package org.apache.syncope.core.sync.impl;

import org.apache.syncope.common.mod.AbstractAttributableMod;
import org.apache.syncope.common.mod.UserMod;
import org.apache.syncope.common.to.AbstractAttributableTO;
import org.apache.syncope.common.to.UserTO;
import org.apache.syncope.common.types.CipherAlgorithm;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.sync.DefaultSyncActions;
import org.apache.syncope.core.sync.SyncProfile;
import org.apache.syncope.core.sync.SyncResult;
import org.identityconnectors.framework.common.objects.SyncDelta;
import org.quartz.JobExecutionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.class */
public class LDAPPasswordSyncActions extends DefaultSyncActions {
    protected static final Logger LOG = LoggerFactory.getLogger(LDAPPasswordSyncActions.class);

    @Autowired
    private UserDAO userDAO;
    private String encodedPassword;
    private CipherAlgorithm cipher;

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    @Transactional(readOnly = true)
    public <T extends AbstractAttributableTO> SyncDelta beforeProvision(SyncProfile<?, ?> syncProfile, SyncDelta syncDelta, T t) throws JobExecutionException {
        if (t instanceof UserTO) {
            parseEncodedPassword(((UserTO) t).getPassword());
        }
        return syncDelta;
    }

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    @Transactional(readOnly = true)
    public <T extends AbstractAttributableTO, K extends AbstractAttributableMod> SyncDelta beforeUpdate(SyncProfile<?, ?> syncProfile, SyncDelta syncDelta, T t, K k) throws JobExecutionException {
        if (k instanceof UserMod) {
            parseEncodedPassword(((UserMod) k).getPassword());
        }
        return syncDelta;
    }

    private void parseEncodedPassword(String str) {
        if (str == null || !str.startsWith("{")) {
            return;
        }
        int indexOf = str.indexOf(125);
        String substring = str.substring(1, str.indexOf(125));
        if (substring != null) {
            substring = substring.toUpperCase();
        }
        try {
            this.encodedPassword = str.substring(indexOf + 1);
            this.cipher = CipherAlgorithm.valueOf(substring);
        } catch (IllegalArgumentException e) {
            LOG.error("Cipher algorithm not allowed: {}", substring, e);
            this.encodedPassword = null;
        }
    }

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    @Transactional(readOnly = true)
    public <T extends AbstractAttributableTO> void after(SyncProfile<?, ?> syncProfile, SyncDelta syncDelta, T t, SyncResult syncResult) throws JobExecutionException {
        if (!(t instanceof UserTO) || this.encodedPassword == null || this.cipher == null) {
            return;
        }
        SyncopeUser find = this.userDAO.find(Long.valueOf(t.getId()));
        if (find != null) {
            find.setEncodedPassword(new String(Hex.encode(Base64.decode(this.encodedPassword.getBytes()))).toUpperCase(), this.cipher);
        }
        this.encodedPassword = null;
        this.cipher = null;
    }
}
