package net.unit8.bouncr.api.service;

import enkan.data.HttpRequest;
import enkan.util.BeanBuilder;
import enkan.util.ThreadingUtils;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.persistence.CacheStoreMode;
import javax.persistence.EntityGraph;
import javax.persistence.EntityManager;
import javax.persistence.Subgraph;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Join;
import javax.persistence.criteria.Root;
import net.unit8.bouncr.api.authn.OneTimePasswordGenerator;
import net.unit8.bouncr.component.BouncrConfiguration;
import net.unit8.bouncr.component.StoreProvider;
import net.unit8.bouncr.entity.Assignment;
import net.unit8.bouncr.entity.OtpKey;
import net.unit8.bouncr.entity.PasswordCredential;
import net.unit8.bouncr.entity.Realm;
import net.unit8.bouncr.entity.User;
import net.unit8.bouncr.entity.UserSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/unit8/bouncr/api/service/SignInService.class */
public class SignInService {
    private final BouncrConfiguration config;
    private final EntityManager em;
    private final StoreProvider storeProvider;
    private static final Logger LOG = LoggerFactory.getLogger(SignInService.class);

    /* loaded from: input_file:net/unit8/bouncr/api/service/SignInService$PasswordCredentialStatus.class */
    public enum PasswordCredentialStatus {
        VALID,
        INITIAL,
        EXPIRED
    }

    public SignInService(EntityManager entityManager, StoreProvider storeProvider, BouncrConfiguration bouncrConfiguration) {
        this.config = bouncrConfiguration;
        this.storeProvider = storeProvider;
        this.em = entityManager;
    }

    public boolean validateOtpKey(OtpKey otpKey, String str) {
        if (otpKey == null) {
            return true;
        }
        return ((Set) new OneTimePasswordGenerator(30).generateTotpSet(otpKey.getKey(), 5).stream().map(num -> {
            return String.format(Locale.US, "%06d", num);
        }).collect(Collectors.toSet())).contains(str);
    }

    public PasswordCredentialStatus validatePasswordCredentialAttributes(User user) {
        PasswordCredential passwordCredential = user.getPasswordCredential();
        if (passwordCredential.isInitial()) {
            return PasswordCredentialStatus.INITIAL;
        }
        if (this.config.getPasswordPolicy().getExpires() != null && passwordCredential.getCreatedAt().toInstant(ZoneId.systemDefault().getRules().getOffset(Instant.now())).plus((TemporalAmount) this.config.getPasswordPolicy().getExpires()).isBefore(this.config.getClock().instant())) {
            return PasswordCredentialStatus.EXPIRED;
        }
        return PasswordCredentialStatus.VALID;
    }

    public String createToken() {
        return UUID.randomUUID().toString();
    }

    public UserSession createUserSession(HttpRequest httpRequest, User user, String str) {
        UserSession userSession = (UserSession) BeanBuilder.builder(new UserSession()).set((v0, v1) -> {
            v0.setToken(v1);
        }, str).set((v0, v1) -> {
            v0.setUser(v1);
        }, user).set((v0, v1) -> {
            v0.setRemoteAddress(v1);
        }, httpRequest.getRemoteAddr()).set((v0, v1) -> {
            v0.setUserAgent(v1);
        }, (String) ThreadingUtils.some(httpRequest.getHeaders().get("User-Agent"), str2 -> {
            return str2.substring(0, Math.min(str2.length(), 255));
        }).orElse("")).set((v0, v1) -> {
            v0.setCreatedAt(v1);
        }, LocalDateTime.now()).build();
        HashMap hashMap = new HashMap((Map) user.getUserProfileValues().stream().collect(Collectors.toMap(userProfileValue -> {
            return userProfileValue.getUserProfileField().getJsonName();
        }, (v0) -> {
            return v0.getValue();
        })));
        hashMap.put("iss", "bouncr");
        hashMap.put("uid", Long.toString(user.getId().longValue()));
        hashMap.put("sub", user.getAccount());
        hashMap.put("permissionsByRealm", getPermissionsByRealm(user));
        LOG.debug("signIn profileMap = {}", hashMap);
        this.storeProvider.getStore(StoreProvider.StoreType.BOUNCR_TOKEN).write(str, hashMap);
        return userSession;
    }

    public Map<String, List<String>> getPermissionsByRealm(User user) {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Assignment.class);
        Root from = createQuery.from(Assignment.class);
        Join join = from.join("group").join("users");
        from.fetch("role").fetch("permissions");
        createQuery.where(criteriaBuilder.equal(join.get("id"), user.getId()));
        EntityGraph createEntityGraph = this.em.createEntityGraph(Assignment.class);
        createEntityGraph.addAttributeNodes(new String[]{"realm", "role"});
        Subgraph addSubgraph = createEntityGraph.addSubgraph("role");
        addSubgraph.addAttributeNodes(new String[]{"permissions"});
        addSubgraph.addSubgraph("permissions").addAttributeNodes(new String[]{"name"});
        return (Map) ((Map) this.em.createQuery(createQuery).setHint("javax.persistence.cache.storeMode", CacheStoreMode.REFRESH).setHint("javax.persistence.fetchgraph", createEntityGraph).getResultStream().collect(Collectors.groupingBy((v0) -> {
            return v0.getRealm();
        }))).entrySet().stream().collect(Collectors.toMap(entry -> {
            return ((Realm) entry.getKey()).getId().toString();
        }, entry2 -> {
            return new ArrayList((Collection) ((List) entry2.getValue()).stream().flatMap(assignment -> {
                return assignment.getRole().getPermissions().stream();
            }).map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet()));
        }));
    }
}
