package net.smartcosmos.extension.stormpath.service;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.account.AccountList;
import com.stormpath.sdk.account.AccountStatus;
import com.stormpath.sdk.account.Accounts;
import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.authc.UsernamePasswordRequests;
import com.stormpath.sdk.directory.DirectoryStatus;
import com.stormpath.sdk.error.Error;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.resource.ResourceException;
import java.util.Set;
import javax.validation.Validator;
import net.smartcosmos.extension.stormpath.config.StormpathProperties;
import net.smartcosmos.extension.stormpath.util.StormpathInitializer;
import net.smartcosmos.userdetails.domain.UserDetails;
import net.smartcosmos.userdetails.service.UserDetailsService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.convert.ConversionService;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:net/smartcosmos/extension/stormpath/service/UserDetailsServiceStormpath.class */
public class UserDetailsServiceStormpath implements UserDetailsService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserDetailsServiceStormpath.class);
    private Application application = null;
    private final ConversionService conversionService;
    private final PasswordEncoder passwordEncoder;
    private final StormpathProperties stormpathProperties;
    private final Validator validator;

    @Autowired
    public UserDetailsServiceStormpath(StormpathProperties stormpathProperties, ConversionService conversionService, PasswordEncoder passwordEncoder, Validator validator) {
        this.conversionService = conversionService;
        this.passwordEncoder = passwordEncoder;
        this.stormpathProperties = stormpathProperties;
        this.validator = validator;
        initialize();
    }

    @Override // net.smartcosmos.userdetails.service.UserDetailsService
    public UserDetails getUserDetails(String str, String str2) throws IllegalArgumentException, AuthenticationException {
        Assert.isTrue(StringUtils.isNotBlank(str), "username may not be blank");
        Assert.isTrue(StringUtils.isNotBlank(str2), "password may not be blank");
        if (isInitialized()) {
            log.debug("Stormpath is attempting to authenticate user {}...", str);
            try {
                Account account = this.application.authenticateAccount(UsernamePasswordRequests.builder().setUsernameOrEmail(str).setPassword(str2).build()).getAccount();
                log.info("Stormpath has successfully authenticated user {}", str);
                log.debug("Details for account {}: {}", str, account);
                UserDetails userDetails = (UserDetails) this.conversionService.convert(account, UserDetails.class);
                userDetails.setPasswordHash(this.passwordEncoder.encode(str2));
                return userDetails;
            } catch (ResourceException e) {
                String format = String.format("Stormpath authentication request or user %s failed: %s", str, e.toString());
                log.info(format);
                log.debug(format, (Throwable) e);
                throwAuthenticationExceptionForError(format, e);
            }
        }
        log.error("Stormpath application is not initialized");
        throw new InternalAuthenticationServiceException("Stormpath application could not be initialized");
    }

    @Override // net.smartcosmos.userdetails.service.UserDetailsService
    public UserDetails getUserDetails(String str) throws IllegalArgumentException, AuthenticationException {
        Assert.isTrue(StringUtils.isNotBlank(str), "username may not be blank");
        if (!isInitialized()) {
            log.error("Stormpath application is not initialized");
            throw new InternalAuthenticationServiceException("Stormpath application could not be initialized");
        }
        AccountList accounts = this.application.getAccounts(Accounts.where(Accounts.email().eqIgnoreCase(str)));
        if (accounts == null || accounts.getSize() == 0) {
            String format = String.format("Unable to locate username '%s'", str);
            log.info(format);
            throw new UsernameNotFoundException(format);
        }
        if (accounts.getSize() > 1) {
            String format2 = String.format("No unique result for username '%s'", str);
            log.info(format2);
            log.debug("Stormpath returned account list {}", accounts);
            throw new AuthenticationServiceException(format2);
        }
        Account single = accounts.single();
        if (AccountStatus.ENABLED.equals(single.getStatus()) && DirectoryStatus.ENABLED.equals(single.getDirectory().getStatus())) {
            log.info("Stormpath has successfully returned details for user {}", str);
            log.debug("Details for account {}: {}", str, single);
            return (UserDetails) this.conversionService.convert(single, UserDetails.class);
        }
        String format3 = String.format("Account or directory for username '%s' is disabled", str);
        log.info(format3);
        throw new DisabledException(format3);
    }

    @Override // net.smartcosmos.userdetails.service.UserDetailsService
    public boolean isValid(UserDetails userDetails) {
        log.debug("Entity: {}", userDetails);
        Set validate = this.validator.validate(userDetails, new Class[0]);
        log.debug("Constraint violations: {}", validate.toString());
        return validate.isEmpty();
    }

    public boolean initialize() {
        try {
            String applicationName = this.stormpathProperties.getApplicationName();
            this.application = StormpathInitializer.getSingleApplication(StormpathInitializer.getClientFromProperties(this.stormpathProperties.getApiKey()).getCurrentTenant(), applicationName);
            log.info("Stormpath has successfully initialized application {}", applicationName);
            log.debug("Details for application {}: {}", applicationName, this.application);
        } catch (NullPointerException e) {
            log.warn("Initialization of Stormpath service failed. This generally indicates that the Stormpath API key and/or applicationName is missing in the configuration: {}", (Throwable) e);
        }
        return this.application != null;
    }

    private boolean isInitialized() {
        if (this.application == null) {
            log.info("Application is not initialized. Attempting again...");
            if (!initialize()) {
                log.error("Initializing failed again. Authentication attempt is aborted.");
            }
        }
        return this.application != null;
    }

    private void throwAuthenticationExceptionForError(String str, ResourceException resourceException) throws AuthenticationException {
        Error stormpathError = resourceException.getStormpathError();
        log.info("Stormpath returned error: {}", stormpathError);
        switch (stormpathError.getCode()) {
            case StormpathErrorCodeConstants.ERR_ACCOUNT_STORE_DISABLED /* 5101 */:
            case StormpathErrorCodeConstants.ERR_ACCOUNT_DISABLED /* 7101 */:
            case StormpathErrorCodeConstants.ERR_ACCOUNT_UNVERIFIED /* 7102 */:
            case StormpathErrorCodeConstants.ERR_GROUP_DISABLED /* 7105 */:
            case StormpathErrorCodeConstants.ERR_DIRECTORY_DISABLED /* 7106 */:
            case StormpathErrorCodeConstants.ERR_ORGANIZATION_DISABLED /* 7107 */:
                throw new DisabledException(str, resourceException);
            case StormpathErrorCodeConstants.ERR_PASSWORD_INCORRECT /* 7100 */:
                throw new BadCredentialsException(str, resourceException);
            case StormpathErrorCodeConstants.ERR_ACCOUNT_LOCKED /* 7103 */:
                throw new LockedException(str, resourceException);
            case StormpathErrorCodeConstants.ERR_ACCOUNT_NONEXISTENT /* 7104 */:
                throw new UsernameNotFoundException(str, resourceException);
            default:
                throw new AuthenticationServiceException(str, resourceException);
        }
    }
}
