package io.ovomnia.blueprint.users.services;

import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import io.ovomnia.blueprint.users.OvomniaAppUserSession;
import io.ovomnia.blueprint.users.definitions.BpRoleDefinition;
import io.ovomnia.blueprint.users.definitions.SecurityKeys;
import io.ovomnia.blueprint.users.domain.BpMission;
import io.ovomnia.blueprint.users.domain.BpMissionDisplay;
import io.ovomnia.blueprint.users.domain.BpPerson;
import io.ovomnia.blueprint.users.services.BpPersonEvent;
import io.vertigo.account.account.Account;
import io.vertigo.account.authentication.AuthenticationManager;
import io.vertigo.account.authorization.AuthorizationManager;
import io.vertigo.account.authorization.UserAuthorizations;
import io.vertigo.account.authorization.VSecurityException;
import io.vertigo.account.authorization.definitions.Role;
import io.vertigo.account.impl.authentication.UsernameAuthenticationToken;
import io.vertigo.account.security.VSecurityManager;
import io.vertigo.commons.eventbus.EventBusManager;
import io.vertigo.commons.transaction.Transactional;
import io.vertigo.connectors.oidc.OIDCDeploymentConnector;
import io.vertigo.core.lang.Assertion;
import io.vertigo.core.lang.VUserException;
import io.vertigo.core.lang.WrappedException;
import io.vertigo.core.locale.LocaleMessageText;
import io.vertigo.core.node.Node;
import io.vertigo.core.node.component.Component;
import io.vertigo.datamodel.data.definitions.DataField;
import io.vertigo.datamodel.data.model.DtList;
import io.vertigo.datamodel.data.util.DataModelUtil;
import io.vertigo.datamodel.smarttype.SmartTypeManager;
import io.vertigo.datamodel.smarttype.definitions.FormatterException;
import io.vertigo.datamodel.smarttype.definitions.SmartTypeDefinition;
import io.vertigo.vega.plugins.authentication.oidc.OIDCAppLoginHandler;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.io.Serializable;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.inject.Inject;

@Transactional
/* loaded from: input_file:io/ovomnia/blueprint/users/services/BpLoginServices.class */
public class BpLoginServices implements OIDCAppLoginHandler, Component {

    @Inject
    private AuthenticationManager authenticationManager;

    @Inject
    private VSecurityManager securityManager;

    @Inject
    private AuthorizationManager authorizationManager;

    @Inject
    private BpPersonLoginServices personServices;

    @Inject
    private BpMissionServices missionServices;

    @Inject
    Optional<OIDCDeploymentConnector> keycloakDeploymentConnectorOpt;

    @Inject
    private SmartTypeManager smartTypeManager;

    @Inject
    private EventBusManager eventBusManager;

    public String doLogin(HttpServletRequest httpServletRequest, Map<String, Object> map, OIDCTokens oIDCTokens, Optional<String> optional) {
        if (!isAuthenticated()) {
            Optional<String> loginWithPrincipal = loginWithPrincipal(map, oIDCTokens);
            if (loginWithPrincipal.isPresent()) {
                return loginWithPrincipal.get();
            }
        }
        return optional.orElse("/home");
    }

    public Optional<String> doLogout(HttpServletRequest httpServletRequest) {
        return Optional.of("/");
    }

    public void loginWithLogin(String str) {
        Assertion.check().isTrue(this.keycloakDeploymentConnectorOpt.isEmpty(), "Cannot login with local authentication when keycloak is enabled", new Object[0]);
        Optional login = this.authenticationManager.login(new UsernameAuthenticationToken(str));
        if (!login.isPresent()) {
            throw new VUserException("Logininvalid", new Serializable[0]);
        }
        BpPerson loggedPerson = this.personServices.getLoggedPerson(Long.valueOf(((Account) login.get()).getId()));
        DtList<BpMissionDisplay> missionsByPerId = this.missionServices.getMissionsByPerId(loggedPerson.getPerId());
        getUserSession().setLoggedPerson(loggedPerson);
        getUserSession().setAvailableMissions(missionsByPerId);
        changeMission(((BpMissionDisplay) missionsByPerId.get(0)).getMisId().longValue());
    }

    private Optional<String> loginWithPrincipal(Map<String, Object> map, OIDCTokens oIDCTokens) {
        String str = (String) map.get("email");
        String str2 = (String) map.get("functional_id");
        String str3 = (String) Optional.ofNullable(str2).orElse(str);
        String str4 = (String) map.get("given_name");
        String str5 = (String) map.get("family_name");
        String str6 = (String) map.get("phone_number");
        BpPerson loggedPerson = this.personServices.getLoggedPerson(Long.valueOf(((Account) this.authenticationManager.login(new UsernameAuthenticationToken(str3)).orElseGet(() -> {
            BpPerson bpPerson = new BpPerson();
            bpPerson.setAuthToken(str3);
            bpPerson.setEmail(str);
            bpPerson.setFunctionalId(str2);
            bpPerson.setFirstName(str4);
            bpPerson.setLastName(str5);
            bpPerson.setPhone(str6);
            bpPerson.setActive(false);
            this.personServices.createNewPerson(bpPerson);
            this.eventBusManager.post(new BpPersonEvent(BpPersonEvent.Type.CREATE, bpPerson));
            return (Account) this.authenticationManager.login(new UsernameAuthenticationToken(str3)).get();
        })).getId()));
        getUserSession().setLoggedPerson(loggedPerson);
        if (!loggedPerson.getActive().booleanValue()) {
            if (!this.personServices.isFirstUser()) {
                getUserSession().setCurrentProfile(new BpMissionDisplay());
                getUserSession().setAvailableMissions(new DtList<>(BpMissionDisplay.class));
                return Optional.of("/bp/first-login/");
            }
            BpMission bpMission = new BpMission();
            bpMission.person().set(loggedPerson);
            bpMission.setSecurityKeys(new SecurityKeys());
            bpMission.setRolCd("BpRSuperAdmin");
            loggedPerson.setActive(true);
            this.personServices.savePerson(loggedPerson);
            this.missionServices.createMission(bpMission);
        }
        DtList<BpMissionDisplay> missionsByPerId = this.missionServices.getMissionsByPerId(loggedPerson.getPerId());
        getUserSession().setAvailableMissions(missionsByPerId);
        changeMission(((BpMissionDisplay) missionsByPerId.get(0)).getMisId().longValue());
        return Optional.empty();
    }

    public String logout(HttpSession httpSession) {
        if (this.keycloakDeploymentConnectorOpt.isPresent()) {
            return "/OIDC/logout";
        }
        httpSession.invalidate();
        return "/";
    }

    public DtList<BpMissionDisplay> getAvailableMissions() {
        return getUserSession().getAvailableMissions();
    }

    public BpMissionDisplay changeMission(long j) {
        BpMissionDisplay bpMissionDisplay = (BpMissionDisplay) getUserSession().getAvailableMissions().stream().filter(bpMissionDisplay2 -> {
            return bpMissionDisplay2.getMisId().longValue() == j;
        }).findFirst().get();
        getUserSession().setCurrentProfile(bpMissionDisplay);
        updateUserAuthorizations(this.missionServices.get(Long.valueOf(j)));
        this.authorizationManager.obtainUserAuthorizations().withSecurityKeys("ovoCurrentUserId", getUserSession().getLoggedPerson().getPerId());
        return bpMissionDisplay;
    }

    public void impersonate(long j) {
        updateUserAuthorizations(this.missionServices.get(Long.valueOf(j)));
    }

    private void updateUserAuthorizations(BpMission bpMission) {
        Assertion.check().isTrue(Node.getNode().getDefinitionSpace().contains(bpMission.getRolCd()), "Cannot impersonate a non exising role", new Object[0]);
        BpRoleDefinition resolve = Node.getNode().getDefinitionSpace().resolve(bpMission.getRolCd(), BpRoleDefinition.class);
        Role resolve2 = Node.getNode().getDefinitionSpace().resolve(bpMission.getRolCd().substring(2), Role.class);
        Map map = (Map) resolve.getSecurityKeys().stream().collect(Collectors.toMap((v0) -> {
            return v0.name();
        }, securityKeyDefinition -> {
            return Node.getNode().getDefinitionSpace().resolve(securityKeyDefinition.smartTypeName(), SmartTypeDefinition.class);
        }));
        UserAuthorizations addRole = this.authorizationManager.obtainUserAuthorizations().clearRoles().clearSecurityKeys().addRole(resolve2);
        bpMission.getSecurityKeys().entrySet().forEach(entry -> {
            ((List) entry.getValue()).forEach(securityKeyValue -> {
                try {
                    SmartTypeDefinition smartTypeDefinition = (SmartTypeDefinition) map.get(entry.getKey());
                    addRole.withSecurityKeys((String) entry.getKey(), (Serializable) this.smartTypeManager.stringToValue(smartTypeDefinition.getScope().isDataType() ? ((DataField) DataModelUtil.findDataDefinition(smartTypeDefinition.getJavaClass()).getIdField().get()).smartTypeDefinition() : smartTypeDefinition, securityKeyValue.value()));
                } catch (FormatterException e) {
                    throw WrappedException.wrap(e);
                }
            });
        });
    }

    public BpMissionDisplay getActiveMission() {
        return getUserSession().getCurrentProfile();
    }

    public boolean isAuthenticated() {
        Optional currentUserSession = this.securityManager.getCurrentUserSession();
        if (currentUserSession.isPresent()) {
            return ((OvomniaAppUserSession) currentUserSession.get()).isAuthenticated();
        }
        return false;
    }

    public BpPerson getLoggedPerson() {
        return getUserSession().getLoggedPerson();
    }

    private OvomniaAppUserSession getUserSession() {
        return (OvomniaAppUserSession) this.securityManager.getCurrentUserSession().orElseThrow(() -> {
            return new VSecurityException(LocaleMessageText.of("No active session found", new Serializable[0]));
        });
    }

    public /* bridge */ /* synthetic */ String doLogin(HttpServletRequest httpServletRequest, Map map, Object obj, Optional optional) {
        return doLogin(httpServletRequest, (Map<String, Object>) map, (OIDCTokens) obj, (Optional<String>) optional);
    }
}
