package systems.dennis.auth.service;

import de.taimos.totp.TOTP;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import systems.dennis.auth.client.LoginPassword;
import systems.dennis.auth.client.entity.UserData;
import systems.dennis.auth.entity.ActiveToken;
import systems.dennis.auth.entity.LoginHistory;
import systems.dennis.auth.repository.LoginHistoryRepository;
import systems.dennis.auth.repository.UserDataRepository;
import systems.dennis.auth.responses.Auth2FactorEnabled;
import systems.dennis.auth.role_validator.TokenProvider;
import systems.dennis.auth.role_validator.entity.UserRole;
import systems.dennis.auth.util.PasswordService;
import systems.dennis.shared.auth_client.form.UserTokenDTO;
import systems.dennis.shared.exceptions.AccessDeniedException;
import systems.dennis.shared.exceptions.AuthorizationFailedException;
import systems.dennis.shared.exceptions.AuthorizationNotFoundException;
import systems.dennis.shared.model.IDPresenter;
import systems.dennis.shared.scopes.model.ScopeModel;
import systems.dennis.shared.utils.bean_copier.BeanCopier;

@Service
/* loaded from: input_file:systems/dennis/auth/service/UserServiceImpl.class */
public class UserServiceImpl {
    private static final Logger log = LoggerFactory.getLogger(UserServiceImpl.class);
    private final UserDataRepository userRepository;
    private final TokenProvider tokenProvider;
    private final LoginHistoryRepository historyRepository;
    private final PasswordService passwordService;
    private final LoginPasswordService service;

    public UserServiceImpl(UserDataRepository userDataRepository, TokenProvider tokenProvider, LoginHistoryRepository loginHistoryRepository, PasswordService passwordService, LoginPasswordService loginPasswordService) {
        this.userRepository = userDataRepository;
        this.tokenProvider = tokenProvider;
        this.historyRepository = loginHistoryRepository;
        this.passwordService = passwordService;
        this.service = loginPasswordService;
    }

    public UserTokenDTO authorize(LoginPassword loginPassword, ScopeModel scopeModel) {
        loginPassword.setPassword(this.passwordService.toPassword(loginPassword.getPassword()));
        try {
            LoginPassword findOrThrow = this.service.findOrThrow(loginPassword, true);
            if (findOrThrow == null) {
                throw new AccessDeniedException(loginPassword.getLogin());
            }
            UserData createNew = createNew(findOrThrow);
            UserTokenDTO userTokenDTO = new UserTokenDTO();
            userTokenDTO.setUserData((systems.dennis.shared.auth_client.form.UserData) ((BeanCopier) this.service.getBean(BeanCopier.class)).copy(createNew, systems.dennis.shared.auth_client.form.UserData.class));
            log.debug("Start authorizing , creating token: {}", loginPassword.getLogin());
            List<UserRole> roles = this.passwordService.getRoles(findOrThrow, scopeModel);
            ActiveToken createToken = this.tokenProvider.createToken(userTokenDTO, "DEFAULT", roles, scopeModel);
            userTokenDTO.setToken(createToken.getToken());
            userTokenDTO.setRoles((List) roles.stream().map((v0) -> {
                return v0.getRole();
            }).collect(Collectors.toList()));
            userTokenDTO.setDue(createToken.getDue());
            IDPresenter loginHistory = new LoginHistory();
            log.debug("TRacing Login history started");
            loginHistory.setUserDataId(createNew.getId());
            loginHistory.setToken(createToken.getToken());
            loginHistory.setLogin(createNew.getLogin());
            this.historyRepository.save(loginHistory);
            log.debug("TRacing Login history finished");
            return userTokenDTO;
        } catch (AccessDeniedException e) {
            throw new AuthorizationFailedException(loginPassword.getLogin());
        }
    }

    public UserTokenDTO authorizeVirtual(LoginPassword loginPassword, ScopeModel scopeModel) {
        loginPassword.setPassword(this.passwordService.toPassword(loginPassword.getPassword()));
        try {
            LoginPassword findOrThrow = this.service.findOrThrow(loginPassword, false);
            if (findOrThrow == null) {
                throw new AccessDeniedException(loginPassword.getLogin());
            }
            UserData createNew = createNew(findOrThrow);
            UserTokenDTO userTokenDTO = new UserTokenDTO();
            userTokenDTO.setUserData((systems.dennis.shared.auth_client.form.UserData) ((BeanCopier) this.service.getBean(BeanCopier.class)).copy(createNew, systems.dennis.shared.auth_client.form.UserData.class));
            log.debug("Start authorizing , creating token: {}", loginPassword.getLogin());
            List<UserRole> roles = this.passwordService.getRoles(findOrThrow, scopeModel);
            ActiveToken createToken = this.tokenProvider.createToken(userTokenDTO, "VIRTUAL", roles, scopeModel);
            userTokenDTO.setToken(createToken.getToken());
            userTokenDTO.setRoles((List) roles.stream().map((v0) -> {
                return v0.getRole();
            }).collect(Collectors.toList()));
            userTokenDTO.setDue(createToken.getDue());
            IDPresenter loginHistory = new LoginHistory();
            log.debug("TRacing Login history started");
            loginHistory.setUserDataId(createNew.getId());
            loginHistory.setToken(createToken.getToken());
            loginHistory.setLogin(createNew.getLogin());
            this.historyRepository.save(loginHistory);
            log.debug("Tracing Login history finished");
            return userTokenDTO;
        } catch (AccessDeniedException e) {
            throw new AuthorizationFailedException(loginPassword.getLogin());
        }
    }

    private UserData createNew(LoginPassword loginPassword) {
        UserData userData = new UserData();
        userData.setLogin(loginPassword.getLogin());
        return this.userRepository.findByLogin(userData.getLogin()).orElseGet(() -> {
            return createUser(userData);
        });
    }

    private UserData createUser(UserData userData) {
        IDPresenter userData2 = new UserData();
        userData2.setLogin(userData.getLogin());
        userData2.setEmail(userData.getLogin());
        this.userRepository.save(userData2);
        return userData2;
    }

    public Auth2FactorEnabled get2factorBarCodeForUser(LoginPasswordService loginPasswordService) {
        LoginPassword loginData = getLoginData(loginPasswordService);
        String str = (String) Optional.ofNullable(loginData.getTwoFactorCode()).orElseGet(this::generateSecretKey);
        if (loginData.getTwoFactorCode() == null) {
            loginData.setTwoFactorCode(str);
            loginPasswordService.save(loginData);
        }
        String googleAuthenticatorBarCode = getGoogleAuthenticatorBarCode(str, loginData.getLogin(), "dennis.systems");
        Auth2FactorEnabled auth2FactorEnabled = new Auth2FactorEnabled();
        auth2FactorEnabled.setCode(googleAuthenticatorBarCode);
        auth2FactorEnabled.setEnabled(Boolean.valueOf(loginData.getTwoFactor() == null ? false : loginData.getTwoFactor().booleanValue()));
        return auth2FactorEnabled;
    }

    public String getTOTPCode(LoginPasswordService loginPasswordService, String str) {
        LoginPassword orElseThrow = loginPasswordService.findUserByLogin(str).orElseThrow(() -> {
            return new AuthorizationNotFoundException(" No such user: " + str);
        });
        if (orElseThrow.getTwoFactor() == null || !orElseThrow.getTwoFactor().booleanValue()) {
            return null;
        }
        return TOTP.getOTP(Hex.encodeHexString(new Base32().decode(orElseThrow.getTwoFactorCode())));
    }

    public String getTOTPCode(LoginPassword loginPassword) {
        return TOTP.getOTP(Hex.encodeHexString(new Base32().decode(loginPassword.getTwoFactorCode())));
    }

    public LoginPassword getLoginData(LoginPasswordService loginPasswordService) {
        return loginPasswordService.findUserByLogin(loginPasswordService.getUtils().getLogin()).orElseThrow(() -> {
            return new AuthorizationNotFoundException("");
        });
    }

    public String generateSecretKey() {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        return new Base32().encodeToString(bArr);
    }

    public String getGoogleAuthenticatorBarCode(String str, String str2, String str3) {
        return "otpauth://totp/" + URLEncoder.encode(str3 + ":" + str2, StandardCharsets.UTF_8).replace("+", "%20") + "?secret=" + URLEncoder.encode(str, StandardCharsets.UTF_8).replace("+", "%20") + "&issuer=" + URLEncoder.encode(str3, StandardCharsets.UTF_8).replace("+", "%20");
    }
}
