package pl.edu.icm.unity.engine.authn;

import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.capacityLimit.CapacityLimitName;
import pl.edu.icm.unity.engine.api.AuthenticationFlowManagement;
import pl.edu.icm.unity.engine.authz.AuthzCapability;
import pl.edu.icm.unity.engine.authz.InternalAuthorizationManager;
import pl.edu.icm.unity.engine.capacityLimits.InternalCapacityLimitVerificator;
import pl.edu.icm.unity.engine.events.InvocationEventProducer;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.store.api.generic.AuthenticationFlowDB;
import pl.edu.icm.unity.store.api.generic.AuthenticatorConfigurationDB;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.types.authn.AuthenticationFlowDefinition;

@Transactional
@Component
@Primary
@InvocationEventProducer
/* loaded from: input_file:pl/edu/icm/unity/engine/authn/AuthenticationFlowManagementImpl.class */
public class AuthenticationFlowManagementImpl implements AuthenticationFlowManagement {
    private AuthenticationFlowDB authnFlowDB;
    private InternalAuthorizationManager authz;
    private AuthenticatorConfigurationDB authenticatorDB;
    private InternalCapacityLimitVerificator capacityLimitVerificator;

    @Autowired
    public AuthenticationFlowManagementImpl(AuthenticationFlowDB authenticationFlowDB, InternalAuthorizationManager internalAuthorizationManager, AuthenticatorConfigurationDB authenticatorConfigurationDB, InternalCapacityLimitVerificator internalCapacityLimitVerificator) {
        this.authnFlowDB = authenticationFlowDB;
        this.authz = internalAuthorizationManager;
        this.authenticatorDB = authenticatorConfigurationDB;
        this.capacityLimitVerificator = internalCapacityLimitVerificator;
    }

    public void addAuthenticationFlow(AuthenticationFlowDefinition authenticationFlowDefinition) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        this.capacityLimitVerificator.assertInSystemLimitForSingleAdd(CapacityLimitName.AuthenticationFlowsCount, () -> {
            return Long.valueOf(this.authnFlowDB.getCount());
        });
        if (this.authenticatorDB.getAllAsMap().get(authenticationFlowDefinition.getName()) != null) {
            throw new IllegalArgumentException("Can not add authentication flow " + authenticationFlowDefinition.getName() + ", authenticator with the same name exists");
        }
        assertIfAuthenticatorsExists(authenticationFlowDefinition.getAllAuthenticators(), authenticationFlowDefinition.getName());
        authenticationFlowDefinition.setRevision(0L);
        this.authnFlowDB.create(authenticationFlowDefinition);
    }

    public void removeAuthenticationFlow(String str) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        this.authnFlowDB.delete(str);
    }

    public Collection<AuthenticationFlowDefinition> getAuthenticationFlows() throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.readInfo);
        return this.authnFlowDB.getAll();
    }

    public AuthenticationFlowDefinition getAuthenticationFlow(String str) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.readInfo);
        return this.authnFlowDB.get(str);
    }

    public void updateAuthenticationFlow(AuthenticationFlowDefinition authenticationFlowDefinition) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        assertIfAuthenticatorsExists(authenticationFlowDefinition.getAllAuthenticators(), authenticationFlowDefinition.getName());
        authenticationFlowDefinition.setRevision(this.authnFlowDB.get(authenticationFlowDefinition.getName()).getRevision() + 1);
        this.authnFlowDB.update(authenticationFlowDefinition);
    }

    private void assertIfAuthenticatorsExists(Set<String> set, String str) throws EngineException {
        Sets.SetView difference = Sets.difference(set, this.authenticatorDB.getAllNames());
        if (!difference.isEmpty()) {
            throw new IllegalArgumentException("Can not add authentication flow " + str + ", containing undefined authenticator(s) " + difference);
        }
    }
}
