package com.evolveum.midpoint.common;

import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import java.io.Serializable;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.RandomStringUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.opensaml.saml.saml2.metadata.Organization;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:BOOT-INF/lib/common-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/common/RoleMiningExportUtils.class */
public class RoleMiningExportUtils implements Serializable {
    public static final String APPLICATION_ROLE_IDENTIFIER = "Application role";
    public static final String BUSINESS_ROLE_IDENTIFIER = "Business role";
    private static final String EXPORT_SUFFIX = "_AE";

    /* loaded from: input_file:BOOT-INF/lib/common-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/common/RoleMiningExportUtils$AttributeValueAnonymizer.class */
    public static class AttributeValueAnonymizer {
        private final ScopedSequentialAnonymizer sequentialAnonymizer = new ScopedSequentialAnonymizer("att");
        private final NameMode nameMode;
        private final String encryptKey;

        public AttributeValueAnonymizer(NameMode nameMode, String str) {
            this.nameMode = nameMode;
            this.encryptKey = str;
        }

        public String anonymize(String str, String str2) {
            String str3;
            switch (this.nameMode) {
                case ENCRYPTED:
                    str3 = RoleMiningExportUtils.encrypt(str2, this.encryptKey);
                    break;
                case SEQUENTIAL:
                    str3 = this.sequentialAnonymizer.anonymize(str, str2);
                    break;
                case ORIGINAL:
                    str3 = str2;
                    break;
                default:
                    throw new IncompatibleClassChangeError();
            }
            return str3 + "_AE";
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/common-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/common/RoleMiningExportUtils$NameMode.class */
    public enum NameMode {
        ENCRYPTED("ENCRYPTED"),
        SEQUENTIAL("SEQUENTIAL"),
        ORIGINAL("ORIGINAL");

        private final String displayString;

        NameMode(String str) {
            this.displayString = str;
        }

        public String getDisplayString() {
            return this.displayString;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/common-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/common/RoleMiningExportUtils$ScopedSequentialAnonymizer.class */
    private static class ScopedSequentialAnonymizer {
        private final Map<String, SequentialAnonymizer> scopedAnonymizers = new HashMap();
        private final String baseName;

        public ScopedSequentialAnonymizer(String str) {
            this.baseName = str;
        }

        public String anonymize(String str, String str2) {
            if (!this.scopedAnonymizers.containsKey(str)) {
                this.scopedAnonymizers.put(str, new SequentialAnonymizer(this.baseName));
            }
            return this.scopedAnonymizers.get(str).anonymize(str2);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/common-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/common/RoleMiningExportUtils$SecurityMode.class */
    public enum SecurityMode {
        STANDARD("STANDARD"),
        ADVANCED("ADVANCED");

        private final String displayString;

        SecurityMode(String str) {
            this.displayString = str;
        }

        public String getDisplayString() {
            return this.displayString;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/common-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/common/RoleMiningExportUtils$SequentialAnonymizer.class */
    public static class SequentialAnonymizer {
        private final String baseName;
        private final Map<String, String> anonymizedValues = new HashMap();
        private long index = 0;

        public SequentialAnonymizer(String str) {
            this.baseName = str;
        }

        public String anonymize(String str) {
            if (!this.anonymizedValues.containsKey(str)) {
                Map<String, String> map = this.anonymizedValues;
                String str2 = this.baseName;
                long j = this.index;
                this.index = j + 1;
                map.put(str, str2 + j);
            }
            return this.anonymizedValues.get(str);
        }
    }

    private static PolyStringType encryptName(String str, int i, String str2, @NotNull NameMode nameMode, String str3) {
        if (nameMode.equals(NameMode.ENCRYPTED)) {
            return PolyStringType.fromOrig(encrypt(str, str3) + "_AE");
        }
        if (!nameMode.equals(NameMode.SEQUENTIAL) && nameMode.equals(NameMode.ORIGINAL)) {
            return PolyStringType.fromOrig(str + "_AE");
        }
        return PolyStringType.fromOrig(str2 + i + "_AE");
    }

    public static PolyStringType encryptUserName(String str, int i, NameMode nameMode, String str2) {
        return encryptName(str, i, "User", nameMode, str2);
    }

    public static PolyStringType encryptOrgName(String str, int i, NameMode nameMode, String str2) {
        return encryptName(str, i, Organization.DEFAULT_ELEMENT_LOCAL_NAME, nameMode, str2);
    }

    public static PolyStringType encryptRoleName(String str, int i, NameMode nameMode, String str2) {
        return encryptName(str, i, "Role", nameMode, str2);
    }

    public static ObjectReferenceType encryptObjectReference(ObjectReferenceType objectReferenceType, SecurityMode securityMode, String str) {
        ObjectReferenceType mo1618clone = objectReferenceType.mo1618clone();
        mo1618clone.setOid(encryptedUUID(mo1618clone.getOid(), securityMode, str));
        return mo1618clone;
    }

    public static AssignmentType encryptObjectReference(@NotNull AssignmentType assignmentType, SecurityMode securityMode, String str) {
        ObjectReferenceType targetRef = assignmentType.getTargetRef();
        targetRef.setOid(encryptedUUID(targetRef.getOid(), securityMode, str));
        return new AssignmentType().targetRef(targetRef);
    }

    public static String encryptedUUID(String str, SecurityMode securityMode, String str2) {
        return UUID.nameUUIDFromBytes(encryptOid(uuidToBytes(UUID.fromString(str), securityMode), str2).getBytes()).toString();
    }

    private static byte[] uuidToBytes(UUID uuid, @NotNull SecurityMode securityMode) {
        ByteBuffer allocate = ByteBuffer.allocate(32);
        if (securityMode.equals(SecurityMode.STANDARD)) {
            allocate = ByteBuffer.allocate(16);
        }
        allocate.putLong(uuid.getMostSignificantBits());
        allocate.putLong(uuid.getLeastSignificantBits());
        return allocate.array();
    }

    private static String encryptOid(byte[] bArr, String str) {
        if (bArr == null) {
            return null;
        }
        if (str == null) {
            return new String(bArr, StandardCharsets.UTF_8);
        }
        try {
            byte[] bytes = str.getBytes();
            Cipher cipher = Cipher.getInstance(JCAConstants.KEY_ALGO_AES);
            cipher.init(1, new SecretKeySpec(bytes, JCAConstants.KEY_ALGO_AES));
            return Base64.getEncoder().encodeToString(cipher.doFinal(bArr));
        } catch (Exception e) {
            throw new UnsupportedOperationException(getErrorEncryptMessage(e));
        }
    }

    private static String encrypt(String str, String str2) {
        if (str == null) {
            return null;
        }
        if (str2 == null) {
            return str;
        }
        try {
            byte[] bytes = str2.getBytes();
            Cipher cipher = Cipher.getInstance(JCAConstants.KEY_ALGO_AES);
            cipher.init(1, new SecretKeySpec(bytes, JCAConstants.KEY_ALGO_AES));
            return Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new UnsupportedOperationException(getErrorEncryptMessage(e));
        }
    }

    @NotNull
    public static String updateEncryptKey(@NotNull SecurityMode securityMode) {
        int i = 32;
        if (securityMode.equals(SecurityMode.STANDARD)) {
            i = 16;
        }
        return RandomStringUtils.random(i, 0, 0, true, true, null, new SecureRandom());
    }

    @Nullable
    public static String determineRoleCategory(String str, List<String> list, List<String> list2, List<String> list3, List<String> list4) {
        if (list != null && !list.isEmpty() && list.stream().anyMatch(str2 -> {
            return str.toLowerCase().startsWith(str2.toLowerCase());
        })) {
            return APPLICATION_ROLE_IDENTIFIER;
        }
        if (list3 != null && !list3.isEmpty() && list3.stream().anyMatch(str3 -> {
            return str.toLowerCase().endsWith(str3.toLowerCase());
        })) {
            return APPLICATION_ROLE_IDENTIFIER;
        }
        if (list2 != null && !list2.isEmpty() && list2.stream().anyMatch(str4 -> {
            return str.toLowerCase().startsWith(str4.toLowerCase());
        })) {
            return BUSINESS_ROLE_IDENTIFIER;
        }
        if (list4 == null || list4.isEmpty() || !list4.stream().anyMatch(str5 -> {
            return str.toLowerCase().endsWith(str5.toLowerCase());
        })) {
            return null;
        }
        return BUSINESS_ROLE_IDENTIFIER;
    }

    @NotNull
    private static String getErrorEncryptMessage(@NotNull Exception exc) {
        return "Error: Invalid key - Possible causes:\n- The key is not the right size or format for this operation.\n- The key is not appropriate for the selected algorithm or mode of operation.\n- The key has been damaged or corrupted.\nError message: " + exc.getMessage();
    }
}
