package li.strolch.privilege.handler;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.File;
import java.io.FileReader;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ScheduledExecutorService;
import java.util.stream.Collectors;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import li.strolch.privilege.base.PrivilegeConstants;
import li.strolch.privilege.helper.LdapHelper;
import li.strolch.privilege.policy.PrivilegePolicy;
import li.strolch.utils.dbc.DBC;
import li.strolch.utils.helper.StringHelper;

/* loaded from: input_file:li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.class */
public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
    private Locale defaultLocale;
    private Map<String, String> ldapToLocalLocationMap;
    private JsonObject ldapGroupConfigs;
    private Set<String> ldapGroupNames;
    private String realm;
    private HashMap<String, String> userLdapGroupOverrides;

    @Override // li.strolch.privilege.handler.BaseLdapPrivilegeHandler, li.strolch.privilege.handler.DefaultPrivilegeHandler
    public void initialize(ScheduledExecutorService scheduledExecutorService, Map<String, String> map, EncryptionHandler encryptionHandler, PasswordStrengthHandler passwordStrengthHandler, PersistenceHandler persistenceHandler, UserChallengeHandler userChallengeHandler, SingleSignOnHandler singleSignOnHandler, Map<String, Class<PrivilegePolicy>> map2) {
        super.initialize(scheduledExecutorService, map, encryptionHandler, passwordStrengthHandler, persistenceHandler, userChallengeHandler, singleSignOnHandler, map2);
        this.realm = map.get(PrivilegeConstants.REALM);
        DBC.PRE.assertNotEmpty("realm must be set!", this.realm);
        this.defaultLocale = map.containsKey("defaultLocale") ? Locale.forLanguageTag(map.get("defaultLocale")) : Locale.getDefault();
        String str = map.get("configFile");
        DBC.PRE.assertNotEmpty("configFile param must be set!", str);
        File file = new File(str);
        if (!file.exists() || !file.isFile() || !file.canRead()) {
            throw new IllegalStateException("configFile does not exist, is not a file, or can not be read at path " + file.getAbsolutePath());
        }
        try {
            FileReader fileReader = new FileReader(file);
            try {
                JsonObject asJsonObject = JsonParser.parseReader(fileReader).getAsJsonObject();
                fileReader.close();
                if (!asJsonObject.has("ldapGroupConfigs") || !asJsonObject.get("ldapGroupConfigs").isJsonObject()) {
                    throw new IllegalStateException("JSON config is missing ldapGroupConfigs element!");
                }
                this.ldapToLocalLocationMap = new HashMap();
                if (asJsonObject.has("locationMappings")) {
                    JsonObject asJsonObject2 = asJsonObject.get("locationMappings").getAsJsonObject();
                    for (String str2 : asJsonObject2.keySet()) {
                        this.ldapToLocalLocationMap.put(str2, asJsonObject2.get(str2).getAsString());
                    }
                }
                this.ldapGroupConfigs = asJsonObject.get("ldapGroupConfigs").getAsJsonObject();
                this.ldapGroupNames = this.ldapGroupConfigs.keySet();
                if (this.ldapGroupNames.isEmpty()) {
                    throw new IllegalStateException("No LDAP group names are defined in config file " + file.getAbsolutePath());
                }
                for (String str3 : this.ldapGroupNames) {
                    JsonObject asJsonObject3 = this.ldapGroupConfigs.get(str3).getAsJsonObject();
                    if (!asJsonObject3.has(PrivilegeConstants.LOCATION) || !asJsonObject3.get(PrivilegeConstants.LOCATION).isJsonArray() || asJsonObject3.get(PrivilegeConstants.LOCATION).getAsJsonArray().size() == 0) {
                        throw new IllegalStateException("LDAP Group " + str3 + " is missing a location attribute, or it is not an array or the array is empty");
                    }
                    if (!asJsonObject3.has(PrivilegeConstants.LOCATION) || !asJsonObject3.get(PrivilegeConstants.LOCATION).isJsonArray() || asJsonObject3.get(PrivilegeConstants.LOCATION).getAsJsonArray().size() == 0) {
                        throw new IllegalStateException("LDAP Group " + str3 + " is missing a roles attribute, or it is not an array or the array is empty");
                    }
                }
                this.userLdapGroupOverrides = new HashMap<>();
                if (asJsonObject.has("userLdapGroupOverrides")) {
                    JsonObject asJsonObject4 = asJsonObject.get("userLdapGroupOverrides").getAsJsonObject();
                    for (String str4 : asJsonObject4.keySet()) {
                        String asString = asJsonObject4.get(str4).getAsString();
                        logger.info("Registered LDAP group override for user " + str4 + " to group " + asString);
                        this.userLdapGroupOverrides.put(str4, asString);
                    }
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("Failed to read config file " + file.getAbsolutePath(), e);
        }
    }

    @Override // li.strolch.privilege.handler.BaseLdapPrivilegeHandler
    protected String getFirstName(String str, Attributes attributes) throws NamingException {
        String ldapString = getLdapString(attributes, "givenName");
        return StringHelper.isEmpty(ldapString) ? str : ldapString;
    }

    @Override // li.strolch.privilege.handler.BaseLdapPrivilegeHandler
    protected String getLastName(String str, Attributes attributes) throws NamingException {
        String ldapString = getLdapString(attributes, "sn");
        return StringHelper.isEmpty(ldapString) ? str : ldapString;
    }

    @Override // li.strolch.privilege.handler.BaseLdapPrivilegeHandler
    protected Locale getLocale(Attributes attributes) {
        return this.defaultLocale;
    }

    @Override // li.strolch.privilege.handler.BaseLdapPrivilegeHandler
    protected Set<String> getLdapGroups(String str, Attributes attributes) throws NamingException {
        Set<String> ldapGroups = LdapHelper.getLdapGroups(attributes);
        logger.info("User " + str + " has LDAP Groups: ");
        ldapGroups.forEach(str2 -> {
            logger.info("- " + str2);
        });
        if (this.userLdapGroupOverrides.containsKey(str)) {
            String str3 = this.userLdapGroupOverrides.get(str);
            ldapGroups.clear();
            ldapGroups.add(str3);
            logger.info("Overriding LDAP group for user " + str + " to " + str3);
        }
        Set<String> set = (Set) ldapGroups.stream().filter(str4 -> {
            return this.ldapGroupNames.contains(str4);
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            throw new IllegalStateException("User " + str + " can not login, as none of their LDAP Groups have mappings to Strolch Roles!");
        }
        if (set.size() > 1) {
            logger.warn("User " + str + " has multiple relevant LDAP Groups which will lead to undefined behaviour: " + String.join(",", set));
        }
        return set;
    }

    @Override // li.strolch.privilege.handler.BaseLdapPrivilegeHandler
    protected Set<String> mapToStrolchRoles(String str, Set<String> set) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            this.ldapGroupConfigs.get(it.next()).getAsJsonObject().get(PrivilegeConstants.ROLES).getAsJsonArray().forEach(jsonElement -> {
                hashSet.add(jsonElement.getAsString());
            });
        }
        return hashSet;
    }

    @Override // li.strolch.privilege.handler.BaseLdapPrivilegeHandler
    protected Map<String, String> buildProperties(String str, Attributes attributes, Set<String> set, Set<String> set2) throws NamingException {
        String str2 = "";
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        String ldapString = getLdapString(attributes, "department");
        if (StringHelper.isNotEmpty(ldapString) && this.ldapToLocalLocationMap.containsKey(ldapString)) {
            String str3 = this.ldapToLocalLocationMap.get(ldapString);
            logger.info("Using primary location " + str3 + " for LDAP department " + ldapString);
            str2 = str3;
        }
        for (String str4 : set) {
            JsonObject asJsonObject = this.ldapGroupConfigs.get(str4).getAsJsonObject();
            if (asJsonObject.has(PrivilegeConstants.ORGANISATION)) {
                asJsonObject.get(PrivilegeConstants.ORGANISATION).getAsJsonArray().forEach(jsonElement -> {
                    hashSet2.add(jsonElement.getAsString());
                });
            }
            asJsonObject.get(PrivilegeConstants.LOCATION).getAsJsonArray().forEach(jsonElement2 -> {
                hashSet3.add(jsonElement2.getAsString());
            });
            JsonElement jsonElement3 = asJsonObject.get(PrivilegeConstants.PRIMARY_LOCATION);
            if (jsonElement3 != null && !jsonElement3.isJsonNull()) {
                if (str2.isEmpty()) {
                    str2 = jsonElement3.getAsString();
                } else {
                    String asString = jsonElement3.getAsString();
                    if (!hashSet.contains(asString)) {
                        logger.warn("Primary location already set by previous LDAP Group config for LDAP Group " + str4 + ", adding to secondary locations.");
                        hashSet.add(asString);
                    }
                }
            }
            JsonElement jsonElement4 = asJsonObject.get(PrivilegeConstants.SECONDARY_LOCATIONS);
            if (jsonElement4 != null && !jsonElement4.isJsonNull()) {
                if (!hashSet.isEmpty()) {
                    logger.warn("Secondary locations already set by previous LDAP Group config for LDAP Group " + str4 + ", adding additional");
                    if (jsonElement4.isJsonPrimitive()) {
                        hashSet.add(jsonElement4.getAsString());
                    } else {
                        jsonElement4.getAsJsonArray().forEach(jsonElement5 -> {
                            hashSet.add(jsonElement5.getAsString());
                        });
                    }
                } else if (jsonElement4.isJsonPrimitive()) {
                    hashSet.add(jsonElement4.getAsString());
                } else {
                    jsonElement4.getAsJsonArray().forEach(jsonElement6 -> {
                        hashSet.add(jsonElement6.getAsString());
                    });
                }
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put(PrivilegeConstants.REALM, this.realm);
        if (!hashSet2.isEmpty()) {
            hashMap.put(PrivilegeConstants.ORGANISATION, String.join(",", hashSet2));
        }
        hashMap.put(PrivilegeConstants.LOCATION, String.join(",", hashSet3));
        hashMap.put(PrivilegeConstants.PRIMARY_LOCATION, str2);
        hashMap.put(PrivilegeConstants.SECONDARY_LOCATIONS, String.join(",", hashSet));
        return hashMap;
    }
}
