package com.atlassian.plugins.authentication.sso.rest;

import com.atlassian.plugins.authentication.api.config.AbstractIdpConfig;
import com.atlassian.plugins.authentication.api.config.IdpConfig;
import com.atlassian.plugins.authentication.api.config.IdpConfigService;
import com.atlassian.plugins.authentication.api.config.IdpSearchParameters;
import com.atlassian.plugins.authentication.api.config.ImmutableJustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.JustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.SsoType;
import com.atlassian.plugins.authentication.api.config.oidc.OidcConfig;
import com.atlassian.plugins.authentication.api.config.saml.SamlConfig;
import com.atlassian.plugins.authentication.common.rest.model.RestPageRequest;
import com.atlassian.plugins.authentication.sso.rest.model.IdpConfigEntity;
import com.atlassian.plugins.authentication.sso.util.ApplicationStateValidator;
import com.google.common.base.Preconditions;
import com.google.common.collect.Iterables;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/rest/IdpsResourceService.class */
public class IdpsResourceService {
    private static final Logger log = LoggerFactory.getLogger(IdpsResourceService.class);
    private final IdpConfigService idpConfigService;
    private final ApplicationStateValidator applicationStateValidator;

    @Inject
    public IdpsResourceService(IdpConfigService idpConfigService, ApplicationStateValidator applicationStateValidator) {
        this.idpConfigService = idpConfigService;
        this.applicationStateValidator = applicationStateValidator;
    }

    @Nonnull
    public List<IdpConfigEntity> getConfigs(RestPageRequest restPageRequest) {
        return (List) this.idpConfigService.getIdpConfigs(IdpSearchParameters.builder().setPageParameters(restPageRequest.toPageParameters()).build()).stream().map(IdpConfigEntity::new).collect(Collectors.toList());
    }

    public IdpConfigEntity getConfig(Long l) {
        Preconditions.checkNotNull(l, "Id must not be null");
        return new IdpConfigEntity(this.idpConfigService.getIdpConfig(l));
    }

    @Nonnull
    public IdpConfigEntity addConfig(@Nonnull IdpConfigEntity idpConfigEntity) {
        IdpConfig buildConfig = buildConfig(null, idpConfigEntity);
        this.applicationStateValidator.checkSsoIsAllowed(buildConfig);
        return new IdpConfigEntity(this.idpConfigService.addIdpConfig(buildConfig));
    }

    @Nonnull
    public IdpConfigEntity updateConfig(Long l, @Nonnull IdpConfigEntity idpConfigEntity) {
        IdpConfig buildConfig = buildConfig(l, idpConfigEntity);
        if (buildConfig.isEnabled()) {
            this.applicationStateValidator.checkSsoIsAllowed(buildConfig);
        }
        return new IdpConfigEntity(this.idpConfigService.updateIdpConfig(buildConfig));
    }

    public IdpConfigEntity removeConfig(Long l) {
        return new IdpConfigEntity(this.idpConfigService.removeIdpConfig(l));
    }

    private IdpConfig buildConfig(Long l, IdpConfigEntity idpConfigEntity) {
        IdpConfig idpConfig;
        if (l == null) {
            log.trace("No id supplied in the request, creating new IdP");
            idpConfig = null;
        } else {
            log.trace("Id [{}] provided in the request, fetching IdP with that id", l);
            idpConfig = this.idpConfigService.getIdpConfig(l);
        }
        SsoType ssoType = idpConfigEntity.getSsoType() == null ? idpConfig == null ? null : idpConfig.getSsoType() : idpConfigEntity.getSsoType();
        Preconditions.checkArgument(ssoType != null, "Field sso-type is required");
        switch (ssoType) {
            case SAML:
                return buildSamlConfig(idpConfigEntity, SamlConfig.from(idpConfig));
            case OIDC:
                return buildOidcConfig(idpConfigEntity, OidcConfig.from(idpConfig));
            default:
                throw new IllegalArgumentException(String.format("Unknown SSO type: %s", idpConfigEntity.getSsoType()));
        }
    }

    private SamlConfig buildSamlConfig(@Nonnull IdpConfigEntity idpConfigEntity, Optional<SamlConfig> optional) {
        validateMutuallyExclusiveFields(IdpConfigEntity.Config.Saml.CROWD_URL, idpConfigEntity.getCrowdUrl(), "sso-url", idpConfigEntity.getSsoUrl());
        validateMutuallyExclusiveFields(IdpConfigEntity.Config.Saml.CROWD_URL, idpConfigEntity.getCrowdUrl(), "sso-issuer", idpConfigEntity.getSsoIssuer());
        SamlConfig.Builder builder = (SamlConfig.Builder) optional.map((v0) -> {
            return v0.toBuilder();
        }).orElseGet(SamlConfig::builder);
        updateGenericConfig(optional.orElse(null), builder, idpConfigEntity);
        SamlConfig.IdpType orElse = calculateSamlIdpType(idpConfigEntity, optional.orElse(null)).orElse(SamlConfig.IdpType.GENERIC);
        builder.setIdpType(orElse);
        if (orElse == SamlConfig.IdpType.CROWD) {
            String crowdUrl = idpConfigEntity.getCrowdUrl();
            builder.getClass();
            setIfNonNull(crowdUrl, builder::setCrowdBaseUrl);
        } else {
            String ssoUrl = idpConfigEntity.getSsoUrl();
            builder.getClass();
            setIfNonNull(ssoUrl, builder::setSsoUrl);
            String ssoIssuer = idpConfigEntity.getSsoIssuer();
            builder.getClass();
            setIfNonNull(ssoIssuer, builder::setIssuer);
        }
        String certificate = idpConfigEntity.getCertificate();
        builder.getClass();
        setIfNonNull(certificate, builder::setCertificate);
        String userAttribute = idpConfigEntity.getUserAttribute();
        builder.getClass();
        setIfNonNull(userAttribute, builder::setUsernameAttribute);
        return builder.build();
    }

    private OidcConfig buildOidcConfig(@Nonnull IdpConfigEntity idpConfigEntity, Optional<OidcConfig> optional) {
        OidcConfig.Builder builder = (OidcConfig.Builder) optional.map((v0) -> {
            return v0.toBuilder();
        }).orElseGet(OidcConfig::builder);
        updateGenericConfig(optional.orElse(null), builder, idpConfigEntity);
        String issuerUrl = idpConfigEntity.getIssuerUrl();
        builder.getClass();
        setIfNonNull(issuerUrl, builder::setIssuer);
        String clientId = idpConfigEntity.getClientId();
        builder.getClass();
        setIfNonNull(clientId, builder::setClientId);
        String clientSecret = idpConfigEntity.getClientSecret();
        builder.getClass();
        setIfNonNull(clientSecret, builder::setClientSecret);
        Boolean discoveryEnabled = idpConfigEntity.getDiscoveryEnabled();
        builder.getClass();
        setIfNonNull(discoveryEnabled, (v1) -> {
            r2.setDiscoveryEnabled(v1);
        });
        if (!Boolean.TRUE.equals(idpConfigEntity.getDiscoveryEnabled())) {
            String authorizationEndpoint = idpConfigEntity.getAuthorizationEndpoint();
            builder.getClass();
            setIfNonNull(authorizationEndpoint, builder::setAuthorizationEndpoint);
            String tokenEndpoint = idpConfigEntity.getTokenEndpoint();
            builder.getClass();
            setIfNonNull(tokenEndpoint, builder::setTokenEndpoint);
            String userInfoEndpoint = idpConfigEntity.getUserInfoEndpoint();
            builder.getClass();
            setIfNonNull(userInfoEndpoint, builder::setUserInfoEndpoint);
        }
        setIfNonNull(idpConfigEntity.getAdditionalScopes(), list -> {
            builder.setAdditionalScopes(Iterables.filter(list, (v0) -> {
                return Objects.nonNull(v0);
            }));
        });
        String usernameClaim = idpConfigEntity.getUsernameClaim();
        builder.getClass();
        setIfNonNull(usernameClaim, builder::setUsernameClaim);
        return builder.build();
    }

    private void updateGenericConfig(@Nullable IdpConfig idpConfig, @Nonnull AbstractIdpConfig.Builder<?> builder, @Nonnull IdpConfigEntity idpConfigEntity) {
        Long id = idpConfigEntity.getId();
        builder.getClass();
        setIfNonNull(id, builder::setId);
        String name = idpConfigEntity.getName();
        builder.getClass();
        setIfNonNull(name, builder::setName);
        Boolean enabled = idpConfigEntity.getEnabled();
        builder.getClass();
        setIfNonNull(enabled, (v1) -> {
            r2.setEnabled(v1);
        });
        Boolean includeCustomerLogins = idpConfigEntity.getIncludeCustomerLogins();
        builder.getClass();
        setIfNonNull(includeCustomerLogins, (v1) -> {
            r2.setIncludeCustomerLogins(v1);
        });
        Boolean enableRememberMe = idpConfigEntity.getEnableRememberMe();
        builder.getClass();
        setIfNonNull(enableRememberMe, (v1) -> {
            r2.setEnableRememberMe(v1);
        });
        String buttonText = idpConfigEntity.getButtonText();
        builder.getClass();
        setIfNonNull(buttonText, builder::setButtonText);
        updateJustInTimeConfig((JustInTimeConfig) Optional.ofNullable(idpConfig).map((v0) -> {
            return v0.getJustInTimeConfig();
        }).orElse(null), builder, idpConfigEntity);
    }

    private void updateJustInTimeConfig(@Nullable JustInTimeConfig justInTimeConfig, @Nonnull AbstractIdpConfig.Builder<?> builder, IdpConfigEntity idpConfigEntity) {
        ImmutableJustInTimeConfig.Builder builder2 = ImmutableJustInTimeConfig.builder(justInTimeConfig);
        if (idpConfigEntity.getJitConfiguration() != null) {
            Boolean enableUserProvisioning = idpConfigEntity.getJitConfiguration().getEnableUserProvisioning();
            builder2.getClass();
            setIfNonNull(enableUserProvisioning, builder2::setEnabled);
            String mappingDisplayName = idpConfigEntity.getJitConfiguration().getMappingDisplayName();
            builder2.getClass();
            setIfNonNull(mappingDisplayName, builder2::setDisplayNameMappingExpression);
            String mappingEmail = idpConfigEntity.getJitConfiguration().getMappingEmail();
            builder2.getClass();
            setIfNonNull(mappingEmail, builder2::setEmailMappingExpression);
            String mappingGroups = idpConfigEntity.getJitConfiguration().getMappingGroups();
            builder2.getClass();
            setIfNonNull(mappingGroups, builder2::setGroupsMappingSource);
            setIfNonNull(idpConfigEntity.getJitConfiguration().getAdditionalJitScopes(), list -> {
                builder2.setAdditionalJitScopes(Iterables.filter(list, (v0) -> {
                    return Objects.nonNull(v0);
                }));
            });
        }
        builder.setJustInTimeConfig(builder2.build());
    }

    @Nonnull
    private Optional<SamlConfig.IdpType> calculateSamlIdpType(@Nonnull IdpConfigEntity idpConfigEntity, @Nullable SamlConfig samlConfig) {
        SamlConfig.IdpType idpType = null;
        if (idpConfigEntity.getIdpType() != null) {
            log.debug("IdP type specified in the request: {}", idpConfigEntity.getIdpType());
            idpType = idpConfigEntity.getIdpType();
        } else if (idpConfigEntity.getCrowdUrl() != null) {
            log.debug("Crowd URL [{}] specified in the request, treating IdP as Crowd", idpConfigEntity.getCrowdUrl());
            idpType = SamlConfig.IdpType.CROWD;
        } else if (idpConfigEntity.getSsoUrl() != null || idpConfigEntity.getSsoIssuer() != null) {
            log.debug("SSO URL [{}] or issuer [{}] is not null, treating IdP as generic", idpConfigEntity.getSsoUrl(), idpConfigEntity.getSsoIssuer());
            idpType = SamlConfig.IdpType.GENERIC;
        } else if (samlConfig != null) {
            log.debug("Not enough data in the request to determine IdP type, treating input as addition to current type of [{}]", samlConfig.getIdpType());
            idpType = samlConfig.getIdpType();
        }
        return Optional.ofNullable(idpType);
    }

    private <T> void setIfNonNull(T t, Consumer<T> consumer) {
        if (t != null) {
            consumer.accept(t);
        }
    }

    private void validateMutuallyExclusiveFields(@Nonnull String str, @Nullable Object obj, @Nonnull String str2, @Nullable Object obj2) {
        if (obj != null && obj2 != null) {
            throw new IllegalArgumentException(String.format("Either '%s' or '%s' must be set, received both", str, str2));
        }
    }
}
