package org.iplass.mtp.impl.auth.authenticate.oidc;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;
import org.iplass.mtp.ManagerLocator;
import org.iplass.mtp.auth.User;
import org.iplass.mtp.auth.oidc.AutoUserProvisioningHandler;
import org.iplass.mtp.entity.EntityManager;
import org.iplass.mtp.entity.EntityRuntimeException;
import org.iplass.mtp.entity.query.Query;
import org.iplass.mtp.entity.query.Select;
import org.iplass.mtp.entity.query.condition.Condition;
import org.iplass.mtp.entity.query.condition.expr.And;
import org.iplass.mtp.entity.query.condition.predicate.Equals;
import org.iplass.mtp.entity.query.hint.CacheHint;
import org.iplass.mtp.entity.query.value.ValueExpression;
import org.iplass.mtp.entity.query.value.primary.EntityField;
import org.iplass.mtp.entity.query.value.subquery.ScalarSubQuery;
import org.iplass.mtp.impl.auth.AuthContextHolder;
import org.iplass.mtp.impl.auth.AuthService;
import org.iplass.mtp.impl.auth.authenticate.AccountHandle;
import org.iplass.mtp.impl.auth.authenticate.AuthenticationProvider;
import org.iplass.mtp.impl.auth.authenticate.UserEntityResolver;
import org.iplass.mtp.impl.auth.authenticate.builtin.policy.AuthenticationPolicyService;
import org.iplass.mtp.impl.auth.authenticate.builtin.policy.MetaAuthenticationPolicy;
import org.iplass.mtp.impl.auth.authenticate.oidc.MetaOpenIdConnect;
import org.iplass.mtp.impl.entity.EntityContext;
import org.iplass.mtp.impl.entity.EntityHandler;
import org.iplass.mtp.impl.entity.builder.EntityBuilder;
import org.iplass.mtp.impl.entity.property.PrimitivePropertyHandler;
import org.iplass.mtp.impl.entity.property.PropertyHandler;
import org.iplass.mtp.impl.metadata.MetaDataEntryInfo;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.web.template.tags.BindTag;

/* loaded from: input_file:org/iplass/mtp/impl/auth/authenticate/oidc/OIDCUserEntityResolver.class */
public class OIDCUserEntityResolver implements UserEntityResolver {
    private AuthService authService;
    private OpenIdConnectService oidcService;
    private List<String> eagerLoadReferenceProperty;
    private String filterCondition;
    private Condition filterConditionNode;

    public List<String> getEagerLoadReferenceProperty() {
        return this.eagerLoadReferenceProperty;
    }

    public void setEagerLoadReferenceProperty(List<String> list) {
        this.eagerLoadReferenceProperty = list;
    }

    public String getFilterCondition() {
        return this.filterCondition;
    }

    public void setFilterCondition(String str) {
        this.filterCondition = str;
    }

    public User searchUser(AccountHandle accountHandle) {
        OIDCAccountHandle oIDCAccountHandle = (OIDCAccountHandle) accountHandle;
        MetaOpenIdConnect.OpenIdConnectRuntime openIdConnectRuntime = (MetaOpenIdConnect.OpenIdConnectRuntime) this.oidcService.getRuntimeByName(oIDCAccountHandle.getOpenIdConnectDefinitionName());
        User searchUser = searchUser(oIDCAccountHandle);
        if (searchUser == null && openIdConnectRuntime.m14getMetaData().isEnableTransientUser()) {
            searchUser = temporaryUser(oIDCAccountHandle, openIdConnectRuntime);
        }
        return searchUser;
    }

    private User temporaryUser(OIDCAccountHandle oIDCAccountHandle, MetaOpenIdConnect.OpenIdConnectRuntime openIdConnectRuntime) {
        User transientUser = openIdConnectRuntime.getAutoUserProvisioningHandler() != null ? openIdConnectRuntime.getAutoUserProvisioningHandler().transientUser(oIDCAccountHandle.getSubjectId(), oIDCAccountHandle.getSubjectName(), oIDCAccountHandle.getAttributeMap()) : new AutoUserProvisioningHandler() { // from class: org.iplass.mtp.impl.auth.authenticate.oidc.OIDCUserEntityResolver.1
            @Override // org.iplass.mtp.auth.oidc.AutoUserProvisioningHandler
            public void updateUser(User user, String str, String str2, Map<String, Object> map) {
            }

            @Override // org.iplass.mtp.auth.oidc.AutoUserProvisioningHandler
            public String createUser(String str, String str2, Map<String, Object> map) {
                return null;
            }
        }.transientUser(oIDCAccountHandle.getSubjectId(), oIDCAccountHandle.getSubjectName(), oIDCAccountHandle.getAttributeMap());
        if (transientUser.getAccountPolicy() == null) {
            AuthenticationPolicyService service = ServiceRegistry.getRegistry().getService(AuthenticationPolicyService.class);
            Iterator it = service.list().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                MetaAuthenticationPolicy.AuthenticationPolicyRuntime authenticationPolicyRuntime = (MetaAuthenticationPolicy.AuthenticationPolicyRuntime) service.getRuntimeById(((MetaDataEntryInfo) it.next()).getId());
                if (openIdConnectRuntime.isAllowedOnPolicy(authenticationPolicyRuntime)) {
                    transientUser.setAccountPolicy(authenticationPolicyRuntime.getMetaData().getName());
                    break;
                }
            }
        }
        return transientUser;
    }

    private User searchUser(OIDCAccountHandle oIDCAccountHandle) {
        return (User) this.authService.doSecuredAction(AuthContextHolder.getAuthContext().privilegedAuthContextHolder(), () -> {
            return searchUserByOneEQL((String) oIDCAccountHandle.getAttributeMap().get(OIDCAccountHandle.SUBJECT_ID_WITH_DEFINITION_NAME));
        });
    }

    private User searchUserByOneEQL(String str) {
        try {
            EntityContext currentContext = EntityContext.getCurrentContext();
            ArrayList arrayList = new ArrayList();
            EntityHandler handlerByName = currentContext.getHandlerByName("mtp.auth.User");
            for (PropertyHandler propertyHandler : handlerByName.getPropertyList(currentContext)) {
                if (propertyHandler instanceof PrimitivePropertyHandler) {
                    arrayList.add(new EntityField(propertyHandler.getName()));
                }
            }
            if (this.eagerLoadReferenceProperty != null) {
                for (String str2 : this.eagerLoadReferenceProperty) {
                    for (PropertyHandler propertyHandler2 : handlerByName.getPropertyCascade(str2, currentContext).getReferenceEntityHandler(currentContext).getPropertyList(currentContext)) {
                        if (propertyHandler2 instanceof PrimitivePropertyHandler) {
                            arrayList.add(new EntityField(str2 + BindTag.DEFAULT_PROPERTY_DELIMITER + propertyHandler2.getName()));
                        }
                    }
                }
            }
            Query query = new Query();
            query.setSelect(new Select(false, arrayList));
            query.select().addHint(new CacheHint(CacheHint.CacheScope.TRANSACTION));
            query.from("mtp.auth.User");
            Condition equals = new Equals("oid", new ScalarSubQuery(new Query().select(new Object[]{OpenIdProviderAccountEntityEventListener.USER_OID}).from(OpenIdProviderAccountEntityEventListener.DEFINITION_NAME).where(new Equals("uniqueKey", str))));
            if (this.filterConditionNode != null) {
                equals = new And(new Condition[]{equals, (Condition) this.filterConditionNode.copy()});
            }
            query.where(equals);
            String[] strArr = new String[query.getSelect().getSelectValues().size()];
            for (int i = 0; i < query.getSelect().getSelectValues().size(); i++) {
                strArr[i] = ((ValueExpression) query.getSelect().getSelectValues().get(i)).toString();
            }
            final EntityBuilder entityBuilder = new EntityBuilder(handlerByName, currentContext, strArr);
            ManagerLocator.getInstance().getManager(EntityManager.class).search(query, new Predicate<Object[]>() { // from class: org.iplass.mtp.impl.auth.authenticate.oidc.OIDCUserEntityResolver.2
                @Override // java.util.function.Predicate
                public boolean test(Object[] objArr) {
                    entityBuilder.handle(objArr, (String) null);
                    return true;
                }
            });
            entityBuilder.finished();
            Collection collection = entityBuilder.getCollection();
            if (collection.isEmpty()) {
                return null;
            }
            return (User) collection.iterator().next();
        } catch (Exception e) {
            throw new EntityRuntimeException("failed to search mtp.auth.User.", e);
        }
    }

    public void inited(AuthService authService, AuthenticationProvider authenticationProvider) {
        this.authService = authService;
        this.oidcService = (OpenIdConnectService) ServiceRegistry.getRegistry().getService(OpenIdConnectService.class);
        if (this.filterCondition != null) {
            this.filterConditionNode = Condition.newCondition(this.filterCondition);
        }
    }

    public String getUnmodifiableUniqueKeyProperty() {
        return "oid";
    }
}
