package io.datarouter.auth.web.service;

import io.datarouter.auth.exception.InvalidCredentialsException;
import io.datarouter.auth.model.dto.InterpretedSamlAssertion;
import io.datarouter.auth.role.Role;
import io.datarouter.auth.role.RoleManager;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.session.Session;
import io.datarouter.auth.session.SessionBasedUser;
import io.datarouter.auth.session.UserSessionService;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUser;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUserDao;
import io.datarouter.auth.storage.user.session.BaseDatarouterSessionDao;
import io.datarouter.auth.storage.user.session.DatarouterSession;
import io.datarouter.auth.storage.user.session.DatarouterSessionKey;
import io.datarouter.scanner.Scanner;
import io.datarouter.util.BooleanTool;
import io.datarouter.web.user.session.DatarouterSessionManager;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.time.Instant;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Singleton
/* loaded from: input_file:io/datarouter/auth/web/service/DatarouterUserSessionService.class */
public class DatarouterUserSessionService implements UserSessionService {

    @Inject
    private DatarouterUserDao userDao;

    @Inject
    private BaseDatarouterSessionDao sessionDao;

    @Inject
    private DatarouterSessionManager sessionManager;

    @Inject
    private DatarouterUserCreationService userCreationService;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private RoleManager roleManager;

    @Inject
    private DatarouterUserHistoryService userHistoryService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/datarouter/auth/web/service/DatarouterUserSessionService$SamlChanges.class */
    public static final class SamlChanges extends Record {
        private final Set<Role> computedRoles;
        private final String changeString;

        private SamlChanges(Set<Role> set, String str) {
            this.computedRoles = set;
            this.changeString = str;
        }

        public Set<Role> computedRoles() {
            return this.computedRoles;
        }

        public String changeString() {
            return this.changeString;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, SamlChanges.class), SamlChanges.class, "computedRoles;changeString", "FIELD:Lio/datarouter/auth/web/service/DatarouterUserSessionService$SamlChanges;->computedRoles:Ljava/util/Set;", "FIELD:Lio/datarouter/auth/web/service/DatarouterUserSessionService$SamlChanges;->changeString:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, SamlChanges.class), SamlChanges.class, "computedRoles;changeString", "FIELD:Lio/datarouter/auth/web/service/DatarouterUserSessionService$SamlChanges;->computedRoles:Ljava/util/Set;", "FIELD:Lio/datarouter/auth/web/service/DatarouterUserSessionService$SamlChanges;->changeString:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, SamlChanges.class, Object.class), SamlChanges.class, "computedRoles;changeString", "FIELD:Lio/datarouter/auth/web/service/DatarouterUserSessionService$SamlChanges;->computedRoles:Ljava/util/Set;", "FIELD:Lio/datarouter/auth/web/service/DatarouterUserSessionService$SamlChanges;->changeString:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    public void setSessionCookies(HttpServletResponse httpServletResponse, Session session) {
        this.sessionManager.addUserTokenCookie(httpServletResponse, session.getUserToken());
        this.sessionManager.addSessionTokenCookie(httpServletResponse, session.getSessionToken());
    }

    public void clearSessionCookies(HttpServletResponse httpServletResponse) {
        this.sessionManager.clearUserTokenCookie(httpServletResponse);
        this.sessionManager.clearSessionTokenCookie(httpServletResponse);
    }

    public Optional<Session> signInUser(HttpServletRequest httpServletRequest, String str) {
        Optional findUserByUsername = this.datarouterUserService.findUserByUsername(str, true);
        if (findUserByUsername.isEmpty()) {
            return Optional.empty();
        }
        if (BooleanTool.isFalseOrNull(((DatarouterUser) findUserByUsername.get()).getEnabled())) {
            throw new InvalidCredentialsException("user not enabled (" + str + ")");
        }
        ((DatarouterUser) findUserByUsername.get()).setLastLoggedIn(Instant.now());
        this.userDao.put((DatarouterUser) findUserByUsername.get());
        DatarouterSession createFromUser = DatarouterSession.createFromUser((DatarouterUser) findUserByUsername.get());
        this.sessionDao.put(createFromUser);
        return Optional.of(createFromUser);
    }

    public Session signInUserFromSamlResponse(HttpServletRequest httpServletRequest, InterpretedSamlAssertion interpretedSamlAssertion) {
        DatarouterUser datarouterUser = (DatarouterUser) this.datarouterUserService.findUserByUsername(interpretedSamlAssertion.username(), true).orElseGet(() -> {
            return this.userCreationService.createAutomaticUser(interpretedSamlAssertion.username(), DatarouterUserCreationService.SAML_USER_CREATION_DESCRIPTION);
        });
        if (BooleanTool.isFalseOrNull(datarouterUser.getEnabled())) {
            throw new InvalidCredentialsException("user not enabled (" + interpretedSamlAssertion.username() + ")");
        }
        datarouterUser.setLastLoggedIn(Instant.now());
        DatarouterSession createFromUser = DatarouterSession.createFromUser(datarouterUser);
        Optional<SamlChanges> samlSignOnChanges = getSamlSignOnChanges(datarouterUser, interpretedSamlAssertion);
        if (samlSignOnChanges.isPresent()) {
            this.userHistoryService.recordSamlSignOnChanges(datarouterUser, samlSignOnChanges.get().changeString());
            datarouterUser.setSamlGroups(new ArrayList(interpretedSamlAssertion.roleGroupAttributes()));
            createFromUser.setRoles(samlSignOnChanges.get().computedRoles());
        } else {
            createFromUser.setRoles(this.roleManager.calculateRolesWithGroups(datarouterUser.getRolesIgnoreSaml(), datarouterUser.getSamlGroups()));
        }
        this.userDao.put(datarouterUser);
        this.sessionDao.put(createFromUser);
        return createFromUser;
    }

    public SessionBasedUser createAuthorizedUser(String str, String str2) {
        return this.userCreationService.createAutomaticUser(str, str2);
    }

    public void deleteSession(HttpServletRequest httpServletRequest) {
        Optional map = Optional.ofNullable(this.sessionManager.getSessionTokenFromCookie(httpServletRequest)).map(DatarouterSessionKey::new);
        BaseDatarouterSessionDao baseDatarouterSessionDao = this.sessionDao;
        baseDatarouterSessionDao.getClass();
        map.ifPresent(baseDatarouterSessionDao::delete);
    }

    public void deleteUserSessions(List<String> list) {
        HashSet hashSet = new HashSet(list);
        Scanner map = this.sessionDao.scan().include(datarouterSession -> {
            return hashSet.contains(datarouterSession.getUsername());
        }).map((v0) -> {
            return v0.getKey();
        });
        BaseDatarouterSessionDao baseDatarouterSessionDao = this.sessionDao;
        baseDatarouterSessionDao.getClass();
        map.flush((v1) -> {
            r1.deleteMulti(v1);
        });
    }

    public Optional<ZoneId> getZoneId(String str) {
        return this.userDao.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(str)).getZoneId();
    }

    private Optional<SamlChanges> getSamlSignOnChanges(DatarouterUser datarouterUser, InterpretedSamlAssertion interpretedSamlAssertion) {
        if (interpretedSamlAssertion.roleGroupAttributes().equals(new HashSet(datarouterUser.getSamlGroups()))) {
            return Optional.empty();
        }
        Scanner of = Scanner.of(datarouterUser.getSamlGroups());
        Set roleGroupAttributes = interpretedSamlAssertion.roleGroupAttributes();
        roleGroupAttributes.getClass();
        SortedSet sortedSet = (SortedSet) of.exclude((v1) -> {
            return r1.contains(v1);
        }).collect(TreeSet::new);
        Scanner of2 = Scanner.of(interpretedSamlAssertion.roleGroupAttributes());
        List samlGroups = datarouterUser.getSamlGroups();
        samlGroups.getClass();
        SortedSet sortedSet2 = (SortedSet) of2.exclude((v1) -> {
            return r1.contains(v1);
        }).exclude((v0) -> {
            return Objects.isNull(v0);
        }).collect(TreeSet::new);
        Set calculateRolesWithGroups = this.roleManager.calculateRolesWithGroups(datarouterUser.getRolesIgnoreSaml(), datarouterUser.getSamlGroups());
        Set calculateRolesWithGroups2 = this.roleManager.calculateRolesWithGroups(datarouterUser.getRolesIgnoreSaml(), interpretedSamlAssertion.roleGroupAttributes());
        String str = "";
        String str2 = "";
        if (!sortedSet.isEmpty()) {
            str = "SAML groups lost: %s.".formatted(String.join(", ", sortedSet));
            Scanner of3 = Scanner.of(calculateRolesWithGroups);
            calculateRolesWithGroups2.getClass();
            SortedSet sortedSet3 = (SortedSet) of3.exclude((v1) -> {
                return r1.contains(v1);
            }).collect(TreeSet::new);
            str2 = sortedSet3.isEmpty() ? "No roles lost due to lost SAML groups." : "Net roles lost: %s.".formatted(String.join(", ", sortedSet3.stream().map((v0) -> {
                return v0.getPersistentString();
            }).toList()));
        }
        String str3 = "";
        String str4 = "";
        if (!sortedSet2.isEmpty()) {
            str3 = "SAML groups gained: %s.".formatted(String.join(", ", sortedSet2));
            Scanner of4 = Scanner.of(calculateRolesWithGroups2);
            calculateRolesWithGroups.getClass();
            SortedSet sortedSet4 = (SortedSet) of4.exclude((v1) -> {
                return r1.contains(v1);
            }).collect(TreeSet::new);
            str4 = sortedSet4.isEmpty() ? "No roles provided by new SAML groups." : "Net roles gained: %s.".formatted(String.join(", ", sortedSet4.stream().map((v0) -> {
                return v0.getPersistentString();
            }).toList()));
        }
        return Optional.of(new SamlChanges(calculateRolesWithGroups2, String.join("\n", Scanner.of(new String[]{"Changes detected from last SAML sign on.", str3, str, str4, str2}).exclude((v0) -> {
            return v0.isEmpty();
        }).list())));
    }
}
