package pl.edu.icm.unity.engine.identity;

import java.util.Collection;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticationSubject;
import pl.edu.icm.unity.engine.api.authn.EntityWithCredential;
import pl.edu.icm.unity.engine.api.identity.EntityResolver;
import pl.edu.icm.unity.engine.api.identity.IdentityResolver;
import pl.edu.icm.unity.engine.attribute.AttributesHelper;
import pl.edu.icm.unity.engine.credential.CredentialAttributeTypeProvider;
import pl.edu.icm.unity.engine.credential.CredentialReqRepository;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalGroupValueException;
import pl.edu.icm.unity.exceptions.IllegalIdentityValueException;
import pl.edu.icm.unity.exceptions.IllegalTypeException;
import pl.edu.icm.unity.store.api.EntityDAO;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.types.authn.CredentialRequirements;
import pl.edu.icm.unity.types.basic.AttributeExt;
import pl.edu.icm.unity.types.basic.EntityInformation;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.EntityState;
import pl.edu.icm.unity.types.basic.Identity;
import pl.edu.icm.unity.types.basic.IdentityTaV;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/identity/IdentityResolverImpl.class */
public class IdentityResolverImpl implements IdentityResolver {
    private static final Logger log = Log.getLogger("unity.server", IdentityResolverImpl.class);
    private static final String[] HUMAN_READABLE_IDENTITY_TYPES = {"userName", "email", "x500Name"};
    private IdentityTypeHelper idTypeHelper;
    private EntityDAO dbIdentities;
    private EntityResolver dbResolver;
    private AttributesHelper attributeHelper;
    private CredentialReqRepository credReqRepository;
    private final EntityManagement entityManagement;

    @Autowired
    public IdentityResolverImpl(IdentityTypeHelper identityTypeHelper, EntityDAO entityDAO, EntityResolver entityResolver, AttributesHelper attributesHelper, CredentialReqRepository credentialReqRepository, @Qualifier("insecure") EntityManagement entityManagement) {
        this.idTypeHelper = identityTypeHelper;
        this.dbIdentities = entityDAO;
        this.dbResolver = entityResolver;
        this.attributeHelper = attributesHelper;
        this.credReqRepository = credentialReqRepository;
        this.entityManagement = entityManagement;
    }

    @Transactional
    public EntityWithCredential resolveIdentity(String str, String[] strArr, String str2) throws EngineException {
        return resolveEntity(getEntity(str, strArr, null, null, true), str2);
    }

    @Transactional
    public EntityWithCredential resolveEntity(long j, String str) throws EngineException {
        if (!isEntityEnabled(j)) {
            throw new IllegalIdentityValueException("Authentication is disabled for this entity");
        }
        EntityWithCredential entityWithCredential = new EntityWithCredential();
        if (str != null) {
            if (resolveCredentialRequirements(j).getRequiredCredentials().contains(str)) {
                Collection<AttributeExt> allAttributes = this.attributeHelper.getAllAttributes(j, "/", true, CredentialAttributeTypeProvider.CREDENTIAL_PREFIX + str);
                if (allAttributes.size() > 0) {
                    entityWithCredential.setCredentialValue((String) allAttributes.iterator().next().getValues().get(0));
                }
            }
            entityWithCredential.setCredentialName(str);
        }
        entityWithCredential.setEntityId(j);
        return entityWithCredential;
    }

    private CredentialRequirements resolveCredentialRequirements(long j) throws EngineException {
        return this.credReqRepository.get((String) this.attributeHelper.getAllAttributes(j, "/", true, CredentialAttributeTypeProvider.CREDENTIAL_REQUIREMENTS).iterator().next().getValues().get(0));
    }

    @Transactional
    public long resolveIdentity(String str, String[] strArr, String str2, String str3) throws IllegalIdentityValueException {
        return getEntity(str, strArr, str2, str3, false);
    }

    @Transactional
    public EntityWithCredential resolveSubject(AuthenticationSubject authenticationSubject, String[] strArr, String str) throws IllegalIdentityValueException, IllegalTypeException, IllegalGroupValueException, EngineException {
        return authenticationSubject.entityId == null ? resolveIdentity(authenticationSubject.identity, strArr, str) : resolveEntity(authenticationSubject.entityId.longValue(), str);
    }

    private long getEntity(String str, String[] strArr, String str2, String str3, boolean z) throws IllegalIdentityValueException {
        Identity fullIdentity;
        for (String str4 : strArr) {
            try {
                fullIdentity = this.dbResolver.getFullIdentity(new IdentityTaV(str4, str, str2, str3));
            } catch (Exception e) {
                log.trace("Got exception searching identity, likely it simply does not exist", e);
            }
            if (!z || isIdentityConfirmed(fullIdentity)) {
                return fullIdentity.getEntityId();
            }
            log.debug("Identity " + str + " was found but is not confirmed, not returning it for loggin in");
        }
        throw new IllegalIdentityValueException("No identity with value " + str);
    }

    private boolean isIdentityConfirmed(Identity identity) {
        if (this.idTypeHelper.getTypeDefinition(identity.getTypeId()).isEmailVerifiable()) {
            return identity.isConfirmed();
        }
        return true;
    }

    public boolean isEntityEnabled(long j) {
        EntityState entityState = ((EntityInformation) this.dbIdentities.getByKey(j)).getEntityState();
        return (entityState == EntityState.authenticationDisabled || entityState == EntityState.disabled) ? false : true;
    }

    public String getDisplayedUserName(EntityParam entityParam) throws EngineException {
        String entityLabel = this.entityManagement.getEntityLabel(entityParam);
        if (entityLabel != null) {
            return entityLabel;
        }
        Map map = (Map) this.entityManagement.getEntity(entityParam).getIdentities().stream().collect(Collectors.toMap(identity -> {
            return identity.getTypeId();
        }, identity2 -> {
            return identity2;
        }));
        for (String str : HUMAN_READABLE_IDENTITY_TYPES) {
            if (map.containsKey(str)) {
                return ((Identity) map.get(str)).getValue();
            }
        }
        return null;
    }
}
