package pl.decerto.hyperon.common.security.activedirectory;

import java.util.Objects;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;
import pl.decerto.hyperon.common.security.UserDetailsAdditionalHolder;
import pl.decerto.hyperon.common.security.UserManagementService;
import pl.decerto.hyperon.common.security.activedirectory.exception.EmptyFirstOrLastNameException;
import pl.decerto.hyperon.common.security.activedirectory.exception.InternalUserException;
import pl.decerto.hyperon.common.security.activedirectory.exception.NoRoleAssignedException;
import pl.decerto.hyperon.common.security.activedirectory.exception.NotUniqueEmailException;
import pl.decerto.hyperon.common.security.activedirectory.exception.NotUniqueLoginException;
import pl.decerto.hyperon.common.security.domain.UserStatus;
import pl.decerto.hyperon.common.security.dto.SystemUser;
import pl.decerto.hyperon.common.utils.Messages;

@Component
/* loaded from: input_file:BOOT-INF/lib/hyperon-common-1.14.0.jar:pl/decerto/hyperon/common/security/activedirectory/ActiveDirectoryUserDetailsValidator.class */
public class ActiveDirectoryUserDetailsValidator {
    private final UserManagementService userService;

    public ActiveDirectoryUserDetailsValidator(UserManagementService userManagementService) {
        this.userService = userManagementService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean validateUser(SystemUser systemUser) {
        if (isLoginUsed(systemUser)) {
            throw new NotUniqueLoginException(Messages.message("authentication.accessDenied.not.unique.login"));
        }
        if (isEmailUsed(systemUser)) {
            throw new NotUniqueEmailException(Messages.message("authentication.accessDenied.not.unique.email"));
        }
        if (isFirstOrLastNameBlank(systemUser)) {
            throw new EmptyFirstOrLastNameException(Messages.message("authentication.accessDenied.empty.first.or.last.name"));
        }
        return true;
    }

    private boolean isLoginUsed(SystemUser systemUser) {
        return equalUsersId(systemUser, this.userService.getUserByLogin(systemUser.getLogin()));
    }

    private boolean isEmailUsed(SystemUser systemUser) {
        if (StringUtils.isNotBlank(systemUser.getEmail())) {
            return equalUsersId(systemUser, this.userService.getUserByEmail(systemUser.getEmail()));
        }
        return false;
    }

    private boolean equalUsersId(SystemUser systemUser, SystemUser systemUser2) {
        return (systemUser2 == null || systemUser2.getId() == systemUser.getId()) ? false : true;
    }

    private boolean isFirstOrLastNameBlank(SystemUser systemUser) {
        return StringUtils.isBlank(systemUser.getFirstName()) || StringUtils.isBlank(systemUser.getLastName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isValidToUpdate(SystemUser systemUser, SystemUser systemUser2) {
        return isExternalUser(systemUser) && systemUser2.getStatus() == UserStatus.EXTERNAL && !systemUser.equals(systemUser2) && CollectionUtils.isNotEmpty(systemUser2.getRoles());
    }

    private boolean isExternalUser(SystemUser systemUser) {
        if (systemUser.getStatus() != UserStatus.EXTERNAL) {
            throw new InternalUserException(Messages.message("authentication.accessDenied.user.exists.as.internal.user"));
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean validateUserRoles(String[] strArr) {
        if (Objects.isNull(strArr)) {
            throw new NoRoleAssignedException(Messages.message("authentication.accessDenied.no.role"));
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateUserDetailsHolder(UserDetailsAdditionalHolder userDetailsAdditionalHolder) {
        if (!userDetailsAdditionalHolder.isAccountNonExpired() || !userDetailsAdditionalHolder.isAccountNonLocked() || !userDetailsAdditionalHolder.isCredentialsNonExpired() || !userDetailsAdditionalHolder.isEnabled()) {
            throw new BadCredentialsException("authentication.accessDenied.user.is.inactive");
        }
    }
}
