package org.apereo.cas.config;

import com.google.common.cache.CacheBuilder;
import com.google.common.collect.ImmutableMap;
import groovy.lang.GroovyClassLoader;
import groovy.lang.GroovyObject;
import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.naming.directory.SearchControls;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.support.BaseGroovyScriptDaoImpl;
import org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl;
import org.apereo.services.persondir.support.GroovyPersonAttributeDao;
import org.apereo.services.persondir.support.JsonBackedComplexStubPersonAttributeDao;
import org.apereo.services.persondir.support.MergingPersonAttributeDaoImpl;
import org.apereo.services.persondir.support.jdbc.AbstractJdbcPersonAttributeDao;
import org.apereo.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao;
import org.apereo.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao;
import org.apereo.services.persondir.support.ldap.LdaptivePersonAttributeDao;
import org.apereo.services.persondir.support.merger.MultivaluedAttributeMerger;
import org.apereo.services.persondir.support.merger.NoncollidingAttributeAdder;
import org.apereo.services.persondir.support.merger.ReplacingAttributeAdder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casPersonDirectoryAttributeRepositoryConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-5.0.0.jar:org/apereo/cas/config/CasPersonDirectoryAttributeRepositoryConfiguration.class */
public class CasPersonDirectoryAttributeRepositoryConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasPersonDirectoryAttributeRepositoryConfiguration.class);

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private CasConfigurationProperties casProperties;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-5.0.0.jar:org/apereo/cas/config/CasPersonDirectoryAttributeRepositoryConfiguration$GroovyScriptDao.class */
    public static class GroovyScriptDao extends BaseGroovyScriptDaoImpl {
        private ApplicationContext applicationContext;
        private CasConfigurationProperties casProperties;

        GroovyScriptDao(ApplicationContext applicationContext, CasConfigurationProperties casConfigurationProperties) {
            this.applicationContext = applicationContext;
            this.casProperties = casConfigurationProperties;
        }

        @Override // org.apereo.services.persondir.support.BaseGroovyScriptDaoImpl, org.apereo.services.persondir.IPersonAttributeScriptDao
        public Map<String, List<Object>> getPersonAttributesFromMultivaluedAttributes(Map<String, List<Object>> map) {
            if (map.containsKey("username")) {
                List<Object> list = map.get("username");
                if (!list.isEmpty()) {
                    HashMap hashMap = new HashMap();
                    Map<String, Object> attributesForUser = getAttributesForUser(list.get(0).toString());
                    CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER.debug("Groovy-based attributes found are {}", attributesForUser);
                    attributesForUser.forEach((str, obj) -> {
                        ArrayList arrayList = new ArrayList();
                        arrayList.addAll(CollectionUtils.convertValueToCollection(obj));
                        CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER.debug("Adding Groovy-based attribute {} with value(s) {}", str, arrayList);
                        hashMap.put(str, arrayList);
                    });
                    return hashMap;
                }
            }
            return new HashMap();
        }

        @Override // org.apereo.services.persondir.support.BaseGroovyScriptDaoImpl, org.apereo.services.persondir.IPersonAttributeScriptDao
        public Map<String, Object> getAttributesForUser(String str) {
            PrincipalAttributesProperties.Groovy groovy2 = this.casProperties.getAuthn().getAttributeRepository().getGroovy();
            try {
                GroovyClassLoader groovyClassLoader = new GroovyClassLoader(getClass().getClassLoader());
                Throwable th = null;
                try {
                    try {
                        if (groovy2.getConfig().getLocation() != null) {
                            File file = groovy2.getConfig().getLocation().getFile();
                            if (file.exists()) {
                                Class parseClass = groovyClassLoader.parseClass(file);
                                CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER.debug("Loaded groovy class {} from script {}", parseClass.getSimpleName(), file.getCanonicalPath());
                                GroovyObject groovyObject = (GroovyObject) parseClass.newInstance();
                                CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER.debug("Created groovy object instance from class {}", file.getCanonicalPath());
                                Object[] objArr = {str, CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER, this.casProperties, this.applicationContext};
                                CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER.debug("Executing groovy script's run method, with parameters {}", objArr);
                                Map<String, Object> map = (Map) groovyObject.invokeMethod("run", objArr);
                                CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER.debug("Creating person attributes with the username {} and attributes {}", str, map);
                                if (groovyClassLoader != null) {
                                    if (0 != 0) {
                                        try {
                                            groovyClassLoader.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        groovyClassLoader.close();
                                    }
                                }
                                return map;
                            }
                        }
                        if (groovyClassLoader != null) {
                            if (0 != 0) {
                                try {
                                    groovyClassLoader.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                groovyClassLoader.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                CasPersonDirectoryAttributeRepositoryConfiguration.LOGGER.error(e.getMessage(), (Throwable) e);
            }
            return new HashMap();
        }
    }

    @ConditionalOnMissingBean(name = {"attributeRepository"})
    @Bean(name = {"stubAttributeRepository", "attributeRepository"})
    public IPersonAttributeDao attributeRepository() {
        ArrayList arrayList = new ArrayList();
        addLdapAttributeRepository(arrayList);
        addJdbcAttributeRepository(arrayList);
        addJsonAttributeRepository(arrayList);
        addGroovyAttributeRepository(arrayList);
        addStubAttributeRepositoryIfNothingElse(arrayList);
        return composeMergedAndCachedAttributeRepositories(arrayList);
    }

    private void addJsonAttributeRepository(List<IPersonAttributeDao> list) {
        Resource location = this.casProperties.getAuthn().getAttributeRepository().getJson().getConfig().getLocation();
        if (location != null) {
            JsonBackedComplexStubPersonAttributeDao jsonBackedComplexStubPersonAttributeDao = new JsonBackedComplexStubPersonAttributeDao(location);
            LOGGER.debug("Configured JSON attribute sources from [{}]", location);
            list.add(jsonBackedComplexStubPersonAttributeDao);
        }
    }

    private void addGroovyAttributeRepository(List<IPersonAttributeDao> list) {
        PrincipalAttributesProperties.Groovy groovy2 = this.casProperties.getAuthn().getAttributeRepository().getGroovy();
        if (groovy2.getConfig().getLocation() != null) {
            GroovyPersonAttributeDao groovyPersonAttributeDao = new GroovyPersonAttributeDao(new GroovyScriptDao(this.applicationContext, this.casProperties));
            groovyPersonAttributeDao.setCaseInsensitiveUsername(groovy2.isCaseInsensitive());
            LOGGER.debug("Configured Groovy attribute sources from [{}]", groovy2.getConfig().getLocation());
            list.add(groovyPersonAttributeDao);
        }
    }

    private IPersonAttributeDao composeMergedAndCachedAttributeRepositories(List<IPersonAttributeDao> list) {
        MergingPersonAttributeDaoImpl mergingPersonAttributeDaoImpl = new MergingPersonAttributeDaoImpl();
        String str = (String) StringUtils.defaultIfBlank(this.casProperties.getAuthn().getAttributeRepository().getMerger(), "replace".trim());
        LOGGER.debug("Configured merging strategy for attribute sources is [{}]", str);
        String lowerCase = str.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case 96417:
                if (lowerCase.equals("add")) {
                    z = true;
                    break;
                }
                break;
            case 103785528:
                if (lowerCase.equals("merge")) {
                    z = false;
                    break;
                }
                break;
            case 1094496948:
                if (lowerCase.equals("replace")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                mergingPersonAttributeDaoImpl.setMerger(new MultivaluedAttributeMerger());
                break;
            case true:
                mergingPersonAttributeDaoImpl.setMerger(new NoncollidingAttributeAdder());
                break;
            case true:
            default:
                mergingPersonAttributeDaoImpl.setMerger(new ReplacingAttributeAdder());
                break;
        }
        CachingPersonAttributeDaoImpl cachingPersonAttributeDaoImpl = new CachingPersonAttributeDaoImpl();
        cachingPersonAttributeDaoImpl.setCacheNullResults(false);
        cachingPersonAttributeDaoImpl.setUserInfoCache(CacheBuilder.newBuilder().concurrencyLevel(2).weakKeys().maximumSize(this.casProperties.getAuthn().getAttributeRepository().getMaximumCacheSize()).expireAfterWrite(this.casProperties.getAuthn().getAttributeRepository().getExpireInMinutes(), TimeUnit.MINUTES).build().asMap());
        mergingPersonAttributeDaoImpl.setPersonAttributeDaos(list);
        cachingPersonAttributeDaoImpl.setCachedPersonAttributesDao(mergingPersonAttributeDaoImpl);
        if (list.isEmpty()) {
            LOGGER.debug("No attribute repository sources are available to merge together.");
        } else {
            LOGGER.debug("Configured attribute repository sources to merge together: ", list);
            LOGGER.debug("Configured cache expiration policy for merging attribute sources to be {} minute(s)", Integer.valueOf(this.casProperties.getAuthn().getAttributeRepository().getExpireInMinutes()));
        }
        return cachingPersonAttributeDaoImpl;
    }

    private void addStubAttributeRepositoryIfNothingElse(List<IPersonAttributeDao> list) {
        if (this.casProperties.getAuthn().getAttributeRepository().getAttributes().isEmpty() || !list.isEmpty()) {
            LOGGER.debug("No attributes are defined for attribute repositories, or other attribute repository sources are defined");
        } else if (this.casProperties.getAuthn().getLdap().stream().filter(ldapAuthenticationProperties -> {
            return ((ldapAuthenticationProperties.getPrincipalAttributeList() == null || ldapAuthenticationProperties.getPrincipalAttributeList().isEmpty()) && (ldapAuthenticationProperties.getAdditionalAttributes() == null || ldapAuthenticationProperties.getAdditionalAttributes().isEmpty())) ? false : true;
        }).findAny().isPresent()) {
            LOGGER.debug("Found attributes which are resolved from authentication sources. Static attributes are ignored");
        } else {
            LOGGER.warn("Found and added static attributes to the attribute repository");
            list.add(Beans.newStubAttributeRepository(this.casProperties.getAuthn().getAttributeRepository()));
        }
    }

    private void addJdbcAttributeRepository(List<IPersonAttributeDao> list) {
        AbstractJdbcPersonAttributeDao multiRowJdbcPersonAttributeDao;
        PrincipalAttributesProperties attributeRepository = this.casProperties.getAuthn().getAttributeRepository();
        PrincipalAttributesProperties.Jdbc jdbc = attributeRepository.getJdbc();
        if (StringUtils.isNotBlank(jdbc.getSql()) && StringUtils.isNotBlank(jdbc.getUrl())) {
            if (jdbc.isSingleRow()) {
                LOGGER.debug("Configured single-row JDBC attribute repository for {}", jdbc.getUrl());
                multiRowJdbcPersonAttributeDao = new SingleRowJdbcPersonAttributeDao(Beans.newHickariDataSource(jdbc), jdbc.getSql());
            } else {
                LOGGER.debug("Configured multi-row JDBC attribute repository for {}", jdbc.getUrl());
                multiRowJdbcPersonAttributeDao = new MultiRowJdbcPersonAttributeDao(Beans.newHickariDataSource(jdbc), jdbc.getSql());
                LOGGER.debug("Configured multi-row JDBC column mappings for {} are {}", jdbc.getUrl(), jdbc.getColumnMappings());
                ((MultiRowJdbcPersonAttributeDao) multiRowJdbcPersonAttributeDao).setNameValueColumnMappings(jdbc.getColumnMappings());
            }
            multiRowJdbcPersonAttributeDao.setQueryAttributeMapping(ImmutableMap.of("username", jdbc.getUsername()));
            Map<String, String> attributes = attributeRepository.getAttributes();
            if (attributes != null && !attributes.isEmpty()) {
                LOGGER.debug("Configured result attribute mapping for {} to be {}", jdbc.getUrl(), attributeRepository.getAttributes());
                multiRowJdbcPersonAttributeDao.setResultAttributeMapping(attributes);
            }
            multiRowJdbcPersonAttributeDao.setRequireAllQueryAttributes(jdbc.isRequireAllAttributes());
            multiRowJdbcPersonAttributeDao.setUsernameCaseCanonicalizationMode(jdbc.getCaseCanonicalization());
            multiRowJdbcPersonAttributeDao.setQueryType(jdbc.getQueryType());
            list.add(multiRowJdbcPersonAttributeDao);
        }
    }

    private void addLdapAttributeRepository(List<IPersonAttributeDao> list) {
        PrincipalAttributesProperties attributeRepository = this.casProperties.getAuthn().getAttributeRepository();
        PrincipalAttributesProperties.Ldap ldap = attributeRepository.getLdap();
        if (StringUtils.isNotBlank(ldap.getBaseDn()) && StringUtils.isNotBlank(ldap.getLdapUrl())) {
            LdaptivePersonAttributeDao ldaptivePersonAttributeDao = new LdaptivePersonAttributeDao();
            LOGGER.debug("Configured LDAP attribute source for {} and baseDn {}", ldap.getLdapUrl(), ldap.getBaseDn());
            ldaptivePersonAttributeDao.setConnectionFactory(Beans.newPooledConnectionFactory(ldap));
            ldaptivePersonAttributeDao.setBaseDN(ldap.getBaseDn());
            LOGGER.debug("LDAP attributes are fetched from {} via filter {}", ldap.getLdapUrl(), ldap.getUserFilter());
            ldaptivePersonAttributeDao.setSearchFilter(ldap.getUserFilter());
            SearchControls searchControls = new SearchControls();
            if (attributeRepository.getAttributes() == null || attributeRepository.getAttributes().isEmpty()) {
                LOGGER.debug("Retrieving all attributes as no explicit attribute mappings are defined for {}", ldap.getLdapUrl());
                searchControls.setReturningAttributes((String[]) null);
            } else {
                LOGGER.debug("Configured result attribute mapping for {} to be {}", ldap.getLdapUrl(), attributeRepository.getAttributes());
                ldaptivePersonAttributeDao.setResultAttributeMapping(attributeRepository.getAttributes());
                searchControls.setReturningAttributes((String[]) attributeRepository.getAttributes().keySet().toArray(new String[attributeRepository.getAttributes().keySet().size()]));
            }
            if (ldap.isSubtreeSearch()) {
                LOGGER.debug("Configured subtree searching for {}", ldap.getLdapUrl());
                searchControls.setSearchScope(2);
            }
            searchControls.setDerefLinkFlag(true);
            ldaptivePersonAttributeDao.setSearchControls(searchControls);
            LOGGER.debug("Initializing LDAP attribute source for {}", ldap.getLdapUrl());
            ldaptivePersonAttributeDao.initialize();
            list.add(ldaptivePersonAttributeDao);
        }
    }
}
