package org.apache.syncope.core.sync.impl;

import org.apache.syncope.common.mod.AbstractAttributableMod;
import org.apache.syncope.common.mod.UserMod;
import org.apache.syncope.common.to.AbstractAttributableTO;
import org.apache.syncope.common.to.UserTO;
import org.apache.syncope.common.types.CipherAlgorithm;
import org.apache.syncope.common.types.ConnConfProperty;
import org.apache.syncope.core.persistence.beans.ConnInstance;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.propagation.Connector;
import org.apache.syncope.core.sync.DefaultSyncActions;
import org.apache.syncope.core.sync.SyncProfile;
import org.apache.syncope.core.sync.SyncResult;
import org.identityconnectors.framework.common.objects.SyncDelta;
import org.quartz.JobExecutionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/apache/syncope/core/sync/impl/DBPasswordSyncActions.class */
public class DBPasswordSyncActions extends DefaultSyncActions {
    private static final Logger LOG = LoggerFactory.getLogger(DBPasswordSyncActions.class);
    private static final String CLEARTEXT = "CLEARTEXT";

    @Autowired
    private UserDAO userDAO;
    private String encodedPassword;
    private CipherAlgorithm cipher;

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    @Transactional(readOnly = true)
    public <T extends AbstractAttributableTO> SyncDelta beforeProvision(SyncProfile<?, ?> syncProfile, SyncDelta syncDelta, T t) throws JobExecutionException {
        if (t instanceof UserTO) {
            parseEncodedPassword(((UserTO) t).getPassword(), syncProfile.getConnector());
        }
        return syncDelta;
    }

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    @Transactional(readOnly = true)
    public <T extends AbstractAttributableTO, K extends AbstractAttributableMod> SyncDelta beforeUpdate(SyncProfile<?, ?> syncProfile, SyncDelta syncDelta, T t, K k) throws JobExecutionException {
        if (k instanceof UserMod) {
            parseEncodedPassword(((UserMod) k).getPassword(), syncProfile.getConnector());
        }
        return syncDelta;
    }

    private void parseEncodedPassword(String str, Connector connector) {
        if (str != null) {
            String cipherAlgorithm = getCipherAlgorithm(connector.getActiveConnInstance());
            if (CLEARTEXT.equals(cipherAlgorithm)) {
                return;
            }
            try {
                this.encodedPassword = str;
                this.cipher = CipherAlgorithm.valueOf(cipherAlgorithm);
            } catch (IllegalArgumentException e) {
                LOG.error("Cipher algorithm not allowed: {}", cipherAlgorithm, e);
                this.encodedPassword = null;
            }
        }
    }

    private String getCipherAlgorithm(ConnInstance connInstance) {
        for (ConnConfProperty connConfProperty : connInstance.getConfiguration()) {
            if ("cipherAlgorithm".equals(connConfProperty.getSchema().getName()) && connConfProperty.getValues() != null && !connConfProperty.getValues().isEmpty()) {
                return (String) connConfProperty.getValues().get(0);
            }
        }
        return CLEARTEXT;
    }

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    @Transactional(readOnly = true)
    public <T extends AbstractAttributableTO> void after(SyncProfile<?, ?> syncProfile, SyncDelta syncDelta, T t, SyncResult syncResult) throws JobExecutionException {
        if (!(t instanceof UserTO) || this.encodedPassword == null || this.cipher == null) {
            return;
        }
        SyncopeUser find = this.userDAO.find(Long.valueOf(t.getId()));
        if (find != null) {
            find.setEncodedPassword(this.encodedPassword.toUpperCase(), this.cipher);
        }
        this.encodedPassword = null;
        this.cipher = null;
    }
}
