package org.graylog.security.authservice;

import java.util.Collections;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Named;
import org.graylog.security.authservice.ProvisionerAction;
import org.graylog.security.authservice.UserDetails;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.UserImpl;
import org.joda.time.DateTimeZone;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/security/authservice/ProvisionerService.class */
public class ProvisionerService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ProvisionerService.class);
    private final UserService userService;
    private final DateTimeZone rootTimeZone;
    private final Map<String, ProvisionerAction.Factory<? extends ProvisionerAction>> provisionerActionFactories;

    @Inject
    public ProvisionerService(UserService userService, @Named("root_timezone") DateTimeZone dateTimeZone, Map<String, ProvisionerAction.Factory<? extends ProvisionerAction>> map) {
        this.userService = userService;
        this.rootTimeZone = dateTimeZone;
        this.provisionerActionFactories = map;
    }

    public UserDetails.Builder newDetails(AuthServiceBackend authServiceBackend) {
        return UserDetails.builder().authServiceId(authServiceBackend.backendId()).authServiceType(authServiceBackend.backendType());
    }

    public UserDetails provision(UserDetails userDetails) {
        try {
            return doProvision(userDetails);
        } catch (Exception e) {
            throw new ProvisionerServiceException(userDetails, e);
        }
    }

    public UserDetails doProvision(UserDetails userDetails) throws Exception {
        if ("000000000000000000000001".equals(userDetails.authServiceId())) {
            LOG.debug("Skip provisioning for internal authentication service");
            return userDetails;
        }
        LOG.debug("Provisioning user profile: {}", userDetails);
        try {
            UserDetails withDatabaseId = userDetails.withDatabaseId(this.userService.save(provisionUser(userDetails)));
            ProvisionerAction.Factory<? extends ProvisionerAction> factory = this.provisionerActionFactories.get(userDetails.authServiceType());
            if (factory != null) {
                try {
                    ProvisionerAction create = factory.create(userDetails.authServiceId());
                    try {
                        LOG.debug("Running provisioner action: {}", create.getClass().getCanonicalName());
                        create.provision(withDatabaseId);
                    } catch (Exception e) {
                        LOG.error("Error running provisioner action <{}>", create.getClass().getCanonicalName(), e);
                        throw e;
                    }
                } catch (Exception e2) {
                    LOG.error("Error creating provisioner action instance with factory <{}>", factory.getClass().getCanonicalName());
                    throw e2;
                }
            } else {
                LOG.debug("No provisioner action for authentication service <{}>", userDetails.authServiceType());
            }
            return withDatabaseId;
        } catch (ValidationException e3) {
            LOG.error("Cannot update profile for user <{}> - {}", userDetails.username(), e3.getErrors());
            throw e3;
        }
    }

    private User provisionUser(UserDetails userDetails) {
        User orElse = this.userService.loadByAuthServiceUidOrUsername(userDetails.base64AuthServiceUid(), userDetails.username()).orElse(createUser(userDetails));
        orElse.setExternal(true);
        orElse.setAccountStatus(userDetails.accountIsEnabled() ? User.AccountStatus.ENABLED : User.AccountStatus.DISABLED);
        orElse.setAuthServiceId(userDetails.authServiceId());
        orElse.setAuthServiceUid(userDetails.base64AuthServiceUid());
        orElse.setName(userDetails.username());
        orElse.setFullName(userDetails.fullName());
        orElse.setEmail(userDetails.email());
        return orElse;
    }

    private User createUser(UserDetails userDetails) {
        User create = this.userService.create();
        create.setRoleIds(userDetails.defaultRoles());
        create.setPermissions(Collections.emptyList());
        create.setTimeZone(this.rootTimeZone);
        create.setSessionTimeoutMs(UserImpl.DEFAULT_SESSION_TIMEOUT_MS);
        if (create instanceof UserImpl) {
            ((UserImpl) create).setHashedPassword("User initially synced from " + userDetails.authServiceType());
        } else {
            LOG.warn("Received unexpected User implementation, not setting hashed password");
        }
        return create;
    }
}
