package io.gravitee.am.management.service.impl;

import com.google.common.base.Strings;
import io.gravitee.am.common.utils.MovingFactorUtils;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.identityprovider.api.DefaultUser;
import io.gravitee.am.identityprovider.api.UserProvider;
import io.gravitee.am.management.service.IdentityProviderManager;
import io.gravitee.am.model.Application;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.User;
import io.gravitee.am.model.membership.MemberType;
import io.gravitee.am.repository.management.api.search.LoginAttemptCriteria;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.CommonUserService;
import io.gravitee.am.service.CredentialService;
import io.gravitee.am.service.LoginAttemptService;
import io.gravitee.am.service.MembershipService;
import io.gravitee.am.service.PasswordService;
import io.gravitee.am.service.RateLimiterService;
import io.gravitee.am.service.TokenService;
import io.gravitee.am.service.UserActivityService;
import io.gravitee.am.service.VerifyAttemptService;
import io.gravitee.am.service.exception.InvalidUserException;
import io.gravitee.am.service.exception.UserNotFoundException;
import io.gravitee.am.service.exception.UserProviderNotFoundException;
import io.gravitee.am.service.impl.PasswordHistoryService;
import io.gravitee.am.service.model.AbstractNewUser;
import io.gravitee.am.service.model.UpdateUser;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.UserAuditBuilder;
import io.gravitee.am.service.validators.user.UserValidator;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.BiFunction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:io/gravitee/am/management/service/impl/AbstractUserService.class */
public abstract class AbstractUserService<T extends CommonUserService> implements io.gravitee.am.management.service.CommonUserService {
    protected Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    protected IdentityProviderManager identityProviderManager;

    @Autowired
    protected PasswordService passwordService;

    @Autowired
    protected UserValidator userValidator;

    @Autowired
    protected AuditService auditService;

    @Autowired
    protected MembershipService membershipService;

    @Autowired
    protected UserActivityService userActivityService;

    @Autowired
    protected RateLimiterService rateLimiterService;

    @Autowired
    protected PasswordHistoryService passwordHistoryService;

    @Autowired
    protected VerifyAttemptService verifyAttemptService;

    @Autowired
    protected CredentialService credentialService;

    @Autowired
    private LoginAttemptService loginAttemptService;

    @Autowired
    private TokenService tokenService;

    protected abstract BiFunction<String, String, Maybe<Application>> checkClientFunction();

    protected abstract T getUserService();

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<User> findById(ReferenceType referenceType, String str, String str2) {
        return getUserService().findById(referenceType, str, str2);
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<User> update(ReferenceType referenceType, String str, String str2, UpdateUser updateUser, io.gravitee.am.identityprovider.api.User user) {
        return updateUser(referenceType, str, str2, updateUser, user);
    }

    private Single<User> updateUser(ReferenceType referenceType, String str, String str2, UpdateUser updateUser, io.gravitee.am.identityprovider.api.User user) {
        return getUserService().findById(referenceType, str, str2).flatMap(user2 -> {
            if (Boolean.FALSE.equals(user2.isInternal()) && Boolean.TRUE.equals(updateUser.getForceResetPassword())) {
                return Single.error(new InvalidUserException("forceResetPassword is forbidden on external users"));
            }
            return this.userValidator.validate(updateUser, (Strings.isNullOrEmpty(user2.getEmail()) && Strings.isNullOrEmpty(updateUser.getEmail())) ? false : true).andThen(Single.just(user2));
        }).flatMap(user3 -> {
            return updateWithProviderIfNecessary(updateUser, user3);
        }).flatMap(updateUser2 -> {
            return getUserService().update(referenceType, str, str2, updateUser2).doOnSuccess(user4 -> {
                this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type("USER_UPDATED")).oldValue(updateUser2)).user(user4));
            }).doOnError(th -> {
                this.auditService.report((AuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type("USER_UPDATED")).throwable(th));
            });
        });
    }

    private Single<UpdateUser> updateWithProviderIfNecessary(UpdateUser updateUser, User user) {
        Maybe<UserProvider> userProvider = this.identityProviderManager.getUserProvider(user.getSource());
        return userProvider.isEmpty().flatMap(bool -> {
            return bool.booleanValue() ? Single.just(updateUser) : updateWithUserProvider(updateUser, user, userProvider.toSingle());
        });
    }

    private Single<UpdateUser> updateWithUserProvider(UpdateUser updateUser, User user, Single<UserProvider> single) {
        return single.flatMap(userProvider -> {
            return userProvider.findByUsername(user.getUsername()).switchIfEmpty(Single.error(() -> {
                return new UserNotFoundException(user.getUsername());
            })).flatMap(user2 -> {
                return userProvider.update(user2.getId(), convert(user.getUsername(), updateUser));
            }).map(user3 -> {
                updateUser.setExternalId(user3.getId());
                return updateUser;
            });
        }).onErrorResumeNext(th -> {
            return th instanceof UserNotFoundException ? Single.just(updateUser) : Single.error(th);
        });
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<User> updateStatus(ReferenceType referenceType, String str, String str2, boolean z, io.gravitee.am.identityprovider.api.User user) {
        return getUserService().findById(referenceType, str, str2).flatMap(user2 -> {
            user2.setEnabled(Boolean.valueOf(z));
            return getUserService().update(user2);
        }).doOnSuccess(user3 -> {
            this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type(z ? "USER_ENABLED" : "USER_DISABLED")).user(user3));
        }).doOnError(th -> {
            this.auditService.report((AuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type(z ? "USER_ENABLED" : "USER_DISABLED")).throwable(th));
        });
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<User> updateUsername(ReferenceType referenceType, String str, String str2, String str3, io.gravitee.am.identityprovider.api.User user) {
        AtomicReference atomicReference = new AtomicReference();
        return this.userValidator.validateUsername(str3).andThen(Single.defer(() -> {
            return getUserService().findById(referenceType, str, str2).flatMap(user2 -> {
                return getUserService().findByUsernameAndSource(referenceType, str, str3, user2.getSource()).switchIfEmpty(Single.error(() -> {
                    return new UserNotFoundException(str, str3);
                })).flatMap(user2 -> {
                    return Single.error(new InvalidUserException(String.format("User with username [%s] and idp [%s] already exists", str3, user2.getSource())));
                }).onErrorResumeNext(th -> {
                    return th instanceof UserNotFoundException ? Single.just(user2) : Single.error(th);
                });
            }).flatMap(user3 -> {
                return this.identityProviderManager.getUserProvider(user3.getSource()).switchIfEmpty(Single.error(() -> {
                    return new UserProviderNotFoundException(user3.getSource());
                })).flatMap(userProvider -> {
                    return userProvider.findByUsername(user3.getUsername()).switchIfEmpty(Single.error(UserNotFoundException::new)).flatMap(user3 -> {
                        return userProvider.updateUsername(user3, str3);
                    }).flatMap(user4 -> {
                        atomicReference.set(user3.getUsername());
                        return updateCredentialUsername(referenceType, str, (String) atomicReference.get(), user4);
                    }).flatMap(user5 -> {
                        user3.updateUsername(str3);
                        generateNewMovingFactorBasedOnUserId(user3);
                        return getUserService().update(user3).onErrorResumeNext(th -> {
                            ((DefaultUser) user5).setUsername((String) atomicReference.get());
                            return userProvider.updateUsername(user5, user5.getUsername()).flatMap(user5 -> {
                                return updateCredentialUsername(referenceType, str, user5.getUsername(), (String) atomicReference.get());
                            }).flatMap(str4 -> {
                                return Single.error(th);
                            });
                        });
                    });
                });
            }).doOnSuccess(user4 -> {
                this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type("USERNAME_UPDATED")).user(user4));
                if (ReferenceType.DOMAIN.equals(referenceType)) {
                    this.loginAttemptService.reset(createLoginAttemptCriteria(str, (String) atomicReference.get())).onErrorResumeNext(th -> {
                        this.logger.warn("Could not delete login attempt {}", th.getMessage());
                        return Completable.complete();
                    }).subscribe();
                }
            }).doOnError(th -> {
                this.auditService.report((AuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type("USERNAME_UPDATED")).throwable(th));
            });
        }));
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<User> delete(ReferenceType referenceType, String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return getUserService().findById(referenceType, str, str2).flatMap(user2 -> {
            return this.identityProviderManager.getUserProvider(user2.getSource()).map((v0) -> {
                return Optional.ofNullable(v0);
            }).flatMapCompletable(optional -> {
                return optional.isEmpty() ? Completable.complete() : (user2.getExternalId() == null || user2.getExternalId().isEmpty()) ? Completable.complete() : ((UserProvider) optional.get()).delete(user2.getExternalId()).onErrorResumeNext(th -> {
                    return th instanceof UserNotFoundException ? Completable.complete() : Completable.error(th);
                });
            }).andThen(ReferenceType.DOMAIN.equals(referenceType) ? this.userActivityService.deleteByDomainAndUser(str, str2) : Completable.complete()).andThen(this.rateLimiterService.deleteByUser(user2)).andThen(this.verifyAttemptService.deleteByUser(user2)).andThen(getUserService().delete(str2).ignoreElement()).andThen(ReferenceType.ORGANIZATION != referenceType ? Completable.complete() : this.membershipService.findByMember(str2, MemberType.USER).flatMapCompletable(membership -> {
                return this.membershipService.delete(membership.getId());
            })).andThen(this.passwordHistoryService.deleteByUser(str2)).toSingleDefault(user2);
        }).doOnSuccess(user3 -> {
            this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type("USER_DELETED")).user(user3));
        }).doOnError(th -> {
            this.auditService.report((AuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user)).type("USER_DELETED")).throwable(th));
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public io.gravitee.am.identityprovider.api.User convert(AbstractNewUser abstractNewUser) {
        DefaultUser defaultUser = new DefaultUser(abstractNewUser.getUsername());
        defaultUser.setCredentials(abstractNewUser.getPassword());
        HashMap hashMap = new HashMap();
        if (abstractNewUser.getFirstName() != null) {
            defaultUser.setFirstName(abstractNewUser.getFirstName());
            hashMap.put("given_name", abstractNewUser.getFirstName());
        }
        if (abstractNewUser.getLastName() != null) {
            defaultUser.setLastName(abstractNewUser.getLastName());
            hashMap.put("family_name", abstractNewUser.getLastName());
        }
        if (abstractNewUser.getEmail() != null) {
            defaultUser.setEmail(abstractNewUser.getEmail());
            hashMap.put("email", abstractNewUser.getEmail());
        }
        if (abstractNewUser.getAdditionalInformation() != null) {
            Map additionalInformation = abstractNewUser.getAdditionalInformation();
            Objects.requireNonNull(hashMap);
            additionalInformation.forEach((v1, v2) -> {
                r1.putIfAbsent(v1, v2);
            });
        }
        defaultUser.setAdditionalInformation(hashMap);
        return defaultUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User transform(AbstractNewUser abstractNewUser, ReferenceType referenceType, String str) {
        User user = new User();
        user.setId(RandomString.generate());
        user.setExternalId(abstractNewUser.getExternalId());
        user.setReferenceId(str);
        user.setReferenceType(referenceType);
        user.setClient(abstractNewUser.getClient());
        user.setEnabled(Boolean.valueOf(abstractNewUser.isEnabled()));
        user.setUsername(abstractNewUser.getUsername());
        user.setFirstName(abstractNewUser.getFirstName());
        user.setLastName(abstractNewUser.getLastName());
        user.setEmail(abstractNewUser.getEmail());
        user.setSource(abstractNewUser.getSource());
        user.setInternal(Boolean.valueOf(abstractNewUser.isInternal()));
        user.setPreRegistration(Boolean.valueOf(abstractNewUser.isPreRegistration()));
        user.setRegistrationCompleted(Boolean.valueOf(abstractNewUser.isRegistrationCompleted()));
        user.setPreferredLanguage(abstractNewUser.getPreferredLanguage());
        user.setAdditionalInformation(abstractNewUser.getAdditionalInformation());
        user.setForceResetPassword(abstractNewUser.getForceResetPassword());
        user.setCreatedAt(new Date());
        user.setUpdatedAt(user.getCreatedAt());
        user.setLastPasswordReset(user.getCreatedAt());
        user.setServiceAccount(false);
        return user;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateInfos(User user, AbstractNewUser abstractNewUser) {
        user.setFirstName(abstractNewUser.getFirstName());
        user.setLastName(abstractNewUser.getLastName());
        user.setEmail(abstractNewUser.getEmail());
        user.setAdditionalInformation(abstractNewUser.getAdditionalInformation());
    }

    protected io.gravitee.am.identityprovider.api.User convert(String str, UpdateUser updateUser) {
        DefaultUser defaultUser = new DefaultUser(str);
        HashMap hashMap = new HashMap();
        if (updateUser.getFirstName() != null) {
            defaultUser.setFirstName(updateUser.getFirstName());
            hashMap.put("given_name", updateUser.getFirstName());
        }
        if (updateUser.getLastName() != null) {
            defaultUser.setLastName(updateUser.getLastName());
            hashMap.put("family_name", updateUser.getLastName());
        }
        if (updateUser.getEmail() != null) {
            defaultUser.setEmail(updateUser.getEmail());
            hashMap.put("email", updateUser.getEmail());
        }
        if (updateUser.getAdditionalInformation() != null) {
            Map additionalInformation = updateUser.getAdditionalInformation();
            Objects.requireNonNull(hashMap);
            additionalInformation.forEach((v1, v2) -> {
                r1.putIfAbsent(v1, v2);
            });
        }
        defaultUser.setAdditionalInformation(hashMap);
        if (updateUser.getForceResetPassword() != null) {
            defaultUser.setForceResetPassword(updateUser.getForceResetPassword());
        }
        return defaultUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public io.gravitee.am.identityprovider.api.User convert(User user) {
        DefaultUser defaultUser = new DefaultUser(user.getUsername());
        defaultUser.setCredentials(user.getPassword());
        HashMap hashMap = new HashMap();
        if (user.getFirstName() != null) {
            defaultUser.setFirstName(user.getFirstName());
            hashMap.put("given_name", user.getFirstName());
        }
        if (user.getLastName() != null) {
            defaultUser.setLastName(user.getLastName());
            hashMap.put("family_name", user.getLastName());
        }
        if (user.getEmail() != null) {
            defaultUser.setEmail(user.getEmail());
            hashMap.put("email", user.getEmail());
        }
        if (user.getAdditionalInformation() != null) {
            Map additionalInformation = user.getAdditionalInformation();
            Objects.requireNonNull(hashMap);
            additionalInformation.forEach((v1, v2) -> {
                r1.putIfAbsent(v1, v2);
            });
        }
        defaultUser.setAdditionalInformation(hashMap);
        defaultUser.setForceResetPassword(Boolean.FALSE);
        return defaultUser;
    }

    private LoginAttemptCriteria createLoginAttemptCriteria(String str, String str2) {
        return new LoginAttemptCriteria.Builder().domain(str).username(str2).build();
    }

    private Single<io.gravitee.am.identityprovider.api.User> updateCredentialUsername(ReferenceType referenceType, String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return updateCredentialUsername(referenceType, str, str2, user.getUsername()).flatMap(str3 -> {
            return Single.just(user);
        });
    }

    private Single<String> updateCredentialUsername(ReferenceType referenceType, String str, String str2, String str3) {
        return this.credentialService.findByUsername(referenceType, str, str2).map(credential -> {
            credential.setUsername(str3);
            return this.credentialService.update(credential).subscribe();
        }).toList().flatMapMaybe(list -> {
            return Maybe.just(str3);
        }).toSingle();
    }

    private void generateNewMovingFactorBasedOnUserId(User user) {
        Optional.ofNullable(user.getFactors()).ifPresent(list -> {
            user.getFactors().stream().filter(enrolledFactor -> {
                return Optional.ofNullable(enrolledFactor.getSecurity()).isPresent();
            }).forEach(enrolledFactor2 -> {
                Map additionalData = enrolledFactor2.getSecurity().getAdditionalData();
                if (additionalData.containsKey("MOVING_FACTOR")) {
                    additionalData.put("MOVING_FACTOR", Integer.valueOf(MovingFactorUtils.generateInitialMovingFactor(user.getId())));
                    enrolledFactor2.setUpdatedAt(new Date());
                }
            });
        });
    }
}
