package pl.edu.icm.unity.engine.forms;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.JsonUtil;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.attributes.AttributeValueSyntax;
import pl.edu.icm.unity.engine.api.authn.local.LocalCredentialsRegistry;
import pl.edu.icm.unity.engine.api.identity.EntityResolver;
import pl.edu.icm.unity.engine.api.identity.IdentityTypeDefinition;
import pl.edu.icm.unity.engine.api.identity.IdentityTypesRegistry;
import pl.edu.icm.unity.engine.api.registration.GroupPatternMatcher;
import pl.edu.icm.unity.engine.api.translation.form.GroupParam;
import pl.edu.icm.unity.engine.attribute.AttributeTypeHelper;
import pl.edu.icm.unity.engine.attribute.AttributesHelper;
import pl.edu.icm.unity.engine.credential.CredentialRepository;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IdentityExistsException;
import pl.edu.icm.unity.exceptions.IllegalAttributeTypeException;
import pl.edu.icm.unity.exceptions.IllegalAttributeValueException;
import pl.edu.icm.unity.exceptions.IllegalFormContentsException;
import pl.edu.icm.unity.exceptions.UnknownIdentityException;
import pl.edu.icm.unity.exceptions.WrongArgumentException;
import pl.edu.icm.unity.store.api.AttributeTypeDAO;
import pl.edu.icm.unity.store.api.GroupDAO;
import pl.edu.icm.unity.store.api.generic.InvitationDB;
import pl.edu.icm.unity.types.authn.CredentialDefinition;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.AttributeType;
import pl.edu.icm.unity.types.basic.Group;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.confirmation.ConfirmationInfo;
import pl.edu.icm.unity.types.registration.AgreementRegistrationParam;
import pl.edu.icm.unity.types.registration.AttributeRegistrationParam;
import pl.edu.icm.unity.types.registration.BaseForm;
import pl.edu.icm.unity.types.registration.BaseRegistrationInput;
import pl.edu.icm.unity.types.registration.ConfirmationMode;
import pl.edu.icm.unity.types.registration.CredentialParamValue;
import pl.edu.icm.unity.types.registration.CredentialRegistrationParam;
import pl.edu.icm.unity.types.registration.GroupRegistrationParam;
import pl.edu.icm.unity.types.registration.GroupSelection;
import pl.edu.icm.unity.types.registration.IdentityRegistrationParam;
import pl.edu.icm.unity.types.registration.OptionalRegistrationParam;
import pl.edu.icm.unity.types.registration.RegistrationParam;
import pl.edu.icm.unity.types.registration.Selection;
import pl.edu.icm.unity.types.registration.invite.InvitationWithCode;
import pl.edu.icm.unity.types.registration.invite.PrefilledEntry;
import pl.edu.icm.unity.types.registration.invite.PrefilledEntryMode;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/forms/BaseRequestPreprocessor.class */
public class BaseRequestPreprocessor {
    private static final Logger log = Log.getLogger("unity.server", BaseRequestPreprocessor.class);
    private final CredentialRepository credentialRepository;
    private final AttributeTypeDAO dbAttributes;
    private final GroupDAO dbGroups;
    private final AttributesHelper attributesHelper;
    private final AttributeTypeHelper attributeTypesHelper;
    private final EntityResolver idResolver;
    public final IdentityTypesRegistry identityTypesRegistry;
    private final LocalCredentialsRegistry authnRegistry;
    private final InvitationDB invitationDB;

    @Autowired
    public BaseRequestPreprocessor(CredentialRepository credentialRepository, AttributeTypeDAO attributeTypeDAO, GroupDAO groupDAO, AttributesHelper attributesHelper, AttributeTypeHelper attributeTypeHelper, EntityResolver entityResolver, IdentityTypesRegistry identityTypesRegistry, LocalCredentialsRegistry localCredentialsRegistry, InvitationDB invitationDB) {
        this.credentialRepository = credentialRepository;
        this.dbAttributes = attributeTypeDAO;
        this.dbGroups = groupDAO;
        this.attributesHelper = attributesHelper;
        this.attributeTypesHelper = attributeTypeHelper;
        this.idResolver = entityResolver;
        this.identityTypesRegistry = identityTypesRegistry;
        this.authnRegistry = localCredentialsRegistry;
        this.invitationDB = invitationDB;
    }

    public void validateSubmittedRequest(BaseForm baseForm, BaseRegistrationInput baseRegistrationInput, boolean z) throws IllegalFormContentsException {
        validateSubmittedRequest(baseForm, baseRegistrationInput, z, false);
    }

    public void validateSubmittedRequest(BaseForm baseForm, BaseRegistrationInput baseRegistrationInput, boolean z, boolean z2) throws IllegalFormContentsException {
        log.debug("Validating registration request:\n{}", JsonUtil.serializeHumanReadable(baseRegistrationInput.toJson()));
        validateRequestAgreements(baseForm, baseRegistrationInput);
        validateRequestedAttributes(baseForm, baseRegistrationInput);
        if (!z2) {
            validateRequestCredentials(baseForm, baseRegistrationInput, z);
        }
        validateRequestedIdentities(baseForm, baseRegistrationInput);
        validateRequestedGroups(baseForm, baseRegistrationInput);
        if (!baseForm.isCollectComments() && baseRegistrationInput.getComments() != null) {
            throw new IllegalFormContentsException("This registration form doesn't allow for passing comments.");
        }
    }

    private void validateRequestedGroups(BaseForm baseForm, BaseRegistrationInput baseRegistrationInput) throws IllegalFormContentsException {
        if (baseForm.getGroupParams() == null) {
            return;
        }
        if (baseRegistrationInput.getGroupSelections().size() != baseForm.getGroupParams().size()) {
            throw new IllegalFormContentsException("Wrong amount of group selections, should be: " + baseForm.getGroupParams().size());
        }
        for (int i = 0; i < baseForm.getGroupParams().size(); i++) {
            GroupRegistrationParam groupRegistrationParam = (GroupRegistrationParam) baseForm.getGroupParams().get(i);
            GroupSelection groupSelection = (GroupSelection) baseRegistrationInput.getGroupSelections().get(i);
            if (groupSelection != null) {
                validateRequestedGroup(groupRegistrationParam, groupSelection);
            }
        }
    }

    private void validateRequestedGroup(GroupRegistrationParam groupRegistrationParam, GroupSelection groupSelection) throws IllegalFormContentsException {
        if (!groupRegistrationParam.isMultiSelect() && !groupSelection.getSelectedGroups().isEmpty()) {
            assertGroupsParentChildRelation(groupSelection.getSelectedGroups());
        }
        for (String str : groupSelection.getSelectedGroups()) {
            if (!GroupPatternMatcher.matches(str, groupRegistrationParam.getGroupPath())) {
                throw new IllegalFormContentsException("Requested group " + str + " is not matching allowed groups spec " + groupRegistrationParam.getGroupPath());
            }
        }
    }

    private void assertGroupsParentChildRelation(List<String> list) throws IllegalFormContentsException {
        Iterator it = ((List) list.stream().sorted((str, str2) -> {
            return new Group(str2).getPath().length - new Group(str).getPath().length;
        }).collect(Collectors.toList())).iterator();
        Group group = new Group((String) it.next());
        while (it.hasNext()) {
            if (!group.isChild(new Group((String) it.next()))) {
                throw new IllegalFormContentsException("Incorrect selected groups, all selected group should have parent -> child relation");
            }
        }
    }

    private void validateRequestAgreements(BaseForm baseForm, BaseRegistrationInput baseRegistrationInput) throws IllegalFormContentsException {
        if (baseForm.getAgreements() == null) {
            return;
        }
        if (baseForm.getAgreements().size() != baseRegistrationInput.getAgreements().size()) {
            throw new IllegalFormContentsException("Number of agreements in the request does not match the form agreements.");
        }
        for (int i = 0; i < baseForm.getAgreements().size(); i++) {
            if (((AgreementRegistrationParam) baseForm.getAgreements().get(i)).isManatory() && !((Selection) baseRegistrationInput.getAgreements().get(i)).isSelected()) {
                throw new IllegalFormContentsException("Mandatory agreement is not accepted.", i, IllegalFormContentsException.Category.AGREEMENT);
            }
        }
    }

    public void validateFinalAttributes(Collection<Attribute> collection) throws EngineException {
        Map allAsMap = this.dbAttributes.getAllAsMap();
        for (Attribute attribute : collection) {
            AttributeType attributeType = (AttributeType) allAsMap.get(attribute.getName());
            if (attributeType == null) {
                throw new WrongArgumentException("Attribute of the form " + attribute.getName() + " does not exist anymore");
            }
            try {
                this.attributesHelper.validate(attribute, attributeType);
            } catch (IllegalAttributeValueException | IllegalAttributeTypeException e) {
                throw new IllegalAttributeValueException("Invalid value for the '" + attribute.getName() + "' attribute", e);
            }
        }
    }

    public void validateFinalIdentities(Collection<IdentityParam> collection) throws EngineException {
        boolean z = false;
        for (IdentityParam identityParam : collection) {
            if (identityParam.getTypeId() == null || identityParam.getValue() == null) {
                throw new WrongArgumentException("Identity " + identityParam + " contains null values");
            }
            ((IdentityTypeDefinition) this.identityTypesRegistry.getByName(identityParam.getTypeId())).validate(identityParam.getValue());
            z = true;
            assertIdentityIsNotPresentOnConfirm(identityParam);
        }
        if (!z) {
            throw new WrongArgumentException("At least one identity must be defined in the registration request.");
        }
    }

    public void validateFinalGroups(Collection<GroupParam> collection) throws EngineException {
        Map allAsMap = this.dbGroups.getAllAsMap();
        for (GroupParam groupParam : collection) {
            if (groupParam == null) {
                throw new WrongArgumentException("Final group memberships contain null values");
            }
            if (!allAsMap.containsKey(groupParam.getGroup())) {
                throw new WrongArgumentException("Group to add a user to " + groupParam + " does not exist");
            }
        }
    }

    public void validateFinalCredentials(List<CredentialParamValue> list) throws EngineException {
        Iterator<CredentialParamValue> it = list.iterator();
        while (it.hasNext()) {
            this.credentialRepository.get(it.next().getCredentialId());
        }
    }

    private void validateRequestedAttributes(BaseForm baseForm, BaseRegistrationInput baseRegistrationInput) throws IllegalFormContentsException {
        validateParamsBase(baseForm.getAttributeParams(), baseRegistrationInput.getAttributes(), "attributes", IllegalFormContentsException.Category.ATTRIBUTE);
        for (int i = 0; i < baseRegistrationInput.getAttributes().size(); i++) {
            Attribute attribute = (Attribute) baseRegistrationInput.getAttributes().get(i);
            if (attribute != null) {
                AttributeRegistrationParam attributeRegistrationParam = (AttributeRegistrationParam) baseForm.getAttributeParams().get(i);
                if (!attributeRegistrationParam.getAttributeType().equals(attribute.getName())) {
                    throw new IllegalFormContentsException("Attribute " + attribute.getName() + " in group " + attribute.getGroupPath() + " is not allowed for this form", i, IllegalFormContentsException.Category.ATTRIBUTE);
                }
                if (!attributeRegistrationParam.isUsingDynamicGroup() && !attributeRegistrationParam.getGroup().equals(attribute.getGroupPath())) {
                    throw new IllegalFormContentsException("Attribute " + attribute.getName() + " in group " + attribute.getGroupPath() + " is not allowed for this form", i, IllegalFormContentsException.Category.ATTRIBUTE);
                }
                forceConfirmationStateOfAttribute(attributeRegistrationParam, i, attribute);
            }
        }
    }

    private void forceConfirmationStateOfAttribute(AttributeRegistrationParam attributeRegistrationParam, int i, Attribute attribute) {
        AttributeValueSyntax<?> unconfiguredSyntaxForAttributeName = this.attributeTypesHelper.getUnconfiguredSyntaxForAttributeName(attribute.getName());
        if (!unconfiguredSyntaxForAttributeName.isUserVerifiable() || attributeRegistrationParam.getConfirmationMode() == ConfirmationMode.ON_ACCEPT || attributeRegistrationParam.getConfirmationMode() == ConfirmationMode.ON_SUBMIT) {
            return;
        }
        if (attributeRegistrationParam.getConfirmationMode() == ConfirmationMode.CONFIRMED) {
            AttributesHelper.setConfirmed(attribute, unconfiguredSyntaxForAttributeName);
        }
        if (attributeRegistrationParam.getConfirmationMode() == ConfirmationMode.DONT_CONFIRM) {
            AttributesHelper.setUnconfirmed(attribute, unconfiguredSyntaxForAttributeName);
        }
    }

    private void validateRequestedIdentities(BaseForm baseForm, BaseRegistrationInput baseRegistrationInput) throws IllegalFormContentsException {
        List<?> identities = baseRegistrationInput.getIdentities();
        validateParamsBase(baseForm.getIdentityParams(), identities, "identities", IllegalFormContentsException.Category.IDENTITY);
        for (int i = 0; i < identities.size(); i++) {
            IdentityParam identityParam = (IdentityParam) identities.get(i);
            if (identityParam != null) {
                if (identityParam.getTypeId() == null || identityParam.getValue() == null) {
                    throw new IllegalFormContentsException("Identity nr " + i + " contains null values", i, IllegalFormContentsException.Category.IDENTITY);
                }
                IdentityRegistrationParam identityRegistrationParam = (IdentityRegistrationParam) baseForm.getIdentityParams().get(i);
                if (!identityRegistrationParam.getIdentityType().equals(identityParam.getTypeId())) {
                    throw new IllegalFormContentsException("Identity nr " + i + " must be of " + ((IdentityRegistrationParam) baseForm.getIdentityParams().get(i)).getIdentityType() + " type, but is " + identityParam, i, IllegalFormContentsException.Category.IDENTITY);
                }
                forceConfirmationStateOfIdentity(identityRegistrationParam, i, identityParam);
                if (baseForm.isCheckIdentityOnSubmit()) {
                    assertIdentityIsNotPresentOnSubmit(identityParam, i);
                }
            }
        }
    }

    private boolean isIdentityPresent(IdentityParam identityParam) {
        try {
            this.idResolver.getFullIdentity(identityParam);
            return true;
        } catch (UnknownIdentityException e) {
            return false;
        }
    }

    public void assertIdentityIsNotPresentOnConfirm(IdentityParam identityParam) throws IdentityExistsException {
        if (isIdentityPresent(identityParam)) {
            throw new IdentityExistsException("The user with the given identity is already present.");
        }
    }

    public void assertIdentityIsNotPresentOnSubmit(IdentityParam identityParam, int i) throws IllegalFormContentsException {
        if (isIdentityPresent(identityParam)) {
            throw new IllegalFormContentsException.OccupiedIdentityUsedInRequest(identityParam, i);
        }
    }

    private void forceConfirmationStateOfIdentity(IdentityRegistrationParam identityRegistrationParam, int i, IdentityParam identityParam) {
        if (!((IdentityTypeDefinition) this.identityTypesRegistry.getByName(identityRegistrationParam.getIdentityType())).isEmailVerifiable() || identityRegistrationParam.getConfirmationMode() == ConfirmationMode.ON_ACCEPT || identityRegistrationParam.getConfirmationMode() == ConfirmationMode.ON_SUBMIT) {
            return;
        }
        identityParam.setConfirmationInfo(new ConfirmationInfo(identityRegistrationParam.getConfirmationMode() == ConfirmationMode.CONFIRMED));
    }

    private void validateRequestCredentials(BaseForm baseForm, BaseRegistrationInput baseRegistrationInput, boolean z) throws IllegalFormContentsException {
        List credentials = baseRegistrationInput.getCredentials();
        List credentialParams = baseForm.getCredentialParams();
        if (credentialParams == null) {
            return;
        }
        if (credentialParams.size() != credentials.size()) {
            throw new IllegalFormContentsException("There should be " + credentialParams.size() + " credential parameters");
        }
        for (int i = 0; i < credentialParams.size(); i++) {
            try {
                CredentialDefinition credentialDefinition = this.credentialRepository.get(((CredentialRegistrationParam) credentialParams.get(i)).getCredentialName());
                if (z) {
                    ((CredentialParamValue) credentials.get(i)).setSecrets(this.authnRegistry.createLocalCredentialVerificator(credentialDefinition).prepareCredential(((CredentialParamValue) credentials.get(i)).getSecrets(), "", true));
                }
            } catch (Exception e) {
                throw new IllegalFormContentsException("Credential is invalid", i, IllegalFormContentsException.Category.CREDENTIAL, e);
            }
        }
    }

    private void validateParamsCount(List<? extends RegistrationParam> list, List<?> list2, String str) throws IllegalFormContentsException {
        if (list.size() != list2.size()) {
            throw new IllegalFormContentsException("There should be " + list.size() + " " + str + " parameters");
        }
    }

    private void validateParamsBase(List<? extends OptionalRegistrationParam> list, List<?> list2, String str, IllegalFormContentsException.Category category) throws IllegalFormContentsException {
        validateParamsCount(list, list2, str);
        for (int i = 0; i < list.size(); i++) {
            if (!list.get(i).isOptional() && list2.get(i) == null) {
                throw new IllegalFormContentsException("The parameter nr " + (i + 1) + " of " + str + " is required", i, category);
            }
        }
    }

    public InvitationWithCode getInvitation(String str) throws IllegalFormContentsException {
        try {
            return this.invitationDB.get(str);
        } catch (Exception e) {
            throw new IllegalFormContentsException("The provided registration code is invalid", e);
        }
    }

    public void removeInvitation(String str) {
        this.invitationDB.delete(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T> void processInvitationElements(List<? extends RegistrationParam> list, List<T> list2, Map<Integer, PrefilledEntry<T>> map, String str) throws IllegalFormContentsException {
        validateParamsCount(list, list2, str);
        for (Map.Entry<Integer, PrefilledEntry<T>> entry : map.entrySet()) {
            if (entry.getKey().intValue() >= list2.size()) {
                log.warn("Invitation has " + str + " parameter beyond form limit, skipping it: " + entry.getKey());
            } else {
                Object entry2 = entry.getValue().getEntry();
                if (entry.getValue().getMode() != PrefilledEntryMode.DEFAULT) {
                    list2.set(entry.getKey().intValue(), entry2);
                } else if (list2.get(entry.getKey().intValue()) == null) {
                    list2.set(entry.getKey().intValue(), entry2);
                }
            }
        }
    }

    public Map<Integer, PrefilledEntry<GroupSelection>> filterValueReadOnlyAndHiddenGroupFromInvitation(Map<Integer, PrefilledEntry<GroupSelection>> map, List<GroupRegistrationParam> list) {
        List all = this.dbGroups.getAll();
        HashMap hashMap = new HashMap();
        for (Map.Entry<Integer, PrefilledEntry<GroupSelection>> entry : map.entrySet()) {
            GroupRegistrationParam groupRegistrationParam = list.get(entry.getKey().intValue());
            if (entry.getValue().getMode().equals(PrefilledEntryMode.DEFAULT) || groupRegistrationParam == null) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
            List list2 = (List) GroupPatternMatcher.filterByIncludeGroupsMode(GroupPatternMatcher.filterMatching(GroupPatternMatcher.filterMatching(all, groupRegistrationParam.getGroupPath()), ((GroupSelection) entry.getValue().getEntry()).getSelectedGroups()), groupRegistrationParam.getIncludeGroupsMode()).stream().map(group -> {
                return group.toString();
            }).collect(Collectors.toList());
            log.debug("Filter hidden/readOnly group values from invitation:" + ((GroupSelection) entry.getValue().getEntry()).getSelectedGroups() + " -> " + list2);
            hashMap.put(entry.getKey(), new PrefilledEntry(new GroupSelection(list2), entry.getValue().getMode()));
        }
        return hashMap;
    }
}
