package pl.edu.icm.crpd.webapp.security.opi;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.net.SocketTimeoutException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import javax.xml.ws.WebServiceException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import pl.edu.icm.crpd.common.security.Md5Generator;
import pl.edu.icm.crpd.common.security.OpiRole;
import pl.edu.icm.crpd.persistence.model.Institution;
import pl.edu.icm.crpd.persistence.repository.InstitutionRepository;
import pl.edu.icm.crpd.webapp.security.CrpdGrantedAuthority;
import pl.edu.icm.crpd.webapp.security.Role;
import pl.edu.icm.crpd.webapp.security.exception.AccountDisabledMessageableException;
import pl.edu.icm.crpd.webapp.security.exception.AuthenticationTimeoutException;
import pl.edu.icm.crpd.webapp.security.exception.BadCredentialsMessageableException;
import pl.edu.icm.crpd.webapp.security.exception.UsernameNotFoundMessageableException;
import pl.edu.icm.sedno.icmopi.auth.GetRoleRequestType;
import pl.edu.icm.sedno.icmopi.auth.GetRoleServiceResultType;
import pl.edu.icm.sedno.icmopi.auth.GetUserIdRequestType;
import pl.edu.icm.sedno.icmopi.auth.GetUserServiceResultType;
import pl.edu.icm.sedno.icmopi.auth.LoginSoap;
import pl.edu.icm.sedno.icmopi.auth.RoleStatus;
import pl.edu.icm.sedno.icmopi.auth.RoleWrapper;
import pl.edu.icm.sedno.icmopi.auth.RolesList;

@Service("opiAuthenticationService")
/* loaded from: input_file:WEB-INF/classes/pl/edu/icm/crpd/webapp/security/opi/OpiAuthenticationService.class */
public class OpiAuthenticationService {
    private Logger log = LoggerFactory.getLogger(OpiAuthenticationService.class);

    @Autowired
    private LoginSoap loginSoap;

    @Autowired
    private InstitutionRepository institutionRepository;

    public List<CrpdGrantedAuthority> authenticate(String str, String str2) {
        if (StringUtils.isEmpty(StringUtils.trim(str))) {
            throw new UsernameNotFoundMessageableException(str);
        }
        new ArrayList();
        try {
            GetRoleServiceResultType roleResult = getRoleResult(str, str2, getUserId(str));
            checkAccountStatus(roleResult, str);
            return extractGrantedAuthorities(roleResult);
        } catch (WebServiceException e) {
            if (e.getCause() instanceof SocketTimeoutException) {
                throw new AuthenticationTimeoutException();
            }
            throw new AuthenticationServiceException(e.getMessage(), e);
        }
    }

    private String getUserId(String str) {
        GetUserIdRequestType getUserIdRequestType = new GetUserIdRequestType();
        getUserIdRequestType.setEmail(str);
        GetUserServiceResultType userId = this.loginSoap.getUserId(getUserIdRequestType);
        if (userId.getId() == null) {
            throw new UsernameNotFoundMessageableException(str);
        }
        return userId.getId().toString();
    }

    private GetRoleServiceResultType getRoleResult(String str, String str2, String str3) {
        GetRoleRequestType getRoleRequestType = new GetRoleRequestType();
        getRoleRequestType.setEmail(str);
        String doMd5 = Md5Generator.doMd5(str2 + "{" + str3 + "}");
        getRoleRequestType.setMd5(doMd5);
        this.log.debug("===> opi auth: username=" + str + ", passwordHash: " + doMd5);
        return this.loginSoap.getUserRole(getRoleRequestType);
    }

    private void checkAccountStatus(GetRoleServiceResultType getRoleServiceResultType, String str) {
        if (getRoleServiceResultType.getStatus().equals(RoleStatus.NOT_EXIST)) {
            throw new UsernameNotFoundMessageableException(str);
        }
        if (getRoleServiceResultType.getStatus().equals(RoleStatus.USER_NOT_ACTIVE)) {
            throw new AccountDisabledMessageableException();
        }
        if (getRoleServiceResultType.getStatus().equals(RoleStatus.PASSWORD_INVALID)) {
            throw new BadCredentialsMessageableException();
        }
    }

    private List<CrpdGrantedAuthority> extractGrantedAuthorities(GetRoleServiceResultType getRoleServiceResultType) {
        HashSet newHashSet = Sets.newHashSet();
        RolesList roles = getRoleServiceResultType.getRoles();
        if (roles == null || CollectionUtils.isEmpty(roles.getRole())) {
            return Lists.newArrayList();
        }
        for (RoleWrapper roleWrapper : roles.getRole()) {
            Role correspondingCrpdRole = OpiRoleMapper.getCorrespondingCrpdRole(OpiRole.getOpiRoleName(roleWrapper.getRoleName()));
            if (correspondingCrpdRole != null) {
                Institution extractInstitution = extractInstitution(roleWrapper);
                newHashSet.add(new CrpdGrantedAuthority(correspondingCrpdRole, extractInstitution));
                this.log.debug("===> role added: role=" + correspondingCrpdRole + ", inst=" + extractInstitution);
            }
        }
        return Lists.newArrayList(newHashSet);
    }

    private Institution extractInstitution(RoleWrapper roleWrapper) {
        Institution institution = null;
        if (roleWrapper.getInstituteId() != null) {
            String l = roleWrapper.getInstituteId().toString();
            institution = this.institutionRepository.findOneByOpiId(l);
            if (institution == null) {
                this.log.error("the opi role '" + roleWrapper.getRoleName() + "' has an instutition context but no institution with opiId=" + l + " exists in crpd database");
            }
        }
        return institution;
    }

    public void setLoginSoap(LoginSoap loginSoap) {
        this.loginSoap = loginSoap;
    }
}
