package org.craftercms.profile.services.impl;

import java.util.Calendar;
import java.util.Date;
import org.craftercms.commons.crypto.CipherUtils;
import org.craftercms.commons.i10n.I10nLogger;
import org.craftercms.commons.logging.Logged;
import org.craftercms.commons.mongo.MongoDataException;
import org.craftercms.commons.security.exception.ActionDeniedException;
import org.craftercms.commons.security.permissions.PermissionEvaluator;
import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.ProfileConstants;
import org.craftercms.profile.api.TenantAction;
import org.craftercms.profile.api.Ticket;
import org.craftercms.profile.api.exceptions.I10nProfileException;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.AuthenticationService;
import org.craftercms.profile.api.services.ProfileService;
import org.craftercms.profile.exceptions.BadCredentialsException;
import org.craftercms.profile.exceptions.DisabledProfileException;
import org.craftercms.profile.exceptions.NoSuchProfileException;
import org.craftercms.profile.permissions.Application;
import org.craftercms.profile.repositories.TicketRepository;
import org.springframework.beans.factory.annotation.Required;

@Logged
/* loaded from: input_file:WEB-INF/classes/org/craftercms/profile/services/impl/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl implements AuthenticationService {
    private static final I10nLogger logger = new I10nLogger((Class<?>) AuthenticationServiceImpl.class, "crafter.profile.messages.logging");
    public static final String LOG_KEY_AUTHENTICATION_SUCCESSFUL = "profile.auth.authenticationSuccessful";
    public static final String LOG_KEY_TICKET_CREATED = "profile.auth.ticketCreated";
    public static final String LOG_KEY_TICKET_REQUESTED = "profile.auth.ticketRequested";
    public static final String LOG_KEY_TICKET_EXPIRED = "profile.auth.ticketExpired";
    public static final String LOG_KEY_TICKET_INVALIDATED = "profile.auth.tickedInvalidated";
    public static final String ERROR_KEY_CREATE_TICKET_ERROR = "profile.auth.createTicketError";
    public static final String ERROR_KEY_GET_TICKET_ERROR = "profile.auth.getTicketError";
    public static final String ERROR_KEY_UPDATE_TICKET_ERROR = "profile.auth.updateTicketError";
    public static final String ERROR_KEY_DELETE_TICKET_ERROR = "profile.auth.deleteTicketError";
    protected PermissionEvaluator<Application, String> permissionEvaluator;
    protected TicketRepository ticketRepository;
    protected ProfileService profileService;
    protected int ticketMaxAge;

    @Required
    public void setPermissionEvaluator(PermissionEvaluator<Application, String> permissionEvaluator) {
        this.permissionEvaluator = permissionEvaluator;
    }

    @Required
    public void setTicketRepository(TicketRepository ticketRepository) {
        this.ticketRepository = ticketRepository;
    }

    @Required
    public void setProfileService(ProfileService profileService) {
        this.profileService = profileService;
    }

    @Required
    public void setTicketMaxAge(int i) {
        this.ticketMaxAge = i;
    }

    @Override // org.craftercms.profile.api.services.AuthenticationService
    public Ticket authenticate(String str, String str2, String str3) throws ProfileException {
        checkIfManageTicketsIsAllowed(str);
        Profile profileByUsername = this.profileService.getProfileByUsername(str, str2, ProfileConstants.NO_ATTRIBUTE);
        if (profileByUsername == null) {
            throw new BadCredentialsException();
        }
        if (!profileByUsername.isEnabled()) {
            throw new DisabledProfileException(profileByUsername.getId().toString(), str);
        }
        if (!CipherUtils.matchPassword(profileByUsername.getPassword(), str3)) {
            throw new BadCredentialsException();
        }
        try {
            Ticket ticket = new Ticket();
            ticket.setTenant(str);
            ticket.setProfileId(profileByUsername.getId().toString());
            ticket.setLastRequestTime(new Date());
            this.ticketRepository.insert((TicketRepository) ticket);
            logger.debug(LOG_KEY_AUTHENTICATION_SUCCESSFUL, profileByUsername.getId(), ticket);
            return ticket;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_CREATE_TICKET_ERROR, profileByUsername.getId());
        }
    }

    @Override // org.craftercms.profile.api.services.AuthenticationService
    public Ticket createTicket(String str) throws ProfileException {
        Profile profile = this.profileService.getProfile(str, ProfileConstants.NO_ATTRIBUTE);
        if (profile == null) {
            throw new NoSuchProfileException(str);
        }
        String tenant = profile.getTenant();
        checkIfManageTicketsIsAllowed(tenant);
        if (!profile.isEnabled()) {
            throw new DisabledProfileException(profile.getId().toString(), tenant);
        }
        try {
            Ticket ticket = new Ticket();
            ticket.setTenant(tenant);
            ticket.setProfileId(profile.getId().toString());
            ticket.setLastRequestTime(new Date());
            this.ticketRepository.insert((TicketRepository) ticket);
            logger.debug(LOG_KEY_TICKET_CREATED, profile.getId(), ticket);
            return ticket;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_CREATE_TICKET_ERROR, profile.getId());
        }
    }

    @Override // org.craftercms.profile.api.services.AuthenticationService
    public Ticket getTicket(String str) throws ProfileException {
        try {
            Ticket findById = this.ticketRepository.findById(str);
            if (findById == null) {
                return null;
            }
            checkIfManageTicketsIsAllowed(findById.getTenant());
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(findById.getLastRequestTime());
            calendar.add(13, this.ticketMaxAge);
            if (!Calendar.getInstance().before(calendar)) {
                try {
                    this.ticketRepository.removeById(str);
                    logger.debug(LOG_KEY_TICKET_EXPIRED, findById.getId());
                    return null;
                } catch (MongoDataException e) {
                    throw new I10nProfileException(ERROR_KEY_DELETE_TICKET_ERROR, str);
                }
            }
            findById.setLastRequestTime(new Date());
            try {
                this.ticketRepository.save(findById);
                logger.debug(LOG_KEY_TICKET_REQUESTED, findById.getId());
                return findById;
            } catch (MongoDataException e2) {
                throw new I10nProfileException(ERROR_KEY_UPDATE_TICKET_ERROR, str);
            }
        } catch (MongoDataException e3) {
            throw new I10nProfileException(ERROR_KEY_GET_TICKET_ERROR, e3, str);
        }
    }

    @Override // org.craftercms.profile.api.services.AuthenticationService
    public void invalidateTicket(String str) throws ProfileException {
        try {
            Ticket findById = this.ticketRepository.findById(str);
            if (findById != null) {
                checkIfManageTicketsIsAllowed(findById.getTenant());
                this.ticketRepository.removeById(str);
                logger.debug(LOG_KEY_TICKET_INVALIDATED, findById.getId());
            }
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_DELETE_TICKET_ERROR, str);
        }
    }

    protected void checkIfManageTicketsIsAllowed(String str) {
        if (!this.permissionEvaluator.isAllowed(str, TenantAction.MANAGE_TICKETS.toString())) {
            throw new ActionDeniedException(TenantAction.MANAGE_TICKETS.toString(), "tenant \"" + str + "\"");
        }
    }
}
