package org.georchestra.gateway.accounts.admin.ldap;

import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;
import org.georchestra.ds.DataServiceException;
import org.georchestra.ds.DuplicatedCommonNameException;
import org.georchestra.ds.orgs.Org;
import org.georchestra.ds.orgs.OrgsDao;
import org.georchestra.ds.roles.Role;
import org.georchestra.ds.roles.RoleDao;
import org.georchestra.ds.roles.RoleFactory;
import org.georchestra.ds.users.Account;
import org.georchestra.ds.users.AccountDao;
import org.georchestra.ds.users.AccountFactory;
import org.georchestra.ds.users.DuplicatedEmailException;
import org.georchestra.ds.users.DuplicatedUidException;
import org.georchestra.gateway.accounts.admin.AbstractAccountsManager;
import org.georchestra.gateway.security.GeorchestraGatewaySecurityConfigProperties;
import org.georchestra.gateway.security.exceptions.DuplicatedEmailFoundException;
import org.georchestra.gateway.security.exceptions.DuplicatedUsernameFoundException;
import org.georchestra.gateway.security.ldap.extended.DemultiplexingUsersApi;
import org.georchestra.security.model.GeorchestraUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.ldap.NameNotFoundException;

/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.class */
class LdapAccountsManager extends AbstractAccountsManager {

    @Generated
    private static final Logger log = LoggerFactory.getLogger("org.georchestra.gateway.accounts.admin.ldap");

    @NonNull
    private final GeorchestraGatewaySecurityConfigProperties georchestraGatewaySecurityConfigProperties;

    @NonNull
    private final AccountDao accountDao;

    @NonNull
    private final RoleDao roleDao;

    @NonNull
    private final OrgsDao orgsDao;

    @NonNull
    private final DemultiplexingUsersApi demultiplexingUsersApi;

    public LdapAccountsManager(ApplicationEventPublisher applicationEventPublisher, AccountDao accountDao, RoleDao roleDao, OrgsDao orgsDao, DemultiplexingUsersApi demultiplexingUsersApi, GeorchestraGatewaySecurityConfigProperties georchestraGatewaySecurityConfigProperties) {
        super(applicationEventPublisher);
        this.accountDao = accountDao;
        this.roleDao = roleDao;
        this.orgsDao = orgsDao;
        this.demultiplexingUsersApi = demultiplexingUsersApi;
        this.georchestraGatewaySecurityConfigProperties = georchestraGatewaySecurityConfigProperties;
    }

    @Override // org.georchestra.gateway.accounts.admin.AbstractAccountsManager
    protected Optional<GeorchestraUser> findByOAuth2Uid(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("oAuth2Provider is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("oAuth2Uid is marked non-null but is null");
        }
        return this.demultiplexingUsersApi.findByOAuth2Uid(str, str2).map((v1) -> {
            return ensureRolesPrefixed(v1);
        });
    }

    @Override // org.georchestra.gateway.accounts.admin.AbstractAccountsManager
    protected Optional<GeorchestraUser> findByUsername(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        return this.demultiplexingUsersApi.findByUsername(str).map((v1) -> {
            return ensureRolesPrefixed(v1);
        });
    }

    private GeorchestraUser ensureRolesPrefixed(GeorchestraUser georchestraUser) {
        georchestraUser.setRoles((List) georchestraUser.getRoles().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(str -> {
            return str.startsWith("ROLE_") ? str : "ROLE_" + str;
        }).collect(Collectors.toList()));
        return georchestraUser;
    }

    @Override // org.georchestra.gateway.accounts.admin.AbstractAccountsManager
    protected void createInternal(GeorchestraUser georchestraUser) throws DuplicatedEmailFoundException {
        Account mapToAccountBrief = mapToAccountBrief(georchestraUser);
        try {
            this.accountDao.insert(mapToAccountBrief);
            try {
                ensureOrgExists(mapToAccountBrief);
                ensureRolesExist(georchestraUser, mapToAccountBrief);
            } catch (IllegalStateException e) {
                log.error("Error when trying to create / update the organisation {}, reverting the account creation", mapToAccountBrief.getOrg(), e);
                rollbackAccount(mapToAccountBrief, mapToAccountBrief.getOrg());
                throw e;
            }
        } catch (DataServiceException e2) {
            throw new IllegalStateException(e2);
        } catch (DuplicatedEmailException e3) {
            throw new DuplicatedEmailFoundException(e3.getMessage());
        } catch (DuplicatedUidException e4) {
            throw new DuplicatedUsernameFoundException(e4.getMessage());
        }
    }

    private void ensureRolesExist(GeorchestraUser georchestraUser, Account account) {
        try {
            if (!georchestraUser.getRoles().contains("ROLE_USER")) {
                this.roleDao.addUser(Role.USER, account);
            }
            Iterator<String> it = georchestraUser.getRoles().iterator();
            while (it.hasNext()) {
                String replaceFirst = it.next().replaceFirst("^ROLE_", "");
                ensureRoleExists(replaceFirst);
                this.roleDao.addUser(replaceFirst, account);
            }
        } catch (DataServiceException | NameNotFoundException e) {
            try {
                this.accountDao.delete(account);
            } catch (DataServiceException | NameNotFoundException e2) {
                log.warn("Error reverting user creation after roleDao update failure", e2);
            }
            throw new IllegalStateException(e);
        }
    }

    private void ensureRoleExists(String str) throws DataServiceException {
        try {
            this.roleDao.findByCommonName(str);
        } catch (NameNotFoundException e) {
            try {
                this.roleDao.insert(RoleFactory.create(str, null, null));
            } catch (DuplicatedCommonNameException e2) {
                throw new IllegalStateException(e2);
            }
        }
    }

    private Account mapToAccountBrief(@NonNull GeorchestraUser georchestraUser) {
        if (georchestraUser == null) {
            throw new NullPointerException("preAuth is marked non-null but is null");
        }
        String username = georchestraUser.getUsername();
        String email = georchestraUser.getEmail();
        String firstName = georchestraUser.getFirstName();
        String lastName = georchestraUser.getLastName();
        String organization = georchestraUser.getOrganization();
        Account createBrief = AccountFactory.createBrief(username, null, firstName, lastName, email, "", "", "", georchestraUser.getOAuth2Provider(), georchestraUser.getOAuth2Uid());
        createBrief.setPending(false);
        String defaultOrganization = this.georchestraGatewaySecurityConfigProperties.getDefaultOrganization();
        if (!StringUtils.isEmpty(organization) || StringUtils.isBlank(defaultOrganization)) {
            createBrief.setOrg(organization);
        } else {
            createBrief.setOrg(defaultOrganization);
        }
        return createBrief;
    }

    private void ensureOrgExists(@NonNull Account account) {
        if (account == null) {
            throw new NullPointerException("newAccount is marked non-null but is null");
        }
        String org2 = account.getOrg();
        if (StringUtils.isEmpty(org2)) {
            return;
        }
        findOrg(org2).ifPresentOrElse(org3 -> {
            addAccountToOrg(account, org3);
        }, () -> {
            createOrgAndAddAccount(account, org2);
        });
    }

    private void createOrgAndAddAccount(Account account, String str) {
        try {
            log.info("Org {} does not exist, trying to create it", str);
            Org newOrg = newOrg(str);
            newOrg.getMembers().add(account.getUid());
            this.orgsDao.insert(newOrg);
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private void addAccountToOrg(Account account, Org org2) {
        org2.getMembers().add(account.getUid());
        this.orgsDao.update(org2);
    }

    private Optional<Org> findOrg(String str) {
        try {
            return Optional.of(this.orgsDao.findByCommonName(str));
        } catch (NameNotFoundException e) {
            return Optional.empty();
        }
    }

    private void rollbackAccount(Account account, String str) {
        try {
            this.accountDao.delete(account);
        } catch (DataServiceException | NameNotFoundException e) {
            log.warn("Error reverting user creation after orgsDao update failure", e);
        }
    }

    private Org newOrg(String str) {
        Org org2 = new Org();
        org2.setId(str);
        org2.setName(str);
        org2.setShortName(str);
        org2.setOrgType("Other");
        return org2;
    }
}
