package com.appiancorp.suite.cfg.adminconsole.migration;

import com.appian.logging.AppianLogger;
import com.appiancorp.common.config.AdminServicesProvider;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.common.config.FatalConfigurationException;
import com.appiancorp.security.auth.saml.IdpMetadataService;
import com.appiancorp.security.auth.saml.service.SamlSettings;
import com.appiancorp.security.auth.saml.service.SamlSettingsService;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suite.cfg.adminconsole.property.AdministeredConfigurationProperty;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.util.BundleUtils;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import java.util.ResourceBundle;
import java.util.Set;

/* loaded from: input_file:com/appiancorp/suite/cfg/adminconsole/migration/MultipleIdpMigration.class */
public class MultipleIdpMigration implements Runnable {
    static final String SAML_BUNDLE = "text.java.com.appiancorp.core.admin.Saml";
    static final String MIGRATION_KEY = "MultipleIdpMigration";
    static final String DEFAULT_IDP_DESCRIPTION_KEY = "saml.multiple.default.description";
    private SamlConfiguration samlConfig;
    private ResourceBundle resourceBundle;
    private SamlSettingsService samlSettingsService;
    private SuiteConfiguration suiteConfiguration;
    private IdpMetadataService idpMetadataService;
    private static final AppianLogger LOGGER = AppianLogger.getLogger(MultipleIdpMigration.class);
    private static final Set<String> GLOBAL_PROPERTIES = Sets.newHashSet(new String[]{SamlConfiguration.SamlProperty.Enabled.getName(), SamlConfiguration.SamlProperty.OldCloudGroupId.getName(), SamlConfiguration.SamlProperty.DefaultIdpEntityId.getName()});

    @VisibleForTesting
    MultipleIdpMigration(SamlConfiguration samlConfiguration, ResourceBundle resourceBundle, SamlSettingsService samlSettingsService, SuiteConfiguration suiteConfiguration, IdpMetadataService idpMetadataService) {
        this.samlConfig = samlConfiguration;
        this.resourceBundle = resourceBundle;
        this.samlSettingsService = samlSettingsService;
        this.suiteConfiguration = suiteConfiguration;
        this.idpMetadataService = idpMetadataService;
    }

    public static MultipleIdpMigration getMigration() {
        return new MultipleIdpMigration((SamlConfiguration) ApplicationContextHolder.getBean("samlConfig", SamlConfiguration.class), BundleUtils.getBundle(SAML_BUNDLE, ((AdminServicesProvider) ApplicationContextHolder.getBean(AdminServicesProvider.class)).globalizationService().getSiteLocaleSettings().getPrimaryLocale()), (SamlSettingsService) ApplicationContextHolder.getBean(SamlSettingsService.class), (SuiteConfiguration) ApplicationContextHolder.getBean(SuiteConfiguration.class), (IdpMetadataService) ApplicationContextHolder.getBean("idpMetadataService", IdpMetadataService.class));
    }

    @Override // java.lang.Runnable
    public void run() {
        LOGGER.info("Beginning Multiple IdP Migration");
        if (!isSamlConfigured()) {
            LOGGER.info("Migration not needed: SAML not configured");
            return;
        }
        try {
            String str = (String) getConfigurationValue(SamlConfiguration.SamlProperty.IdpMetadata);
            String idpEntityId = this.idpMetadataService.getIdpEntityId(str);
            persistSamlSettings(idpEntityId, str);
            LOGGER.info("Persisted SAML settings");
            updateDefaultLoginPage(idpEntityId);
            LOGGER.info("Updated Default Login Page");
            clearPreviousProperties();
            LOGGER.info("Clearing previous SAML configuration");
        } catch (Throwable th) {
            LOGGER.error("Error migrating to multiple IdPs");
            throw new FatalConfigurationException(th, ErrorCode.MULTIPLE_IDP_MIGRATION_FAILED, new Object[]{this.suiteConfiguration.getAppianVersion()});
        }
    }

    private boolean isSamlConfigured() {
        return this.samlConfig.getAdministeredConfiguration().getAllProperties().stream().anyMatch(administeredProperty -> {
            return (administeredProperty.getValue() == null && administeredProperty.getDefaultValue() != null) || !(administeredProperty.getValue() == null || administeredProperty.getValue().equals(administeredProperty.getDefaultValue()));
        });
    }

    private void updateDefaultLoginPage(String str) {
        if (((Boolean) getConfigurationValue(SamlConfiguration.SamlProperty.RedirectToIdpWhenUnauthenticated)).booleanValue()) {
            this.samlConfig.getAdministeredConfiguration().setValueAsAdministrator(SamlConfiguration.SamlProperty.DefaultIdpEntityId, str);
        }
    }

    private void clearPreviousProperties() {
        this.samlConfig.getAdministeredConfiguration().getAllProperties().stream().filter(administeredProperty -> {
            return !GLOBAL_PROPERTIES.contains(administeredProperty.getKey());
        }).forEach((v0) -> {
            v0.clear();
        });
    }

    private void persistSamlSettings(String str, String str2) {
        SamlSettings samlSettings = new SamlSettings();
        samlSettings.setIdpEntityId(str);
        samlSettings.setIdpMetadataUuid(str2);
        samlSettings.setSpCertificate((String) getConfigurationValue(SamlConfiguration.SamlProperty.SpCertificate));
        samlSettings.setSpCertificateFileName((String) getConfigurationValue(SamlConfiguration.SamlProperty.SpCertificateFileName));
        samlSettings.setSpRequestSignatureHashMethod((String) getConfigurationValue(SamlConfiguration.SamlProperty.SpRequestSignatureHashMethod));
        samlSettings.setSpEntityId((String) getConfigurationValue(SamlConfiguration.SamlProperty.SpIdentity));
        samlSettings.setSpName((String) getConfigurationValue(SamlConfiguration.SamlProperty.SpName));
        samlSettings.setFriendlyName((String) getConfigurationValue(SamlConfiguration.SamlProperty.FriendlyName));
        samlSettings.setGroupUuid((String) getConfigurationValue(SamlConfiguration.SamlProperty.GroupUuid));
        samlSettings.setAutoCreateUsers(((Boolean) getConfigurationValue(SamlConfiguration.SamlProperty.AutoCreateUsers)).booleanValue());
        samlSettings.setUsernameAttribute((String) getConfigurationValue(SamlConfiguration.SamlProperty.UsernameAttribute));
        samlSettings.setUseUsernameAttribute(((Boolean) getConfigurationValue(SamlConfiguration.SamlProperty.UseUsernameAttribute)).booleanValue());
        samlSettings.setFirstNameAttribute((String) getConfigurationValue(SamlConfiguration.SamlProperty.FirstNameAttribute));
        samlSettings.setLastNameAttribute((String) getConfigurationValue(SamlConfiguration.SamlProperty.LastNameAttribute));
        samlSettings.setEmailAttribute((String) getConfigurationValue(SamlConfiguration.SamlProperty.EmailAttribute));
        samlSettings.setAllowLowercaseUsername(((Boolean) getConfigurationValue(SamlConfiguration.SamlProperty.LowercaseUsername)).booleanValue());
        samlSettings.setMinimumAuthenticationMethod((String) getConfigurationValue(SamlConfiguration.SamlProperty.RequestAuthnContext));
        samlSettings.setMobileAuthPopup(((Boolean) getConfigurationValue(SamlConfiguration.SamlProperty.MobileAuthPopup)).booleanValue());
        samlSettings.setPriority(1);
        samlSettings.setDescription(getDescription(str));
        LOGGER.debug("Persisted the following setting during migration: " + this.samlSettingsService.createOrUpdate(samlSettings));
    }

    private String getDescription(String str) {
        return !Strings.isNullOrEmpty(str) ? str : this.resourceBundle.getString(DEFAULT_IDP_DESCRIPTION_KEY);
    }

    private <T> T getConfigurationValue(AdministeredConfigurationProperty<T> administeredConfigurationProperty) {
        return (T) this.samlConfig.getAdministeredConfiguration().getValue(administeredConfigurationProperty);
    }
}
