package de.openknowledge.authentication.domain.registration;

import de.openknowledge.authentication.domain.ClientId;
import de.openknowledge.authentication.domain.KeycloakServiceConfiguration;
import de.openknowledge.authentication.domain.role.RoleName;
import de.openknowledge.authentication.domain.role.RoleType;
import de.openknowledge.authentication.domain.token.KeycloakTokenService;
import de.openknowledge.authentication.domain.token.Token;
import de.openknowledge.authentication.domain.token.VerificationLink;
import de.openknowledge.authentication.domain.user.EmailVerifiedMode;
import de.openknowledge.authentication.domain.user.KeycloakUserService;
import de.openknowledge.authentication.domain.user.UserAccount;
import de.openknowledge.authentication.domain.user.UserCreationFailedException;
import de.openknowledge.authentication.domain.user.UserIdentifier;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:de/openknowledge/authentication/domain/registration/KeycloakRegistrationService.class */
public class KeycloakRegistrationService {
    private static final Logger LOG = LoggerFactory.getLogger(KeycloakRegistrationService.class);
    private KeycloakUserService keycloakUserService;
    private KeycloakTokenService keycloakTokenService;
    private KeycloakServiceConfiguration serviceConfiguration;
    private KeycloakRegistrationServiceConfiguration registrationServiceConfiguration;

    protected KeycloakRegistrationService() {
    }

    @Inject
    public KeycloakRegistrationService(KeycloakServiceConfiguration keycloakServiceConfiguration, KeycloakRegistrationServiceConfiguration keycloakRegistrationServiceConfiguration, KeycloakUserService keycloakUserService, KeycloakTokenService keycloakTokenService) {
        this.keycloakUserService = keycloakUserService;
        this.keycloakTokenService = keycloakTokenService;
        this.serviceConfiguration = keycloakServiceConfiguration;
        this.registrationServiceConfiguration = keycloakRegistrationServiceConfiguration;
    }

    @PostConstruct
    public void init() {
        LOG.debug("check configuration");
        this.serviceConfiguration.validate();
        this.registrationServiceConfiguration.validate();
    }

    public UserAccount register(UserAccount userAccount) throws RegistrationFailedException {
        Validate.notNull(userAccount, "userAccount may not be null", new Object[0]);
        if (this.keycloakUserService.checkAlreadyExist(userAccount)) {
            throw new RegistrationFailedException(userAccount.getUsername().getValue());
        }
        try {
            UserAccount createUser = this.keycloakUserService.createUser(userAccount, getEmailVerifiedMode());
            if (isRoleRequired()) {
                this.keycloakUserService.joinRoles(createUser.getIdentifier(), RoleType.REALM, RoleName.fromValue(ClientId.fromValue(this.serviceConfiguration.getClientId()).getValue()));
            }
            return userAccount;
        } catch (UserCreationFailedException e) {
            throw new RegistrationFailedException(e);
        }
    }

    public UserIdentifier verifyEmailAddress(VerificationLink verificationLink, Issuer issuer) throws InvalidTokenException {
        Token decode = this.keycloakTokenService.decode(verificationLink);
        if (!decode.isValid(issuer)) {
            throw new InvalidTokenException(decode, issuer);
        }
        UserIdentifier asUserIdentifier = decode.asUserIdentifier();
        this.keycloakUserService.updateMailVerification(asUserIdentifier);
        return asUserIdentifier;
    }

    public VerificationLink createVerificationLink(UserAccount userAccount, Issuer issuer) {
        return this.keycloakTokenService.encode(userAccount.asToken(issuer, Integer.valueOf(Integer.parseInt(this.registrationServiceConfiguration.getTokenLifeTime())), TimeUnit.valueOf(this.registrationServiceConfiguration.getTimeUnit())));
    }

    public KeycloakUserService getKeycloakUserService() {
        return this.keycloakUserService;
    }

    private EmailVerifiedMode getEmailVerifiedMode() {
        switch (RegistrationMode.fromValue(this.registrationServiceConfiguration.getRegistrationMode())) {
            case DOUBLE_OPT_IN:
                return EmailVerifiedMode.REQUIRED;
            case DEFAULT:
                return EmailVerifiedMode.DEFAULT;
            default:
                throw new IllegalArgumentException("unsupported RegistrationMode " + this.registrationServiceConfiguration.getRegistrationMode());
        }
    }

    private boolean isRoleRequired() {
        return RegistrationRequirement.ROLE.equals(RegistrationRequirement.fromValue(this.registrationServiceConfiguration.getRegistrationRequirement()));
    }
}
