package io.gravitee.am.management.service.impl;

import com.google.common.base.Strings;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.model.AccountAccessToken;
import io.gravitee.am.model.Application;
import io.gravitee.am.model.Organization;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.User;
import io.gravitee.am.model.UserId;
import io.gravitee.am.model.common.Page;
import io.gravitee.am.repository.management.api.search.FilterCriteria;
import io.gravitee.am.service.OrganizationUserService;
import io.gravitee.am.service.authentication.crypto.password.bcrypt.BCryptPasswordEncoder;
import io.gravitee.am.service.exception.InvalidParameterException;
import io.gravitee.am.service.exception.InvalidPasswordException;
import io.gravitee.am.service.exception.InvalidUserException;
import io.gravitee.am.service.exception.NotImplementedException;
import io.gravitee.am.service.exception.UserAlreadyExistsException;
import io.gravitee.am.service.exception.UserInvalidException;
import io.gravitee.am.service.exception.UserProviderNotFoundException;
import io.gravitee.am.service.model.AbstractNewUser;
import io.gravitee.am.service.model.NewAccountAccessToken;
import io.gravitee.am.service.model.NewOrganizationUser;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.UserAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.util.Date;
import java.util.function.BiFunction;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("managementOrganizationUserService")
/* loaded from: input_file:io/gravitee/am/management/service/impl/OrganizationUserServiceImpl.class */
public class OrganizationUserServiceImpl extends AbstractUserService<OrganizationUserService> implements io.gravitee.am.management.service.OrganizationUserService {
    public static final BCryptPasswordEncoder PWD_ENCODER = new BCryptPasswordEncoder();

    @Autowired
    private OrganizationUserService userService;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.gravitee.am.management.service.impl.AbstractUserService
    public OrganizationUserService getUserService() {
        return this.userService;
    }

    @Override // io.gravitee.am.management.service.impl.AbstractUserService
    protected BiFunction<String, String, Maybe<Application>> checkClientFunction() {
        return (str, str2) -> {
            return Maybe.error(new NotImplementedException());
        };
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<Page<User>> search(ReferenceType referenceType, String str, String str2, int i, int i2) {
        return this.userService.search(referenceType, str, str2, i, i2);
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<Page<User>> search(ReferenceType referenceType, String str, FilterCriteria filterCriteria, int i, int i2) {
        return this.userService.search(referenceType, str, filterCriteria, i, i2);
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<Page<User>> findAll(ReferenceType referenceType, String str, int i, int i2) {
        return this.userService.findAll(referenceType, str, i, i2);
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Single<User> createOrUpdate(ReferenceType referenceType, String str, NewOrganizationUser newOrganizationUser) {
        return this.userService.findByExternalIdAndSource(referenceType, str, newOrganizationUser.getExternalId(), newOrganizationUser.getSource()).switchIfEmpty(Maybe.defer(() -> {
            return this.userService.findByUsernameAndSource(referenceType, str, newOrganizationUser.getUsername(), newOrganizationUser.getSource());
        })).flatMap(user -> {
            updateInfos(user, newOrganizationUser);
            return this.userService.update(user).toMaybe();
        }).switchIfEmpty(Single.defer(() -> {
            if (StringUtils.isBlank(newOrganizationUser.getUsername())) {
                return Single.error(() -> {
                    return new UserInvalidException("Field [username] is required");
                });
            }
            return this.userService.create(transform(newOrganizationUser, referenceType, str)).doOnSuccess(user2 -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).type("USER_CREATED").user(user2));
            }).doOnError(th -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).type("USER_CREATED").reference(new Reference(referenceType, str)).throwable(th));
            });
        }));
    }

    protected User transform(NewOrganizationUser newOrganizationUser, ReferenceType referenceType, String str) {
        User transform = super.transform((AbstractNewUser) newOrganizationUser, referenceType, str);
        transform.setServiceAccount(Boolean.valueOf(newOrganizationUser.isServiceAccount()));
        return transform;
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Single<User> createGraviteeUser(Organization organization, NewOrganizationUser newOrganizationUser, io.gravitee.am.identityprovider.api.User user) {
        if (StringUtils.isBlank(newOrganizationUser.getUsername())) {
            return Single.error(() -> {
                return new UserInvalidException("Field [username] is required");
            });
        }
        if (!Strings.isNullOrEmpty(newOrganizationUser.getSource()) && !IdentityProviderManagerImpl.IDP_GRAVITEE.equals(newOrganizationUser.getSource())) {
            return Single.error(new UserInvalidException("Invalid identity provider for ['" + newOrganizationUser.getUsername() + "']"));
        }
        newOrganizationUser.setSource(IdentityProviderManagerImpl.IDP_GRAVITEE);
        return this.userService.findByUsernameAndSource(ReferenceType.ORGANIZATION, organization.getId(), newOrganizationUser.getUsername(), newOrganizationUser.getSource()).isEmpty().flatMap(bool -> {
            return Boolean.FALSE.equals(bool) ? Single.error(new UserAlreadyExistsException(newOrganizationUser.getUsername())) : this.identityProviderManager.getUserProvider(newOrganizationUser.getSource()).switchIfEmpty(Single.error(new UserProviderNotFoundException(newOrganizationUser.getSource()))).flatMap(userProvider -> {
                String password;
                newOrganizationUser.setDomain((String) null);
                newOrganizationUser.setClient((String) null);
                newOrganizationUser.setInternal(true);
                if (!newOrganizationUser.isServiceAccount() && ((password = newOrganizationUser.getPassword()) == null || !this.passwordService.isValid(password))) {
                    return Single.error(InvalidPasswordException.of("Field [password] is invalid", "invalid_password_value"));
                }
                newOrganizationUser.setRegistrationCompleted(true);
                newOrganizationUser.setEnabled(true);
                User transform = transform(newOrganizationUser, ReferenceType.ORGANIZATION, organization.getId());
                transform.setReferenceId(organization.getId());
                transform.setReferenceType(ReferenceType.ORGANIZATION);
                return ((Completable) this.userValidator.validate(transform)).doOnError(th -> {
                    this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_CREATED").reference(Reference.organization(organization.getId())).throwable(th));
                }).andThen(userProvider.create(convert((AbstractNewUser) newOrganizationUser)).map(user2 -> {
                    if (!newOrganizationUser.isServiceAccount()) {
                        transform.setPassword(PWD_ENCODER.encode(newOrganizationUser.getPassword()));
                    }
                    transform.setId(RandomString.generate());
                    transform.setExternalId(transform.getId());
                    return transform;
                }).flatMap(user3 -> {
                    return this.userService.create(user3).flatMap(user3 -> {
                        return this.userService.setRoles(user3).andThen(Single.just(user3));
                    }).doOnSuccess(user4 -> {
                        this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_CREATED").user(user4));
                    }).doOnError(th2 -> {
                        this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_CREATED").reference(Reference.organization(organization.getId())).throwable(th2));
                    });
                }));
            });
        });
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Completable resetPassword(String str, User user, String str2, io.gravitee.am.identityprovider.api.User user2) {
        if (str2 == null || !this.passwordService.isValid(str2)) {
            return Completable.error(InvalidPasswordException.of("Field [password] is invalid", "invalid_password_value"));
        }
        if (!IdentityProviderManagerImpl.IDP_GRAVITEE.equals(user.getSource())) {
            return Completable.error(new InvalidUserException("Unsupported source for this action"));
        }
        user.setLastPasswordReset(new Date());
        user.setUpdatedAt(new Date());
        user.setPassword(PWD_ENCODER.encode(str2));
        return this.userService.update(user).doOnSuccess(user3 -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user2).type("USER_PASSWORD_RESET").user(user));
        }).doOnError(th -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user2).type("USER_PASSWORD_RESET").reference(Reference.organization(str)).throwable(th));
        }).ignoreElement();
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Single<User> updateLogoutDate(ReferenceType referenceType, String str, String str2) {
        return getUserService().findById(referenceType, str, str2).flatMap(user -> {
            Date date = new Date();
            user.setLastLogoutAt(date);
            user.setUpdatedAt(date);
            return getUserService().update(user);
        });
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Flowable<AccountAccessToken> findAccountAccessTokens(String str, String str2) {
        return this.userService.findUserAccessTokens(str, str2);
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Single<AccountAccessToken> createAccountAccessToken(String str, String str2, NewAccountAccessToken newAccountAccessToken, io.gravitee.am.identityprovider.api.User user) {
        return !org.springframework.util.StringUtils.hasText(newAccountAccessToken.name()) ? Single.error(new InvalidParameterException("Token name is required")) : newAccountAccessToken.name().length() > 254 ? Single.error(new InvalidParameterException("Token name is too long")) : getUserService().findById(ReferenceType.ORGANIZATION, str, str2).flatMap(user2 -> {
            return getUserService().generateAccountAccessToken(user2, newAccountAccessToken, user.getId()).doOnSuccess(accountAccessToken -> {
                this.auditService.report(createAccountAccessTokenAudit(user).user(user2).accountToken(accountAccessToken));
            });
        }).doOnError(th -> {
            this.auditService.report(createAccountAccessTokenAudit(user).reference(Reference.organization(str)).throwable(th));
        });
    }

    private UserAuditBuilder createAccountAccessTokenAudit(io.gravitee.am.identityprovider.api.User user) {
        return ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("ACCOUNT_ACCESS_TOKEN_CREATED");
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Single<User> findByAccessToken(String str, String str2) {
        return getUserService().findByAccessToken(str, str2);
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Completable revokeToken(String str, String str2, String str3, io.gravitee.am.identityprovider.api.User user) {
        return getUserService().findById(Reference.organization(str), UserId.internal(str2)).flatMap(user2 -> {
            return getUserService().revokeToken(str, str2, str3).doOnSuccess(accountAccessToken -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("ACCOUNT_ACCESS_TOKEN_REVOKED").user(user2).accountToken(accountAccessToken));
            }).doOnError(th -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("ACCOUNT_ACCESS_TOKEN_REVOKED").user(user2).accountToken(str3).throwable(th));
            });
        }).ignoreElement();
    }

    @Override // io.gravitee.am.management.service.impl.AbstractUserService, io.gravitee.am.management.service.CommonUserService
    public Single<User> delete(ReferenceType referenceType, String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return super.delete(referenceType, str, str2, user).flatMap(user2 -> {
            return getUserService().revokeUserAccessTokens(user2.getReferenceType(), user2.getReferenceId(), user2.getId()).toSingleDefault(user2);
        });
    }

    @Override // io.gravitee.am.management.service.OrganizationUserService
    public Single<User> updateStatus(String str, String str2, boolean z, io.gravitee.am.identityprovider.api.User user) {
        return updateStatus(ReferenceType.ORGANIZATION, str, str2, z, user);
    }
}
