package pl.edu.icm.sedno.inter.opi;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.HashSet;
import java.util.List;
import org.apache.cxf.common.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.CollectionUtils;
import pl.edu.icm.sedno.authentication.exception.AuthenticationErrorCodes;
import pl.edu.icm.sedno.authentication.exception.SednoBadCredentialsException;
import pl.edu.icm.sedno.authentication.exception.SednoDisabledException;
import pl.edu.icm.sedno.authentication.exception.SednoUsernameNotFoundException;
import pl.edu.icm.sedno.common.util.Md5Generator;
import pl.edu.icm.sedno.icmopi.auth.GetRoleRequestType;
import pl.edu.icm.sedno.icmopi.auth.GetRoleServiceResultType;
import pl.edu.icm.sedno.icmopi.auth.GetUserIdRequestType;
import pl.edu.icm.sedno.icmopi.auth.GetUserServiceResultType;
import pl.edu.icm.sedno.icmopi.auth.LoginSoap;
import pl.edu.icm.sedno.icmopi.auth.RoleStatus;
import pl.edu.icm.sedno.icmopi.auth.RoleWrapper;
import pl.edu.icm.sedno.icmopi.auth.RolesList;
import pl.edu.icm.sedno.model.opi.Institution;
import pl.edu.icm.sedno.model.users.Role;
import pl.edu.icm.sedno.model.users.RoleName;
import pl.edu.icm.sedno.services.InstitutionRepository;
import pl.edu.icm.sedno.services.OpiAuthenticationService;
import pl.edu.icm.sedno.services.RoleNameMapper;

/* loaded from: input_file:WEB-INF/lib/sedno-backend-1.2.22.5.jar:pl/edu/icm/sedno/inter/opi/OpiAuthenticationServiceImpl.class */
public class OpiAuthenticationServiceImpl implements OpiAuthenticationService {
    private Logger log = LoggerFactory.getLogger(OpiAuthenticationServiceImpl.class);
    private LoginSoap loginSoap;

    @Autowired
    private InstitutionRepository institutionRepository;

    @Autowired
    private RoleNameMapper roleNameMapper;

    @Override // pl.edu.icm.sedno.services.OpiAuthenticationService
    public List<Role> authenticate(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            throw new SednoUsernameNotFoundException(AuthenticationErrorCodes.ACCOUNT_NOT_FOUND, str);
        }
        GetRoleServiceResultType roleResult = getRoleResult(str, str2, getUserId(str));
        checkAccountStatus(roleResult, str);
        return extractRoles(roleResult);
    }

    private String getUserId(String str) {
        GetUserIdRequestType getUserIdRequestType = new GetUserIdRequestType();
        getUserIdRequestType.setEmail(str);
        GetUserServiceResultType userId = this.loginSoap.getUserId(getUserIdRequestType);
        if (userId.getId() == null) {
            throw new SednoUsernameNotFoundException(AuthenticationErrorCodes.ACCOUNT_NOT_FOUND, str);
        }
        return userId.getId().toString();
    }

    private GetRoleServiceResultType getRoleResult(String str, String str2, String str3) {
        GetRoleRequestType getRoleRequestType = new GetRoleRequestType();
        getRoleRequestType.setEmail(str);
        String doMd5 = Md5Generator.doMd5(str2 + "{" + str3 + "}");
        getRoleRequestType.setMd5(doMd5);
        this.log.info("opi auth: username=" + str + ", passwordHash: " + doMd5);
        return this.loginSoap.getUserRole(getRoleRequestType);
    }

    private void checkAccountStatus(GetRoleServiceResultType getRoleServiceResultType, String str) {
        if (getRoleServiceResultType.getStatus().equals(RoleStatus.NOT_EXIST)) {
            throw new SednoUsernameNotFoundException(AuthenticationErrorCodes.ACCOUNT_NOT_FOUND, str);
        }
        if (getRoleServiceResultType.getStatus().equals(RoleStatus.USER_NOT_ACTIVE)) {
            throw new SednoDisabledException(AuthenticationErrorCodes.ACCOUNT_INACTIVE, str);
        }
        if (getRoleServiceResultType.getStatus().equals(RoleStatus.PASSWORD_INVALID)) {
            throw new SednoBadCredentialsException(AuthenticationErrorCodes.BAD_CREDENTIALS_BASIC);
        }
    }

    private List<Role> extractRoles(GetRoleServiceResultType getRoleServiceResultType) {
        HashSet newHashSet = Sets.newHashSet();
        RolesList roles = getRoleServiceResultType.getRoles();
        if (roles == null || CollectionUtils.isEmpty(roles.getRole())) {
            return Lists.newArrayList();
        }
        for (RoleWrapper roleWrapper : roles.getRole()) {
            RoleName pbnRoleName = this.roleNameMapper.getPbnRoleName(roleWrapper.getRoleName());
            if (pbnRoleName != null) {
                if (roleWrapper.getInstituteId() == null) {
                    this.log.error("no institution context received for the external role '" + roleWrapper.getRoleName() + "'");
                } else {
                    String l = roleWrapper.getInstituteId().toString();
                    Institution uninitializedInstitutionByOpiId = this.institutionRepository.getUninitializedInstitutionByOpiId(l);
                    if (uninitializedInstitutionByOpiId == null) {
                        this.log.error("the external role '" + roleWrapper.getRoleName() + "' has an instutition context but no institution with opiId=" + l + " exists in PBN");
                    } else {
                        newHashSet.add(new Role(pbnRoleName, uninitializedInstitutionByOpiId));
                    }
                }
            }
        }
        return Lists.newArrayList(newHashSet);
    }

    public void setLoginSoap(LoginSoap loginSoap) {
        this.loginSoap = loginSoap;
    }
}
