package org.apache.syncope.wa.bootstrap;

import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TreeMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.rest.api.service.AttrRepoService;
import org.apache.syncope.common.rest.api.service.AuthModuleService;
import org.apache.syncope.common.rest.api.service.wa.WAClientAppService;
import org.apache.syncope.common.rest.api.service.wa.WAConfigService;
import org.apache.syncope.wa.bootstrap.mapping.AttrReleaseMapper;
import org.apache.syncope.wa.bootstrap.mapping.AttrRepoPropertySourceMapper;
import org.apache.syncope.wa.bootstrap.mapping.AuthModulePropertySourceMapper;
import org.apereo.cas.configuration.model.support.oidc.OidcDiscoveryProperties;
import org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy;
import org.apereo.cas.services.BaseMappedAttributeReleasePolicy;
import org.apereo.cas.services.ChainingAttributeReleasePolicy;
import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.bootstrap.config.PropertySourceLocator;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.core.env.MapPropertySource;
import org.springframework.core.env.PropertySource;

@Order
/* loaded from: input_file:org/apache/syncope/wa/bootstrap/WAPropertySourceLocator.class */
public class WAPropertySourceLocator implements PropertySourceLocator {
    protected static final Logger LOG = LoggerFactory.getLogger(WAPropertySourceLocator.class);
    protected final WARestClient waRestClient;
    protected final AuthModulePropertySourceMapper authModulePropertySourceMapper;
    protected final AttrRepoPropertySourceMapper attrRepoPropertySourceMapper;
    protected final AttrReleaseMapper attrReleaseMapper;
    protected final CipherExecutor<String, String> configurationCipher;

    public WAPropertySourceLocator(WARestClient wARestClient, AuthModulePropertySourceMapper authModulePropertySourceMapper, AttrRepoPropertySourceMapper attrRepoPropertySourceMapper, AttrReleaseMapper attrReleaseMapper, CipherExecutor<String, String> cipherExecutor) {
        this.waRestClient = wARestClient;
        this.authModulePropertySourceMapper = authModulePropertySourceMapper;
        this.attrRepoPropertySourceMapper = attrRepoPropertySourceMapper;
        this.attrReleaseMapper = attrReleaseMapper;
        this.configurationCipher = cipherExecutor;
    }

    protected Map<String, Object> index(Map<String, Object> map, Map<String, Integer> map2) {
        Map<String, Object> map3 = map;
        if (!map.isEmpty()) {
            String next = map.keySet().iterator().next();
            if (next.contains("[]")) {
                String substringBefore = StringUtils.substringBefore(next, "[]");
                Integer orDefault = map2.getOrDefault(substringBefore, 0);
                map3 = (Map) map.entrySet().stream().map(entry -> {
                    return Pair.of(((String) entry.getKey()).replace("[]", "[" + orDefault + "]"), entry.getValue());
                }).collect(Collectors.toMap((v0) -> {
                    return v0.getKey();
                }, (v0) -> {
                    return v0.getValue();
                }));
                map2.put(substringBefore, Integer.valueOf(orDefault.intValue() + 1));
            }
        }
        return map3;
    }

    public PropertySource<?> locate(Environment environment) {
        SyncopeClient syncopeClient = this.waRestClient.getSyncopeClient();
        if (syncopeClient == null) {
            LOG.warn("Application context is not ready to bootstrap WA configuration");
            return null;
        }
        LOG.info("Bootstrapping WA configuration");
        TreeMap treeMap = new TreeMap();
        HashMap hashMap = new HashMap();
        ((AuthModuleService) syncopeClient.getService(AuthModuleService.class)).list().forEach(authModuleTO -> {
            LOG.debug("Mapping auth module {} ", authModuleTO.getKey());
            treeMap.putAll(index(authModuleTO.getConf().map(authModuleTO, this.authModulePropertySourceMapper), hashMap));
        });
        ((AttrRepoService) syncopeClient.getService(AttrRepoService.class)).list().forEach(attrRepoTO -> {
            LOG.debug("Mapping attr repo {} ", attrRepoTO.getKey());
            treeMap.putAll(index(attrRepoTO.getConf().map(attrRepoTO, this.attrRepoPropertySourceMapper), hashMap));
        });
        Set set = (Set) ((WAClientAppService) syncopeClient.getService(WAClientAppService.class)).list().stream().filter(wAClientApp -> {
            return wAClientApp.getAttrReleasePolicy() != null && (wAClientApp.getClientAppTO() instanceof OIDCRPClientAppTO);
        }).flatMap(wAClientApp2 -> {
            OIDCRPClientAppTO oIDCRPClientAppTO = (OIDCRPClientAppTO) OIDCRPClientAppTO.class.cast(wAClientApp2.getClientAppTO());
            BaseMappedAttributeReleasePolicy build = this.attrReleaseMapper.build(wAClientApp2.getAttrReleasePolicy());
            HashSet hashSet = new HashSet();
            if (build instanceof BaseMappedAttributeReleasePolicy) {
                hashSet.addAll((Collection) build.getAllowedAttributes().values().stream().map(Objects::toString).collect(Collectors.toSet()));
            } else if (build instanceof ReturnAllowedAttributeReleasePolicy) {
                hashSet.addAll((Collection) ((ReturnAllowedAttributeReleasePolicy) build).getAllowedAttributes().stream().collect(Collectors.toSet()));
            } else if (build instanceof ChainingAttributeReleasePolicy) {
                Stream stream = ((ChainingAttributeReleasePolicy) build).getPolicies().stream();
                Class<ReturnAllowedAttributeReleasePolicy> cls = ReturnAllowedAttributeReleasePolicy.class;
                Objects.requireNonNull(ReturnAllowedAttributeReleasePolicy.class);
                Optional findFirst = stream.filter((v1) -> {
                    return r1.isInstance(v1);
                }).findFirst();
                Class<ReturnAllowedAttributeReleasePolicy> cls2 = ReturnAllowedAttributeReleasePolicy.class;
                Objects.requireNonNull(ReturnAllowedAttributeReleasePolicy.class);
                Optional map = findFirst.map((v1) -> {
                    return r1.cast(v1);
                }).map(returnAllowedAttributeReleasePolicy -> {
                    return (Set) returnAllowedAttributeReleasePolicy.getAllowedAttributes().stream().collect(Collectors.toSet());
                });
                Objects.requireNonNull(hashSet);
                map.ifPresent((v1) -> {
                    r1.addAll(v1);
                });
            }
            if (oIDCRPClientAppTO.getScopes().contains("profile")) {
                hashSet.removeAll(OidcProfileScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
            }
            if (oIDCRPClientAppTO.getScopes().contains("address")) {
                hashSet.removeAll(OidcAddressScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
            }
            if (oIDCRPClientAppTO.getScopes().contains("email")) {
                hashSet.removeAll(OidcEmailScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
            }
            if (oIDCRPClientAppTO.getScopes().contains("phone")) {
                hashSet.removeAll(OidcPhoneScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
            }
            return hashSet.stream();
        }).collect(Collectors.toSet());
        if (!set.isEmpty()) {
            Stream.concat(new OidcDiscoveryProperties().getClaims().stream(), set.stream()).collect(Collectors.joining(","));
            treeMap.put("cas.authn.oidc.discovery.claims", Stream.concat(new OidcDiscoveryProperties().getClaims().stream(), set.stream()).collect(Collectors.joining(",")));
            treeMap.put("cas.authn.oidc.core.user-defined-scopes.syncope", set.stream().collect(Collectors.joining(",")));
        }
        ((WAConfigService) syncopeClient.getService(WAConfigService.class)).list().forEach(attr -> {
            treeMap.put(attr.getSchema(), attr.getValues().stream().collect(Collectors.joining(",")));
        });
        LOG.debug("Collected WA properties: {}", treeMap);
        Map decode = this.configurationCipher.decode(treeMap, ArrayUtils.EMPTY_OBJECT_ARRAY);
        LOG.debug("Decoded WA properties: {}", decode);
        return new MapPropertySource(getClass().getName(), decode);
    }
}
