package io.gravitee.am.service.impl;

import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.oauth2.ScopeApproval;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.repository.oauth2.api.AccessTokenRepository;
import io.gravitee.am.repository.oauth2.api.RefreshTokenRepository;
import io.gravitee.am.repository.oauth2.api.ScopeApprovalRepository;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.ScopeApprovalService;
import io.gravitee.am.service.UserService;
import io.gravitee.am.service.exception.AbstractManagementException;
import io.gravitee.am.service.exception.ScopeApprovalNotFoundException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.exception.UserNotFoundException;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.UserConsentAuditBuilder;
import io.reactivex.Completable;
import io.reactivex.CompletableSource;
import io.reactivex.Maybe;
import io.reactivex.Observable;
import io.reactivex.Single;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/ScopeApprovalServiceImpl.class */
public class ScopeApprovalServiceImpl implements ScopeApprovalService {
    public static final Logger LOGGER = LoggerFactory.getLogger(ScopeApprovalServiceImpl.class);

    @Autowired
    @Lazy
    private ScopeApprovalRepository scopeApprovalRepository;

    @Autowired
    @Lazy
    private AccessTokenRepository accessTokenRepository;

    @Autowired
    @Lazy
    private RefreshTokenRepository refreshTokenRepository;

    @Autowired
    private UserService userService;

    @Autowired
    private AuditService auditService;

    @Override // io.gravitee.am.service.ScopeApprovalService
    public Maybe<ScopeApproval> findById(String str) {
        LOGGER.debug("Find scope approval by id: {}", str);
        return this.scopeApprovalRepository.findById(str).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find a scope approval by id: {}", str);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find a scope approval by id %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ScopeApprovalService
    public Single<Set<ScopeApproval>> findByDomainAndUser(String str, String str2) {
        LOGGER.debug("Find scope approvals by domain: {} and user: {}", str, str2);
        return this.scopeApprovalRepository.findByDomainAndUser(str, str2).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find a scope approval for domain: {} and user: {}", str, str2);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find a scope approval for domain: %s and user: %s", str, str2), th));
        });
    }

    @Override // io.gravitee.am.service.ScopeApprovalService
    public Single<Set<ScopeApproval>> findByDomainAndUserAndClient(String str, String str2, String str3) {
        LOGGER.debug("Find scope approvals by domain: {} and user: {} and client: {}", str, str2);
        return this.scopeApprovalRepository.findByDomainAndUserAndClient(str, str2, str3).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find a scope approval for domain: {}, user: {} and client: {}", new Object[]{str, str2, str3});
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find a scope approval for domain: %s, user: %s and client: %s", str, str2, str3), th));
        });
    }

    @Override // io.gravitee.am.service.ScopeApprovalService
    public Single<List<ScopeApproval>> saveConsent(String str, Client client, List<ScopeApproval> list, User user) {
        LOGGER.debug("Save approvals for user: {}", list.get(0).getUserId());
        return Observable.fromIterable(list).flatMapSingle(scopeApproval -> {
            return this.scopeApprovalRepository.upsert(scopeApproval);
        }).toList().doOnSuccess(list2 -> {
            this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).domain(str).client(client).principal(user).type("USER_CONSENT_CONSENTED").approvals(list));
        }).doOnError(th -> {
            this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).domain(str).client(client).principal(user).type("USER_CONSENT_CONSENTED").throwable(th));
        }).onErrorResumeNext(th2 -> {
            LOGGER.error("An error occurs while trying to save consent for domain: {}, client: {} and user: {} ", new Object[]{str, client.getId(), ((ScopeApproval) list.get(0)).getUserId()});
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to save consent for domain: %s, client: %s and user: %s", str, client.getId(), ((ScopeApproval) list.get(0)).getUserId()), th2));
        });
    }

    @Override // io.gravitee.am.service.ScopeApprovalService
    public Completable revokeByConsent(String str, String str2, String str3, User user) {
        LOGGER.debug("Revoke approval for consent: {} and user: {}", str3, str2);
        return this.userService.findById(str2).switchIfEmpty(Maybe.error(new UserNotFoundException(str2))).flatMapCompletable(user2 -> {
            return this.scopeApprovalRepository.findById(str3).switchIfEmpty(Maybe.error(new ScopeApprovalNotFoundException(str3))).flatMapCompletable(scopeApproval -> {
                return this.scopeApprovalRepository.delete(str3).doOnComplete(() -> {
                    this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).type("USER_CONSENT_REVOKED").domain(str).principal(user).user(user2).approvals(Collections.singleton(scopeApproval)));
                }).doOnError(th -> {
                    this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).type("USER_CONSENT_REVOKED").domain(str).principal(user).user(user2).throwable(th));
                }).andThen(Completable.mergeArrayDelayError(new CompletableSource[]{this.accessTokenRepository.deleteByDomainIdClientIdAndUserId(scopeApproval.getDomain(), scopeApproval.getClientId(), scopeApproval.getUserId()), this.refreshTokenRepository.deleteByDomainIdClientIdAndUserId(scopeApproval.getDomain(), scopeApproval.getClientId(), scopeApproval.getUserId())}));
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            LOGGER.error("An error occurs while trying to revoke approval for scope: {}", str3);
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to revoke approval for scope: %s", str3), th));
        });
    }

    @Override // io.gravitee.am.service.ScopeApprovalService
    public Completable revokeByUser(String str, String str2, User user) {
        LOGGER.debug("Revoke approvals for domain: {} and user: {}", str, str2);
        return this.userService.findById(str2).switchIfEmpty(Maybe.error(new UserNotFoundException(str2))).flatMapCompletable(user2 -> {
            return this.scopeApprovalRepository.findByDomainAndUser(str, str2).flatMapCompletable(set -> {
                return this.scopeApprovalRepository.deleteByDomainAndUser(str, str2).doOnComplete(() -> {
                    this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).type("USER_CONSENT_REVOKED").domain(str).principal(user).user(user2).approvals(set));
                }).doOnError(th -> {
                    this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).type("USER_CONSENT_REVOKED").domain(str).principal(user).user(user2).throwable(th));
                });
            }).andThen(Completable.mergeArrayDelayError(new CompletableSource[]{this.accessTokenRepository.deleteByDomainIdAndUserId(str, str2), this.refreshTokenRepository.deleteByDomainIdAndUserId(str, str2)}));
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            LOGGER.error("An error occurs while trying to revoke scope approvals for domain: {} and user : {}", str, str2);
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to revoke scope approvals for domain: %s and user: %s", str, str2), th));
        });
    }

    @Override // io.gravitee.am.service.ScopeApprovalService
    public Completable revokeByUserAndClient(String str, String str2, String str3, User user) {
        LOGGER.debug("Revoke approvals for domain: {}, user: {} and client: {}", new Object[]{str, str2, str3});
        return this.userService.findById(str2).switchIfEmpty(Maybe.error(new UserNotFoundException(str2))).flatMapCompletable(user2 -> {
            return this.scopeApprovalRepository.findByDomainAndUserAndClient(str, str2, str3).flatMapCompletable(set -> {
                return this.scopeApprovalRepository.deleteByDomainAndUserAndClient(str, str2, str3).doOnComplete(() -> {
                    this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).type("USER_CONSENT_REVOKED").domain(str).principal(user).user(user2).approvals(set));
                }).doOnError(th -> {
                    this.auditService.report(((UserConsentAuditBuilder) AuditBuilder.builder(UserConsentAuditBuilder.class)).type("USER_CONSENT_REVOKED").domain(str).principal(user).user(user2).throwable(th));
                });
            }).andThen(Completable.mergeArrayDelayError(new CompletableSource[]{this.accessTokenRepository.deleteByDomainIdClientIdAndUserId(str, str3, str2), this.refreshTokenRepository.deleteByDomainIdClientIdAndUserId(str, str3, str2)}));
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            LOGGER.error("An error occurs while trying to revoke scope approvals for domain: {}, user: {} and client: {}", new Object[]{str, str2, str3});
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to revoke scope approvals for domain: %s, user: %s and client: %s", str, str2, str3), th));
        });
    }
}
