package org.georchestra.gateway.accounts.admin.ldap;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;
import org.georchestra.ds.DataServiceException;
import org.georchestra.ds.DuplicatedCommonNameException;
import org.georchestra.ds.orgs.Org;
import org.georchestra.ds.orgs.OrgsDao;
import org.georchestra.ds.roles.Role;
import org.georchestra.ds.roles.RoleDao;
import org.georchestra.ds.roles.RoleFactory;
import org.georchestra.ds.users.Account;
import org.georchestra.ds.users.AccountDao;
import org.georchestra.ds.users.AccountFactory;
import org.georchestra.ds.users.DuplicatedEmailException;
import org.georchestra.ds.users.DuplicatedUidException;
import org.georchestra.gateway.accounts.admin.AbstractAccountsManager;
import org.georchestra.security.api.UsersApi;
import org.georchestra.security.model.GeorchestraUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.ldap.NameNotFoundException;

/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.class */
class LdapAccountsManager extends AbstractAccountsManager {
    private static final Logger log = LoggerFactory.getLogger("org.georchestra.gateway.accounts.admin.ldap");

    @Value("${georchestra.gateway.security.defaultOrganization:}")
    private String defaultOrganization;

    @NonNull
    private final AccountDao accountDao;

    @NonNull
    private final RoleDao roleDao;

    @NonNull
    private final OrgsDao orgsDao;

    @NonNull
    private final UsersApi usersApi;

    public LdapAccountsManager(ApplicationEventPublisher applicationEventPublisher, AccountDao accountDao, RoleDao roleDao, OrgsDao orgsDao, UsersApi usersApi) {
        super(applicationEventPublisher);
        this.accountDao = accountDao;
        this.roleDao = roleDao;
        this.orgsDao = orgsDao;
        this.usersApi = usersApi;
    }

    @Override // org.georchestra.gateway.accounts.admin.AbstractAccountsManager
    protected Optional<GeorchestraUser> findByOAuth2Uid(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("oAuth2Provider is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("oAuth2Uid is marked non-null but is null");
        }
        return this.usersApi.findByOAuth2Uid(str, str2).map(this::ensureRolesPrefixed);
    }

    @Override // org.georchestra.gateway.accounts.admin.AbstractAccountsManager
    protected Optional<GeorchestraUser> findByUsername(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        return this.usersApi.findByUsername(str).map(this::ensureRolesPrefixed);
    }

    private GeorchestraUser ensureRolesPrefixed(GeorchestraUser georchestraUser) {
        georchestraUser.setRoles((List) georchestraUser.getRoles().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(str -> {
            return str.startsWith("ROLE_") ? str : "ROLE_" + str;
        }).collect(Collectors.toList()));
        return georchestraUser;
    }

    @Override // org.georchestra.gateway.accounts.admin.AbstractAccountsManager
    protected void createInternal(GeorchestraUser georchestraUser) {
        Account mapToAccountBrief = mapToAccountBrief(georchestraUser);
        try {
            this.accountDao.insert(mapToAccountBrief);
            ensureOrgExists(mapToAccountBrief);
            ensureRolesExist(georchestraUser, mapToAccountBrief);
        } catch (DataServiceException | DuplicatedEmailException | DuplicatedUidException e) {
            throw new IllegalStateException(e);
        }
    }

    private void ensureRolesExist(GeorchestraUser georchestraUser, Account account) {
        try {
            if (!georchestraUser.getRoles().contains("ROLE_USER")) {
                this.roleDao.addUser(Role.USER, account);
            }
            Iterator<String> it = georchestraUser.getRoles().iterator();
            while (it.hasNext()) {
                String replaceFirst = it.next().replaceFirst("^ROLE_", "");
                ensureRoleExists(replaceFirst);
                this.roleDao.addUser(replaceFirst, account);
            }
        } catch (DataServiceException | NameNotFoundException e) {
            try {
                this.accountDao.delete(account);
            } catch (DataServiceException | NameNotFoundException e2) {
                log.warn("Error reverting user creation after roleDao update failure", e2);
            }
            throw new IllegalStateException(e);
        }
    }

    private void ensureRoleExists(String str) throws DataServiceException {
        try {
            this.roleDao.findByCommonName(str);
        } catch (NameNotFoundException e) {
            try {
                this.roleDao.insert(RoleFactory.create(str, null, null));
            } catch (DuplicatedCommonNameException e2) {
                throw new IllegalStateException(e2);
            }
        }
    }

    private Account mapToAccountBrief(@NonNull GeorchestraUser georchestraUser) {
        if (georchestraUser == null) {
            throw new NullPointerException("preAuth is marked non-null but is null");
        }
        String username = georchestraUser.getUsername();
        String email = georchestraUser.getEmail();
        String firstName = georchestraUser.getFirstName();
        String lastName = georchestraUser.getLastName();
        String organization = georchestraUser.getOrganization();
        Account createBrief = AccountFactory.createBrief(username, null, firstName, lastName, email, "", "", "", georchestraUser.getOAuth2Provider(), georchestraUser.getOAuth2Uid());
        createBrief.setPending(false);
        if (!StringUtils.isEmpty(organization) || StringUtils.isBlank(this.defaultOrganization)) {
            createBrief.setOrg(organization);
        } else {
            createBrief.setOrg(this.defaultOrganization);
        }
        return createBrief;
    }

    private void ensureOrgExists(@NonNull Account account) {
        if (account == null) {
            throw new NullPointerException("newAccount is marked non-null but is null");
        }
        String org2 = account.getOrg();
        try {
            if (StringUtils.isEmpty(org2)) {
                return;
            }
            try {
                Org findByCommonName = this.orgsDao.findByCommonName(org2);
                List<String> members = findByCommonName.getMembers();
                members.add(account.getUid());
                findByCommonName.setMembers(members);
                this.orgsDao.update(findByCommonName);
            } catch (NameNotFoundException e) {
                log.info("Org {} does not exist, trying to create it", org2);
                Org org3 = new Org();
                org3.setId(org2);
                org3.setName(org2);
                org3.setShortName(org2);
                org3.setOrgType("Other");
                org3.setMembers(Arrays.asList(account.getUid()));
                this.orgsDao.insert(org3);
            }
        } catch (Exception e2) {
            log.error("Error when trying to create / update the organisation {}, reverting the account creation", org2, e2);
            try {
                this.accountDao.delete(account);
            } catch (DataServiceException | NameNotFoundException e3) {
                log.warn("Error reverting user creation after orgsDao update failure", e3);
            }
            throw new IllegalStateException(e2);
        }
    }
}
