package es.prodevelop.pui9.login;

import dev.samstevens.totp.code.DefaultCodeGenerator;
import dev.samstevens.totp.code.DefaultCodeVerifier;
import dev.samstevens.totp.exceptions.QrGenerationException;
import dev.samstevens.totp.qr.QrData;
import dev.samstevens.totp.qr.ZxingPngQrGenerator;
import dev.samstevens.totp.time.SystemTimeProvider;
import dev.samstevens.totp.util.Utils;
import es.prodevelop.pui9.common.enums.PuiVariableValues;
import es.prodevelop.pui9.common.service.interfaces.IPuiVariableService;
import es.prodevelop.pui9.eventlistener.PuiEventLauncher;
import es.prodevelop.pui9.eventlistener.event.LoginEvent;
import es.prodevelop.pui9.eventlistener.event.LogoutEvent;
import es.prodevelop.pui9.eventlistener.event.SessionCreatedEvent;
import es.prodevelop.pui9.exceptions.PuiException;
import es.prodevelop.pui9.login.apikey.PuiApiKeyAuthenticationToken;
import es.prodevelop.pui9.login.database.PuiDatabaseAuthenticationToken;
import es.prodevelop.pui9.login.ldap.PuiLdapAuthenticationToken;
import es.prodevelop.pui9.services.exceptions.PuiServiceAuthenticate2faMaxWrongCodeException;
import es.prodevelop.pui9.services.exceptions.PuiServiceAuthenticate2faWrongCodeException;
import es.prodevelop.pui9.services.exceptions.PuiServiceIncorrectLoginException;
import es.prodevelop.pui9.services.exceptions.PuiServiceIncorrectUserPasswordException;
import es.prodevelop.pui9.services.exceptions.PuiServiceLoginMaxAttemptsException;
import es.prodevelop.pui9.services.exceptions.PuiServiceNoSessionException;
import es.prodevelop.pui9.services.exceptions.PuiServiceUserCredentialsExpiredException;
import es.prodevelop.pui9.services.exceptions.PuiServiceUserDisabledException;
import es.prodevelop.pui9.services.exceptions.PuiServiceUserLockedException;
import es.prodevelop.pui9.services.exceptions.PuiServiceUserNotAuthenticatedException;
import es.prodevelop.pui9.services.exceptions.PuiServiceUserSessionTimeoutException;
import es.prodevelop.pui9.session.PuiSessionHandler;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;

@Component
/* loaded from: input_file:es/prodevelop/pui9/login/PuiLogin.class */
public class PuiLogin {

    @Autowired
    protected AuthenticationManager authenticationManager;

    @Autowired
    private PuiEventLauncher eventLauncher;

    @Autowired
    private PuiSessionHandler sessionHandler;

    @Autowired
    protected IPuiVariableService variableService;

    public PuiUserInfo loginUser(LoginData loginData) throws PuiServiceIncorrectUserPasswordException, PuiServiceIncorrectLoginException, PuiServiceUserDisabledException, PuiServiceLoginMaxAttemptsException, PuiServiceUserCredentialsExpiredException, PuiServiceUserLockedException {
        return createUserInfo(loginData, authenticate(loginData));
    }

    public PuiUserSession logoutUser(String str, boolean z) throws PuiServiceNoSessionException {
        if (ObjectUtils.isEmpty(str)) {
            throw new PuiServiceNoSessionException();
        }
        Authentication remove = this.sessionHandler.remove(str.replace("Bearer ", ""));
        if (remove == null) {
            return null;
        }
        this.eventLauncher.fireSync(new LogoutEvent(LoginEventData.success((PuiUserSession) remove.getPrincipal())));
        if (z) {
            this.sessionHandler.removeContextSession();
        }
        return (PuiUserSession) remove.getPrincipal();
    }

    public TwoFactorAuthenticationData generateQr2fa(String str) throws PuiServiceNoSessionException, PuiServiceUserSessionTimeoutException {
        byte[] bArr;
        String str2;
        PuiUserSession puiUserSession = (PuiUserSession) this.sessionHandler.get(str.replace("Bearer ", "")).getPrincipal();
        if (!puiUserSession.getUse2fa().booleanValue()) {
            return null;
        }
        TwoFactorAuthenticationData twoFactorAuthenticationData = new TwoFactorAuthenticationData();
        twoFactorAuthenticationData.setQrRegistered(puiUserSession.getRegistered2fa().booleanValue());
        if (twoFactorAuthenticationData.isQrRegistered()) {
            return twoFactorAuthenticationData;
        }
        String variable = this.variableService.getVariable(PuiVariableValues.APPLICATION_NAME.name());
        String email = puiUserSession.getEmail();
        if (ObjectUtils.isEmpty(email)) {
            email = puiUserSession.getUsr();
        }
        QrData build = new QrData.Builder().label(email).secret(puiUserSession.getSecret2fa()).issuer(variable).build();
        twoFactorAuthenticationData.setLabel(email);
        twoFactorAuthenticationData.setIssuer(variable);
        twoFactorAuthenticationData.setSecret(puiUserSession.getSecret2fa());
        twoFactorAuthenticationData.setOtpAuthUri(build.getUri());
        Integer num = 350;
        ZxingPngQrGenerator zxingPngQrGenerator = new ZxingPngQrGenerator();
        zxingPngQrGenerator.setImageSize(num.intValue());
        try {
            bArr = zxingPngQrGenerator.generate(build);
        } catch (QrGenerationException e) {
            bArr = new byte[0];
        }
        twoFactorAuthenticationData.setQrImageUri(Utils.getDataUriForImage(bArr, zxingPngQrGenerator.getImageMimeType()));
        try {
            str2 = URLEncoder.encode(build.getUri(), StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e2) {
            str2 = "";
        }
        twoFactorAuthenticationData.setGeneratorUri("https://quickchart.io/qr?ecLevel=L&size=" + num + "&text=" + str2);
        return twoFactorAuthenticationData;
    }

    public void authenticate2fa(String str, String str2, boolean z) throws PuiServiceAuthenticate2faWrongCodeException, PuiServiceAuthenticate2faMaxWrongCodeException, PuiServiceNoSessionException, PuiServiceUserSessionTimeoutException {
        PuiUserSession puiUserSession = (PuiUserSession) this.sessionHandler.get(str.replace("Bearer ", "")).getPrincipal();
        if (!puiUserSession.getUse2fa().booleanValue() || z) {
            puiUserSession.setAuthenticated(true);
            return;
        }
        puiUserSession.incrementAttempts2fa();
        if (new DefaultCodeVerifier(new DefaultCodeGenerator(), new SystemTimeProvider()).isValidCode(puiUserSession.getSecret2fa(), str2)) {
            puiUserSession.setAuthenticated(true);
            this.eventLauncher.fireSync(new LoginEvent(LoginEventData.success(puiUserSession)));
            return;
        }
        Integer num = (Integer) this.variableService.getVariable(Integer.class, PuiVariableValues.LOGIN_MAX_ATTEMPTS.name());
        if (num == null) {
            num = Integer.MAX_VALUE;
        }
        if (puiUserSession.getAttemps2fa().intValue() < num.intValue()) {
            throw new PuiServiceAuthenticate2faWrongCodeException();
        }
        try {
            logoutUser(puiUserSession.getJwt(), true);
        } catch (PuiServiceNoSessionException e) {
        }
        PuiServiceAuthenticate2faMaxWrongCodeException puiServiceAuthenticate2faMaxWrongCodeException = new PuiServiceAuthenticate2faMaxWrongCodeException();
        this.eventLauncher.fireSync(new LoginEvent(LoginEventData.error(puiUserSession.isUserSession() ? puiUserSession.getUsr() : null, puiUserSession.isApiKeySession() ? puiUserSession.getApiKey() : null, puiUserSession.getIp(), puiUserSession.getClient(), puiServiceAuthenticate2faMaxWrongCodeException.getMessage())));
        throw puiServiceAuthenticate2faMaxWrongCodeException;
    }

    public boolean is2faAuthenticated(String str) throws PuiServiceNoSessionException, PuiServiceUserSessionTimeoutException {
        PuiUserSession puiUserSession = (PuiUserSession) this.sessionHandler.get(str.replace("Bearer ", "")).getPrincipal();
        return puiUserSession.getUse2fa().booleanValue() && puiUserSession.getAuthenticated().booleanValue();
    }

    protected Authentication authenticate(LoginData loginData) throws PuiServiceIncorrectLoginException, PuiServiceUserDisabledException, PuiServiceIncorrectUserPasswordException, PuiServiceLoginMaxAttemptsException, PuiServiceUserCredentialsExpiredException, PuiServiceUserLockedException {
        PuiException puiException = null;
        Authentication createAuthentication = createAuthentication(loginData);
        try {
            if (createAuthentication == null) {
                throw new PuiServiceIncorrectUserPasswordException();
            }
            try {
                try {
                    try {
                        Authentication authenticate = this.authenticationManager.authenticate(createAuthentication);
                        if (0 != 0) {
                            this.eventLauncher.fireAsync(new LoginEvent(LoginEventData.error(loginData.getUsr(), loginData.getApiKey(), loginData.getIp(), loginData.getClient(), puiException.getMessage())));
                        }
                        return authenticate;
                    } catch (LockedException e) {
                        throw new PuiServiceUserLockedException();
                    } catch (BadCredentialsException e2) {
                        if (e2.getSuppressed().length <= 0 || !(e2.getSuppressed()[0] instanceof PuiServiceLoginMaxAttemptsException)) {
                            throw new PuiServiceIncorrectUserPasswordException();
                        }
                        throw ((PuiException) e2.getSuppressed()[0]);
                    }
                } catch (UsernameNotFoundException e3) {
                    throw new PuiServiceIncorrectUserPasswordException();
                } catch (CredentialsExpiredException e4) {
                    throw new PuiServiceUserCredentialsExpiredException();
                }
            } catch (DisabledException e5) {
                throw new PuiServiceUserDisabledException(loginData.getUsr());
            } catch (AuthenticationException e6) {
                throw new PuiServiceIncorrectLoginException(e6);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                this.eventLauncher.fireAsync(new LoginEvent(LoginEventData.error(loginData.getUsr(), loginData.getApiKey(), loginData.getIp(), loginData.getClient(), puiException.getMessage())));
            }
            throw th;
        }
    }

    protected Authentication createAuthentication(LoginData loginData) {
        return !ObjectUtils.isEmpty(loginData.getApiKey()) ? new PuiApiKeyAuthenticationToken(loginData.getApiKey()) : ((Boolean) this.variableService.getVariable(Boolean.class, PuiVariableValues.LDAP_ACTIVE.name())).booleanValue() ? new PuiLdapAuthenticationToken(loginData.getUsr(), loginData.getPassword()) : new PuiDatabaseAuthenticationToken(loginData.getUsr(), loginData.getPassword());
    }

    protected PuiUserInfo createUserInfo(LoginData loginData, Authentication authentication) {
        PuiUserSession puiUserSession = (PuiUserSession) authentication.getPrincipal();
        fillUserSession(loginData, puiUserSession);
        if (puiUserSession.isUserSession()) {
            this.sessionHandler.buildJwt(puiUserSession);
            this.sessionHandler.add(puiUserSession.getJwt(), authentication);
        }
        afterSessionCreated(loginData, authentication, puiUserSession);
        return puiUserSession.asPuiUserInfo();
    }

    protected void fillUserSession(LoginData loginData, PuiUserSession puiUserSession) {
        puiUserSession.setIp(loginData.getIp());
        puiUserSession.setUserAgent(loginData.getUserAgent());
        puiUserSession.setZoneId(loginData.getJavaZoneId());
        puiUserSession.setPersistent(loginData.getPersistent());
        puiUserSession.setClient(loginData.getClient());
    }

    protected void afterSessionCreated(LoginData loginData, Authentication authentication, PuiUserSession puiUserSession) {
        try {
            this.sessionHandler.setContextSession(authentication);
        } catch (PuiServiceUserNotAuthenticatedException e) {
        }
        this.eventLauncher.fireSync(new SessionCreatedEvent(puiUserSession, loginData));
        if (puiUserSession.getUse2fa().booleanValue() || !puiUserSession.isUserSession()) {
            return;
        }
        this.eventLauncher.fireSync(new LoginEvent(LoginEventData.success(puiUserSession)));
    }
}
