package hu.greendoc.ldap.ad_auth;

import ch.qos.logback.classic.ClassicConstants;
import java.util.List;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/hu/greendoc/ldap/ad_auth/ApiService.class */
public class ApiService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ApiService.class);

    @Autowired
    AdService adService;

    @Autowired
    EMailTransmitterService eMailTransmitterService;

    @Value("${app.auth.security.level:'userpass'}")
    String securityLevel;

    @Value("${app.testmode:false}")
    Boolean inTestMode;

    @Value("${app.auth.maxWaitFor2FA}")
    Integer maxWaitFor2FA;

    @Value("${app.auth.testGroups}")
    String testGroups;

    @Value("${app.auth.testEmail}")
    String testEmail;

    @Autowired
    LdapConfig ldapConfig;

    public AuthStatus auth(AuthReq authReq) throws Exception {
        String mail;
        AuthStatus authStatus = new AuthStatus();
        if (this.inTestMode.booleanValue()) {
            authStatus.setAuthOk(Boolean.valueOf(ClassicConstants.USER_MDC_KEY.equals(authReq.getUsername())));
            authStatus.setGroups(this.testGroups);
        } else if (this.ldapConfig.isAuthWithTechnicalUser()) {
            List<String> userGroups = this.adService.getUserGroups(authReq.getUsername());
            authStatus.setAuthOk(true);
            authStatus.setGroups(StringUtils.join(userGroups, ","));
        } else {
            authStatus.setAuthToken(this.adService.auth(authReq.getUsername(), authReq.getPassword()));
            authStatus.setAuthOk(Boolean.valueOf(authStatus.getAuthToken().isAuthenticated()));
        }
        authStatus.setUser(authReq.getUsername());
        if (!authStatus.getAuthOk().booleanValue()) {
            throw new InvalidCredentialsException("Sikertelen bejelentkezés (hibás név/jelszó)");
        }
        if ("2FA".equals(this.securityLevel)) {
            authStatus.setNeedToCheck(true);
            log.debug(String.format("Get email address for %s from LDAP info ...", authReq.getUsername()));
            if (this.ldapConfig.isAuthWithTechnicalUser()) {
                mail = !this.inTestMode.booleanValue() ? this.adService.getUserEmail(authReq.getUsername()) : this.testEmail;
            } else {
                mail = !this.inTestMode.booleanValue() ? this.adService.getPersonFromAuth(authStatus.getAuthToken()).getMail() : this.testEmail;
            }
            authStatus.setAuthCode(RandomStringUtils.random(6, true, true));
            log.debug("AuthCode: " + authStatus.getAuthCode());
            authStatus.setGenTime(Long.valueOf(System.currentTimeMillis()));
            TransmitterReq transmitterReq = new TransmitterReq();
            transmitterReq.setSmtpTo(mail);
            transmitterReq.setSmtpSubject("Bejelentkezési azonosító a " + authReq.getAppName() + " szoftverhez.");
            transmitterReq.setSmtpBody("<p>Az Ön bejelentkezési azonosítója: <span style=\"font-family:'Courier New';font-weight:bold;font-size:20pt\">" + authStatus.getAuthCode() + "</span></p>");
            log.debug(String.format("Send email to: %s", mail));
            this.eMailTransmitterService.sendMail(transmitterReq);
        } else {
            authStatus.setGroups(getGroups(authStatus.getAuthToken()));
        }
        return authStatus;
    }

    public AuthStatus check2FA(Check2FAReq check2FAReq, AuthStatus authStatus) throws MissingLoginException, TimeoutException, InvalidCredentialsException {
        if (authStatus == null) {
            throw new MissingLoginException("2FA biztonsági kód hiba (hiányzó bejelentkezés)");
        }
        if (!Boolean.TRUE.equals(authStatus.getAuthOk())) {
            throw new MissingLoginException("2FA biztonsági kód hiba (hiányzó bejelentkezés)");
        }
        if (Boolean.TRUE.equals(authStatus.getNeedToCheck())) {
            if ((System.currentTimeMillis() - authStatus.getGenTime().longValue()) / 1000 > this.maxWaitFor2FA.intValue()) {
                throw new TimeoutException("2FA biztonsági kód hiba (időtúllépés)");
            }
            if (!authStatus.getAuthCode().equals(check2FAReq.code)) {
                throw new InvalidCredentialsException(String.format("(%s) 2FA biztonsági kód nem megfelelő", authStatus.getUser()));
            }
        }
        authStatus.setCheckOk(true);
        authStatus.setGroups(this.ldapConfig.isAuthWithTechnicalUser() ? authStatus.getGroups() : getGroups(authStatus.getAuthToken()));
        return authStatus;
    }

    public String getGroups(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        return !this.inTestMode.booleanValue() ? String.join(",", (Iterable<? extends CharSequence>) usernamePasswordAuthenticationToken.getAuthorities().stream().map(grantedAuthority -> {
            return grantedAuthority.getAuthority();
        }).collect(Collectors.toList())) : this.testGroups;
    }
}
