package net.bluemind.system.importation.commons.hooks;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.google.common.base.Strings;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import net.bluemind.authentication.provider.IAuthProvider;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.caches.registry.CacheRegistry;
import net.bluemind.core.caches.registry.ICacheRegistration;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.IDomainSettings;
import net.bluemind.hornetq.client.MQ;
import net.bluemind.system.importation.commons.Parameters;
import net.bluemind.system.importation.commons.UuidMapper;
import net.bluemind.system.importation.commons.exceptions.GetDnFailure;
import net.bluemind.user.api.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/importation/commons/hooks/ImportAuthenticationService.class */
public abstract class ImportAuthenticationService implements IAuthProvider {
    private static final Logger logger = LoggerFactory.getLogger(ImportAuthenticationService.class);
    private static final Cache<UuidMapper, String> uidToDN = Caffeine.newBuilder().recordStats().initialCapacity(1024).expireAfterWrite(20, TimeUnit.MINUTES).build();
    private static final Cache<String, String> dnToPass = Caffeine.newBuilder().recordStats().initialCapacity(1024).expireAfterWrite(20, TimeUnit.MINUTES).build();

    /* loaded from: input_file:net/bluemind/system/importation/commons/hooks/ImportAuthenticationService$CacheRegistration.class */
    public static class CacheRegistration implements ICacheRegistration {
        public void registerCaches(CacheRegistry cacheRegistry) {
            cacheRegistry.register("import-authentification-uidtodn", ImportAuthenticationService.uidToDN);
            cacheRegistry.register("import-authentification-dntopassword", ImportAuthenticationService.dnToPass);
        }
    }

    protected ImportAuthenticationService() {
        MQ.init(() -> {
            MQ.registerConsumer("bm.core.session", oOPMessage -> {
                invalidatePasswordCache(oOPMessage.getStringProperty("operation"), oOPMessage.getStringProperty("external-id"));
            });
        });
    }

    private void invalidatePasswordCache(String str, String str2) {
        if (!"logout".equals(str) || str2 == null) {
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Invalidate password for user external-id:  {}", str2);
        }
        Optional<UuidMapper> uuidMapper = getUuidMapper(str2);
        Cache<UuidMapper, String> cache = uidToDN;
        cache.getClass();
        uuidMapper.map((v1) -> {
            return r1.getIfPresent(v1);
        }).ifPresent(str3 -> {
            if (logger.isDebugEnabled()) {
                logger.debug("Invalidate password for user DN: {}", str3);
            }
            dnToPass.invalidate(str3);
        });
    }

    public int priority() {
        return 100;
    }

    public IAuthProvider.AuthResult check(IAuthProvider.IAuthContext iAuthContext) {
        ItemValue<User> user = iAuthContext.getUser();
        if (userExistsInDB(user) && (user.externalId == null || !user.externalId.startsWith(getPrefix()))) {
            return IAuthProvider.AuthResult.UNKNOWN;
        }
        if (Strings.isNullOrEmpty(iAuthContext.getUserPassword())) {
            logger.error("{} authentication refused null or empty password for {}", getDirectoryKind(), iAuthContext.getRealUserLogin());
            return userExistsInDB(user) ? IAuthProvider.AuthResult.NO : IAuthProvider.AuthResult.UNKNOWN;
        }
        ItemValue<Domain> domain = iAuthContext.getDomain();
        try {
            Parameters parameters = getParameters((Domain) domain.value, ((IDomainSettings) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IDomainSettings.class, new String[]{domain.uid})).get());
            return !parameters.enabled ? userExistsInDB(user) ? IAuthProvider.AuthResult.NO : IAuthProvider.AuthResult.UNKNOWN : userExistsInDB(user) ? authImportedUser(domain, parameters, iAuthContext) : authNotImportedUser(domain, parameters, iAuthContext);
        } catch (ServerFault e) {
            logger.error("Unable to load parameters for domain {}", domain.uid, e);
            return userExistsInDB(user) ? IAuthProvider.AuthResult.NO : IAuthProvider.AuthResult.UNKNOWN;
        }
    }

    private boolean userExistsInDB(ItemValue<User> itemValue) {
        return itemValue != null;
    }

    private IAuthProvider.AuthResult authImportedUser(ItemValue<Domain> itemValue, Parameters parameters, IAuthProvider.IAuthContext iAuthContext) {
        try {
            String userDnFromExtId = getUserDnFromExtId(parameters, itemValue, iAuthContext.getUser());
            if (userDnFromExtId == null) {
                return IAuthProvider.AuthResult.NO;
            }
            String str = (String) dnToPass.getIfPresent(userDnFromExtId);
            if (str != null && str.equals(iAuthContext.getUserPassword())) {
                logger.debug("Allowed directory user {} from dnToPass cache system", userDnFromExtId);
                return IAuthProvider.AuthResult.YES;
            }
            IAuthProvider.AuthResult checkAuth = checkAuth(parameters, userDnFromExtId, iAuthContext.getUserPassword());
            if (IAuthProvider.AuthResult.YES == checkAuth) {
                dnToPass.put(userDnFromExtId, iAuthContext.getUserPassword());
            }
            return checkAuth;
        } catch (GetDnFailure e) {
            logger.warn("dn resolution failed", e);
            return IAuthProvider.AuthResult.NO;
        }
    }

    private IAuthProvider.AuthResult authNotImportedUser(ItemValue<Domain> itemValue, Parameters parameters, IAuthProvider.IAuthContext iAuthContext) {
        try {
            logger.info("User {} not found in database, search login in {}", iAuthContext.getRealUserLogin(), getDirectoryKind());
            String userDnByUserLogin = getUserDnByUserLogin(parameters, ((Domain) itemValue.value).name, iAuthContext.getRealUserLogin());
            if (userDnByUserLogin == null) {
                return IAuthProvider.AuthResult.UNKNOWN;
            }
            IAuthProvider.AuthResult checkAuth = checkAuth(parameters, userDnByUserLogin, iAuthContext.getUserPassword());
            if (IAuthProvider.AuthResult.YES == checkAuth) {
                dnToPass.put(userDnByUserLogin, iAuthContext.getUserPassword());
            }
            return checkAuth;
        } catch (Exception e) {
            logger.error("Unable to search for user login {} in {}", new Object[]{iAuthContext.getRealUserLogin(), getDirectoryKind(), e});
            return IAuthProvider.AuthResult.UNKNOWN;
        }
    }

    private String getUserDnFromExtId(Parameters parameters, ItemValue<Domain> itemValue, ItemValue<User> itemValue2) throws GetDnFailure {
        UuidMapper orElse = getUuidMapper(itemValue2.externalId).orElse(null);
        if (orElse == null) {
            return null;
        }
        String str = (String) uidToDN.getIfPresent(orElse);
        long j = 0;
        if (str == null) {
            long currentTimeMillis = System.currentTimeMillis();
            try {
                str = getUserDnByUuid(parameters, orElse.getGuid());
                if (str != null) {
                    uidToDN.put(orElse, str);
                }
                j = System.currentTimeMillis() - currentTimeMillis;
            } catch (Exception e) {
                throw new GetDnFailure(e);
            }
        }
        if (str == null) {
            logger.error("Unable to find DN for extId {}, user {}@{}. Time: {}ms.", new Object[]{orElse.getExtId(), ((User) itemValue2.value).login, ((Domain) itemValue.value).name, Long.valueOf(j)});
            throw new GetDnFailure("failure for extId " + orElse.getExtId() + " user " + ((User) itemValue2.value).login);
        }
        if (j > 10) {
            logger.info("Found: {}, searched for extId {}, u: {}@{}. Time: {}ms.", new Object[]{str, orElse.getExtId(), ((User) itemValue2.value).login, ((Domain) itemValue.value).name, Long.valueOf(j)});
        }
        return str;
    }

    protected abstract String getDirectoryKind();

    protected abstract String getPrefix();

    protected abstract Parameters getParameters(Domain domain, Map<String, String> map);

    protected abstract Optional<UuidMapper> getUuidMapper(String str);

    protected abstract String getUserDnByUserLogin(Parameters parameters, String str, String str2);

    protected abstract String getUserDnByUuid(Parameters parameters, String str) throws Exception;

    protected abstract IAuthProvider.AuthResult checkAuth(Parameters parameters, String str, String str2);
}
