package org.apereo.cas.consent;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.model.support.consent.ConsentProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.Response;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/consent/LdapConsentRepository.class */
public class LdapConsentRepository implements ConsentRepository {
    private static final long serialVersionUID = 8561763114482490L;
    private final transient ConnectionFactory connectionFactory;
    private final ConsentProperties.Ldap ldap;
    private final String searchFilter;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapConsentRepository.class);
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();

    public LdapConsentRepository(ConnectionFactory connectionFactory, ConsentProperties.Ldap ldap) {
        this.connectionFactory = connectionFactory;
        this.ldap = ldap;
        this.searchFilter = "(" + this.ldap.getSearchFilter() + ")";
    }

    private static ConsentDecision mapFromJson(String str) {
        try {
            LOGGER.trace("Mapping JSON value [{}] to consent object", str);
            return (ConsentDecision) MAPPER.readValue(str, ConsentDecision.class);
        } catch (IOException e) {
            LOGGER.error(e.getMessage(), e);
            return null;
        }
    }

    private static String mapToJson(ConsentDecision consentDecision) {
        try {
            String writeValueAsString = MAPPER.writeValueAsString(consentDecision);
            LOGGER.trace("Transformed consent object [{}] as JSON value [{}]", consentDecision, writeValueAsString);
            return writeValueAsString;
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            return null;
        }
    }

    public ConsentDecision findConsentDecision(Service service, RegisteredService registeredService, Authentication authentication) {
        LdapAttribute attribute;
        String id = authentication.getPrincipal().getId();
        LdapEntry readConsentEntry = readConsentEntry(id);
        if (readConsentEntry == null || (attribute = readConsentEntry.getAttribute(this.ldap.getConsentAttributeName())) == null) {
            return null;
        }
        Collection stringValues = attribute.getStringValues();
        LOGGER.debug("Locating consent decision(s) for [{}] and service [{}]", id, service.getId());
        return (ConsentDecision) stringValues.stream().map(LdapConsentRepository::mapFromJson).filter(consentDecision -> {
            return consentDecision.getService().equals(service.getId());
        }).findFirst().orElse(null);
    }

    public Collection<? extends ConsentDecision> findConsentDecisions(String str) {
        LdapAttribute attribute;
        LdapEntry readConsentEntry = readConsentEntry(str);
        if (readConsentEntry == null || (attribute = readConsentEntry.getAttribute(this.ldap.getConsentAttributeName())) == null) {
            return new HashSet(0);
        }
        LOGGER.debug("Located consent decision for [{}] at attribute [{}]", str, this.ldap.getConsentAttributeName());
        return (Collection) attribute.getStringValues().stream().map(LdapConsentRepository::mapFromJson).collect(Collectors.toSet());
    }

    public Collection<? extends ConsentDecision> findConsentDecisions() {
        Collection<LdapEntry> readConsentEntries = readConsentEntries();
        if (readConsentEntries == null || readConsentEntries.isEmpty()) {
            LOGGER.debug("No consent decision could be found");
            return new HashSet(0);
        }
        HashSet hashSet = new HashSet();
        Stream map = readConsentEntries.stream().map(ldapEntry -> {
            return ldapEntry.getAttribute(this.ldap.getConsentAttributeName());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(ldapAttribute -> {
            return (Set) ldapAttribute.getStringValues().stream().map(LdapConsentRepository::mapFromJson).collect(Collectors.toSet());
        });
        Objects.requireNonNull(hashSet);
        map.forEach((v1) -> {
            r1.addAll(v1);
        });
        return CollectionUtils.wrap(hashSet);
    }

    public boolean storeConsentDecision(ConsentDecision consentDecision) {
        LdapEntry readConsentEntry = readConsentEntry(consentDecision.getPrincipal());
        if (readConsentEntry != null) {
            return executeModifyOperation(mergeDecision(readConsentEntry.getAttribute(this.ldap.getConsentAttributeName()), consentDecision), readConsentEntry);
        }
        return false;
    }

    public boolean deleteConsentDecision(long j, String str) {
        LOGGER.debug("Deleting consent decision [{}] for principal [{}]", Long.valueOf(j), str);
        LdapEntry readConsentEntry = readConsentEntry(str);
        if (readConsentEntry != null) {
            return executeModifyOperation(removeDecision(readConsentEntry.getAttribute(this.ldap.getConsentAttributeName()), j), readConsentEntry);
        }
        return false;
    }

    private boolean executeModifyOperation(Set<String> set, LdapEntry ldapEntry) {
        HashMap hashMap = new HashMap();
        hashMap.put(this.ldap.getConsentAttributeName(), set);
        LOGGER.debug("Storing consent decisions [{}] at LDAP attribute [{}] for [{}]", new Object[]{set, hashMap.keySet(), ldapEntry.getDn()});
        return LdapUtils.executeModifyOperation(ldapEntry.getDn(), this.connectionFactory, CollectionUtils.wrap(hashMap));
    }

    private static Set<String> mergeDecision(LdapAttribute ldapAttribute, ConsentDecision consentDecision) {
        if (consentDecision.getId() < 0) {
            consentDecision.setId(System.currentTimeMillis());
        }
        if (ldapAttribute == null) {
            HashSet hashSet = new HashSet();
            String mapToJson = mapToJson(consentDecision);
            if (StringUtils.isBlank(mapToJson)) {
                throw new IllegalArgumentException("Could not map consent decision to JSON");
            }
            hashSet.add(mapToJson);
            return hashSet;
        }
        Set<String> removeDecision = removeDecision(ldapAttribute, consentDecision.getId());
        String mapToJson2 = mapToJson(consentDecision);
        if (StringUtils.isBlank(mapToJson2)) {
            throw new IllegalArgumentException("Could not map consent decision to JSON");
        }
        removeDecision.add(mapToJson2);
        LOGGER.debug("Merged consent decision [{}] with LDAP attribute [{}]", consentDecision, ldapAttribute.getName());
        return CollectionUtils.wrap(removeDecision);
    }

    private static Set<String> removeDecision(LdapAttribute ldapAttribute, long j) {
        HashSet hashSet = new HashSet();
        if (ldapAttribute.size() != 0) {
            Stream filter = ldapAttribute.getStringValues().stream().map(LdapConsentRepository::mapFromJson).filter(consentDecision -> {
                return consentDecision.getId() != j;
            }).map(LdapConsentRepository::mapToJson).filter((v0) -> {
                return Objects.nonNull(v0);
            });
            Objects.requireNonNull(hashSet);
            filter.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return hashSet;
    }

    private LdapEntry readConsentEntry(String str) {
        try {
            SearchFilter newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(this.searchFilter, CollectionUtils.wrapList(new String[]{str}));
            LOGGER.debug("Locating consent LDAP entry via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, this.ldap.getConsentAttributeName());
            Response executeSearchOperation = LdapUtils.executeSearchOperation(this.connectionFactory, this.ldap.getBaseDn(), newLdaptiveSearchFilter, new String[]{this.ldap.getConsentAttributeName()});
            if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
                return null;
            }
            LdapEntry entry = ((SearchResult) executeSearchOperation.getResult()).getEntry();
            LOGGER.debug("Locating consent LDAP entry [{}]", entry);
            return entry;
        } catch (LdapException e) {
            LOGGER.debug(e.getMessage(), e);
            return null;
        }
    }

    private Collection<LdapEntry> readConsentEntries() {
        try {
            String consentAttributeName = this.ldap.getConsentAttributeName();
            SearchFilter newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("(" + consentAttributeName + "=*)");
            LOGGER.debug("Locating consent LDAP entries via filter [{}] based on attribute [{}]", newLdaptiveSearchFilter, consentAttributeName);
            Response executeSearchOperation = LdapUtils.executeSearchOperation(this.connectionFactory, this.ldap.getBaseDn(), newLdaptiveSearchFilter, new String[]{consentAttributeName});
            if (LdapUtils.containsResultEntry(executeSearchOperation)) {
                Collection<LdapEntry> entries = ((SearchResult) executeSearchOperation.getResult()).getEntries();
                LOGGER.debug("Locating [{}] consent LDAP entries", Integer.valueOf(entries.size()));
                return entries;
            }
        } catch (LdapException e) {
            LOGGER.debug(e.getMessage(), e);
        }
        return new HashSet(0);
    }
}
