package org.apereo.cas.config;

import com.github.benmanes.caffeine.cache.Caffeine;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.naming.directory.SearchControls;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.resolvers.InternalGroovyScriptDao;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.GrouperPrincipalAttributesProperties;
import org.apereo.cas.configuration.model.core.authentication.JdbcPrincipalAttributesProperties;
import org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.persondir.DefaultPersonDirectoryAttributeRepositoryPlan;
import org.apereo.cas.persondir.PersonDirectoryAttributeRepositoryPlanConfigurer;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl;
import org.apereo.services.persondir.support.GroovyPersonAttributeDao;
import org.apereo.services.persondir.support.GrouperPersonAttributeDao;
import org.apereo.services.persondir.support.JsonBackedComplexStubPersonAttributeDao;
import org.apereo.services.persondir.support.MergingPersonAttributeDaoImpl;
import org.apereo.services.persondir.support.RestfulPersonAttributeDao;
import org.apereo.services.persondir.support.ScriptEnginePersonAttributeDao;
import org.apereo.services.persondir.support.jdbc.AbstractJdbcPersonAttributeDao;
import org.apereo.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao;
import org.apereo.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao;
import org.apereo.services.persondir.support.ldap.LdaptivePersonAttributeDao;
import org.apereo.services.persondir.support.merger.IAttributeMerger;
import org.apereo.services.persondir.support.merger.MultivaluedAttributeMerger;
import org.apereo.services.persondir.support.merger.NoncollidingAttributeAdder;
import org.apereo.services.persondir.support.merger.ReplacingAttributeAdder;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.OrderComparator;
import org.springframework.core.io.Resource;
import org.springframework.http.HttpMethod;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casPersonDirectoryConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-server-support-person-directory-6.0.0.jar:org/apereo/cas/config/CasPersonDirectoryConfiguration.class */
public class CasPersonDirectoryConfiguration implements PersonDirectoryAttributeRepositoryPlanConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasPersonDirectoryConfiguration.class);

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ObjectProvider<List<PersonDirectoryAttributeRepositoryPlanConfigurer>> attributeRepositoryConfigurers;

    @ConditionalOnMissingBean(name = {"attributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> attributeRepositories() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(ldapAttributeRepositories());
        arrayList.addAll(jdbcAttributeRepositories());
        arrayList.addAll(jsonAttributeRepositories());
        arrayList.addAll(groovyAttributeRepositories());
        arrayList.addAll(grouperAttributeRepositories());
        arrayList.addAll(restfulAttributeRepositories());
        arrayList.addAll(scriptedAttributeRepositories());
        arrayList.addAll(stubAttributeRepositories());
        List list = (List) ObjectUtils.defaultIfNull(this.attributeRepositoryConfigurers.getIfAvailable(), new ArrayList());
        DefaultPersonDirectoryAttributeRepositoryPlan defaultPersonDirectoryAttributeRepositoryPlan = new DefaultPersonDirectoryAttributeRepositoryPlan();
        list.forEach(personDirectoryAttributeRepositoryPlanConfigurer -> {
            personDirectoryAttributeRepositoryPlanConfigurer.configureAttributeRepositoryPlan(defaultPersonDirectoryAttributeRepositoryPlan);
        });
        arrayList.addAll(defaultPersonDirectoryAttributeRepositoryPlan.getAttributeRepositories());
        OrderComparator.sort(arrayList);
        LOGGER.trace("Final list of attribute repositories is [{}]", arrayList);
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"attributeRepository"})
    @RefreshScope
    @Bean
    public IPersonAttributeDao attributeRepository() {
        return cachingAttributeRepository();
    }

    @ConditionalOnMissingBean(name = {"jsonAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> jsonAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        this.casProperties.getAuthn().getAttributeRepository().getJson().forEach(Unchecked.consumer(jsonPrincipalAttributesProperties -> {
            Resource location = jsonPrincipalAttributesProperties.getLocation();
            if (location != null) {
                JsonBackedComplexStubPersonAttributeDao jsonBackedComplexStubPersonAttributeDao = new JsonBackedComplexStubPersonAttributeDao(location);
                jsonBackedComplexStubPersonAttributeDao.setOrder(jsonPrincipalAttributesProperties.getOrder());
                jsonBackedComplexStubPersonAttributeDao.init();
                LOGGER.debug("Configured JSON attribute sources from [{}]", location);
                arrayList.add(jsonBackedComplexStubPersonAttributeDao);
            }
        }));
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"groovyAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> groovyAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        this.casProperties.getAuthn().getAttributeRepository().getGroovy().forEach(groovyPrincipalAttributesProperties -> {
            if (groovyPrincipalAttributesProperties.getLocation() != null) {
                GroovyPersonAttributeDao groovyPersonAttributeDao = new GroovyPersonAttributeDao(new InternalGroovyScriptDao(this.applicationContext, this.casProperties));
                groovyPersonAttributeDao.setCaseInsensitiveUsername(groovyPrincipalAttributesProperties.isCaseInsensitive());
                groovyPersonAttributeDao.setOrder(groovyPrincipalAttributesProperties.getOrder());
                LOGGER.debug("Configured Groovy attribute sources from [{}]", groovyPrincipalAttributesProperties.getLocation());
                arrayList.add(groovyPersonAttributeDao);
            }
        });
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"grouperAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> grouperAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        GrouperPrincipalAttributesProperties grouper = this.casProperties.getAuthn().getAttributeRepository().getGrouper();
        if (grouper.isEnabled()) {
            GrouperPersonAttributeDao grouperPersonAttributeDao = new GrouperPersonAttributeDao();
            grouperPersonAttributeDao.setOrder(grouper.getOrder());
            LOGGER.debug("Configured Grouper attribute source");
            arrayList.add(grouperPersonAttributeDao);
        }
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"stubAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> stubAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        Map<String, String> attributes = this.casProperties.getAuthn().getAttributeRepository().getStub().getAttributes();
        if (!attributes.isEmpty()) {
            LOGGER.info("Found and added static attributes [{}] to the list of candidate attribute repositories", attributes.keySet());
            arrayList.add(Beans.newStubAttributeRepository(this.casProperties.getAuthn().getAttributeRepository()));
        }
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"jdbcAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> jdbcAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        this.casProperties.getAuthn().getAttributeRepository().getJdbc().forEach(jdbcPrincipalAttributesProperties -> {
            if (StringUtils.isNotBlank(jdbcPrincipalAttributesProperties.getSql()) && StringUtils.isNotBlank(jdbcPrincipalAttributesProperties.getUrl())) {
                AbstractJdbcPersonAttributeDao createJdbcPersonAttributeDao = createJdbcPersonAttributeDao(jdbcPrincipalAttributesProperties);
                createJdbcPersonAttributeDao.setQueryAttributeMapping(CollectionUtils.wrap("username", jdbcPrincipalAttributesProperties.getUsername()));
                Map<String, String> attributes = jdbcPrincipalAttributesProperties.getAttributes();
                if (attributes != null && !attributes.isEmpty()) {
                    LOGGER.debug("Configured result attribute mapping for [{}] to be [{}]", jdbcPrincipalAttributesProperties.getUrl(), jdbcPrincipalAttributesProperties.getAttributes());
                    createJdbcPersonAttributeDao.setResultAttributeMapping(attributes);
                }
                createJdbcPersonAttributeDao.setRequireAllQueryAttributes(jdbcPrincipalAttributesProperties.isRequireAllAttributes());
                createJdbcPersonAttributeDao.setUsernameCaseCanonicalizationMode(jdbcPrincipalAttributesProperties.getCaseCanonicalization());
                createJdbcPersonAttributeDao.setDefaultCaseCanonicalizationMode(jdbcPrincipalAttributesProperties.getCaseCanonicalization());
                createJdbcPersonAttributeDao.setQueryType(jdbcPrincipalAttributesProperties.getQueryType());
                createJdbcPersonAttributeDao.setOrder(jdbcPrincipalAttributesProperties.getOrder());
                arrayList.add(createJdbcPersonAttributeDao);
            }
        });
        return arrayList;
    }

    private static AbstractJdbcPersonAttributeDao createJdbcPersonAttributeDao(JdbcPrincipalAttributesProperties jdbcPrincipalAttributesProperties) {
        if (jdbcPrincipalAttributesProperties.isSingleRow()) {
            LOGGER.debug("Configured single-row JDBC attribute repository for [{}]", jdbcPrincipalAttributesProperties.getUrl());
            return new SingleRowJdbcPersonAttributeDao(JpaBeans.newDataSource(jdbcPrincipalAttributesProperties), jdbcPrincipalAttributesProperties.getSql());
        }
        LOGGER.debug("Configured multi-row JDBC attribute repository for [{}]", jdbcPrincipalAttributesProperties.getUrl());
        MultiRowJdbcPersonAttributeDao multiRowJdbcPersonAttributeDao = new MultiRowJdbcPersonAttributeDao(JpaBeans.newDataSource(jdbcPrincipalAttributesProperties), jdbcPrincipalAttributesProperties.getSql());
        LOGGER.debug("Configured multi-row JDBC column mappings for [{}] are [{}]", jdbcPrincipalAttributesProperties.getUrl(), jdbcPrincipalAttributesProperties.getColumnMappings());
        multiRowJdbcPersonAttributeDao.setNameValueColumnMappings(jdbcPrincipalAttributesProperties.getColumnMappings());
        return multiRowJdbcPersonAttributeDao;
    }

    @ConditionalOnMissingBean(name = {"ldapAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> ldapAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        this.casProperties.getAuthn().getAttributeRepository().getLdap().forEach(ldapPrincipalAttributesProperties -> {
            if (StringUtils.isNotBlank(ldapPrincipalAttributesProperties.getBaseDn()) && StringUtils.isNotBlank(ldapPrincipalAttributesProperties.getLdapUrl())) {
                LdaptivePersonAttributeDao ldaptivePersonAttributeDao = new LdaptivePersonAttributeDao();
                LOGGER.debug("Configured LDAP attribute source for [{}] and baseDn [{}]", ldapPrincipalAttributesProperties.getLdapUrl(), ldapPrincipalAttributesProperties.getBaseDn());
                ldaptivePersonAttributeDao.setConnectionFactory(LdapUtils.newLdaptivePooledConnectionFactory(ldapPrincipalAttributesProperties));
                ldaptivePersonAttributeDao.setBaseDN(ldapPrincipalAttributesProperties.getBaseDn());
                LOGGER.debug("LDAP attributes are fetched from [{}] via filter [{}]", ldapPrincipalAttributesProperties.getLdapUrl(), ldapPrincipalAttributesProperties.getSearchFilter());
                ldaptivePersonAttributeDao.setSearchFilter(ldapPrincipalAttributesProperties.getSearchFilter());
                SearchControls searchControls = new SearchControls();
                if (ldapPrincipalAttributesProperties.getAttributes() == null || ldapPrincipalAttributesProperties.getAttributes().isEmpty()) {
                    LOGGER.debug("Retrieving all attributes as no explicit attribute mappings are defined for [{}]", ldapPrincipalAttributesProperties.getLdapUrl());
                    searchControls.setReturningAttributes((String[]) null);
                } else {
                    LOGGER.debug("Configured result attribute mapping for [{}] to be [{}]", ldapPrincipalAttributesProperties.getLdapUrl(), ldapPrincipalAttributesProperties.getAttributes());
                    ldaptivePersonAttributeDao.setResultAttributeMapping(ldapPrincipalAttributesProperties.getAttributes());
                    searchControls.setReturningAttributes((String[]) ldapPrincipalAttributesProperties.getAttributes().keySet().toArray(ArrayUtils.EMPTY_STRING_ARRAY));
                }
                if (ldapPrincipalAttributesProperties.isSubtreeSearch()) {
                    LOGGER.debug("Configured subtree searching for [{}]", ldapPrincipalAttributesProperties.getLdapUrl());
                    searchControls.setSearchScope(2);
                }
                searchControls.setDerefLinkFlag(true);
                ldaptivePersonAttributeDao.setSearchControls(searchControls);
                ldaptivePersonAttributeDao.setOrder(ldapPrincipalAttributesProperties.getOrder());
                LOGGER.debug("Initializing LDAP attribute source for [{}]", ldapPrincipalAttributesProperties.getLdapUrl());
                ldaptivePersonAttributeDao.initialize();
                arrayList.add(ldaptivePersonAttributeDao);
            }
        });
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"scriptedAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> scriptedAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        this.casProperties.getAuthn().getAttributeRepository().getScript().forEach(Unchecked.consumer(scriptedPrincipalAttributesProperties -> {
            ScriptEnginePersonAttributeDao scriptEnginePersonAttributeDao = new ScriptEnginePersonAttributeDao(IOUtils.toString(scriptedPrincipalAttributesProperties.getLocation().getInputStream(), StandardCharsets.UTF_8), scriptedPrincipalAttributesProperties.getEngineName() == null ? ScriptEnginePersonAttributeDao.getScriptEngineName(scriptedPrincipalAttributesProperties.getLocation().getFilename()) : scriptedPrincipalAttributesProperties.getEngineName());
            scriptEnginePersonAttributeDao.setCaseInsensitiveUsername(scriptedPrincipalAttributesProperties.isCaseInsensitive());
            scriptEnginePersonAttributeDao.setOrder(scriptedPrincipalAttributesProperties.getOrder());
            LOGGER.debug("Configured scripted attribute sources from [{}]", scriptedPrincipalAttributesProperties.getLocation());
            arrayList.add(scriptEnginePersonAttributeDao);
        }));
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"restfulAttributeRepositories"})
    @RefreshScope
    @Bean
    public List<IPersonAttributeDao> restfulAttributeRepositories() {
        ArrayList arrayList = new ArrayList();
        this.casProperties.getAuthn().getAttributeRepository().getRest().forEach(restPrincipalAttributesProperties -> {
            if (StringUtils.isNotBlank(restPrincipalAttributesProperties.getUrl())) {
                RestfulPersonAttributeDao restfulPersonAttributeDao = new RestfulPersonAttributeDao();
                restfulPersonAttributeDao.setCaseInsensitiveUsername(restPrincipalAttributesProperties.isCaseInsensitive());
                restfulPersonAttributeDao.setOrder(restPrincipalAttributesProperties.getOrder());
                restfulPersonAttributeDao.setUrl(restPrincipalAttributesProperties.getUrl());
                restfulPersonAttributeDao.setMethod(HttpMethod.resolve(restPrincipalAttributesProperties.getMethod()).name());
                if (StringUtils.isNotBlank(restPrincipalAttributesProperties.getBasicAuthPassword()) && StringUtils.isNotBlank(restPrincipalAttributesProperties.getBasicAuthUsername())) {
                    restfulPersonAttributeDao.setBasicAuthPassword(restPrincipalAttributesProperties.getBasicAuthPassword());
                    restfulPersonAttributeDao.setBasicAuthUsername(restPrincipalAttributesProperties.getBasicAuthUsername());
                    LOGGER.debug("Basic authentication credentials are located for REST endpoint [{}]", restPrincipalAttributesProperties.getUrl());
                } else {
                    LOGGER.debug("Basic authentication credentials are not defined for REST endpoint [{}]", restPrincipalAttributesProperties.getUrl());
                }
                LOGGER.debug("Configured REST attribute sources from [{}]", restPrincipalAttributesProperties.getUrl());
                arrayList.add(restfulPersonAttributeDao);
            }
        });
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"cachingAttributeRepository"})
    @Bean
    public IPersonAttributeDao cachingAttributeRepository() {
        PrincipalAttributesProperties attributeRepository = this.casProperties.getAuthn().getAttributeRepository();
        if (attributeRepository.getExpirationTime() <= 0) {
            LOGGER.warn("Attribute repository caching is disabled");
            return aggregatingAttributeRepository();
        }
        CachingPersonAttributeDaoImpl cachingPersonAttributeDaoImpl = new CachingPersonAttributeDaoImpl();
        cachingPersonAttributeDaoImpl.setCacheNullResults(false);
        cachingPersonAttributeDaoImpl.setUserInfoCache(Caffeine.newBuilder().maximumSize(attributeRepository.getMaximumCacheSize()).expireAfterWrite(attributeRepository.getExpirationTime(), TimeUnit.valueOf(attributeRepository.getExpirationTimeUnit().toUpperCase())).build().asMap());
        cachingPersonAttributeDaoImpl.setCachedPersonAttributesDao(aggregatingAttributeRepository());
        LOGGER.trace("Configured cache expiration policy for merging attribute sources to be [{}] minute(s)", Integer.valueOf(attributeRepository.getExpirationTime()));
        return cachingPersonAttributeDaoImpl;
    }

    @ConditionalOnMissingBean(name = {"aggregatingAttributeRepository"})
    @Bean
    public IPersonAttributeDao aggregatingAttributeRepository() {
        MergingPersonAttributeDaoImpl mergingPersonAttributeDaoImpl = new MergingPersonAttributeDaoImpl();
        String trim = ((String) StringUtils.defaultIfBlank(this.casProperties.getAuthn().getAttributeRepository().getMerger(), "replace")).trim();
        LOGGER.trace("Configured merging strategy for attribute sources is [{}]", trim);
        mergingPersonAttributeDaoImpl.setMerger(getAttributeMerger(trim));
        List<IPersonAttributeDao> attributeRepositories = attributeRepositories();
        mergingPersonAttributeDaoImpl.setPersonAttributeDaos(attributeRepositories);
        if (attributeRepositories.isEmpty()) {
            LOGGER.debug("No attribute repository sources are available/defined to merge together.");
        } else {
            LOGGER.debug("Configured attribute repository sources to merge together: [{}]", attributeRepositories);
        }
        return mergingPersonAttributeDaoImpl;
    }

    private static IAttributeMerger getAttributeMerger(String str) {
        String lowerCase = str.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case 96417:
                if (lowerCase.equals("add")) {
                    z = true;
                    break;
                }
                break;
            case 103785528:
                if (lowerCase.equals(BeanDefinitionParserDelegate.MERGE_ATTRIBUTE)) {
                    z = false;
                    break;
                }
                break;
            case 1094496948:
                if (lowerCase.equals("replace")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new MultivaluedAttributeMerger();
            case true:
                return new NoncollidingAttributeAdder();
            case true:
            default:
                return new ReplacingAttributeAdder();
        }
    }
}
