package edu.internet2.middleware.grouperDuo;

import com.duosecurity.client.Http;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.StemFinder;
import edu.internet2.middleware.grouper.app.loader.GrouperLoaderConfig;
import edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningSettings;
import edu.internet2.middleware.grouper.attr.value.AttributeAssignValue;
import edu.internet2.middleware.grouper.exception.StemNotFoundException;
import edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook;
import edu.internet2.middleware.grouper.util.GrouperEmail;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.util.ExpirableCache;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.SubjectNotFoundException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:edu/internet2/middleware/grouperDuo/GrouperDuoUtils.class */
public class GrouperDuoUtils {
    private static ExpirableCache<Boolean, Stem> duoStemCache = new ExpirableCache<>(5);

    public static Stem duoStem(Map<String, Object> map) {
        Stem stem = (Stem) duoStemCache.get(Boolean.TRUE);
        if (map != null) {
            map.put("duoStemInExpirableCache", Boolean.valueOf(stem != null));
        }
        if (stem == null) {
            stem = duoStemHelper(map);
            duoStemCache.put(Boolean.TRUE, stem);
        }
        return stem;
    }

    public static Stem duoStemHelper(Map<String, Object> map) {
        String propertyValueString = GrouperLoaderConfig.retrieveConfig().propertyValueString("grouperDuo.folder.name.withDuoGroups");
        boolean propertyValueBoolean = GrouperLoaderConfig.retrieveConfig().propertyValueBoolean("grouperDuo.use.ui.provisioning.configuration", false);
        if (propertyValueBoolean && !StringUtils.isBlank(propertyValueString)) {
            throw new RuntimeException("If you are using ui provisioning configuration, you cant configure a folder in the grouper-loader.properties 'grouperDuo.folder.name.withDuoGroups'!!!!");
        }
        Stem stem = null;
        if (propertyValueBoolean) {
            String propertyValueStringRequired = GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.ui.provisioning.targetName");
            if (map != null) {
                map.put("uiProvisioningTargetName", propertyValueStringRequired);
            }
            ArrayList arrayList = new ArrayList(new StemFinder().assignAttributeCheckReadOnAttributeDef(false).assignNameOfAttributeDefName(GrouperProvisioningSettings.provisioningConfigStemName() + ":provisioningTarget").addAttributeValuesOnAssignment(propertyValueStringRequired).assignNameOfAttributeDefName2(GrouperProvisioningSettings.provisioningConfigStemName() + ":provisioningDoProvision").addAttributeValuesOnAssignment2("true").findStems());
            GrouperUtil.stemRemoveChildStemsOfTopStem(arrayList);
            if (map != null) {
                map.put("folderCount", Integer.valueOf(GrouperUtil.length(arrayList)));
            }
            if (GrouperUtil.length(arrayList) > 1) {
                throw new RuntimeException("Folder count can only be 0 or 1!!! " + GrouperUtil.length(arrayList));
            }
            if (GrouperUtil.length(arrayList) == 1) {
                stem = (Stem) arrayList.iterator().next();
            }
        } else {
            stem = StemFinder.findByName(GrouperSession.staticGrouperSession(), propertyValueString, true);
        }
        return stem;
    }

    public static String configFolderForDuoGroups() {
        return duoStem(null).getName() + ":";
    }

    public static String configFolderForDuoAdmins() {
        String propertyValueStringRequired = GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.folder.name.withDuoAdmins");
        if (!propertyValueStringRequired.endsWith(":")) {
            propertyValueStringRequired = propertyValueStringRequired + ":";
        }
        GrouperDuoLog.duoLog(String.format("Using folder '%s' for duo admin sync.", propertyValueStringRequired));
        return propertyValueStringRequired;
    }

    public static boolean provisionAdminAccountsWithRandomPasswords() {
        return true;
    }

    public static String configSubjectAttributeForDuoUsername() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.subjectAttributeForDuoUsername");
    }

    public static Set<String> configSourcesForSubjects() {
        return GrouperUtil.splitTrimToSet(GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.sourcesForSubjects"), ",");
    }

    public static String configAttributeForAdminId() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.attributeForAdminId");
    }

    public static String configAttributeForAdminRole() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.attributeForAdminRole");
    }

    public static String configAttributeForAdminNameSuffix() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.attributeForAdminNameSuffix");
    }

    public static String configSubjectAttributeForName() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueString("grouperDuo.subjectAttributeForName", "name");
    }

    public static String configSubjectAttributeForPhone() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueString("grouperDuo.subjectAttributeForPhoneName", "phone");
    }

    public static String configSubjectAttributeForEmail() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueString("grouperDuo.subjectAttributeForEmailName", "email");
    }

    public static String configEmailRecipientsGroupName() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueString("grouperDuo.emailRecipientsGroupName", "");
    }

    public static boolean validDuoGroupName(String str) {
        String configFolderForDuoGroups = configFolderForDuoGroups();
        if (!str.startsWith(configFolderForDuoGroups)) {
            return false;
        }
        String substring = str.substring(configFolderForDuoGroups.length());
        return (substring.contains(":") || substring.endsWith(GroupTypeTupleIncludeExcludeHook.systemOfRecordExtensionSuffix()) || substring.endsWith(GroupTypeTupleIncludeExcludeHook.systemOfRecordAndIncludesExtensionSuffix()) || substring.endsWith(GroupTypeTupleIncludeExcludeHook.includeExtensionSuffix()) || substring.endsWith(GroupTypeTupleIncludeExcludeHook.excludeExtensionSuffix())) ? false : true;
    }

    public static boolean isValidDuoAdminGroup(GrouperSession grouperSession, String str) {
        if (str == null) {
            return false;
        }
        String configFolderForDuoAdmins = configFolderForDuoAdmins();
        GrouperDuoLog.duoLog(String.format("Checking if group '%s' is a direct child of '%s'", str, configFolderForDuoAdmins));
        if (!str.startsWith(configFolderForDuoAdmins)) {
            GrouperDuoLog.duoLog(String.format("Group name does not start with '%s'", configFolderForDuoAdmins));
            return false;
        }
        GrouperDuoLog.duoLog(String.format("Finding group: %s", str));
        Group findByName = GroupFinder.findByName(grouperSession, str, false);
        if (findByName == null) {
            GrouperDuoLog.duoLog("Could not find group by name..." + str);
            return false;
        }
        GrouperDuoLog.duoLog("Getting group attribute to check for role");
        String retrieveValueString = findByName.getAttributeValueDelegate().retrieveValueString(configAttributeForAdminRole());
        if (retrieveValueString == null) {
            GrouperDuoLog.duoLog("Group does not have an admin role associated with it...");
            return false;
        }
        GrouperDuoLog.duoLog(String.format("Checking that %s is a manageable role.", retrieveValueString));
        if (!manageableAdminRoles().contains(retrieveValueString)) {
            GrouperDuoLog.duoLog(String.format("'%s' is not within manageable admin roles", str));
            return false;
        }
        GrouperDuoLog.duoLog("Checking include / exclude.");
        if (str.endsWith(GroupTypeTupleIncludeExcludeHook.systemOfRecordExtensionSuffix()) || str.endsWith(GroupTypeTupleIncludeExcludeHook.systemOfRecordAndIncludesExtensionSuffix()) || str.endsWith(GroupTypeTupleIncludeExcludeHook.includeExtensionSuffix()) || str.endsWith(GroupTypeTupleIncludeExcludeHook.excludeExtensionSuffix())) {
            GrouperDuoLog.duoLog(String.format("Group name cant be include/exclude and not overall", new Object[0]));
            return false;
        }
        GrouperDuoLog.duoLog("validDuoAdminName return true");
        return true;
    }

    public static boolean isDuoAdminSyncEnabled() {
        boolean propertyValueBoolean = GrouperLoaderConfig.retrieveConfig().propertyValueBoolean("grouperDuo.adminSyncEnabled", false);
        GrouperDuoLog.duoLog(String.format("isDuoAdminSyncEnabled: %s", Boolean.valueOf(propertyValueBoolean)));
        return propertyValueBoolean;
    }

    public static Set<String> manageableAdminRoles() {
        return GrouperUtil.splitTrimToSet(GrouperLoaderConfig.retrieveConfig().propertyValueString("grouperDuo.manageableAdminRoles", "Owner,Administrator,Application Manager,User Manager,Help Desk,Billing,Phishing Manager,Read-only"), ",");
    }

    public static String getAdminIdFromMember(Member member) {
        AttributeAssignValue retrieveAttributeAssignValue = member.getAttributeValueDelegate().retrieveAttributeAssignValue(configAttributeForAdminId());
        if (retrieveAttributeAssignValue == null) {
            return null;
        }
        return retrieveAttributeAssignValue.getValueString();
    }

    public static boolean attachAdminIdToMember(Member member, String str) {
        member.getAttributeDelegate().removeAttributeByName(configAttributeForAdminId());
        return member.getAttributeValueDelegate().assignValue(configAttributeForAdminId(), str).isChanged();
    }

    public static String createAdminAccountPassword() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouperDuo.defaultAdminPassword");
    }

    public static Group getExistingAdminRole(GrouperSession grouperSession, Member member) {
        String configFolderForDuoAdmins = configFolderForDuoAdmins();
        for (Group group : StemFinder.findByName(grouperSession, configFolderForDuoAdmins.substring(0, configFolderForDuoAdmins.length() - 1), true).getChildGroups()) {
            if (group.hasEffectiveMember(member.getSubject()) || group.hasMember(member.getSubject()) || group.hasNonImmediateMember(member.getSubject()) || group.hasImmediateMember(member.getSubject())) {
                if (isValidDuoAdminGroup(grouperSession, group.getName())) {
                    return group;
                }
            }
        }
        return null;
    }

    public static GrouperDuoAdministrator fetchOrCreateGrouperDuoAdministrator(Member member, boolean z, Map<String, GrouperDuoAdministrator> map) {
        String string;
        String adminIdFromMember = getAdminIdFromMember(member);
        Subject subject = member.getSubject();
        GrouperDuoAdministrator grouperDuoAdministrator = map.get(adminIdFromMember);
        if (adminIdFromMember == null || grouperDuoAdministrator == null) {
            Iterator<GrouperDuoAdministrator> it = map.values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                GrouperDuoAdministrator next = it.next();
                if (next.getEmail().equals(member.getSubject().getAttributeValue(configSubjectAttributeForEmail()))) {
                    grouperDuoAdministrator = next;
                    break;
                }
            }
        }
        if (z && grouperDuoAdministrator == null) {
            String str = null;
            try {
                JSONObject retrieveDuoUserByIdOrUsername = GrouperDuoCommands.retrieveDuoUserByIdOrUsername(subject.getAttributeValue(configSubjectAttributeForDuoUsername()), false, 30);
                if (retrieveDuoUserByIdOrUsername != null && retrieveDuoUserByIdOrUsername.has("phones")) {
                    JSONArray jSONArray = retrieveDuoUserByIdOrUsername.getJSONArray("phones");
                    for (int i = 0; i < jSONArray.size(); i++) {
                        JSONObject jSONObject = jSONArray.getJSONObject(i);
                        if (jSONObject.has("number") && (string = jSONObject.getString("number")) != null && string.length() > 0) {
                            str = string;
                        }
                    }
                }
            } catch (Exception e) {
                GrouperDuoLog.logError("Exception while retrieving and processing user record: " + e.getMessage(), e);
            }
            if (str == null) {
                str = subject.getAttributeValue(configSubjectAttributeForPhone());
            }
            if (str == null) {
                GrouperDuoLog.logError(String.format("Failed to locate a phone number for subject: %s, %s", subject.getId(), subject.getName()));
                throw new RuntimeException(String.format("Failed to locate a phone number for subject: %s, %s", subject.getId(), subject.getName()));
            }
            grouperDuoAdministrator = GrouperDuoCommands.createNewAdminAccount(subject.getAttributeValue(configSubjectAttributeForName()), subject.getAttributeValue(configSubjectAttributeForEmail()), createAdminAccountPassword(), str, "Read-only", true, true);
        }
        if (grouperDuoAdministrator == null && adminIdFromMember != null) {
            member.getAttributeDelegate().removeAttributeByName(configAttributeForAdminId());
        }
        if (grouperDuoAdministrator != null && !grouperDuoAdministrator.getAdminId().equals(adminIdFromMember)) {
            attachAdminIdToMember(member, grouperDuoAdministrator.getAdminId());
        }
        return grouperDuoAdministrator;
    }

    public static void synchronizeMemberAndDuoAdministrator(GrouperSession grouperSession, Member member, GrouperDuoAdministrator grouperDuoAdministrator) {
        GrouperDuoLog.duoLog("Syncing duo administrator and member");
        Group existingAdminRole = getExistingAdminRole(grouperSession, member);
        try {
            Subject subject = member.getSubject();
            String str = null;
            if (existingAdminRole != null) {
                str = existingAdminRole.getAttributeValueDelegate().retrieveValueString(configAttributeForAdminRole());
            }
            if (StringUtils.equals(getAdminIdFromMember(member), grouperDuoAdministrator.getAdminId())) {
                GrouperDuoLog.duoLog("AdminId matches member and administrator object.");
            } else {
                GrouperDuoLog.duoLog("Updating adminId attribute on member.");
                attachAdminIdToMember(member, grouperDuoAdministrator.getAdminId());
            }
            boolean z = !grouperDuoAdministrator.getRole().equals(str);
            boolean z2 = grouperDuoAdministrator.isActive() == (str == null);
            String retrieveValueString = existingAdminRole != null ? existingAdminRole.getAttributeValueDelegate().retrieveValueString(configAttributeForAdminNameSuffix()) : "";
            String str2 = subject.getAttributeValue(configSubjectAttributeForName()) + (retrieveValueString != null ? retrieveValueString : "");
            boolean z3 = !str2.equals(grouperDuoAdministrator.getName());
            boolean z4 = str != null;
            if (z || z2 || z3) {
                Http startAdminUpdateRequest = GrouperDuoCommands.startAdminUpdateRequest(grouperDuoAdministrator);
                if (z3) {
                    GrouperDuoCommands.updateAdminName(startAdminUpdateRequest, str2);
                }
                if (z2) {
                    GrouperDuoCommands.updateAdminStatus(startAdminUpdateRequest, z4);
                    if (!z4) {
                        GrouperDuoCommands.updateAdminRole(startAdminUpdateRequest, "Read-only");
                    }
                }
                if (z) {
                    GrouperDuoCommands.updateAdminRole(startAdminUpdateRequest, str != null ? str : "Read-only");
                }
                GrouperDuoCommands.executeAdminUpdateRequest(grouperDuoAdministrator, startAdminUpdateRequest);
            }
        } catch (SubjectNotFoundException e) {
            GrouperDuoLog.logError(String.format("Could not find subject for member: %s (Id: %s)", member.getName(), member.getId()));
            throw e;
        }
    }

    public static boolean isDuoGroupSyncEnabled() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueBoolean("grouperDuo.groupSyncEnabled", true);
    }

    public static boolean isDisableUnknownAdminAccountsEnabled() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueBoolean("grouperDuo.disableUnknownAdmins", false);
    }

    public static boolean isDeleteUnknownAdminAccountsEnabled() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueBoolean("grouperDuo.deleteUnknownAdmins", false);
    }

    public static long deleteUnknownAdminAccountsAfterSeconds() {
        return GrouperLoaderConfig.retrieveConfig().propertyValueInt("grouperDuo.deleteUnknownAdminsAfterSeconds", 2592000);
    }

    public static void sendEmailToGroupMembers(Group group, String str, String str2) {
        if (group == null) {
            GrouperDuoLog.logError(String.format("groupMembersToNotify is null, cannot send an email notification to a null group. %s -- %s", str, str2));
        }
        String str3 = "";
        Set<Member> members = group.getMembers();
        String configSubjectAttributeForEmail = configSubjectAttributeForEmail();
        for (Member member : members) {
            str3 = str3 + (member.getSubject().getAttributeValue(configSubjectAttributeForEmail) != null ? (str3.length() > 0 ? ";" : "") + member.getSubject().getAttributeValue(configSubjectAttributeForEmail) : "");
        }
        if (str3.length() <= 0) {
            GrouperDuoLog.logError(String.format("No recipients for email notification: %s -- %s", str, str2));
            return;
        }
        GrouperEmail grouperEmail = new GrouperEmail();
        grouperEmail.setBody(str2).setSubject(str).setTo(str3);
        grouperEmail.send();
        GrouperDuoLog.logInfo(String.format("Sent a notification email '%s' to %s.", str, str3));
    }

    public static String getSubjectAttributesForEmail(Subject subject) {
        if (subject == null) {
            return "Null subject, no attribute values.\n";
        }
        String str = "";
        for (String str2 : GrouperUtil.splitTrimToSet(GrouperLoaderConfig.retrieveConfig().propertyValueString("grouperDuo.emailNotificationSubjectAttributes", "mail,email,name"), ",")) {
            str = str + String.format("%s:%s\n", str2, subject.getAttributeValue(str2));
        }
        return str;
    }

    public static boolean removeSubjectFromDuoAdminGroups(GrouperSession grouperSession, Subject subject) {
        String configFolderForDuoAdmins = configFolderForDuoAdmins();
        String substring = configFolderForDuoAdmins.substring(0, configFolderForDuoAdmins.length() - 1);
        boolean z = false;
        try {
            for (Group group : StemFinder.findByName(grouperSession, substring, true).getChildGroups()) {
                if (group.hasMember(subject)) {
                    group.deleteMember(subject, false);
                    z = true;
                }
            }
            return z;
        } catch (StemNotFoundException e) {
            GrouperDuoLog.logError("Could not find stem for " + substring, e);
            return false;
        }
    }
}
