package org.apache.syncope.wa.bootstrap;

import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.AbstractJDBCConf;
import org.apache.syncope.common.lib.AbstractLDAPConf;
import org.apache.syncope.common.lib.auth.AuthModuleConf;
import org.apache.syncope.common.lib.auth.DuoMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.JDBCAuthModuleConf;
import org.apache.syncope.common.lib.auth.JaasAuthModuleConf;
import org.apache.syncope.common.lib.auth.LDAPAuthModuleConf;
import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf;
import org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
import org.apache.syncope.common.lib.auth.U2FAuthModuleConf;
import org.apache.syncope.common.lib.to.AuthModuleTO;
import org.apache.syncope.common.lib.types.AuthModuleState;
import org.apereo.cas.configuration.CasCoreConfigurationUtils;
import org.apereo.cas.configuration.model.core.authentication.AuthenticationHandlerStates;
import org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jpa.AbstractJpaProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.mfa.simple.CasSimpleMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties;
import org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.model.TriStateBoolean;

/* loaded from: input_file:org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.class */
public class AuthModulePropertySourceMapper extends PropertySourceMapper implements AuthModuleConf.Mapper {
    protected final WARestClient waRestClient;

    public AuthModulePropertySourceMapper(WARestClient wARestClient) {
        this.waRestClient = wARestClient;
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, StaticAuthModuleConf staticAuthModuleConf) {
        AcceptAuthenticationProperties acceptAuthenticationProperties = new AcceptAuthenticationProperties();
        acceptAuthenticationProperties.setName(authModuleTO.getKey());
        acceptAuthenticationProperties.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
        acceptAuthenticationProperties.setOrder(authModuleTO.getOrder());
        acceptAuthenticationProperties.setUsers((String) staticAuthModuleConf.getUsers().entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "::" + ((String) entry.getValue());
        }).collect(Collectors.joining(",")));
        return prefix("cas.authn.accept.", CasCoreConfigurationUtils.asMap(acceptAuthenticationProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, LDAPAuthModuleConf lDAPAuthModuleConf) {
        LdapAuthenticationProperties ldapAuthenticationProperties = new LdapAuthenticationProperties();
        ldapAuthenticationProperties.setName(authModuleTO.getKey());
        ldapAuthenticationProperties.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
        ldapAuthenticationProperties.setOrder(Integer.valueOf(authModuleTO.getOrder()));
        if (StringUtils.isNotBlank(lDAPAuthModuleConf.getBindDn()) && StringUtils.isNotBlank(lDAPAuthModuleConf.getBindCredential())) {
            ldapAuthenticationProperties.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.AUTHENTICATED);
        }
        ldapAuthenticationProperties.setPrincipalAttributeId(lDAPAuthModuleConf.getUserIdAttribute());
        ldapAuthenticationProperties.setPrincipalAttributeList(lDAPAuthModuleConf.getPrincipalAttributeList());
        fill((AbstractLdapSearchProperties) ldapAuthenticationProperties, (AbstractLDAPConf) lDAPAuthModuleConf);
        return prefix("cas.authn.ldap[].", CasCoreConfigurationUtils.asMap(ldapAuthenticationProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, JDBCAuthModuleConf jDBCAuthModuleConf) {
        QueryJdbcAuthenticationProperties queryJdbcAuthenticationProperties = new QueryJdbcAuthenticationProperties();
        queryJdbcAuthenticationProperties.setName(authModuleTO.getKey());
        queryJdbcAuthenticationProperties.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
        queryJdbcAuthenticationProperties.setOrder(authModuleTO.getOrder());
        queryJdbcAuthenticationProperties.setSql(jDBCAuthModuleConf.getSql());
        queryJdbcAuthenticationProperties.setFieldDisabled(jDBCAuthModuleConf.getFieldDisabled());
        queryJdbcAuthenticationProperties.setFieldExpired(jDBCAuthModuleConf.getFieldExpired());
        queryJdbcAuthenticationProperties.setFieldPassword(jDBCAuthModuleConf.getFieldPassword());
        queryJdbcAuthenticationProperties.setPrincipalAttributeList(jDBCAuthModuleConf.getPrincipalAttributeList());
        fill((AbstractJpaProperties) queryJdbcAuthenticationProperties, (AbstractJDBCConf) jDBCAuthModuleConf);
        return prefix("cas.authn.jdbc.query[].", CasCoreConfigurationUtils.asMap(queryJdbcAuthenticationProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, JaasAuthModuleConf jaasAuthModuleConf) {
        JaasAuthenticationProperties jaasAuthenticationProperties = new JaasAuthenticationProperties();
        jaasAuthenticationProperties.setName(authModuleTO.getKey());
        jaasAuthenticationProperties.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
        jaasAuthenticationProperties.setOrder(authModuleTO.getOrder());
        jaasAuthenticationProperties.setLoginConfigType(jaasAuthModuleConf.getLoginConfigType());
        jaasAuthenticationProperties.setKerberosKdcSystemProperty(jaasAuthModuleConf.getKerberosKdcSystemProperty());
        jaasAuthenticationProperties.setKerberosRealmSystemProperty(jaasAuthModuleConf.getKerberosRealmSystemProperty());
        jaasAuthenticationProperties.setLoginConfigType(jaasAuthModuleConf.getLoginConfigurationFile());
        jaasAuthenticationProperties.setRealm(jaasAuthModuleConf.getRealm());
        return prefix("cas.authn.jaas[].", CasCoreConfigurationUtils.asMap(jaasAuthenticationProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, OIDCAuthModuleConf oIDCAuthModuleConf) {
        Pac4jGenericOidcClientProperties pac4jGenericOidcClientProperties = new Pac4jGenericOidcClientProperties();
        pac4jGenericOidcClientProperties.setId(oIDCAuthModuleConf.getClientId());
        pac4jGenericOidcClientProperties.setSecret(oIDCAuthModuleConf.getClientSecret());
        pac4jGenericOidcClientProperties.setClientName((String) Optional.ofNullable(oIDCAuthModuleConf.getClientName()).orElse(authModuleTO.getKey()));
        pac4jGenericOidcClientProperties.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
        pac4jGenericOidcClientProperties.setCustomParams(oIDCAuthModuleConf.getCustomParams());
        pac4jGenericOidcClientProperties.setDiscoveryUri(oIDCAuthModuleConf.getDiscoveryUri());
        pac4jGenericOidcClientProperties.setMaxClockSkew(oIDCAuthModuleConf.getMaxClockSkew());
        pac4jGenericOidcClientProperties.setPreferredJwsAlgorithm(oIDCAuthModuleConf.getPreferredJwsAlgorithm());
        pac4jGenericOidcClientProperties.setResponseMode(oIDCAuthModuleConf.getResponseMode());
        pac4jGenericOidcClientProperties.setResponseType(oIDCAuthModuleConf.getResponseType());
        pac4jGenericOidcClientProperties.setScope(oIDCAuthModuleConf.getScope());
        pac4jGenericOidcClientProperties.setPrincipalAttributeId(oIDCAuthModuleConf.getUserIdAttribute());
        new Pac4jOidcClientProperties().setGeneric(pac4jGenericOidcClientProperties);
        return prefix("cas.authn.pac4j.oidc[].generic.", CasCoreConfigurationUtils.asMap(pac4jGenericOidcClientProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, SAML2IdPAuthModuleConf sAML2IdPAuthModuleConf) {
        Pac4jSamlClientProperties pac4jSamlClientProperties = new Pac4jSamlClientProperties();
        pac4jSamlClientProperties.setClientName((String) Optional.ofNullable(sAML2IdPAuthModuleConf.getClientName()).orElse(authModuleTO.getKey()));
        pac4jSamlClientProperties.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
        pac4jSamlClientProperties.setAcceptedSkew(sAML2IdPAuthModuleConf.getAcceptedSkew());
        pac4jSamlClientProperties.setAssertionConsumerServiceIndex(sAML2IdPAuthModuleConf.getAssertionConsumerServiceIndex());
        pac4jSamlClientProperties.setAttributeConsumingServiceIndex(sAML2IdPAuthModuleConf.getAttributeConsumingServiceIndex());
        pac4jSamlClientProperties.setAuthnContextClassRef(sAML2IdPAuthModuleConf.getAuthnContextClassRefs());
        pac4jSamlClientProperties.setAuthnContextComparisonType(sAML2IdPAuthModuleConf.getAuthnContextComparisonType());
        pac4jSamlClientProperties.setBlockedSignatureSigningAlgorithms(sAML2IdPAuthModuleConf.getBlockedSignatureSigningAlgorithms());
        pac4jSamlClientProperties.setDestinationBinding(sAML2IdPAuthModuleConf.getDestinationBinding().getUri());
        pac4jSamlClientProperties.setIdentityProviderMetadataPath(sAML2IdPAuthModuleConf.getIdentityProviderMetadataPath());
        pac4jSamlClientProperties.setKeystoreAlias(sAML2IdPAuthModuleConf.getKeystoreAlias());
        pac4jSamlClientProperties.setKeystorePassword(sAML2IdPAuthModuleConf.getKeystorePassword());
        pac4jSamlClientProperties.setMaximumAuthenticationLifetime(sAML2IdPAuthModuleConf.getMaximumAuthenticationLifetime());
        pac4jSamlClientProperties.setNameIdPolicyFormat(sAML2IdPAuthModuleConf.getNameIdPolicyFormat());
        pac4jSamlClientProperties.setPrivateKeyPassword(sAML2IdPAuthModuleConf.getPrivateKeyPassword());
        pac4jSamlClientProperties.setProviderName(sAML2IdPAuthModuleConf.getProviderName());
        pac4jSamlClientProperties.setServiceProviderEntityId(sAML2IdPAuthModuleConf.getServiceProviderEntityId());
        pac4jSamlClientProperties.setSignatureAlgorithms(sAML2IdPAuthModuleConf.getSignatureAlgorithms());
        pac4jSamlClientProperties.setSignatureCanonicalizationAlgorithm(sAML2IdPAuthModuleConf.getSignatureCanonicalizationAlgorithm());
        pac4jSamlClientProperties.setSignatureReferenceDigestMethods(sAML2IdPAuthModuleConf.getSignatureReferenceDigestMethods());
        pac4jSamlClientProperties.setPrincipalAttributeId(sAML2IdPAuthModuleConf.getUserIdAttribute());
        pac4jSamlClientProperties.setNameIdPolicyAllowCreate(StringUtils.isBlank(sAML2IdPAuthModuleConf.getNameIdPolicyAllowCreate()) ? TriStateBoolean.UNDEFINED : TriStateBoolean.valueOf(sAML2IdPAuthModuleConf.getNameIdPolicyAllowCreate().toUpperCase()));
        return prefix("cas.authn.pac4j.saml[].", CasCoreConfigurationUtils.asMap(pac4jSamlClientProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, SyncopeAuthModuleConf syncopeAuthModuleConf) {
        SyncopeClient syncopeClient = this.waRestClient.getSyncopeClient();
        if (syncopeClient == null) {
            LOG.warn("Application context is not ready to bootstrap WA configuration");
            return Map.of();
        }
        SyncopeAuthenticationProperties syncopeAuthenticationProperties = new SyncopeAuthenticationProperties();
        syncopeAuthenticationProperties.setName(authModuleTO.getKey());
        syncopeAuthenticationProperties.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
        syncopeAuthenticationProperties.setDomain(syncopeAuthModuleConf.getDomain());
        syncopeAuthenticationProperties.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(), "/rest"));
        return prefix("cas.authn.syncope.", CasCoreConfigurationUtils.asMap(syncopeAuthenticationProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, GoogleMfaAuthModuleConf googleMfaAuthModuleConf) {
        GoogleAuthenticatorMultifactorProperties googleAuthenticatorMultifactorProperties = new GoogleAuthenticatorMultifactorProperties();
        googleAuthenticatorMultifactorProperties.setName(authModuleTO.getKey());
        googleAuthenticatorMultifactorProperties.setOrder(authModuleTO.getOrder());
        googleAuthenticatorMultifactorProperties.getCore().setIssuer(googleMfaAuthModuleConf.getIssuer());
        googleAuthenticatorMultifactorProperties.getCore().setCodeDigits(googleMfaAuthModuleConf.getCodeDigits());
        googleAuthenticatorMultifactorProperties.getCore().setLabel(googleMfaAuthModuleConf.getLabel());
        googleAuthenticatorMultifactorProperties.getCore().setTimeStepSize(googleMfaAuthModuleConf.getTimeStepSize());
        googleAuthenticatorMultifactorProperties.getCore().setWindowSize(googleMfaAuthModuleConf.getWindowSize());
        if (googleMfaAuthModuleConf.getLdap() != null) {
            LdapGoogleAuthenticatorMultifactorProperties ldapGoogleAuthenticatorMultifactorProperties = new LdapGoogleAuthenticatorMultifactorProperties();
            ldapGoogleAuthenticatorMultifactorProperties.setAccountAttributeName(googleMfaAuthModuleConf.getLdap().getAccountAttributeName());
            fill((AbstractLdapSearchProperties) ldapGoogleAuthenticatorMultifactorProperties, (AbstractLDAPConf) googleMfaAuthModuleConf.getLdap());
            googleAuthenticatorMultifactorProperties.setLdap(ldapGoogleAuthenticatorMultifactorProperties);
        }
        return prefix("cas.authn.mfa.gauth.", CasCoreConfigurationUtils.asMap(googleAuthenticatorMultifactorProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, DuoMfaAuthModuleConf duoMfaAuthModuleConf) {
        DuoSecurityMultifactorAuthenticationProperties duoSecurityMultifactorAuthenticationProperties = new DuoSecurityMultifactorAuthenticationProperties();
        duoSecurityMultifactorAuthenticationProperties.setName(authModuleTO.getKey());
        duoSecurityMultifactorAuthenticationProperties.setOrder(authModuleTO.getOrder());
        duoSecurityMultifactorAuthenticationProperties.setDuoApiHost(duoMfaAuthModuleConf.getApiHost());
        duoSecurityMultifactorAuthenticationProperties.setDuoApplicationKey(duoMfaAuthModuleConf.getApplicationKey());
        duoSecurityMultifactorAuthenticationProperties.setDuoIntegrationKey(duoMfaAuthModuleConf.getIntegrationKey());
        duoSecurityMultifactorAuthenticationProperties.setDuoSecretKey(duoMfaAuthModuleConf.getSecretKey());
        return prefix("cas.authn.mfa.duo.", CasCoreConfigurationUtils.asMap(duoSecurityMultifactorAuthenticationProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, U2FAuthModuleConf u2FAuthModuleConf) {
        U2FMultifactorAuthenticationProperties u2FMultifactorAuthenticationProperties = new U2FMultifactorAuthenticationProperties();
        u2FMultifactorAuthenticationProperties.setName(authModuleTO.getKey());
        u2FMultifactorAuthenticationProperties.setOrder(authModuleTO.getOrder());
        u2FMultifactorAuthenticationProperties.getCore().setExpireDevices(u2FAuthModuleConf.getExpireDevices());
        u2FMultifactorAuthenticationProperties.getCore().setExpireDevicesTimeUnit(TimeUnit.valueOf(u2FAuthModuleConf.getExpireDevicesTimeUnit()));
        u2FMultifactorAuthenticationProperties.getCore().setExpireRegistrations(u2FAuthModuleConf.getExpireRegistrations());
        u2FMultifactorAuthenticationProperties.getCore().setExpireRegistrationsTimeUnit(TimeUnit.valueOf(u2FAuthModuleConf.getExpireRegistrationsTimeUnit()));
        return prefix("cas.authn.mfa.u2f.", CasCoreConfigurationUtils.asMap(u2FMultifactorAuthenticationProperties));
    }

    public Map<String, Object> map(AuthModuleTO authModuleTO, SimpleMfaAuthModuleConf simpleMfaAuthModuleConf) {
        CasSimpleMultifactorAuthenticationProperties casSimpleMultifactorAuthenticationProperties = new CasSimpleMultifactorAuthenticationProperties();
        casSimpleMultifactorAuthenticationProperties.setName(authModuleTO.getKey());
        casSimpleMultifactorAuthenticationProperties.setOrder(authModuleTO.getOrder());
        casSimpleMultifactorAuthenticationProperties.getMail().setAttributeName(simpleMfaAuthModuleConf.getEmailAttribute());
        casSimpleMultifactorAuthenticationProperties.getMail().setFrom(simpleMfaAuthModuleConf.getEmailFrom());
        casSimpleMultifactorAuthenticationProperties.getMail().setSubject(simpleMfaAuthModuleConf.getEmailSubject());
        casSimpleMultifactorAuthenticationProperties.getMail().setText(simpleMfaAuthModuleConf.getEmailText());
        casSimpleMultifactorAuthenticationProperties.getToken().getCore().setTokenLength(simpleMfaAuthModuleConf.getTokenLength());
        casSimpleMultifactorAuthenticationProperties.getToken().getCore().setTimeToKillInSeconds(simpleMfaAuthModuleConf.getTimeToKillInSeconds());
        if (StringUtils.isNotBlank(simpleMfaAuthModuleConf.getBypassGroovyScript())) {
            try {
                casSimpleMultifactorAuthenticationProperties.getBypass().getGroovy().setLocation(ResourceUtils.getResourceFrom(simpleMfaAuthModuleConf.getBypassGroovyScript()));
            } catch (Exception e) {
                LOG.error("Unable to load groovy script for bypass", e);
                throw new IllegalArgumentException(e);
            }
        }
        return prefix("cas.authn.mfa.simple.", CasCoreConfigurationUtils.asMap(casSimpleMultifactorAuthenticationProperties));
    }
}
