package io.jans.configapi.plugin.saml.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import io.jans.as.common.service.OrganizationService;
import io.jans.configapi.core.util.DataUtil;
import io.jans.configapi.plugin.saml.client.IdpClientFactory;
import io.jans.configapi.plugin.saml.model.IdentityProvider;
import io.jans.configapi.plugin.saml.util.Constants;
import io.jans.configapi.util.AuthUtil;
import io.jans.model.SearchRequest;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.model.PagedResult;
import io.jans.util.exception.InvalidAttributeException;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/configapi/plugin/saml/service/IdpService.class */
public class IdpService {

    @Inject
    Logger log;

    @Inject
    PersistenceEntryManager persistenceEntryManager;

    @Inject
    SamlConfigService samlConfigService;

    @Inject
    OrganizationService organizationService;

    @Inject
    IdentityProviderService identityProviderService;

    @Inject
    KeycloakService keycloakService;

    @Inject
    IdpClientFactory idpClientFactory;

    @Inject
    AuthUtil authUtil;

    public String getIdentityProviderDn() {
        return this.samlConfigService.getTrustedIdpDn();
    }

    public String getRealm() {
        String realm = this.samlConfigService.getRealm();
        this.log.debug("realm:{}", realm);
        if (StringUtils.isBlank(realm)) {
            realm = Constants.REALM_MASTER;
        }
        this.log.debug("Final realm:{}", realm);
        return realm;
    }

    public String getSpMetadataUrl(String str, String str2) {
        return this.samlConfigService.getSpMetadataUrl(str, str2);
    }

    public List<IdentityProvider> getAllIdentityProviders(String str) throws IOException {
        return this.keycloakService.findAllIdentityProviders(str);
    }

    public IdentityProvider getIdentityProviderByInum(String str) {
        return this.identityProviderService.getIdentityProviderByInum(str);
    }

    public List<IdentityProvider> getIdentityProviderByName(String str) {
        List<IdentityProvider> list = null;
        try {
            list = this.identityProviderService.getIdentityProviderByName(str);
        } catch (Exception e) {
            this.log.error("Error while finding IDP with name:{} is:{}", str, e);
        }
        return list;
    }

    public PagedResult<IdentityProvider> getIdentityProviders(SearchRequest searchRequest) {
        return this.identityProviderService.getIdentityProvider(searchRequest);
    }

    public List<IdentityProvider> getAllIdp(String str) throws IOException {
        this.log.info("Fetch all IDP from realm:{}", str);
        if (StringUtils.isBlank(str)) {
            str = getRealm();
        }
        return this.keycloakService.findAllIdentityProviders(str);
    }

    public IdentityProvider createSamlIdentityProvider(IdentityProvider identityProvider, InputStream inputStream) throws IOException {
        this.log.info("Create IdentityProvider with IDP metadata file in identityProvider:{}, idpMetadataStream:{}, samlConfigService.isSamlEnabled():{}", new Object[]{identityProvider, inputStream, Boolean.valueOf(this.samlConfigService.isSamlEnabled())});
        if (identityProvider == null) {
            throw new InvalidAttributeException("IdentityProvider object is null!!!");
        }
        String generateInumForIdentityProvider = this.identityProviderService.generateInumForIdentityProvider();
        identityProvider.setInum(generateInumForIdentityProvider);
        identityProvider.setDn(this.identityProviderService.getDnForIdentityProvider(generateInumForIdentityProvider));
        ByteArrayOutputStream byteArrayOutputStream = getByteArrayOutputStream(inputStream);
        IdentityProvider processIdentityProvider = processIdentityProvider(identityProvider, getInputStream(byteArrayOutputStream), false);
        this.log.debug("Create IdentityProvider identityProvider:{}", processIdentityProvider);
        try {
            this.identityProviderService.addSamlIdentityProvider(processIdentityProvider, getInputStream(byteArrayOutputStream));
            this.log.debug("Created IdentityProvider in Jans DB -  identityProvider:{}", processIdentityProvider);
            return processIdentityProvider;
        } catch (Exception e) {
            this.log.error("Deleting KC IDP as error while persisting identityProvider:{}", processIdentityProvider);
            deleteIdentityProvider(processIdentityProvider, false);
            throw e;
        }
    }

    public IdentityProvider updateSamlIdentityProvider(IdentityProvider identityProvider, InputStream inputStream) throws IOException {
        this.log.debug("Update IdentityProvider with IDP metadata file in - identityProvider:{}, idpMetadataStream:{}, samlConfigService.isSamlEnabled():{}", new Object[]{identityProvider, inputStream, Boolean.valueOf(this.samlConfigService.isSamlEnabled())});
        if (identityProvider == null) {
            throw new InvalidAttributeException("IdentityProvider object for update is null!!!");
        }
        ByteArrayOutputStream byteArrayOutputStream = getByteArrayOutputStream(inputStream);
        IdentityProvider processIdentityProvider = processIdentityProvider(identityProvider, getInputStream(byteArrayOutputStream), true);
        this.log.debug("Update IdentityProvider identityProvider:{}", processIdentityProvider);
        updateIdentityProvider(processIdentityProvider, getInputStream(byteArrayOutputStream));
        this.log.info("Updated IdentityProvider - identityProvider:{}", processIdentityProvider);
        return processIdentityProvider;
    }

    public void deleteIdentityProvider(IdentityProvider identityProvider, boolean z) throws IOException {
        boolean z2 = false;
        this.log.info("Delete dentityProvider:{}, deleteInDB:{}, samlConfigService.isSamlEnabled():{}", new Object[]{identityProvider, Boolean.valueOf(z), Boolean.valueOf(this.samlConfigService.isSamlEnabled())});
        if (identityProvider == null) {
            throw new InvalidAttributeException("IdentityProvider object for delete is null!!!");
        }
        if (this.samlConfigService.isSamlEnabled()) {
            z2 = this.keycloakService.deleteIdentityProvider(identityProvider.getRealm(), identityProvider.getName());
        }
        this.log.info("Delete IDP status:{}, deleteInDB:{}", Boolean.valueOf(z2), Boolean.valueOf(z));
        if (z2 && z) {
            this.log.info("Deleting IDP in DB - identityProvider.getInum():{}, identityProvider.getName():{}", identityProvider.getInum(), identityProvider.getName());
            this.identityProviderService.removeIdentityProvider(identityProvider);
            this.log.info("IDP successfully deleted in DB - identityProvider.getInum():{}, identityProvider.getName():{}", identityProvider.getInum(), identityProvider.getName());
        }
    }

    public void processUnprocessedIdpMetadataFiles() {
        this.identityProviderService.processUnprocessedIdpMetadataFiles();
    }

    public String getSpMetadata(IdentityProvider identityProvider) throws JsonProcessingException {
        if (identityProvider == null) {
            throw new InvalidAttributeException("IdentityProvider object is null!!!");
        }
        return this.keycloakService.getSpMetadata(identityProvider.getRealm(), identityProvider.getName());
    }

    private IdentityProvider updateIdentityProvider(IdentityProvider identityProvider, InputStream inputStream) throws IOException {
        this.log.info("Update IdentityProvider with IDP metadata file in identityProvider:{}, idpMetadataStream:{} ", identityProvider, inputStream);
        this.identityProviderService.updateIdentityProvider(identityProvider, inputStream);
        this.log.debug("Updated IdentityProvider in Jans DB -  identityProvider:{}", identityProvider);
        return identityProvider;
    }

    private IdentityProvider setSamlIdentityProviderDefaultValue(IdentityProvider identityProvider, boolean z) {
        this.log.info("Setting default value for identityProvider:{}, update:{}", identityProvider, Boolean.valueOf(z));
        if (identityProvider == null) {
            return identityProvider;
        }
        if (StringUtils.isBlank(identityProvider.getRealm())) {
            identityProvider.setRealm(getRealm());
        }
        if (StringUtils.isBlank(identityProvider.getProviderId())) {
            identityProvider.setProviderId(Constants.SAML);
        }
        if (!z) {
            identityProvider.setStoreToken(true);
            identityProvider.setAddReadTokenRoleOnCreate(true);
        }
        this.log.info("After setting default value for identityProvider:{}, update:{}", identityProvider, Boolean.valueOf(z));
        return identityProvider;
    }

    private IdentityProvider processIdentityProvider(IdentityProvider identityProvider, InputStream inputStream, boolean z) throws IOException {
        this.log.info("Common processing for identityProvider:{}, idpMetadataStream:{}, isUpdate:{}", new Object[]{identityProvider, inputStream, Boolean.valueOf(z)});
        if (identityProvider == null) {
            return identityProvider;
        }
        setSamlIdentityProviderDefaultValue(identityProvider, z);
        if (inputStream != null && inputStream.available() > 0) {
            Map<String, String> validateSamlMetadata = validateSamlMetadata(identityProvider.getProviderId(), identityProvider.getRealm(), inputStream);
            this.log.debug("Validated metadata to create IDP - config:{}", validateSamlMetadata);
            populateIdpMetadataElements(identityProvider, validateSamlMetadata);
        }
        this.log.info("Is metadata individual elements for IDP creation present:{}", Boolean.valueOf(validateIdpMetadataElements(identityProvider)));
        if (this.samlConfigService.isSamlEnabled()) {
            this.log.info("Create/Update IDP Service idpMetadataStream:{}, identityProvider.getRealm():{}", inputStream, identityProvider.getRealm());
            identityProvider = this.keycloakService.createUpdateIdentityProvider(identityProvider.getRealm(), z, identityProvider);
            this.log.info("Newly created identityProvider in KC:{}", identityProvider);
            if (identityProvider != null) {
                String spMetadataUrl = getSpMetadataUrl(identityProvider.getRealm(), identityProvider.getName());
                this.log.debug(" Setting KC SP Metadata URL - spMetadataUrl:{} ", spMetadataUrl);
                identityProvider.setSpMetaDataURL(spMetadataUrl);
            }
        }
        return identityProvider;
    }

    private Map<String, String> validateSamlMetadata(String str, String str2, InputStream inputStream) throws IOException {
        return this.keycloakService.importSamlMetadata(str, str2, inputStream);
    }

    private boolean validateIdpMetadataElements(IdentityProvider identityProvider) {
        this.log.info("identityProvider:{}, samlConfigService.getIdpMetadataMandatoryAttributes():{}", identityProvider, this.samlConfigService.getIdpMetadataMandatoryAttributes());
        if (identityProvider == null || this.samlConfigService.getIdpMetadataMandatoryAttributes().isEmpty()) {
            return true;
        }
        ArrayList arrayList = null;
        for (String str : this.samlConfigService.getIdpMetadataMandatoryAttributes()) {
            this.log.debug("attribute:{}, getValue(identityProvider, attribute):{}", str, getValue(identityProvider, str));
            if (StringUtils.isBlank(getValue(identityProvider, str))) {
                if (arrayList == null) {
                    arrayList = new ArrayList();
                }
                arrayList.add(str);
            }
        }
        this.log.info("missingElements:{}", arrayList);
        if (arrayList == null || arrayList.isEmpty()) {
            this.log.info("validateIdpMetadataElements - isValid:{}", true);
            return true;
        }
        this.log.debug("IDP elements are missing:{}, isValid:{} !", arrayList, false);
        throw new InvalidAttributeException("IDP mandatory attribute missing - " + arrayList + " !!!");
    }

    private IdentityProvider populateIdpMetadataElements(IdentityProvider identityProvider, Map<String, String> map) {
        this.log.info("identityProvider:{}, config:{}, samlConfigService.getKcSamlConfig():{}", new Object[]{identityProvider, map, this.samlConfigService.getKcSamlConfig()});
        if (identityProvider == null || map == null || this.samlConfigService.getKcSamlConfig().isEmpty()) {
            return identityProvider;
        }
        for (String str : this.samlConfigService.getKcSamlConfig()) {
            this.log.trace("attribute:{}, config.get(attribute):{}", str, map.get(str));
            DataUtil.invokeReflectionSetter(identityProvider, str, map.get(str));
        }
        this.log.info("validateIdpMetadataElements - identityProvider:{}", identityProvider);
        return identityProvider;
    }

    private String getValue(IdentityProvider identityProvider, String str) {
        this.log.debug("Get Field Value - identityProvider:{}, property:{}", identityProvider, str);
        String str2 = null;
        try {
            str2 = (String) DataUtil.getValue(identityProvider, str);
            this.log.debug("Field Value - property:{}, value:{}", str, str2);
        } catch (Exception e) {
            this.log.error("Error while getting value of config ", e);
        }
        return str2;
    }

    private ByteArrayOutputStream getByteArrayOutputStream(InputStream inputStream) throws IOException {
        return this.authUtil.getByteArrayOutputStream(inputStream);
    }

    private InputStream getInputStream(ByteArrayOutputStream byteArrayOutputStream) {
        this.log.debug("Get InputStream for output:{}", byteArrayOutputStream);
        if (byteArrayOutputStream == null) {
            return null;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        this.log.debug("From ByteArrayOutputStream InputStream is:{}", byteArrayInputStream);
        return byteArrayInputStream;
    }
}
