package io.mapsmessaging.security.identity.impl.cognito;

import io.mapsmessaging.configuration.ConfigurationProperties;
import io.mapsmessaging.security.identity.GroupEntry;
import io.mapsmessaging.security.identity.IdentityEntry;
import io.mapsmessaging.security.identity.IdentityLookup;
import io.mapsmessaging.security.identity.NoSuchUserFoundException;
import io.mapsmessaging.security.identity.impl.external.CachingIdentityLookup;
import io.mapsmessaging.security.passwords.PasswordHandler;
import java.util.ArrayList;
import java.util.List;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminCreateUserRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminDeleteUserRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateGroupRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.DeleteGroupRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.GroupType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.UserType;

/* loaded from: input_file:io/mapsmessaging/security/identity/impl/cognito/CognitoAuth.class */
public class CognitoAuth extends CachingIdentityLookup<CognitoIdentityEntry> {
    private final String userPoolId;
    private final String appClientId;
    private final String appClientSecret;
    private final String regionName;
    private long cacheTime;
    private final CognitoIdentityProviderClient cognitoClient;
    private final CognitoApi cognitoApi;

    public CognitoAuth() {
        this.cacheTime = 30000L;
        this.cognitoClient = null;
        this.cognitoApi = null;
        this.userPoolId = "";
        this.appClientId = "";
        this.regionName = "";
        this.appClientSecret = "";
    }

    public CognitoAuth(ConfigurationProperties configurationProperties) {
        this.cacheTime = 30000L;
        this.userPoolId = configurationProperties.getProperty("userPoolId");
        this.appClientId = configurationProperties.getProperty("appClientId");
        this.appClientSecret = configurationProperties.getProperty("appClientSecret");
        this.regionName = configurationProperties.getProperty("region");
        String property = configurationProperties.getProperty("accessKeyId");
        String property2 = configurationProperties.getProperty("secretAccessKey");
        String property3 = configurationProperties.getProperty("cacheTime");
        if (property3 != null && !property3.trim().isEmpty()) {
            this.cacheTime = Long.parseLong(property3.trim());
        }
        Region of = Region.of(this.regionName);
        CognitoCredentials cognitoCredentials = new CognitoCredentials(property, property2);
        this.cognitoClient = (CognitoIdentityProviderClient) CognitoIdentityProviderClient.builder().credentialsProvider(() -> {
            return cognitoCredentials;
        }).region(of).build();
        this.cognitoApi = new CognitoApi(this.cognitoClient, this.userPoolId, this.cacheTime);
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public IdentityLookup create(ConfigurationProperties configurationProperties) {
        return new CognitoAuth(configurationProperties);
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public String getName() {
        return "cognito";
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public String getDomain() {
        return getName();
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public char[] getPasswordHash(String str) throws NoSuchUserFoundException {
        return new char[0];
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public List<IdentityEntry> getEntries() {
        loadUsers();
        return new ArrayList(this.identityEntries);
    }

    @Override // io.mapsmessaging.security.identity.impl.external.CachingIdentityLookup
    protected void loadUsers() {
        if (this.cognitoApi.isUserCacheValid()) {
            return;
        }
        this.identityEntryMap.clear();
        this.identityEntries.clear();
        for (UserType userType : this.cognitoApi.getUserList().users()) {
            if (Boolean.TRUE.equals(userType.enabled())) {
                List attributes = userType.attributes();
                AttributeType attributeType = (AttributeType) attributes.stream().filter(attributeType2 -> {
                    return attributeType2.name().equals("email");
                }).findFirst().orElse(null);
                AttributeType attributeType3 = (AttributeType) attributes.stream().filter(attributeType4 -> {
                    return attributeType4.name().equals("sub");
                }).findFirst().orElse(null);
                AttributeType attributeType5 = (AttributeType) attributes.stream().filter(attributeType6 -> {
                    return attributeType6.name().equals("profile");
                }).findFirst().orElse(null);
                if (attributeType3 != null) {
                    CognitoIdentityEntry cognitoIdentityEntry = new CognitoIdentityEntry(this, userType.username(), attributeType3.value());
                    if (attributeType5 != null) {
                        cognitoIdentityEntry.setProfile(attributeType5.value());
                    }
                    this.identityEntryMap.put(userType.username(), cognitoIdentityEntry);
                    this.identityEntries.add(cognitoIdentityEntry);
                    if (attributeType != null) {
                        cognitoIdentityEntry.setEmail(attributeType.value());
                        this.identityEntryMap.put(attributeType.value(), cognitoIdentityEntry);
                    }
                }
            }
        }
        loadGroups();
    }

    private void loadGroups() {
        if (this.cognitoApi.isGroupCacheValid()) {
            return;
        }
        this.groupEntryMap.clear();
        for (GroupType groupType : this.cognitoApi.getGroupList().groups()) {
            CognitoGroupEntry cognitoGroupEntry = new CognitoGroupEntry(groupType.groupName());
            for (UserType userType : this.cognitoApi.getUsersInGroup(groupType.groupName()).users()) {
                CognitoIdentityEntry cognitoIdentityEntry = (CognitoIdentityEntry) this.identityEntryMap.get(userType.username());
                if (cognitoIdentityEntry != null) {
                    cognitoGroupEntry.addUser(userType.username());
                    cognitoIdentityEntry.addGroup(cognitoGroupEntry);
                }
            }
            this.groupEntryMap.put(groupType.groupName(), cognitoGroupEntry);
        }
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public GroupEntry findGroup(String str) {
        return this.groupEntryMap.get(str);
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public List<GroupEntry> getGroups() {
        return new ArrayList(this.groupEntryMap.values());
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public boolean createGroup(String str) {
        if (!this.cognitoClient.createGroup((CreateGroupRequest) CreateGroupRequest.builder().groupName(str).userPoolId(this.userPoolId).build()).sdkHttpResponse().isSuccessful()) {
            return false;
        }
        this.groupEntryMap.put(str, new CognitoGroupEntry(str));
        return true;
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public boolean deleteGroup(String str) {
        if (!this.cognitoClient.deleteGroup((DeleteGroupRequest) DeleteGroupRequest.builder().groupName(str).userPoolId(this.userPoolId).build()).sdkHttpResponse().isSuccessful()) {
            return false;
        }
        this.groupEntryMap.remove(str);
        return true;
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public boolean createUser(String str, String str2, PasswordHandler passwordHandler) {
        ArrayList arrayList = new ArrayList();
        if (str.contains("@")) {
            arrayList.add((AttributeType) AttributeType.builder().name("email_verified").value("true").build());
            arrayList.add((AttributeType) AttributeType.builder().name("email").value(str).build());
        }
        if (!this.cognitoClient.adminCreateUser((AdminCreateUserRequest) AdminCreateUserRequest.builder().userPoolId(this.userPoolId).userAttributes(arrayList).username(str).build()).sdkHttpResponse().isSuccessful()) {
            return false;
        }
        CognitoIdentityEntry cognitoIdentityEntry = new CognitoIdentityEntry(this, str, "");
        this.identityEntryMap.put(str, cognitoIdentityEntry);
        this.identityEntries.add(cognitoIdentityEntry);
        return true;
    }

    @Override // io.mapsmessaging.security.identity.IdentityLookup
    public boolean deleteUser(String str) {
        if (!this.cognitoClient.adminDeleteUser((AdminDeleteUserRequest) AdminDeleteUserRequest.builder().username(str).userPoolId(this.userPoolId).build()).sdkHttpResponse().isSuccessful()) {
            return false;
        }
        this.identityEntryMap.remove(str);
        this.identityEntries.removeIf(cognitoIdentityEntry -> {
            return cognitoIdentityEntry.getUsername().equals(str);
        });
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.mapsmessaging.security.identity.impl.external.CachingIdentityLookup
    public void loadGroups(CognitoIdentityEntry cognitoIdentityEntry) {
        loadGroups();
    }

    @Override // io.mapsmessaging.security.identity.impl.external.CachingIdentityLookup
    protected IdentityEntry createIdentityEntry(String str) {
        return new CognitoIdentityEntry(this, str, null);
    }

    public String getUserPoolId() {
        return this.userPoolId;
    }

    public String getAppClientId() {
        return this.appClientId;
    }

    public String getAppClientSecret() {
        return this.appClientSecret;
    }

    public String getRegionName() {
        return this.regionName;
    }

    public long getCacheTime() {
        return this.cacheTime;
    }

    public CognitoIdentityProviderClient getCognitoClient() {
        return this.cognitoClient;
    }

    public CognitoApi getCognitoApi() {
        return this.cognitoApi;
    }
}
