package net.tirasa.connid.bundles.googleapps;

import com.fasterxml.jackson.core.type.TypeReference;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.licensing.Licensing;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.UserCredentials;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import net.tirasa.connid.bundles.okta.schema.OktaSchemaBuilder;
import org.apache.tomcat.websocket.BasicAuthenticator;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.common.security.SecurityUtil;
import org.identityconnectors.framework.common.exceptions.ConfigurationException;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.spi.AbstractConfiguration;
import org.identityconnectors.framework.spi.ConfigurationProperty;
import org.identityconnectors.framework.spi.StatefulConfiguration;
import org.springframework.context.annotation.ConfigurationClassUtils;

/* loaded from: input_file:WEB-INF/classes/bundles/net.tirasa.connid.bundles.googleapps-1.4.3-bundle.jar:net/tirasa/connid/bundles/googleapps/GoogleAppsConfiguration.class */
public class GoogleAppsConfiguration extends AbstractConfiguration implements StatefulConfiguration {
    private static final Log LOG = Log.getLog(GoogleAppsConfiguration.class);
    private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
    private static final JsonFactory JSON_FACTORY = new GsonFactory();
    private String clientId;
    private Directory directory;
    private Licensing licensing;
    private String customSchemaJSON;
    private String productId;
    private String domain = null;
    private GuardedString clientSecret = null;
    private GuardedString refreshToken = null;
    private GoogleCredentials credentials = null;
    private String projection = BasicAuthenticator.schemeName;
    private String[] skuIds = new String[0];
    private boolean removeLicenseOnDisable = false;

    @ConfigurationProperty(order = 1, displayMessageKey = "domain.display", groupMessageKey = "basic.group", helpMessageKey = "domain.help", required = true, confidential = false)
    public String getDomain() {
        return this.domain;
    }

    public void setDomain(String str) {
        this.domain = str;
    }

    @ConfigurationProperty(order = 2, displayMessageKey = "clientid.display", groupMessageKey = "basic.group", helpMessageKey = "clientid.help", required = true, confidential = false)
    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    @ConfigurationProperty(order = 3, displayMessageKey = "clientsecret.display", groupMessageKey = "basic.group", helpMessageKey = "clientsecret.help", required = true, confidential = true)
    public GuardedString getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(GuardedString guardedString) {
        this.clientSecret = guardedString;
    }

    @ConfigurationProperty(order = 4, displayMessageKey = "refreshtoken.display", groupMessageKey = "basic.group", helpMessageKey = "refreshtoken.help", required = true, confidential = true)
    public GuardedString getRefreshToken() {
        return this.refreshToken;
    }

    public void setRefreshToken(GuardedString guardedString) {
        this.refreshToken = guardedString;
    }

    @ConfigurationProperty(order = 5, displayMessageKey = "search.projection", groupMessageKey = "basic.group", helpMessageKey = "search.projection.help", required = false, confidential = false)
    public String getProjection() {
        return this.projection;
    }

    public void setProjection(String str) {
        this.projection = str;
    }

    @ConfigurationProperty(displayMessageKey = "customSchemaJSON.display", helpMessageKey = "customSchemaJSON.help", order = 6)
    public String getCustomSchemasJSON() {
        return this.customSchemaJSON;
    }

    public void setCustomSchemasJSON(String str) {
        this.customSchemaJSON = str;
    }

    @ConfigurationProperty(displayMessageKey = "skuIds.display", helpMessageKey = "skuIds.help", required = false, order = 7)
    public String[] getSkuIds() {
        return this.skuIds;
    }

    public void setSkuIds(String[] strArr) {
        this.skuIds = strArr;
    }

    @ConfigurationProperty(displayMessageKey = "productId.display", helpMessageKey = "productId.help", required = false, order = 8)
    public String getProductId() {
        return this.productId;
    }

    public void setProductId(String str) {
        this.productId = str;
    }

    @ConfigurationProperty(displayMessageKey = "removeLicenseOnDisable.display", helpMessageKey = "removeLicenseOnDisable.help", required = false, order = 9)
    public boolean getRemoveLicenseOnDisable() {
        return this.removeLicenseOnDisable;
    }

    public void setRemoveLicenseOnDisable(boolean z) {
        this.removeLicenseOnDisable = z;
    }

    @Override // org.identityconnectors.framework.spi.AbstractConfiguration, org.identityconnectors.framework.spi.Configuration
    public void validate() {
        if (StringUtil.isBlank(this.domain)) {
            throw new IllegalArgumentException("Domain cannot be null or empty.");
        }
        if (StringUtil.isBlank(this.clientId)) {
            throw new IllegalArgumentException("Client Id cannot be null or empty.");
        }
        if (null == this.clientSecret) {
            throw new IllegalArgumentException("Client Secret cannot be null.");
        }
        if (null == this.refreshToken) {
            throw new IllegalArgumentException("Refresh Token cannot be null.");
        }
        if (StringUtil.isNotBlank(this.projection) && !BasicAuthenticator.schemeName.equals(this.projection) && !ConfigurationClassUtils.CONFIGURATION_CLASS_FULL.equals(this.projection) && !OktaSchemaBuilder.SCHEMA_CUSTOM.equals(this.projection)) {
            throw new IllegalArgumentException("Projection must be a value among [basic, full, custom]");
        }
        if (StringUtil.isNotBlank(this.customSchemaJSON)) {
            try {
                GoogleAppsUtil.MAPPER.readValue(this.customSchemaJSON, new TypeReference<List<GoogleAppsCustomSchema>>() { // from class: net.tirasa.connid.bundles.googleapps.GoogleAppsConfiguration.1
                });
            } catch (IOException e) {
                LOG.error(e, "While validating customSchemaJSON", new Object[0]);
                throw new ConfigurationException("'customSchemaJSON' parameter must be a valid JSON.");
            }
        }
    }

    public void getGoogleCredential() {
        synchronized (this) {
            if (null == this.credentials) {
                UserCredentials.Builder clientSecret = UserCredentials.newBuilder().setClientId(getClientId()).setClientSecret(SecurityUtil.decrypt(getClientSecret()));
                getRefreshToken().access(cArr -> {
                    clientSecret.setRefreshToken(new String(cArr));
                });
                this.credentials = clientSecret.build().createScoped(Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_USER, DirectoryScopes.ADMIN_DIRECTORY_USER_ALIAS, DirectoryScopes.ADMIN_DIRECTORY_USERSCHEMA, DirectoryScopes.ADMIN_DIRECTORY_ORGUNIT, DirectoryScopes.ADMIN_DIRECTORY_DOMAIN, DirectoryScopes.ADMIN_DIRECTORY_NOTIFICATIONS, DirectoryScopes.ADMIN_DIRECTORY_GROUP, DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER));
                HttpCredentialsAdapter httpCredentialsAdapter = new HttpCredentialsAdapter(this.credentials);
                this.directory = new Directory.Builder(HTTP_TRANSPORT, JSON_FACTORY, httpCredentialsAdapter).setApplicationName("ConnId").build();
                this.licensing = new Licensing.Builder(HTTP_TRANSPORT, JSON_FACTORY, httpCredentialsAdapter).setApplicationName("ConnId").build();
            }
        }
    }

    @Override // org.identityconnectors.framework.spi.StatefulConfiguration
    public void release() {
    }

    public Directory getDirectory() {
        getGoogleCredential();
        return this.directory;
    }

    public Licensing getLicensing() {
        getGoogleCredential();
        if (null == this.licensing) {
            throw new ConnectorException("Licensing is not enabled");
        }
        return this.licensing;
    }
}
