package edu.internet2.middleware.grouper.authentication;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.authentication.GrouperPassword;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.hibernate.GrouperTransaction;
import edu.internet2.middleware.grouper.hibernate.GrouperTransactionHandler;
import edu.internet2.middleware.grouper.internal.dao.GrouperDAOException;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.misc.GrouperStartup;
import edu.internet2.middleware.grouper.misc.SaveMode;
import edu.internet2.middleware.grouper.misc.SaveResultType;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.lang3.StringUtils;
import edu.internet2.middleware.morphString.Morph;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.SubjectUtils;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.Objects;
import net.bytebuddy.utility.JavaConstant;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.7.1.jar:edu/internet2/middleware/grouper/authentication/GrouperPasswordSave.class */
public class GrouperPasswordSave {
    private static final Log LOG = GrouperUtil.getLog(GrouperPasswordSave.class);
    private String username;
    private String entityType;
    private GrouperPassword.EncryptionType encryptionType;
    private String thePassword;
    private String publicKey;
    private GrouperPassword.Application application;
    private String allowedFromCidrs;
    private Long expiresAtDb;
    private String memberId;
    private String memberIdWhoSetPassword;
    private SaveMode saveMode;
    private String uuid;
    private boolean runAsRoot;
    private boolean memberIdAssigned = false;
    private boolean publicKeyAssigned = false;
    private boolean usernameAssigned = false;
    private boolean allowedFromCidrsAssigned = false;
    private boolean memberIdWhoSetPasswordAssigned = false;
    private boolean expiresAtAssigned = false;
    private boolean entityTypeAssigned = false;
    private boolean encryptionTpyeAssigned = false;
    private boolean passwordAssigned = false;
    private boolean applicationAssigned = false;
    private SaveResultType saveResultType = null;
    private boolean replaceAllSettings = true;

    public static void main(String[] strArr) {
        GrouperStartup.startup();
        GrouperSession.startRootSession();
        new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername(GrouperConfig.ROOT).assignPassword("mypassword2").save();
        new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername(GrouperConfig.ROOT).assignPassword("mypassword3").save();
    }

    public GrouperPasswordSave assignSaveMode(SaveMode saveMode) {
        this.saveMode = saveMode;
        return this;
    }

    public GrouperPasswordSave assignSaveMode(String str) {
        this.saveMode = SaveMode.valueOfIgnoreCase(str);
        return this;
    }

    public GrouperPasswordSave assignMemberId(String str) {
        this.memberId = str;
        this.memberIdAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignPublicKey(String str) {
        this.publicKey = str;
        this.publicKeyAssigned = true;
        return this;
    }

    public static boolean canAccessWsJwtKeys(final Subject subject, final Subject subject2) {
        if (PrivilegeHelper.isWheelOrRoot(subject)) {
            return true;
        }
        final String property = GrouperConfig.retrieveConfig().getProperty("grouper.selfService.jwt.groupNameAllowedToManage", null);
        if (StringUtils.isBlank(property)) {
            return GroupFinder.findByUuid(subject2.getId(), false).hasAdmin(subject);
        }
        GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.authentication.GrouperPasswordSave.1
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                Group findByName = GroupFinder.findByName(property, false);
                if (findByName != null) {
                    return findByName.hasMember(subject) && GroupFinder.findByUuid(subject2.getId(), false).hasAdmin(subject);
                }
                GrouperPasswordSave.LOG.error("Group does not exist: " + property);
                return false;
            }
        });
        return false;
    }

    public void save() {
        if (StringUtils.isNotBlank(this.publicKey) && StringUtils.isNotBlank(this.thePassword)) {
            throw new RuntimeException("Either publicKey or password can be set, not both.");
        }
        if (StringUtils.isNotBlank(this.publicKey)) {
            savePublicKey();
        } else {
            saveUserPassword();
        }
    }

    public GrouperPasswordSave assignUsername(String str) {
        this.username = str;
        this.usernameAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignAllowedFromCidrs(String str) {
        this.allowedFromCidrs = str;
        this.allowedFromCidrsAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignMemberIdWhoSetPassword(String str) {
        this.memberIdWhoSetPassword = str;
        this.memberIdWhoSetPasswordAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignExpiresAt(Long l) {
        this.expiresAtDb = l;
        this.expiresAtAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignEntityType(String str) {
        this.entityType = str;
        this.entityTypeAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignEncryptionType(GrouperPassword.EncryptionType encryptionType) {
        this.encryptionType = encryptionType;
        this.encryptionTpyeAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignPassword(String str) {
        this.thePassword = str;
        this.passwordAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignApplication(GrouperPassword.Application application) {
        this.application = application;
        this.applicationAssigned = true;
        return this;
    }

    public GrouperPasswordSave assignUuid(String str) {
        this.uuid = str;
        return this;
    }

    public String getUsername() {
        return this.username;
    }

    public String getEntityType() {
        return this.entityType;
    }

    public GrouperPassword.EncryptionType getEncryptionType() {
        return this.encryptionType;
    }

    public String getThePassword() {
        return this.thePassword;
    }

    public GrouperPassword.Application getApplication() {
        return this.application;
    }

    public GrouperPasswordSave assignRunAsRoot(boolean z) {
        this.runAsRoot = z;
        return this;
    }

    public SaveResultType getSaveResultType() {
        return this.saveResultType;
    }

    public String getAllowedFromCidrs() {
        return this.allowedFromCidrs;
    }

    public Long getExpiresAtDb() {
        return this.expiresAtDb;
    }

    public GrouperPasswordSave assignReplaceAllSettings(boolean z) {
        this.replaceAllSettings = z;
        return this;
    }

    private GrouperPassword savePublicKey() {
        this.saveMode = (SaveMode) ObjectUtils.defaultIfNull(this.saveMode, SaveMode.INSERT_OR_UPDATE);
        return (GrouperPassword) GrouperTransaction.callbackGrouperTransaction(new GrouperTransactionHandler() { // from class: edu.internet2.middleware.grouper.authentication.GrouperPasswordSave.2
            @Override // edu.internet2.middleware.grouper.hibernate.GrouperTransactionHandler
            public Object callback(GrouperTransaction grouperTransaction) throws GrouperDAOException {
                grouperTransaction.setCachingEnabled(false);
                final Subject subject = GrouperSession.staticGrouperSession().getSubject();
                return GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.authentication.GrouperPasswordSave.2.1
                    @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                    public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                        if (!GrouperPasswordSave.this.runAsRoot) {
                            if (!GrouperPasswordSave.canAccessWsJwtKeys(subject, MemberFinder.findByUuid(grouperSession, GrouperPasswordSave.this.memberId, true).getSubject())) {
                                throw new RuntimeException("Subject '" + SubjectUtils.subjectToString(subject) + "' cannot save/delete grouper public key for local entity '" + GrouperPasswordSave.this.memberId + "'");
                            }
                        }
                        if (GrouperPasswordSave.this.saveMode == SaveMode.DELETE) {
                            GrouperPassword grouperPassword = null;
                            if (StringUtils.isNotBlank(GrouperPasswordSave.this.uuid)) {
                                grouperPassword = GrouperDAOFactory.getFactory().getGrouperPassword().findById(GrouperPasswordSave.this.uuid, false);
                            }
                            if (grouperPassword == null && StringUtils.isNotBlank(GrouperPasswordSave.this.username) && GrouperPasswordSave.this.application != null) {
                                grouperPassword = GrouperDAOFactory.getFactory().getGrouperPassword().findByUsernameApplication(GrouperPasswordSave.this.username, GrouperPasswordSave.this.application.name());
                            }
                            if (grouperPassword == null) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.NO_CHANGE;
                                return null;
                            }
                            GrouperDAOFactory.getFactory().getGrouperPassword().delete(grouperPassword);
                            GrouperPasswordSave.this.saveResultType = SaveResultType.DELETE;
                            return grouperPassword;
                        }
                        GrouperPassword grouperPassword2 = null;
                        if (StringUtils.isNotBlank(GrouperPasswordSave.this.uuid)) {
                            grouperPassword2 = GrouperDAOFactory.getFactory().getGrouperPassword().findById(GrouperPasswordSave.this.uuid, false);
                        }
                        if (grouperPassword2 == null && StringUtils.isNotBlank(GrouperPasswordSave.this.username) && GrouperPasswordSave.this.application != null) {
                            grouperPassword2 = GrouperDAOFactory.getFactory().getGrouperPassword().findByUsernameApplication(GrouperPasswordSave.this.username, GrouperPasswordSave.this.application.name());
                        }
                        if (GrouperPasswordSave.this.saveMode == SaveMode.UPDATE && grouperPassword2 == null) {
                            throw new RuntimeException("Updating grouperPassword settings but they do not exist!");
                        }
                        if (GrouperPasswordSave.this.saveMode == SaveMode.INSERT && grouperPassword2 != null) {
                            throw new RuntimeException("Inserting grouperPassword settings but they already exist!");
                        }
                        if (!StringUtils.isBlank(GrouperPasswordSave.this.memberIdWhoSetPassword)) {
                            MemberFinder.findByUuid(grouperSession, GrouperPasswordSave.this.memberIdWhoSetPassword, true);
                        } else if (GrouperPasswordSave.this.runAsRoot) {
                            GrouperPasswordSave.this.memberIdWhoSetPassword = grouperSession.getMember().getId();
                        } else {
                            GrouperPasswordSave.this.memberIdWhoSetPassword = MemberFinder.findBySubject(grouperSession, subject, true).getId();
                        }
                        if (grouperPassword2 == null) {
                            if (!GrouperPasswordSave.this.replaceAllSettings) {
                                throw new RuntimeException("You can only edit certain fields if the object exists.");
                            }
                            if (StringUtils.isBlank(GrouperPasswordSave.this.username)) {
                                throw new RuntimeException("username is required");
                            }
                            if (StringUtils.isBlank(GrouperPasswordSave.this.memberId)) {
                                throw new RuntimeException("memberId cannot be null");
                            }
                            if (StringUtils.isNotBlank(GrouperPasswordSave.this.entityType) && !StringUtils.equals("localEntity", GrouperPasswordSave.this.entityType)) {
                                throw new RuntimeException("entityType has to be localEntity or blank for public keys");
                            }
                            if (null == GrouperPasswordSave.this.application) {
                                throw new RuntimeException("application is required");
                            }
                            if (null != GrouperPasswordSave.this.encryptionType && GrouperPasswordSave.this.encryptionType != GrouperPassword.EncryptionType.RS_2048) {
                                throw new RuntimeException("encryptionType has to be RS_2048 or blank for public keys");
                            }
                            GrouperPassword grouperPassword3 = new GrouperPassword();
                            grouperPassword3.setApplication(GrouperPasswordSave.this.application);
                            grouperPassword3.setUsername(GrouperPasswordSave.this.username);
                            grouperPassword3.setEncryptionType(GrouperPassword.EncryptionType.RS_2048);
                            grouperPassword3.setMemberId(GrouperPasswordSave.this.memberId);
                            grouperPassword3.setEntityType("localEntity");
                            grouperPassword3.setThePassword(GrouperPasswordSave.this.publicKey);
                            grouperPassword3.setHashed(false);
                            grouperPassword3.setTheSalt(null);
                            grouperPassword3.setLastEdited(Long.valueOf(Instant.now().toEpochMilli()));
                            grouperPassword3.setAllowedFromCidrs(GrouperPasswordSave.this.allowedFromCidrs);
                            grouperPassword3.setMemberIdWhoSetPassword(GrouperPasswordSave.this.memberIdWhoSetPassword);
                            grouperPassword3.setExpiresMillis(GrouperPasswordSave.this.expiresAtDb);
                            GrouperDAOFactory.getFactory().getGrouperPassword().saveOrUpdate(grouperPassword3);
                            GrouperPasswordSave.this.saveResultType = SaveResultType.INSERT;
                            return grouperPassword3;
                        }
                        boolean z = false;
                        GrouperPasswordSave.this.saveResultType = SaveResultType.NO_CHANGE;
                        if (GrouperPasswordSave.this.application != grouperPassword2.getApplication() && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.applicationAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setApplication(GrouperPasswordSave.this.application);
                        }
                        if (!StringUtils.equals(StringUtils.defaultString(StringUtils.trim(grouperPassword2.getAllowedFromCidrs())), StringUtils.defaultString(StringUtils.trim(GrouperPasswordSave.this.allowedFromCidrs))) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.allowedFromCidrsAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setAllowedFromCidrs(GrouperPasswordSave.this.allowedFromCidrs);
                        }
                        if (Objects.equals(GrouperPasswordSave.this.expiresAtDb, grouperPassword2.getExpiresMillis()) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.expiresAtAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setExpiresMillis(GrouperPasswordSave.this.expiresAtDb);
                        }
                        if (!StringUtils.equals(GrouperPasswordSave.this.memberId, grouperPassword2.getMemberId()) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.memberIdAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setMemberId(GrouperPasswordSave.this.memberId);
                        }
                        if (!StringUtils.equals(GrouperPasswordSave.this.publicKey, grouperPassword2.getThePassword()) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.publicKeyAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setThePassword(GrouperPasswordSave.this.publicKey);
                            grouperPassword2.setMemberIdWhoSetPassword(GrouperPasswordSave.this.memberIdWhoSetPassword);
                        }
                        if (z) {
                            GrouperDAOFactory.getFactory().getGrouperPassword().saveOrUpdate(grouperPassword2);
                        }
                        return grouperPassword2;
                    }
                });
            }
        });
    }

    private GrouperPassword saveUserPassword() {
        this.saveMode = (SaveMode) ObjectUtils.defaultIfNull(this.saveMode, SaveMode.INSERT_OR_UPDATE);
        return (GrouperPassword) GrouperTransaction.callbackGrouperTransaction(new GrouperTransactionHandler() { // from class: edu.internet2.middleware.grouper.authentication.GrouperPasswordSave.3
            @Override // edu.internet2.middleware.grouper.hibernate.GrouperTransactionHandler
            public Object callback(GrouperTransaction grouperTransaction) throws GrouperDAOException {
                grouperTransaction.setCachingEnabled(false);
                final Subject subject = GrouperSession.staticGrouperSession().getSubject();
                return GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.authentication.GrouperPasswordSave.3.1
                    @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                    public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                        if (!GrouperPasswordSave.this.runAsRoot && !PrivilegeHelper.isWheelOrRoot(subject)) {
                            throw new RuntimeException("Subject '" + SubjectUtils.subjectToString(subject) + "' cannot save/delete grouper password");
                        }
                        if (GrouperPasswordSave.this.saveMode == SaveMode.DELETE) {
                            GrouperPassword grouperPassword = null;
                            if (StringUtils.isNotBlank(GrouperPasswordSave.this.uuid)) {
                                grouperPassword = GrouperDAOFactory.getFactory().getGrouperPassword().findById(GrouperPasswordSave.this.uuid, false);
                            }
                            if (grouperPassword == null && StringUtils.isNotBlank(GrouperPasswordSave.this.username) && GrouperPasswordSave.this.application != null) {
                                grouperPassword = GrouperDAOFactory.getFactory().getGrouperPassword().findByUsernameApplication(GrouperPasswordSave.this.username, GrouperPasswordSave.this.application.name());
                            }
                            if (grouperPassword == null) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.NO_CHANGE;
                                return null;
                            }
                            GrouperDAOFactory.getFactory().getGrouperPassword().delete(grouperPassword);
                            GrouperPasswordSave.this.saveResultType = SaveResultType.DELETE;
                            return grouperPassword;
                        }
                        GrouperPassword grouperPassword2 = null;
                        if (StringUtils.isNotBlank(GrouperPasswordSave.this.uuid)) {
                            grouperPassword2 = GrouperDAOFactory.getFactory().getGrouperPassword().findById(GrouperPasswordSave.this.uuid, false);
                        }
                        if (grouperPassword2 == null && StringUtils.isNotBlank(GrouperPasswordSave.this.username) && GrouperPasswordSave.this.application != null) {
                            grouperPassword2 = GrouperDAOFactory.getFactory().getGrouperPassword().findByUsernameApplication(GrouperPasswordSave.this.username, GrouperPasswordSave.this.application.name());
                        }
                        if (GrouperPasswordSave.this.saveMode == SaveMode.UPDATE && grouperPassword2 == null) {
                            throw new RuntimeException("Updating grouperPassword settings but they do not exist!");
                        }
                        if (GrouperPasswordSave.this.saveMode == SaveMode.INSERT && grouperPassword2 != null) {
                            throw new RuntimeException("Inserting grouperPassword settings but they already exist!");
                        }
                        boolean propertyValueBoolean = GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.authentication.splitBasicAuthOnFirstColon", false);
                        if (propertyValueBoolean && StringUtils.contains(GrouperPasswordSave.this.username, ":")) {
                            throw new RuntimeException("username cannot contain a colon due to http basic auth and this grouper.properties setting grouper.authentication.splitBasicAuthOnFirstColon=true  Note, if you change that setting, you might need to adjust existing users/passes.  Note: it is recommended to use the local entity uuid as the username if you are using local entities");
                        }
                        if (!propertyValueBoolean && StringUtils.contains(GrouperPasswordSave.this.thePassword, ":")) {
                            throw new RuntimeException("password cannot contain a colon due to http basic auth and this grouper.properties setting grouper.authentication.splitBasicAuthOnFirstColon=false  Note, if you change that setting, you might need to adjust existing users/passes.  Note: it is recommended to use the local entity uuid as the username if you are using local entities");
                        }
                        if (!StringUtils.isBlank(GrouperPasswordSave.this.memberIdWhoSetPassword)) {
                            MemberFinder.findByUuid(grouperSession, GrouperPasswordSave.this.memberIdWhoSetPassword, true);
                        } else if (GrouperPasswordSave.this.runAsRoot) {
                            GrouperPasswordSave.this.memberIdWhoSetPassword = grouperSession.getMember().getId();
                        } else {
                            GrouperPasswordSave.this.memberIdWhoSetPassword = MemberFinder.findBySubject(grouperSession, subject, true).getId();
                        }
                        if (grouperPassword2 == null) {
                            if (!GrouperPasswordSave.this.replaceAllSettings) {
                                throw new RuntimeException("You can only edit certain fields if the object exists.");
                            }
                            if (StringUtils.isBlank(GrouperPasswordSave.this.username)) {
                                throw new RuntimeException("username is required");
                            }
                            if (StringUtils.isBlank(GrouperPasswordSave.this.thePassword)) {
                                throw new RuntimeException("password is required");
                            }
                            if (null == GrouperPasswordSave.this.application) {
                                throw new RuntimeException("application is required");
                            }
                            Object[] encryptPassword = GrouperPasswordSave.this.encryptPassword(GrouperPasswordSave.this.thePassword);
                            GrouperPassword grouperPassword3 = new GrouperPassword();
                            grouperPassword3.setApplication(GrouperPasswordSave.this.application);
                            grouperPassword3.setUsername(GrouperPasswordSave.this.username);
                            grouperPassword3.setEncryptionType((GrouperPassword.EncryptionType) encryptPassword[2]);
                            grouperPassword3.setMemberId(GrouperPasswordSave.this.memberId);
                            grouperPassword3.setEntityType(GrouperPasswordSave.this.entityType);
                            grouperPassword3.setThePassword(encryptPassword[1].toString());
                            grouperPassword3.setHashed(true);
                            grouperPassword3.setTheSalt(encryptPassword[0].toString());
                            grouperPassword3.setLastEdited(Long.valueOf(Instant.now().toEpochMilli()));
                            grouperPassword3.setAllowedFromCidrs(GrouperPasswordSave.this.allowedFromCidrs);
                            grouperPassword3.setMemberIdWhoSetPassword(GrouperPasswordSave.this.memberIdWhoSetPassword);
                            grouperPassword3.setExpiresMillis(GrouperPasswordSave.this.expiresAtDb);
                            GrouperDAOFactory.getFactory().getGrouperPassword().saveOrUpdate(grouperPassword3);
                            GrouperPasswordSave.this.saveResultType = SaveResultType.INSERT;
                            return grouperPassword3;
                        }
                        boolean z = false;
                        GrouperPasswordSave.this.saveResultType = SaveResultType.NO_CHANGE;
                        if (GrouperPasswordSave.this.application != grouperPassword2.getApplication() && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.applicationAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setApplication(GrouperPasswordSave.this.application);
                        }
                        if (!StringUtils.equals(StringUtils.defaultString(StringUtils.trim(grouperPassword2.getAllowedFromCidrs())), StringUtils.defaultString(StringUtils.trim(GrouperPasswordSave.this.allowedFromCidrs))) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.allowedFromCidrsAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setAllowedFromCidrs(GrouperPasswordSave.this.allowedFromCidrs);
                        }
                        if (Objects.equals(GrouperPasswordSave.this.expiresAtDb, grouperPassword2.getExpiresMillis()) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.expiresAtAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setExpiresMillis(GrouperPasswordSave.this.expiresAtDb);
                        }
                        if (!StringUtils.equals(GrouperPasswordSave.this.memberId, grouperPassword2.getMemberId()) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.memberIdAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            grouperPassword2.setMemberId(GrouperPasswordSave.this.memberId);
                        }
                        if (StringUtils.isNotBlank(GrouperPasswordSave.this.thePassword) && (GrouperPasswordSave.this.replaceAllSettings || GrouperPasswordSave.this.passwordAssigned)) {
                            z = true;
                            if (GrouperPasswordSave.this.saveResultType == SaveResultType.NO_CHANGE) {
                                GrouperPasswordSave.this.saveResultType = SaveResultType.UPDATE;
                            }
                            Object[] encryptPassword2 = GrouperPasswordSave.this.encryptPassword(GrouperPasswordSave.this.thePassword);
                            grouperPassword2.setEncryptionType((GrouperPassword.EncryptionType) encryptPassword2[2]);
                            grouperPassword2.setThePassword(encryptPassword2[1].toString());
                            grouperPassword2.setHashed(true);
                            grouperPassword2.setTheSalt(encryptPassword2[0].toString());
                            grouperPassword2.setMemberIdWhoSetPassword(GrouperPasswordSave.this.memberIdWhoSetPassword);
                        }
                        if (z) {
                            grouperPassword2.setLastEdited(Long.valueOf(Instant.now().toEpochMilli()));
                            GrouperDAOFactory.getFactory().getGrouperPassword().saveOrUpdate(grouperPassword2);
                        }
                        return grouperPassword2;
                    }
                });
            }
        });
    }

    public String getMemberId() {
        return this.memberId;
    }

    public String getPublicKey() {
        return this.publicKey;
    }

    private Object[] encryptPassword(String str) {
        GrouperPassword.EncryptionType valueOf;
        try {
            str = Morph.decrypt(str);
        } catch (Exception e) {
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        if (this.encryptionType == null) {
            String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("grouper.authentication.encryptionType", null);
            if (StringUtils.isBlank(propertyValueString)) {
                throw new RuntimeException("grouper.authentication.encryptionType must be set to SHA-256 or RS-256");
            }
            try {
                valueOf = GrouperPassword.EncryptionType.valueOf(propertyValueString.replace("-", JavaConstant.Dynamic.DEFAULT_NAME));
            } catch (Exception e2) {
                throw new RuntimeException("grouper.authentication.encryptionType must be set to SHA-256 or RS-256");
            }
        } else {
            if (this.encryptionType != GrouperPassword.EncryptionType.SHA_256) {
                throw new RuntimeException("Only SHA_256 is allowed");
            }
            valueOf = this.encryptionType;
        }
        String encodeHexString = Hex.encodeHexString(bArr);
        return new Object[]{encodeHexString, Morph.encrypt(valueOf.generateHash(encodeHexString + str)), valueOf};
    }
}
