package pl.edu.icm.unity.engine.credential;

import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.engine.api.CredentialRequirementManagement;
import pl.edu.icm.unity.engine.api.authn.local.LocalCredentialsRegistry;
import pl.edu.icm.unity.engine.authz.AuthzCapability;
import pl.edu.icm.unity.engine.authz.InternalAuthorizationManager;
import pl.edu.icm.unity.engine.events.InvocationEventProducer;
import pl.edu.icm.unity.engine.identity.IdentityHelper;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalCredentialException;
import pl.edu.icm.unity.store.api.generic.CredentialRequirementDB;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.types.authn.CredentialRequirements;

@Transactional
@Component
@Primary
@InvocationEventProducer
/* loaded from: input_file:pl/edu/icm/unity/engine/credential/CredentialReqManagementImpl.class */
public class CredentialReqManagementImpl implements CredentialRequirementManagement {
    private LocalCredentialsRegistry localCredReg;
    private CredentialRepository credRepository;
    private CredentialRequirementDB credentialRequirementDB;
    private CredentialReqRepository credReqRepository;
    private IdentityHelper identityHelper;
    private InternalAuthorizationManager authz;
    private EntityCredentialsHelper entityCredHelper;

    @Autowired
    public CredentialReqManagementImpl(LocalCredentialsRegistry localCredentialsRegistry, CredentialRepository credentialRepository, CredentialRequirementDB credentialRequirementDB, IdentityHelper identityHelper, InternalAuthorizationManager internalAuthorizationManager, EntityCredentialsHelper entityCredentialsHelper, CredentialReqRepository credentialReqRepository) {
        this.localCredReg = localCredentialsRegistry;
        this.credRepository = credentialRepository;
        this.credentialRequirementDB = credentialRequirementDB;
        this.identityHelper = identityHelper;
        this.authz = internalAuthorizationManager;
        this.entityCredHelper = entityCredentialsHelper;
        this.credReqRepository = credentialReqRepository;
    }

    public void addCredentialRequirement(CredentialRequirements credentialRequirements) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        assertIsNotSystemCredReq(credentialRequirements.getName());
        assertIsNotReadOnly(credentialRequirements);
        this.credRepository.assertExist(credentialRequirements.getRequiredCredentials());
        this.credentialRequirementDB.create(credentialRequirements);
    }

    public Collection<CredentialRequirements> getCredentialRequirements() throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.readInfo);
        return this.credReqRepository.getCredentialRequirements();
    }

    public void updateCredentialRequirement(CredentialRequirements credentialRequirements) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        assertIsNotSystemCredReq(credentialRequirements.getName());
        assertIsNotReadOnly(credentialRequirements);
        CredentialRequirementsHolder.checkCredentials(credentialRequirements, (Map) this.credRepository.getCredentialDefinitions().stream().collect(Collectors.toMap(credentialDefinition -> {
            return credentialDefinition.getName();
        }, credentialDefinition2 -> {
            return credentialDefinition2;
        })), this.localCredReg);
        this.credentialRequirementDB.update(credentialRequirements);
    }

    public void removeCredentialRequirement(String str, String str2) throws EngineException {
        this.authz.checkAuthorization(AuthzCapability.maintenance);
        assertIsNotSystemCredReq(str);
        Set<Long> entitiesByRootAttribute = this.identityHelper.getEntitiesByRootAttribute(CredentialAttributeTypeProvider.CREDENTIAL_REQUIREMENTS, Collections.singleton(str));
        if (entitiesByRootAttribute.size() > 0 && str2 == null) {
            throw new IllegalCredentialException("There are entities with the removed credential requirements set and a replacement was not specified.");
        }
        if (str2 != null) {
            Iterator<Long> it = entitiesByRootAttribute.iterator();
            while (it.hasNext()) {
                this.entityCredHelper.setEntityCredentialRequirementsNoCheck(it.next().longValue(), str2);
            }
        }
        this.credentialRequirementDB.delete(str);
    }

    private void assertIsNotSystemCredReq(String str) {
        if ("sys:all".equals(str)) {
            throw new IllegalArgumentException("Credential requirement '" + str + "' is the system credential requirement and can not be overwritten or removed");
        }
    }

    private void assertIsNotReadOnly(CredentialRequirements credentialRequirements) throws EngineException {
        if (credentialRequirements.isReadOnly()) {
            throw new IllegalArgumentException("Cannot create read only credential requirement through this API");
        }
    }

    public CredentialRequirements getCredentialRequirements(String str) throws EngineException {
        return this.credReqRepository.get(str);
    }
}
