package pl.edu.icm.unity.engine.authn;

import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.capacityLimit.CapacityLimitName;
import pl.edu.icm.unity.engine.api.AuthenticatorManagement;
import pl.edu.icm.unity.engine.api.authn.local.LocalCredentialsRegistry;
import pl.edu.icm.unity.engine.authz.AuthzCapability;
import pl.edu.icm.unity.engine.authz.InternalAuthorizationManager;
import pl.edu.icm.unity.engine.capacityLimits.InternalCapacityLimitVerificator;
import pl.edu.icm.unity.engine.credential.CredentialHolder;
import pl.edu.icm.unity.engine.credential.CredentialRepository;
import pl.edu.icm.unity.engine.endpoint.EndpointsUpdater;
import pl.edu.icm.unity.engine.events.InvocationEventProducer;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalCredentialException;
import pl.edu.icm.unity.store.api.generic.AuthenticationFlowDB;
import pl.edu.icm.unity.store.api.generic.AuthenticatorConfigurationDB;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.store.api.tx.TransactionalRunner;
import pl.edu.icm.unity.store.types.AuthenticatorConfiguration;
import pl.edu.icm.unity.types.authn.AuthenticatorInfo;
import pl.edu.icm.unity.types.authn.AuthenticatorTypeDescription;
import pl.edu.icm.unity.types.authn.CredentialDefinition;

@Component
@Primary
@InvocationEventProducer
/* loaded from: input_file:pl/edu/icm/unity/engine/authn/AuthenticatorManagementImpl.class */
public class AuthenticatorManagementImpl implements AuthenticatorManagement {
    private AuthenticatorsRegistry authReg;
    private LocalCredentialsRegistry localCredReg;
    private AuthenticatorConfigurationDB authenticatorDB;
    private AuthenticationFlowDB authenticationFlowDB;
    private CredentialRepository credentialRepository;
    private EndpointsUpdater endpointsUpdater;
    private AuthenticatorLoader authenticatorLoader;
    private InternalAuthorizationManager authz;
    private TransactionalRunner tx;
    private InternalCapacityLimitVerificator capacityLimitVerificator;

    @Autowired
    public AuthenticatorManagementImpl(AuthenticatorsRegistry authenticatorsRegistry, TransactionalRunner transactionalRunner, AuthenticatorConfigurationDB authenticatorConfigurationDB, AuthenticationFlowDB authenticationFlowDB, CredentialRepository credentialRepository, EndpointsUpdater endpointsUpdater, AuthenticatorLoader authenticatorLoader, InternalAuthorizationManager internalAuthorizationManager, LocalCredentialsRegistry localCredentialsRegistry, InternalCapacityLimitVerificator internalCapacityLimitVerificator) {
        this.authReg = authenticatorsRegistry;
        this.tx = transactionalRunner;
        this.localCredReg = localCredentialsRegistry;
        this.authenticatorDB = authenticatorConfigurationDB;
        this.authenticationFlowDB = authenticationFlowDB;
        this.credentialRepository = credentialRepository;
        this.endpointsUpdater = endpointsUpdater;
        this.authenticatorLoader = authenticatorLoader;
        this.authz = internalAuthorizationManager;
        this.capacityLimitVerificator = internalCapacityLimitVerificator;
    }

    @Transactional
    public AuthenticatorInfo createAuthenticator(String str, String str2, String str3, String str4) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        this.capacityLimitVerificator.assertInSystemLimitForSingleAdd(CapacityLimitName.AuthenticatorsCount, () -> {
            return Long.valueOf(this.authenticatorDB.getCount());
        });
        if (this.authenticationFlowDB.getAllAsMap().get(str) != null) {
            throw new IllegalArgumentException("Can not add authenticator " + str + ", authentication flow with the same name exists");
        }
        verifyConfiguration(str2, str3, str4);
        AuthenticatorConfiguration authenticatorConfiguration = new AuthenticatorConfiguration(str, str2, str3, str4, 0L);
        this.authenticatorDB.create(authenticatorConfiguration);
        return getExposedAuthenticatorInfo(authenticatorConfiguration);
    }

    public Collection<AuthenticatorInfo> getAuthenticators(String str) throws EngineException {
        return (Collection) ((List) this.tx.runInTransactionRetThrowing(() -> {
            this.authz.checkAuthorization(AuthzCapability.maintenance);
            return this.authenticatorDB.getAll();
        })).stream().map(authenticatorConfiguration -> {
            return getExposedAuthenticatorInfo(authenticatorConfiguration);
        }).filter(authenticatorInfo -> {
            return str == null || authenticatorInfo.getSupportedBindings().contains(str);
        }).collect(Collectors.toList());
    }

    public AuthenticatorInfo getAuthenticator(String str) throws EngineException {
        return getExposedAuthenticatorInfo((AuthenticatorConfiguration) this.tx.runInTransactionRetThrowing(() -> {
            this.authz.checkAuthorization(AuthzCapability.maintenance);
            return this.authenticatorDB.get(str);
        }));
    }

    public void updateAuthenticator(String str, String str2, String str3) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        this.tx.runInTransactionThrowing(() -> {
            AuthenticatorConfiguration authenticatorConfiguration = this.authenticatorDB.get(str);
            verifyConfiguration(authenticatorConfiguration.getVerificationMethod(), str2, str3);
            this.authenticatorDB.update(new AuthenticatorConfiguration(authenticatorConfiguration.getName(), authenticatorConfiguration.getVerificationMethod(), str2, str3, authenticatorConfiguration.getRevision() + 1));
        });
        this.endpointsUpdater.updateManual();
    }

    public Collection<AuthenticatorTypeDescription> getAvailableAuthenticatorsTypes() {
        return this.authReg.getAuthenticatorTypes();
    }

    @Transactional
    public void removeAuthenticator(String str) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        this.authenticatorDB.delete(str);
    }

    private AuthenticatorInfo getExposedAuthenticatorInfo(AuthenticatorConfiguration authenticatorConfiguration) {
        return new AuthenticatorInfo(authenticatorConfiguration.getName(), this.authReg.getAuthenticatorTypeById(authenticatorConfiguration.getVerificationMethod()), authenticatorConfiguration.getConfiguration(), Optional.ofNullable(authenticatorConfiguration.getLocalCredentialName()), this.authReg.getSupportedBindings(authenticatorConfiguration.getVerificationMethod()));
    }

    private void verifyConfiguration(String str, String str2, String str3) throws IllegalCredentialException {
        AuthenticatorTypeDescription authenticatorTypeById = this.authReg.getAuthenticatorTypeById(str);
        if (authenticatorTypeById == null) {
            throw new IllegalArgumentException("Can not add authenticator of unknown type " + str);
        }
        String str4 = str2;
        if (str3 != null) {
            CredentialDefinition credentialDefinition = this.credentialRepository.get(str3);
            str4 = new CredentialHolder(credentialDefinition, this.localCredReg).getCredentialDefinition().getConfiguration();
            verifyIfLocalCredentialMatchesVerificator(authenticatorTypeById, credentialDefinition, str3);
        }
        this.authenticatorLoader.verifyConfiguration(str, str4);
    }

    private void verifyIfLocalCredentialMatchesVerificator(AuthenticatorTypeDescription authenticatorTypeDescription, CredentialDefinition credentialDefinition, String str) throws IllegalCredentialException {
        String verificationMethod = authenticatorTypeDescription.getVerificationMethod();
        if (!credentialDefinition.getTypeId().equals(verificationMethod)) {
            throw new IllegalCredentialException("The local credential " + str + "is of different type then the credential suported by the authenticator, which is " + verificationMethod);
        }
    }
}
