package com.atlassian.plugins.authentication.sso.config;

import com.atlassian.activeobjects.external.ActiveObjects;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugins.authentication.api.config.IdpConfig;
import com.atlassian.plugins.authentication.api.config.IdpSearchParameters;
import com.atlassian.plugins.authentication.api.config.ImmutableJustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.ImmutableSsoConfig;
import com.atlassian.plugins.authentication.api.config.JustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.PageParameters;
import com.atlassian.plugins.authentication.api.config.SsoConfig;
import com.atlassian.plugins.authentication.api.config.SsoType;
import com.atlassian.plugins.authentication.api.config.oidc.OidcConfig;
import com.atlassian.plugins.authentication.api.config.saml.SamlConfig;
import com.atlassian.sal.api.pluginsettings.PluginSettings;
import com.atlassian.sal.api.pluginsettings.PluginSettingsFactory;
import com.atlassian.sal.api.timezone.TimeZoneManager;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import java.time.Clock;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.TreeMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import javax.inject.Named;
import net.java.ao.Query;
import net.java.ao.RawEntity;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/config/SsoConfigDao.class */
public class SsoConfigDao {
    private static final Logger logger = LoggerFactory.getLogger(SsoConfigDao.class);
    public static final String CFG_PREFIX = "com.atlassian.plugins.authentication.sso.config.";
    private final PluginSettingsFactory pluginSettings;
    private final ActiveObjects activeObjects;
    private final TimeZoneManager timeZoneManager;
    private final Clock clock;

    /* loaded from: input_file:com/atlassian/plugins/authentication/sso/config/SsoConfigDao$Config.class */
    public interface Config {
        public static final String SHOW_LOGIN_FORM = "show-login-form";
        public static final String SHOW_LOGIN_FORM_FOR_JSM = "show-login-form-for-jsm";
        public static final String ENABLE_AUTHENTICATION_FALLBACK = "enable-authentication-fallback";
        public static final String LAST_UPDATED = "last-updated";

        /* loaded from: input_file:com/atlassian/plugins/authentication/sso/config/SsoConfigDao$Config$Oidc.class */
        public interface Oidc {
            public static final String DISCOVERY_REFRESH_CRON = "discovery-refresh-cron";
        }
    }

    @Inject
    public SsoConfigDao(@ComponentImport PluginSettingsFactory pluginSettingsFactory, @ComponentImport ActiveObjects activeObjects, @ComponentImport TimeZoneManager timeZoneManager, Clock clock) {
        this.pluginSettings = pluginSettingsFactory;
        this.activeObjects = activeObjects;
        this.timeZoneManager = timeZoneManager;
        this.clock = clock;
    }

    public List<IdpConfig> getIdpConfigs() {
        return getIdpConfigs(IdpSearchParameters.builder().build());
    }

    public List<IdpConfig> getIdpConfigs(IdpSearchParameters idpSearchParameters) {
        List<IdpConfig> list = (List) Arrays.stream(this.activeObjects.find(IdpConfigEntity.class, buildIdpQuery(idpSearchParameters))).map(this::mapIdpConfig).collect(Collectors.toList());
        logger.debug("Returning {} IdP configs", Integer.valueOf(list.size()));
        return list;
    }

    public SsoConfig getSsoConfig() {
        return readGenericSsoConfig(settings());
    }

    public void removeSsoConfig() {
        PluginSettings pluginSettings = settings();
        Stream.of((Object[]) new String[]{"show-login-form", "enable-authentication-fallback", "show-login-form-for-jsm", "last-updated", "discovery-refresh-cron"}).forEach(str -> {
            PluginSettingsUtil.removeValue(pluginSettings, str);
        });
    }

    public IdpConfig removeIdpConfig(Long l) {
        logger.debug("Deleting IdP config with id {}", l);
        IdpConfigEntity findByIdInternal = findByIdInternal(l);
        IdpConfig mapIdpConfig = mapIdpConfig(findByIdInternal);
        this.activeObjects.delete(new RawEntity[]{findByIdInternal});
        logger.debug("Deleted IdP config with id {}", l);
        return mapIdpConfig;
    }

    public SsoConfig saveSsoConfig(@Nonnull SsoConfig ssoConfig) {
        PluginSettings pluginSettings = settings();
        saveGenericSsoConfig(pluginSettings, ssoConfig);
        return readGenericSsoConfig(pluginSettings);
    }

    public IdpConfig saveIdpConfig(@Nonnull IdpConfig idpConfig) {
        IdpConfigEntity findByIdInternal = idpConfig.getId() != null ? findByIdInternal(idpConfig.getId()) : (IdpConfigEntity) this.activeObjects.create(IdpConfigEntity.class, buildRequiredFieldMap(idpConfig));
        switch (idpConfig.getSsoType()) {
            case SAML:
                return saveSamlConfig(findByIdInternal, (SamlConfig) idpConfig);
            case OIDC:
                return saveOidcConfig(findByIdInternal, (OidcConfig) idpConfig);
            default:
                throw new IllegalArgumentException("Unknown SSO type: " + idpConfig.getSsoType());
        }
    }

    public IdpConfig findById(Long l) {
        return mapIdpConfig(findByIdInternal(l));
    }

    @Nonnull
    private IdpConfig mapIdpConfig(IdpConfigEntity idpConfigEntity) {
        switch (SsoType.fromName(idpConfigEntity.getSsoType()).orElseThrow(() -> {
            return new IllegalStateException("Unknown SSO type: " + idpConfigEntity.getSsoType());
        })) {
            case SAML:
                return SamlConfig.builder().setId(Long.valueOf(idpConfigEntity.getID())).setName(idpConfigEntity.getName()).setEnabled(idpConfigEntity.isEnabled().booleanValue()).setJustInTimeConfig(readJustInTimeConfig(idpConfigEntity)).setIdpType(SamlConfig.IdpType.fromName(idpConfigEntity.getIdpType()).orElse(SamlConfig.IdpType.GENERIC)).setEnableRememberMe(idpConfigEntity.isEnableRememberMe()).setIncludeCustomerLogins(idpConfigEntity.isIncludeCustomerLogins()).setButtonText(idpConfigEntity.getButtonText()).setSsoUrl(idpConfigEntity.getSsoUrl()).setIssuer(idpConfigEntity.getIssuer()).setCertificate(idpConfigEntity.getCertificate()).setUsernameAttribute(idpConfigEntity.getUserAttribute()).setIncludeCustomerLogins(idpConfigEntity.isIncludeCustomerLogins()).setLastUpdated(idpConfigEntity.getLastUpdated() == null ? null : ZonedDateTime.ofInstant(idpConfigEntity.getLastUpdated().toInstant(), this.timeZoneManager.getDefaultTimeZone().toZoneId())).build();
            case OIDC:
                return OidcConfig.builder().setId(Long.valueOf(idpConfigEntity.getID())).setName(idpConfigEntity.getName()).setEnabled(idpConfigEntity.isEnabled().booleanValue()).setJustInTimeConfig(readJustInTimeConfig(idpConfigEntity)).setEnableRememberMe(idpConfigEntity.isEnableRememberMe()).setIncludeCustomerLogins(idpConfigEntity.isIncludeCustomerLogins()).setButtonText(idpConfigEntity.getButtonText()).setIssuer(idpConfigEntity.getIssuer()).setClientId(idpConfigEntity.getClientId()).setClientSecret(idpConfigEntity.getClientSecret()).setAuthorizationEndpoint(idpConfigEntity.getAuthorizationEndpoint()).setTokenEndpoint(idpConfigEntity.getTokenEndpoint()).setUserInfoEndpoint(idpConfigEntity.getUserInfoEndpoint()).setDiscoveryEnabled(idpConfigEntity.isUseDiscovery()).setIncludeCustomerLogins(idpConfigEntity.isIncludeCustomerLogins()).setAdditionalScopes((Iterable) new Gson().fromJson(idpConfigEntity.getAdditionalScopes(), new TypeToken<List<String>>() { // from class: com.atlassian.plugins.authentication.sso.config.SsoConfigDao.1
                }.getType())).setUsernameClaim(idpConfigEntity.getUsernameClaim()).setLastUpdated(idpConfigEntity.getLastUpdated() == null ? null : ZonedDateTime.ofInstant(idpConfigEntity.getLastUpdated().toInstant(), this.timeZoneManager.getDefaultTimeZone().toZoneId())).build();
            default:
                throw new IllegalStateException("Unknown type of SSO configured: " + idpConfigEntity.getSsoType());
        }
    }

    private SsoConfig readGenericSsoConfig(@Nonnull PluginSettings pluginSettings) {
        return ImmutableSsoConfig.builder().setShowLoginForm(PluginSettingsUtil.getBooleanValue(pluginSettings, "show-login-form", true)).setShowLoginFormForJsm(PluginSettingsUtil.getBooleanValue(pluginSettings, "show-login-form-for-jsm", false)).setEnableAuthenticationFallback(PluginSettingsUtil.getBooleanValue(pluginSettings, "enable-authentication-fallback", false)).setDiscoveryRefreshCron(PluginSettingsUtil.getStringValue(pluginSettings, "discovery-refresh-cron")).setLastUpdated(PluginSettingsUtil.getDateValue(pluginSettings, "last-updated", this.timeZoneManager.getDefaultTimeZone().toZoneId())).build();
    }

    @Nonnull
    private JustInTimeConfig readJustInTimeConfig(@Nonnull IdpConfigEntity idpConfigEntity) {
        ImmutableJustInTimeConfig.Builder groupsMappingSource = ImmutableJustInTimeConfig.builder().setEnabled(idpConfigEntity.isUserProvisioningEnabled()).setDisplayNameMappingExpression(idpConfigEntity.getDisplayNameMapping()).setEmailMappingExpression(idpConfigEntity.getEmailMapping()).setGroupsMappingSource(idpConfigEntity.getGroupsMapping());
        if (idpConfigEntity.getSsoType().equals(SsoType.OIDC.name())) {
            groupsMappingSource.setAdditionalJitScopes((Iterable) new Gson().fromJson(idpConfigEntity.getAdditionalJitScopes(), new TypeToken<List<String>>() { // from class: com.atlassian.plugins.authentication.sso.config.SsoConfigDao.2
            }.getType()));
        }
        return groupsMappingSource.build();
    }

    @NotNull
    private IdpConfigEntity findByIdInternal(Long l) {
        IdpConfigEntity idpConfigEntity = (IdpConfigEntity) this.activeObjects.get(IdpConfigEntity.class, l);
        if (idpConfigEntity == null) {
            throw new IdpNotFoundException(l);
        }
        return idpConfigEntity;
    }

    private ImmutableMap<String, Object> buildRequiredFieldMap(IdpConfig idpConfig) {
        return ImmutableMap.builder().put(IdpConfigEntity.ENABLED, Boolean.valueOf(idpConfig.isEnabled())).put(IdpConfigEntity.BUTTON_TEXT, idpConfig.getButtonText()).put(IdpConfigEntity.NAME, idpConfig.getName()).put(IdpConfigEntity.ISSUER, idpConfig.getIssuer()).build();
    }

    private IdpConfig saveOidcConfig(IdpConfigEntity idpConfigEntity, OidcConfig oidcConfig) {
        mapOidcGeneralConfig(oidcConfig, idpConfigEntity);
        mapOidcJitConfig(oidcConfig, idpConfigEntity);
        idpConfigEntity.save();
        logger.debug("Saved OIDC config with id [{}]", Long.valueOf(idpConfigEntity.getID()));
        return mapIdpConfig(idpConfigEntity);
    }

    private void mapOidcJitConfig(OidcConfig oidcConfig, IdpConfigEntity idpConfigEntity) {
        JustInTimeConfig justInTimeConfig = oidcConfig.getJustInTimeConfig();
        idpConfigEntity.setUserProvisioning(justInTimeConfig.isEnabled().orElse(false).booleanValue());
        idpConfigEntity.setDisplayNameMapping(justInTimeConfig.getDisplayNameMappingExpression().orElse(""));
        idpConfigEntity.setEmailMapping(justInTimeConfig.getEmailMappingExpression().orElse(""));
        idpConfigEntity.setGroupsMapping(justInTimeConfig.getGroupsMappingSource().orElse(""));
        idpConfigEntity.setAdditionalJitScopes(new Gson().toJson(justInTimeConfig.getAdditionalJitScopes()));
    }

    private void mapOidcGeneralConfig(OidcConfig oidcConfig, IdpConfigEntity idpConfigEntity) {
        idpConfigEntity.setSsoType(SsoType.OIDC.name());
        idpConfigEntity.setName(oidcConfig.getName());
        idpConfigEntity.setEnabled(Boolean.valueOf(oidcConfig.isEnabled()));
        idpConfigEntity.setIssuer(oidcConfig.getIssuer());
        idpConfigEntity.setClientId(oidcConfig.getClientId());
        idpConfigEntity.setClientSecret(oidcConfig.getClientSecret());
        idpConfigEntity.setAuthorizationEndpoint(oidcConfig.getAuthorizationEndpoint());
        idpConfigEntity.setTokenEndpoint(oidcConfig.getTokenEndpoint());
        idpConfigEntity.setUserInfoEndpoint(oidcConfig.getUserInfoEndpoint());
        idpConfigEntity.setUseDiscovery(oidcConfig.isDiscoveryEnabled());
        idpConfigEntity.setAdditionalScopes(new Gson().toJson(oidcConfig.getAdditionalScopes()));
        idpConfigEntity.setUsernameClaim(Strings.emptyToNull(oidcConfig.getUsernameClaim()));
        idpConfigEntity.setEnableRememberMe(oidcConfig.isEnableRememberMe());
        idpConfigEntity.setIncludeCustomerLogins(oidcConfig.isIncludeCustomerLogins());
        idpConfigEntity.setLastUpdated(Date.from(this.clock.instant()));
        idpConfigEntity.setButtonText(oidcConfig.getButtonText());
    }

    private IdpConfig saveSamlConfig(IdpConfigEntity idpConfigEntity, SamlConfig samlConfig) {
        mapSamlGeneralConfig(samlConfig, idpConfigEntity);
        mapSamlJitConfig(samlConfig, idpConfigEntity);
        idpConfigEntity.save();
        logger.debug("Saved SAML config with id [{}]", Long.valueOf(idpConfigEntity.getID()));
        return mapIdpConfig(idpConfigEntity);
    }

    private void mapSamlJitConfig(@Nonnull SamlConfig samlConfig, IdpConfigEntity idpConfigEntity) {
        JustInTimeConfig justInTimeConfig = samlConfig.getJustInTimeConfig();
        idpConfigEntity.setUserProvisioning(justInTimeConfig.isEnabled().orElse(false).booleanValue());
        idpConfigEntity.setDisplayNameMapping(justInTimeConfig.getDisplayNameMappingExpression().orElse(""));
        idpConfigEntity.setEmailMapping(justInTimeConfig.getEmailMappingExpression().orElse(""));
        idpConfigEntity.setGroupsMapping(justInTimeConfig.getGroupsMappingSource().orElse(""));
    }

    private void mapSamlGeneralConfig(SamlConfig samlConfig, IdpConfigEntity idpConfigEntity) {
        idpConfigEntity.setSsoType(SsoType.SAML.name());
        idpConfigEntity.setName(samlConfig.getName());
        idpConfigEntity.setEnabled(Boolean.valueOf(samlConfig.isEnabled()));
        idpConfigEntity.setIdpType(samlConfig.getIdpType().name());
        idpConfigEntity.setSsoUrl(samlConfig.getSsoUrl());
        idpConfigEntity.setIssuer(samlConfig.getIssuer());
        idpConfigEntity.setCertificate(samlConfig.getCertificate());
        idpConfigEntity.setUserAttribute(samlConfig.getUsernameAttribute());
        idpConfigEntity.setEnableRememberMe(samlConfig.isEnableRememberMe());
        idpConfigEntity.setIncludeCustomerLogins(samlConfig.isIncludeCustomerLogins());
        idpConfigEntity.setLastUpdated(Date.from(this.clock.instant()));
        idpConfigEntity.setButtonText(samlConfig.getButtonText());
    }

    private void saveGenericSsoConfig(@Nonnull PluginSettings pluginSettings, @Nonnull SsoConfig ssoConfig) {
        PluginSettingsUtil.setBooleanValue(pluginSettings, "show-login-form", ssoConfig.getShowLoginForm());
        PluginSettingsUtil.setBooleanValue(pluginSettings, "show-login-form-for-jsm", ssoConfig.getShowLoginFormForJsm());
        PluginSettingsUtil.setBooleanValue(pluginSettings, "enable-authentication-fallback", ssoConfig.enableAuthenticationFallback());
        PluginSettingsUtil.setStringValue(pluginSettings, "discovery-refresh-cron", ssoConfig.getDiscoveryRefreshCron());
        PluginSettingsUtil.setDateValue(pluginSettings, "last-updated", this.clock.instant().atZone(this.timeZoneManager.getDefaultTimeZone().toZoneId()));
    }

    @Nonnull
    private PluginSettings settings() {
        return this.pluginSettings.createGlobalSettings();
    }

    private Query buildIdpQuery(IdpSearchParameters idpSearchParameters) {
        PageParameters pageParameters = idpSearchParameters.getPageParameters();
        Preconditions.checkArgument(pageParameters.isAllResultsQuery() || (pageParameters.getLimit() > 0 && pageParameters.getStart() >= 0), "The limit must be greater than zero and the start must be greater or equal to zero");
        Query order = Query.select().order("ID ASC");
        if (!pageParameters.isAllResultsQuery()) {
            order.offset(pageParameters.getStart()).limit(pageParameters.getLimit());
        }
        TreeMap treeMap = new TreeMap();
        idpSearchParameters.getEnabledRestriction().ifPresent(bool -> {
            treeMap.put("ENABLED = ?", bool);
        });
        idpSearchParameters.getSsoTypeRestriction().ifPresent(ssoType -> {
            treeMap.put("SSO_TYPE = ?", ssoType);
        });
        idpSearchParameters.getIncludeCustomerLoginsRestriction().ifPresent(bool2 -> {
            treeMap.put("INCLUDE_CUSTOMER_LOGINS = ?", bool2);
        });
        if (!treeMap.isEmpty()) {
            order.where(String.join(" AND ", treeMap.keySet()), treeMap.values().toArray());
        }
        logger.trace("IdP query parameters - start {}, limit: {}, where: {}", new Object[]{Integer.valueOf(order.getOffset()), Integer.valueOf(order.getLimit()), order.getWhereClause()});
        return order;
    }
}
