package org.apereo.cas.scim.v2;

import de.captaingoldfish.scim.sdk.client.ScimClientConfig;
import de.captaingoldfish.scim.sdk.client.ScimRequestBuilder;
import de.captaingoldfish.scim.sdk.client.response.ServerResponse;
import de.captaingoldfish.scim.sdk.common.constants.enums.Comparator;
import de.captaingoldfish.scim.sdk.common.resources.User;
import java.util.HashMap;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalProvisioner;
import org.apereo.cas.configuration.model.support.scim.ScimProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.util.LoggingUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/scim/v2/ScimV2PrincipalProvisioner.class */
public class ScimV2PrincipalProvisioner implements PrincipalProvisioner {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(ScimV2PrincipalProvisioner.class);
    private final ScimProperties scimProperties;
    private final ScimV2PrincipalAttributeMapper mapper;

    public boolean provision(Principal principal, Credential credential) {
        return provision(credential, Optional.empty(), principal);
    }

    public boolean provision(Authentication authentication, Credential credential, RegisteredService registeredService) {
        return provision(credential, Optional.ofNullable(registeredService), authentication.getPrincipal());
    }

    private boolean provision(Credential credential, Optional<RegisteredService> optional, Principal principal) {
        try {
            LOGGER.info("Attempting to execute provisioning ops for [{}]", principal.getId());
            ServerResponse sendRequest = getScimService(optional).list(User.class, "/Users").count(1).filter("userName", Comparator.EQ, principal.getId()).build().get().sendRequest();
            return (!sendRequest.isSuccess() || sendRequest.getResource().getTotalResults() <= 0) ? createUserResource(principal, credential, optional) : updateUserResource((User) sendRequest.getResource().getListedResources().getFirst(), principal, credential, optional);
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return false;
        }
    }

    protected boolean updateUserResource(User user, Principal principal, Credential credential, Optional<RegisteredService> optional) throws Exception {
        this.mapper.map(user, principal, credential);
        LOGGER.trace("Updating user resource [{}]", user);
        return getScimService(optional).update(User.class, "/Users", (String) user.getId().orElseThrow()).setResource(user).sendRequest().isSuccess();
    }

    protected boolean createUserResource(Principal principal, Credential credential, Optional<RegisteredService> optional) throws Exception {
        User user = new User();
        this.mapper.map(user, principal, credential);
        LOGGER.trace("Creating user resource [{}]", user);
        return getScimService(optional).create(User.class, "/Users").setResource(user).sendRequest().isSuccess();
    }

    protected ScimRequestBuilder getScimService(Optional<RegisteredService> optional) {
        HashMap hashMap = new HashMap();
        String oauthToken = this.scimProperties.getOauthToken();
        if (optional.isPresent()) {
            RegisteredService registeredService = optional.get();
            if (RegisteredServiceProperty.RegisteredServiceProperties.SCIM_OAUTH_TOKEN.isAssignedTo(registeredService)) {
                oauthToken = RegisteredServiceProperty.RegisteredServiceProperties.SCIM_OAUTH_TOKEN.getPropertyValue(registeredService).value();
            }
        }
        if (StringUtils.isNotBlank(oauthToken)) {
            hashMap.put("Authorization", "Bearer " + oauthToken);
        }
        String username = this.scimProperties.getUsername();
        String password = this.scimProperties.getPassword();
        String target = this.scimProperties.getTarget();
        ScimClientConfig.ScimClientConfigBuilder builder = ScimClientConfig.builder();
        if (optional.isPresent()) {
            RegisteredService registeredService2 = optional.get();
            if (RegisteredServiceProperty.RegisteredServiceProperties.SCIM_USERNAME.isAssignedTo(registeredService2)) {
                username = RegisteredServiceProperty.RegisteredServiceProperties.SCIM_USERNAME.getPropertyValue(registeredService2).value();
            }
            if (RegisteredServiceProperty.RegisteredServiceProperties.SCIM_PASSWORD.isAssignedTo(registeredService2)) {
                password = RegisteredServiceProperty.RegisteredServiceProperties.SCIM_PASSWORD.getPropertyValue(registeredService2).value();
            }
        }
        if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password)) {
            builder.basic(username, password);
        }
        if (optional.isPresent()) {
            RegisteredService registeredService3 = optional.get();
            if (RegisteredServiceProperty.RegisteredServiceProperties.SCIM_TARGET.isAssignedTo(registeredService3)) {
                target = RegisteredServiceProperty.RegisteredServiceProperties.SCIM_TARGET.getPropertyValue(registeredService3).value();
            }
        }
        LOGGER.debug("Using SCIM provisioning target [{}]", target);
        return new ScimRequestBuilder(target, builder.connectTimeout(5).requestTimeout(5).socketTimeout(5).hostnameVerifier((str, sSLSession) -> {
            return true;
        }).httpHeaders(hashMap).build());
    }

    @Generated
    public ScimV2PrincipalProvisioner(ScimProperties scimProperties, ScimV2PrincipalAttributeMapper scimV2PrincipalAttributeMapper) {
        this.scimProperties = scimProperties;
        this.mapper = scimV2PrincipalAttributeMapper;
    }
}
