package pl.decerto.hyperon.common.security.activedirectory;

import java.util.Collection;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
import org.springframework.transaction.annotation.Transactional;
import pl.decerto.hyperon.common.security.MppUserDetails;
import pl.decerto.hyperon.common.security.SystemRoleManagementService;
import pl.decerto.hyperon.common.security.UserDetailsAdditionalHolder;
import pl.decerto.hyperon.common.security.UserManagementService;
import pl.decerto.hyperon.common.security.cache.UsersCacheManager;
import pl.decerto.hyperon.common.security.domain.UserStatus;
import pl.decerto.hyperon.common.security.dto.SystemRole;
import pl.decerto.hyperon.common.security.dto.SystemUser;

/* loaded from: input_file:BOOT-INF/lib/hyperon-common-1.14.0.jar:pl/decerto/hyperon/common/security/activedirectory/ActiveDirectoryUserDetailsMapper.class */
public class ActiveDirectoryUserDetailsMapper extends LdapUserDetailsMapper {
    private static final int INDEX_OF_ROLE_FIRST_CHAR = 3;
    private static final char COMMA_CHAR = ',';
    private static final String DEFAULT_EMAIL_REPRESENTATION = "@local.com";
    private static final String FIRST_NAME_ATTRIBUTE_FROM_AD = "givenName";
    private static final String LAST_NAME_ATTRIBUTE_FROM_AD = "sn";
    private static final String EMAIL_ATTRIBUTE_FROM_AD = "mail";
    private static final String ROLES_ATTRIBUTE_FROM_AD = "memberOf";
    private final UsersCacheManager userCache;
    private final UserManagementService userService;
    private final SystemRoleManagementService roleService;
    private final ActiveDirectoryUserDetailsValidator activeDirectoryUserDetailsValidator;

    public ActiveDirectoryUserDetailsMapper(UserManagementService userManagementService, SystemRoleManagementService systemRoleManagementService, UsersCacheManager usersCacheManager, ActiveDirectoryUserDetailsValidator activeDirectoryUserDetailsValidator) {
        this.userCache = usersCacheManager;
        this.userService = userManagementService;
        this.roleService = systemRoleManagementService;
        this.activeDirectoryUserDetailsValidator = activeDirectoryUserDetailsValidator;
    }

    @Override // org.springframework.security.ldap.userdetails.LdapUserDetailsMapper, org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    @Transactional
    public MppUserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        UserDetails mapUserFromContext = super.mapUserFromContext(dirContextOperations, str, collection);
        UserDetailsAdditionalHolder createUserDetailsAdditionalHolder = createUserDetailsAdditionalHolder(mapUserFromContext);
        this.activeDirectoryUserDetailsValidator.validateUserDetailsHolder(createUserDetailsAdditionalHolder);
        String lowerCase = mapUserFromContext.getUsername().toLowerCase();
        return MppUserDetails.createMppUserDetailsWithAdditionalDetails(getUser(dirContextOperations, lowerCase), this.userCache.getUserCacheEntry(lowerCase), createUserDetailsAdditionalHolder);
    }

    private UserDetailsAdditionalHolder createUserDetailsAdditionalHolder(UserDetails userDetails) {
        return new UserDetailsAdditionalHolder(userDetails.isAccountNonExpired(), userDetails.isAccountNonLocked(), userDetails.isCredentialsNonExpired(), userDetails.isEnabled());
    }

    private SystemUser getUser(DirContextOperations dirContextOperations, String str) {
        return (SystemUser) this.userService.getUserByLoginWithIgnoreCase(str).map(systemUser -> {
            return updateExistingSystemUser(dirContextOperations, systemUser, str);
        }).orElseGet(() -> {
            return createNewSystemUser(dirContextOperations, str);
        });
    }

    private SystemUser createNewSystemUser(DirContextOperations dirContextOperations, String str) {
        SystemUser createUser = createUser(dirContextOperations, str);
        addUserToDB(createUser);
        return createUser;
    }

    private SystemUser updateExistingSystemUser(DirContextOperations dirContextOperations, SystemUser systemUser, String str) {
        SystemUser createUser = createUser(dirContextOperations, str);
        if (this.activeDirectoryUserDetailsValidator.isValidToUpdate(systemUser, createUser)) {
            createUser.setId(systemUser.getId());
            createUser.setCreateDate(systemUser.getCreateDate());
            addUserToDB(createUser);
            systemUser = createUser;
        }
        return systemUser;
    }

    private void addUserToDB(SystemUser systemUser) {
        if (this.activeDirectoryUserDetailsValidator.validateUser(systemUser)) {
            this.userService.add(systemUser, false);
        }
    }

    private SystemUser createUser(DirContextOperations dirContextOperations, String str) {
        return getUserWithAssignedRoles(createUserDto(dirContextOperations, str), dirContextOperations);
    }

    private SystemUser createUserDto(DirContextOperations dirContextOperations, String str) {
        SystemUser systemUser = new SystemUser();
        systemUser.setLogin(str);
        systemUser.setFirstName(dirContextOperations.getStringAttribute(FIRST_NAME_ATTRIBUTE_FROM_AD));
        systemUser.setLastName(dirContextOperations.getStringAttribute(LAST_NAME_ATTRIBUTE_FROM_AD));
        systemUser.setEmail(getEmail(dirContextOperations, str));
        systemUser.setStatus(UserStatus.EXTERNAL);
        return systemUser;
    }

    private String getEmail(DirContextOperations dirContextOperations, String str) {
        String stringAttribute = dirContextOperations.getStringAttribute(EMAIL_ATTRIBUTE_FROM_AD);
        return StringUtils.isBlank(stringAttribute) ? generateDefaultEmail(str) : stringAttribute;
    }

    private String generateDefaultEmail(String str) {
        return str + DEFAULT_EMAIL_REPRESENTATION;
    }

    private SystemUser getUserWithAssignedRoles(SystemUser systemUser, DirContextOperations dirContextOperations) {
        String[] stringAttributes = dirContextOperations.getStringAttributes(ROLES_ATTRIBUTE_FROM_AD);
        if (this.activeDirectoryUserDetailsValidator.validateUserRoles(stringAttributes)) {
            for (String str : stringAttributes) {
                addRoleToUser(systemUser, str);
            }
        }
        return systemUser;
    }

    private void addRoleToUser(SystemUser systemUser, String str) {
        SystemRole roleByCode = this.roleService.getRoleByCode(getRoleNameFromADAttribute(str));
        if (Objects.nonNull(roleByCode)) {
            systemUser.addRole(roleByCode);
        }
    }

    private String getRoleNameFromADAttribute(String str) {
        return str.substring(3, str.indexOf(44));
    }

    @Override // org.springframework.security.ldap.userdetails.LdapUserDetailsMapper, org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    @Transactional
    public /* bridge */ /* synthetic */ UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection collection) {
        return mapUserFromContext(dirContextOperations, str, (Collection<? extends GrantedAuthority>) collection);
    }
}
