package com.liferay.saml.opensaml.integration.internal.resolver;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.NoSuchUserException;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.UserEmailAddressException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.Contact;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.auth.CompanyThreadLocal;
import com.liferay.portal.kernel.service.CompanyLocalService;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.CalendarFactoryUtil;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.MapUtil;
import com.liferay.portal.kernel.util.PropertiesUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.exportimport.UserImporter;
import com.liferay.saml.opensaml.integration.internal.metadata.MetadataManager;
import com.liferay.saml.opensaml.integration.resolver.UserResolver;
import com.liferay.saml.persistence.model.SamlSpIdpConnection;
import com.liferay.saml.persistence.service.SamlSpIdpConnectionLocalService;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.exception.SubjectException;
import java.io.Serializable;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import org.joda.time.DateTime;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"service.ranking:Integer=-2147483648"}, service = {UserResolver.class})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/resolver/DefaultUserResolver.class */
public class DefaultUserResolver implements UserResolver {
    private static final Log _log = LogFactoryUtil.getLog(DefaultUserResolver.class);
    private CompanyLocalService _companyLocalService;
    private MetadataManager _metadataManager;
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;
    private SamlSpIdpConnectionLocalService _samlSpIdpConnectionLocalService;
    private UserImporter _userImporter;
    private UserLocalService _userLocalService;

    @Override // com.liferay.saml.opensaml.integration.resolver.UserResolver
    public User resolveUser(UserResolver.UserResolverSAMLContext userResolverSAMLContext, ServiceContext serviceContext) throws Exception {
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new String[]{"Resolving user with name ID format ", userResolverSAMLContext.resolveSubjectNameFormat(), " and value ", userResolverSAMLContext.resolveSubjectNameIdentifier()}));
        }
        User user = null;
        long longValue = CompanyThreadLocal.getCompanyId().longValue();
        String subjectNameIdentifier = getSubjectNameIdentifier(userResolverSAMLContext);
        SamlSpIdpConnection samlSpIdpConnection = this._samlSpIdpConnectionLocalService.getSamlSpIdpConnection(CompanyThreadLocal.getCompanyId().longValue(), userResolverSAMLContext.resolvePeerEntityId());
        String authType = getAuthType(userResolverSAMLContext, samlSpIdpConnection.getNameIdFormat());
        if (this._samlProviderConfigurationHelper.isLDAPImportEnabled()) {
            user = importLdapUser(longValue, subjectNameIdentifier, authType);
        }
        return user == null ? importUser(longValue, samlSpIdpConnection, subjectNameIdentifier, authType, userResolverSAMLContext, serviceContext) : user;
    }

    @Reference(unbind = "-")
    public void setCompanyLocalService(CompanyLocalService companyLocalService) {
        this._companyLocalService = companyLocalService;
    }

    @Reference(unbind = "-")
    public void setMetadataManager(MetadataManager metadataManager) {
        this._metadataManager = metadataManager;
    }

    @Reference(unbind = "-")
    public void setSamlProviderConfigurationHelper(SamlProviderConfigurationHelper samlProviderConfigurationHelper) {
        this._samlProviderConfigurationHelper = samlProviderConfigurationHelper;
    }

    @Reference(unbind = "-")
    public void setSamlSpIdpConnectionLocalService(SamlSpIdpConnectionLocalService samlSpIdpConnectionLocalService) {
        this._samlSpIdpConnectionLocalService = samlSpIdpConnectionLocalService;
    }

    @Reference(unbind = "-")
    public void setUserImporter(UserImporter userImporter) {
        this._userImporter = userImporter;
    }

    @Reference(unbind = "-")
    public void setUserLocalService(UserLocalService userLocalService) {
        this._userLocalService = userLocalService;
    }

    protected User addUser(long j, SamlSpIdpConnection samlSpIdpConnection, Map<String, List<Serializable>> map, ServiceContext serviceContext) throws PortalException {
        if (_log.isDebugEnabled()) {
            _log.debug("Adding user with attributes map " + MapUtil.toString(map));
        }
        Company company = this._companyLocalService.getCompany(j);
        String valueAsString = getValueAsString("emailAddress", map);
        if (samlSpIdpConnection.isUnknownUsersAreStrangers()) {
            if (!company.isStrangers()) {
                throw new SubjectException("User is a stranger and company " + j + " does not allow strangers to create accounts");
            }
            if (Validator.isNotNull(valueAsString) && !company.isStrangersWithMx() && company.hasCompanyMx(valueAsString)) {
                throw new UserEmailAddressException.MustNotUseCompanyMx(valueAsString);
            }
        }
        String valueAsString2 = getValueAsString("screenName", map);
        Locale locale = serviceContext.getLocale();
        String valueAsString3 = getValueAsString("firstName", map);
        String valueAsString4 = getValueAsString("lastName", map);
        serviceContext.setUuid(getValueAsString("uuid", map));
        User updatePasswordReset = this._userLocalService.updatePasswordReset(this._userLocalService.updateEmailAddressVerified(this._userLocalService.addUser(0L, j, true, (String) null, (String) null, false, valueAsString2, valueAsString, locale, valueAsString3, "", valueAsString4, 0, 0, true, 0, 1, 1970, "", (long[]) null, (long[]) null, (long[]) null, (long[]) null, false, serviceContext).getUserId(), true).getUserId(), false);
        Date valueAsDate = getValueAsDate("modifiedDate", map);
        if (valueAsDate != null) {
            updatePasswordReset = this._userLocalService.updateModifiedDate(updatePasswordReset.getUserId(), valueAsDate);
        }
        return updatePasswordReset;
    }

    protected Map<String, List<Serializable>> getAttributesMap(UserResolver.UserResolverSAMLContext userResolverSAMLContext) {
        String resolvePeerEntityId = userResolverSAMLContext.resolvePeerEntityId();
        try {
            String userAttributeMappings = this._metadataManager.getUserAttributeMappings(resolvePeerEntityId);
            if (_log.isDebugEnabled()) {
                _log.debug(StringBundler.concat(new String[]{"Attributes mapping for ", resolvePeerEntityId, " ", userAttributeMappings}));
            }
            Properties properties = new Properties();
            if (Validator.isNotNull(userAttributeMappings)) {
                properties = PropertiesUtil.load(userAttributeMappings);
            }
            return userResolverSAMLContext.resolveBearerAssertionAttributesWithMapping(properties);
        } catch (Exception e) {
            if (_log.isDebugEnabled()) {
                _log.debug(e.getMessage(), e);
            } else if (_log.isWarnEnabled()) {
                _log.warn(e.getMessage());
            }
            return Collections.emptyMap();
        }
    }

    protected String getAuthType(UserResolver.UserResolverSAMLContext userResolverSAMLContext, String str) {
        String resolveSubjectNameFormat = userResolverSAMLContext.resolveSubjectNameFormat();
        if (Validator.isNull(resolveSubjectNameFormat)) {
            resolveSubjectNameFormat = str;
        }
        return resolveSubjectNameFormat.equals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress") ? "emailAddress" : "screenName";
    }

    protected String getSubjectNameIdentifier(UserResolver.UserResolverSAMLContext userResolverSAMLContext) {
        return userResolverSAMLContext.resolveSubjectNameIdentifier();
    }

    protected User getUser(long j, String str, String str2) throws PortalException {
        try {
            return str2.equals("emailAddress") ? this._userLocalService.getUserByEmailAddress(j, str) : this._userLocalService.getUserByScreenName(j, str);
        } catch (NoSuchUserException e) {
            if (!_log.isDebugEnabled()) {
                return null;
            }
            _log.debug(e, e);
            return null;
        }
    }

    protected Date getValueAsDate(String str, Map<String, List<Serializable>> map) {
        List<Serializable> list = map.get(str);
        if (ListUtil.isEmpty(list)) {
            return null;
        }
        return new DateTime(list.get(0)).toDate();
    }

    protected String getValueAsString(String str, Map<String, List<Serializable>> map) {
        List<Serializable> list = map.get(str);
        if (ListUtil.isEmpty(list)) {
            return null;
        }
        return String.valueOf(list.get(0));
    }

    protected User importLdapUser(long j, String str, String str2) throws Exception {
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new String[]{"Importing user from LDAP with identifier ", str, " of type ", str2}));
        }
        return str2.equals("emailAddress") ? this._userImporter.importUser(j, str, "") : this._userImporter.importUser(j, "", str);
    }

    protected User importUser(long j, SamlSpIdpConnection samlSpIdpConnection, String str, String str2, UserResolver.UserResolverSAMLContext userResolverSAMLContext, ServiceContext serviceContext) throws PortalException {
        User addUser;
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new String[]{"Importing user with identifier ", str, " of type ", str2}));
        }
        Map<String, List<Serializable>> attributesMap = getAttributesMap(userResolverSAMLContext);
        if (attributesMap.containsKey(str2)) {
            str = getValueAsString(str2, attributesMap);
        }
        User user = getUser(j, str, str2);
        if (user != null) {
            if (_log.isDebugEnabled()) {
                _log.debug("Found user " + user.toString());
            }
            addUser = updateUser(user, attributesMap, serviceContext);
        } else {
            addUser = addUser(j, samlSpIdpConnection, attributesMap, serviceContext);
            if (_log.isDebugEnabled()) {
                _log.debug("Added user " + addUser.toString());
            }
        }
        return addUser;
    }

    protected User updateUser(User user, Map<String, List<Serializable>> map, ServiceContext serviceContext) throws PortalException {
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new Object[]{"Updating user ", Long.valueOf(user.getUserId()), " with attributes map ", MapUtil.toString(map)}));
        }
        Date valueAsDate = getValueAsDate("modifiedDate", map) != null ? getValueAsDate("modifiedDate", map) : user.getModifiedDate();
        String valueAsString = Validator.isNotNull(getValueAsString("screenName", map)) ? getValueAsString("screenName", map) : user.getScreenName();
        String valueAsString2 = Validator.isNotNull(getValueAsString("emailAddress", map)) ? getValueAsString("emailAddress", map) : user.getEmailAddress();
        String valueAsString3 = Validator.isNotNull(getValueAsString("firstName", map)) ? getValueAsString("firstName", map) : user.getFirstName();
        String valueAsString4 = Validator.isNotNull(getValueAsString("lastName", map)) ? getValueAsString("lastName", map) : user.getLastName();
        Contact contact = user.getContact();
        if (!StringUtil.equalsIgnoreCase(valueAsString2, user.getEmailAddress())) {
            user = this._userLocalService.updateEmailAddressVerified(this._userLocalService.updateEmailAddress(user.getUserId(), "", valueAsString2, valueAsString2).getUserId(), true);
        }
        if (!Objects.equals(user.getFirstName(), valueAsString3) || !Objects.equals(user.getLastName(), valueAsString4) || !Objects.equals(user.getScreenName(), valueAsString) || !Objects.equals(user.getModifiedDate(), valueAsDate)) {
            Date modifiedDate = user.getModifiedDate();
            Calendar calendar = CalendarFactoryUtil.getCalendar();
            calendar.setTime(contact.getBirthday());
            user = this._userLocalService.updateUser(user.getUserId(), "", "", "", false, user.getReminderQueryQuestion(), user.getReminderQueryAnswer(), valueAsString, valueAsString2, true, (byte[]) null, user.getLanguageId(), user.getTimeZoneId(), user.getGreeting(), user.getComments(), valueAsString3, user.getMiddleName(), valueAsString4, contact.getPrefixId(), contact.getSuffixId(), user.getMale(), calendar.get(2), calendar.get(5), calendar.get(1), contact.getSmsSn(), contact.getFacebookSn(), contact.getJabberSn(), contact.getSkypeSn(), contact.getTwitterSn(), contact.getJobTitle(), (long[]) null, (long[]) null, (long[]) null, (List) null, (long[]) null, serviceContext);
            if (!Objects.equals(modifiedDate, valueAsDate)) {
                user = this._userLocalService.updateModifiedDate(user.getUserId(), valueAsDate);
            }
        }
        return user;
    }
}
