws IdentityProvisioningException {
        try {
            List userNames = getUserNames(provisioningEntity.getAttributes());
            String str = null;
            if (CollectionUtils.isNotEmpty(userNames)) {
                str = (String) userNames.get(0);
            }
            Map singleValuedClaims = getSingleValuedClaims(provisioningEntity.getAttributes());
            User user = MapUtils.isNotEmpty(singleValuedClaims) ? (User) AttributeMapper.constructSCIMObjectFromAttributes(singleValuedClaims, 1) : new User();
            user.setUserName(str);
            setUserPassword(user, provisioningEntity);
            ProvisioningClient provisioningClient = new ProvisioningClient(this.scimProvider, user, 2, (Map) null);
            if (ProvisioningOperation.PUT.equals(provisioningOperation)) {
                provisioningClient.provisionUpdateUser();
            } else if (ProvisioningOperation.PATCH.equals(provisioningOperation)) {
                provisioningClient.provisionPatchUser();
            }
        } catch (Exception e) {
            throw new IdentityProvisioningException("Error while creating the user", e);
        }
    }

    private void createUser(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        try {
            List userNames = getUserNames(provisioningEntity.getAttributes());
            String str = null;
            if (CollectionUtils.isNotEmpty(userNames)) {
                str = (String) userNames.get(0);
            }
            User user = (User) AttributeMapper.constructSCIMObjectFromAttributes(getSingleValuedClaims(provisioningEntity.getAttributes()), 1);
            user.setUserName(str);
            setUserPassword(user, provisioningEntity);
            new ProvisioningClient(this.scimProvider, user, 2, (Map) null).provisionCreateUser();
        } catch (Exception e) {
            throw new IdentityProvisioningException("Error while creating the user", e);
        }
    }

    private void deleteUser(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        try {
            List userNames = getUserNames(provisioningEntity.getAttributes());
            String str = null;
            if (CollectionUtils.isNotEmpty(userNames)) {
                str = (String) userNames.get(0);
            }
            User user = new User();
            user.setUserName(str);
            new ProvisioningClient(this.scimProvider, user, 3, (Map) null).provisionDeleteUser();
        } catch (Exception e) {
            throw new IdentityProvisioningException("Error while deleting user.", e);
        }
    }

    private String createGroup(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        try {
            List groupNames = getGroupNames(provisioningEntity.getAttributes());
            String str = CollectionUtils.isNotEmpty(groupNames) ? (String) groupNames.get(0) : null;
            Group group = new Group();
            group.setDisplayName(str);
            List<String> userNames = getUserNames(provisioningEntity.getAttributes());
            if (CollectionUtils.isNotEmpty(userNames)) {
                for (String str2 : userNames) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("display", str2);
                    group.setMember(hashMap);
                }
            }
            new ProvisioningClient(this.scimProvider, group, 2, (Map) null).provisionCreateGroup();
            return null;
        } catch (Exception e) {
            throw new IdentityProvisioningException("Error while adding group.", e);
        }
    }

    private void deleteGroup(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        try {
            List groupNames = getGroupNames(provisioningEntity.getAttributes());
            String str = null;
            if (CollectionUtils.isNotEmpty(groupNames)) {
                str = (String) groupNames.get(0);
            }
            Group group = new Group();
            group.setDisplayName(str);
            new ProvisioningClient(this.scimProvider, group, 3, (Map) null).provisionDeleteGroup();
        } catch (Exception e) {
            throw new IdentityProvisioningException("Error while deleting group.", e);
        }
    }

    private void updateGroup(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        ProvisioningClient provisioningClient;
        try {
            List groupNames = getGroupNames(provisioningEntity.getAttributes());
            String str = CollectionUtils.isNotEmpty(groupNames) ? (String) groupNames.get(0) : null;
            Group group = new Group();
            group.setDisplayName(str);
            List<String> userNames = getUserNames(provisioningEntity.getAttributes());
            if (CollectionUtils.isNotEmpty(userNames)) {
                for (String str2 : userNames) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("display", str2);
                    group.setMember(hashMap);
                }
            }
            String attributeValue = ProvisioningUtil.getAttributeValue(provisioningEntity, "org:wso2:carbon:identity:provisioning:claim:group:name:old");
            if (StringUtils.isEmpty(attributeValue)) {
                provisioningClient = new ProvisioningClient(this.scimProvider, group, 4, (Map) null);
            } else {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("ISRoleNameChangedOnUpdate", true);
                hashMap2.put("OldGroupName", attributeValue);
                provisioningClient = new ProvisioningClient(this.scimProvider, group, 4, hashMap2);
            }
            if (ProvisioningOperation.PUT.equals(provisioningEntity.getOperation())) {
                provisioningClient.provisionUpdateGroup();
            } else if (ProvisioningOperation.PATCH.equals(provisioningEntity.getOperation())) {
                provisioningClient.provisionPatchGroup();
            }
        } catch (Exception e) {
            throw new IdentityProvisioningException("Error while updating group.", e);
        }
    }

    protected String getUserStoreDomainName() {
        return this.userStoreDomainName;
    }

    private void populateSCIMProvider(Property property, String str) throws IdentityProvisioningException {
        if (property.getValue() != null && property.getValue().length() > 0) {
            this.scimProvider.setProperty(str, property.getValue());
        } else if (property.getDefaultValue() != null) {
            this.scimProvider.setProperty(str, property.getDefaultValue());
        }
    }

    public String getClaimDialectUri() throws IdentityProvisioningException {
        return SCIMProvisioningConnectorConstants.DEFAULT_SCIM_DIALECT;
    }

    public boolean isEnabled() throws IdentityProvisioningException {
        return true;
    }

    private void setUserPassword(User user, ProvisioningEntity provisioningEntity) throws CharonException {
        if ("true".equals(this.scimProvider.getProperty(SCIMProvisioningConnectorConstants.SCIM_ENABLE_PASSWORD_PROVISIONING))) {
            user.setPassword(getPassword(provisioningEntity.getAttributes()));
        } else if (StringUtils.isNotBlank(this.scimProvider.getProperty(SCIMProvisioningConnectorConstants.SCIM_DEFAULT_PASSWORD))) {
            user.setPassword(this.scimProvider.getProperty(SCIMProvisioningConnectorConstants.SCIM_DEFAULT_PASSWORD));
        }
    }
}
