package com.helger.phoss.smp.domain.user;

import com.helger.commons.ValueEnforcer;
import com.helger.http.basicauth.BasicAuthClientCredentials;
import com.helger.peppolid.IParticipantIdentifier;
import com.helger.phoss.smp.domain.SMPMetaManager;
import com.helger.phoss.smp.domain.servicegroup.ISMPServiceGroup;
import com.helger.phoss.smp.exception.SMPNotFoundException;
import com.helger.phoss.smp.exception.SMPUnauthorizedException;
import com.helger.phoss.smp.exception.SMPUnknownUserException;
import com.helger.phoss.smp.restapi.SMPAPICredentials;
import com.helger.photon.security.mgr.PhotonSecurityManager;
import com.helger.photon.security.token.user.IUserToken;
import com.helger.photon.security.token.user.IUserTokenManager;
import com.helger.photon.security.user.IUser;
import com.helger.photon.security.user.IUserManager;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/helger/phoss/smp/domain/user/SMPUserManagerPhoton.class */
public final class SMPUserManagerPhoton {
    private static final Logger LOGGER = LoggerFactory.getLogger(SMPUserManagerPhoton.class);

    private SMPUserManagerPhoton() {
    }

    @Nonnull
    public static IUser validateUserCredentials(@Nonnull SMPAPICredentials sMPAPICredentials) throws SMPUnknownUserException, SMPUnauthorizedException {
        ValueEnforcer.notNull(sMPAPICredentials, "Credentials");
        IUserManager userMgr = PhotonSecurityManager.getUserMgr();
        if (sMPAPICredentials.hasBasicAuth()) {
            BasicAuthClientCredentials basicAuth = sMPAPICredentials.getBasicAuth();
            IUser userOfLoginName = userMgr.getUserOfLoginName(basicAuth.getUserName());
            if (userOfLoginName == null || userOfLoginName.isDeleted()) {
                LOGGER.warn("Invalid login name provided: '" + basicAuth.getUserName() + "'");
                throw new SMPUnknownUserException(basicAuth.getUserName());
            }
            if (!userMgr.areUserIDAndPasswordValid((String) userOfLoginName.getID(), basicAuth.getPassword())) {
                LOGGER.warn("Invalid password provided for '" + basicAuth.getUserName() + "'");
                throw new SMPUnauthorizedException("Username and/or password are invalid!");
            }
            if (userOfLoginName.isDisabled()) {
                LOGGER.warn("User '" + basicAuth.getUserName() + "' is disabled");
                throw new SMPUnauthorizedException("User is disabled!");
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("The provided BasicAuth credentials resolved to the user '" + userOfLoginName.getLoginName() + "'");
            }
            return userOfLoginName;
        }
        if (!sMPAPICredentials.hasBearerToken()) {
            throw new IllegalStateException("Unsupported credential method provided!");
        }
        IUserTokenManager userTokenMgr = PhotonSecurityManager.getUserTokenMgr();
        String bearerToken = sMPAPICredentials.getBearerToken();
        IUserToken userTokenOfTokenString = userTokenMgr.getUserTokenOfTokenString(bearerToken);
        if (userTokenOfTokenString == null) {
            LOGGER.warn("Invalid Bearer token provided: '" + bearerToken + "'");
            throw new SMPUnknownUserException("{BearerToken}" + bearerToken);
        }
        if (userTokenOfTokenString.isDeleted()) {
            LOGGER.warn("Deleted Bearer token provided: '" + bearerToken + "'");
            throw new SMPUnknownUserException("{BearerToken}" + bearerToken);
        }
        IUser user = userTokenOfTokenString.getUser();
        if (user.isDeleted()) {
            LOGGER.warn("The user to which the Bearer token '" + bearerToken + "' belongs is deleted");
            throw new SMPUnknownUserException(user.getLoginName());
        }
        if (user.isDisabled()) {
            LOGGER.warn("User '" + user.getLoginName() + "' of Bearer token '" + bearerToken + "' is disabled");
            throw new SMPUnauthorizedException("User is disabled!");
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("The provided Bearer token resolved to the user '" + user.getLoginName() + "'");
        }
        return user;
    }

    public static void verifyOwnership(@Nonnull IParticipantIdentifier iParticipantIdentifier, @Nonnull IUser iUser) throws SMPNotFoundException, SMPUnauthorizedException {
        ISMPServiceGroup sMPServiceGroupOfID = SMPMetaManager.getServiceGroupMgr().getSMPServiceGroupOfID(iParticipantIdentifier);
        if (sMPServiceGroupOfID == null) {
            throw new SMPNotFoundException("Service group " + iParticipantIdentifier.getURIEncoded() + " does not exist");
        }
        if (!sMPServiceGroupOfID.getOwnerID().equals(iUser.getID())) {
            throw new SMPUnauthorizedException("User '" + iUser.getLoginName() + "' does not own " + iParticipantIdentifier.getURIEncoded());
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Verified service group " + sMPServiceGroupOfID.mo30getID() + " is owned by user '" + iUser.getLoginName() + "'");
        }
    }
}
