package com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.impl;

import com.gitlab.credit_reference_platform.crp.gateway.approval.annotation.Approval;
import com.gitlab.credit_reference_platform.crp.gateway.approval.enum_type.ApprovalActionType;
import com.gitlab.credit_reference_platform.crp.gateway.constant.ApiResponseCode;
import com.gitlab.credit_reference_platform.crp.gateway.encryption.utils.PasswordEncryptionUtils;
import com.gitlab.credit_reference_platform.crp.gateway.exception.ServiceException;
import com.gitlab.credit_reference_platform.crp.gateway.http.util.HttpAuthenticationUtils;
import com.gitlab.credit_reference_platform.crp.gateway.system.activity.dto.ActivityData;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.constant.UserManagementApiResponseCode;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dao.UserDAO;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dao.UserGroupDAO;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dao.UserHistoricalPasswordDAO;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dao.specification.UserSpecification;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dto.ChangePasswordRequestDTO;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dto.UserDTO;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dto.UserGroupDTO;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.dto.criteria.ListUserCriteria;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.entity.User;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.entity.UserGroup;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.entity.UserHistoricalPassword;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.enum_type.UserStatus;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.mapstruct.UserMapper;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.policy.CRPPasswordValidator;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.policy.UsernameValidator;
import com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService;
import java.time.Instant;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.passay.PasswordData;
import org.passay.RuleResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.DependsOn;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;

@DependsOn({"crpPropertiesService"})
@Transactional(readOnly = true)
@Service
/* loaded from: input_file:BOOT-INF/lib/crp-gateway-usermgmt-service-2.0.0.jar:com/gitlab/credit_reference_platform/crp/gateway/usermgmt/service/impl/UserServiceImpl.class */
public class UserServiceImpl implements IUserService {

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private UserHistoricalPasswordDAO userHistoricalPasswordDAO;

    @Autowired
    private UserGroupDAO userGroupDAO;

    @Value("${crp.gateway.user.max-login-attempts:5}")
    private int maxLoginFailedCount;

    @Value("${crp.gateway.user.password-validity-days:0}")
    private int passwordValidityDays;

    @Value("${crp.gateway.user.historical-password-limit:0}")
    private int historicalPasswordLimit;
    private UsernameValidator usernameValidator = new UsernameValidator();
    private CRPPasswordValidator passwordValidator = new CRPPasswordValidator();

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    public List<UserDTO> listUsers(ListUserCriteria listUserCriteria) {
        return processPasswordExpiryDate(UserMapper.MAPPER.toDTOs(this.userDAO.findAll(new UserSpecification(listUserCriteria))));
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    @Approval(value = ApprovalActionType.SYSTEM_CREATE_USER, requiredRole = "501")
    @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW, rollbackFor = {Throwable.class})
    public long createUser(UserDTO userDTO) throws ServiceException {
        String username = userDTO.getUsername();
        if (!StringUtils.hasText(username)) {
            throw new ServiceException(ApiResponseCode.PARAMETER_IMPERFECT, "username cannot be empty");
        }
        if (this.userDAO.findUserByUsername(username) != null) {
            throw new ServiceException(UserManagementApiResponseCode.USERNAME_DUPLICATED_ON_CREATE_USER, "username exists");
        }
        RuleResult validate = this.usernameValidator.validate(new PasswordData(username));
        if (!validate.isValid()) {
            throw new ServiceException(UserManagementApiResponseCode.USERNAME_VIOLATED_POLICY, String.join("\n", this.usernameValidator.getMessages(validate)));
        }
        User user = new User();
        user.setUsername(userDTO.getUsername());
        user.setPassword(userDTO.getPassword());
        user.setChangePassword(true);
        user.setEmail(userDTO.getEmail());
        user.setStatus(userDTO.getStatus() != null ? userDTO.getStatus() : UserStatus.ACTIVE);
        user.setDepartmentCode(userDTO.getDepartmentCode());
        setUserGroupsByDTO(user, userDTO.getGroups());
        user.setLastUpdatedBy(HttpAuthenticationUtils.getAuthorizedUsername());
        user.setLastUpdatedTime(Instant.now());
        ActivityData.getOrCreateInstance().setNewData(user);
        Long id = ((User) this.userDAO.save(user)).getId();
        if (id == null) {
            throw new ServiceException(UserManagementApiResponseCode.FAILED_ON_CREATE_USER, "Failed on create user");
        }
        return id.longValue();
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    public UserDTO getUserById(long j) {
        Optional<User> findById = this.userDAO.findById(Long.valueOf(j));
        if (findById.isPresent()) {
            return processPasswordExpiryDate(UserMapper.MAPPER.toDTO(findById.get()));
        }
        return null;
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    public UserDTO findUserByUsername(String str) {
        return processPasswordExpiryDate(UserMapper.MAPPER.toDTO(this.userDAO.findUserByUsername(str)));
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    @Approval(value = ApprovalActionType.SYSTEM_UPDATE_USER, requiredRole = "501")
    @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW, rollbackFor = {Throwable.class})
    public boolean updateUserById(Long l, UserDTO userDTO) throws ServiceException {
        if (l == null) {
            throw new ServiceException(ApiResponseCode.PARAMETER_IMPERFECT, "id cannot be null");
        }
        Optional<User> findById = this.userDAO.findById(l);
        if (!findById.isPresent()) {
            throw new ServiceException(UserManagementApiResponseCode.USER_NOT_FOUND);
        }
        User user = findById.get();
        boolean z = false;
        Instant now = Instant.now();
        ActivityData orCreateInstance = ActivityData.getOrCreateInstance();
        orCreateInstance.setOriginalData(user);
        if (userDTO.getId() != null && !userDTO.getId().equals(l)) {
            throw new ServiceException(UserManagementApiResponseCode.ID_MISMATCH_ON_UPDATE_USER);
        }
        if (StringUtils.hasText(userDTO.getUsername()) && !userDTO.getUsername().equals(user.getUsername())) {
            throw new ServiceException(UserManagementApiResponseCode.USERNAME_MISMATCH_ON_UPDATE_USER);
        }
        if (StringUtils.hasText(userDTO.getPassword())) {
            UserHistoricalPassword userHistoricalPassword = new UserHistoricalPassword();
            userHistoricalPassword.setUserId(user.getId());
            userHistoricalPassword.setPassword(user.getPassword());
            userHistoricalPassword.setCreationTime(now);
            this.userHistoricalPasswordDAO.save(userHistoricalPassword);
            user.setPassword(userDTO.getPassword());
            user.setChangePassword(true);
            user.addHistoricalPassword(userHistoricalPassword);
            user.setLastPasswordUpdatedTime(now);
            z = true;
        }
        if (StringUtils.hasText(userDTO.getEmail())) {
            if (!userDTO.getEmail().toLowerCase().equals(user.getEmail())) {
                user.setEmail(userDTO.getEmail().toLowerCase());
                z = true;
            }
        } else if (StringUtils.hasText(user.getEmail())) {
            z = true;
            user.setEmail(null);
        }
        if (userDTO.getStatus() != null && !userDTO.getStatus().equals(user.getStatus())) {
            user.setStatus(userDTO.getStatus());
            z = true;
        }
        if (StringUtils.hasText(userDTO.getDepartmentCode())) {
            if (!userDTO.getDepartmentCode().equals(user.getDepartmentCode())) {
                user.setDepartmentCode(userDTO.getDepartmentCode());
                z = true;
            }
        } else if (user.getDepartmentCode() != null) {
            z = true;
            user.setDepartmentCode(null);
        }
        if (userDTO.getGroups() != null && !userDTO.getGroups().isEmpty()) {
            z = z || setUserGroupsByDTO(user, userDTO.getGroups());
        } else if (user.getGroups() != null && !user.getGroups().isEmpty()) {
            user.setGroups(null);
            z = true;
        }
        if (z) {
            user.setLastUpdatedBy(HttpAuthenticationUtils.getAuthorizedUsername());
            user.setLastUpdatedTime(now);
            orCreateInstance.setNewData(user);
            this.userDAO.save(user);
        }
        return z;
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    @Approval(value = ApprovalActionType.SYSTEM_UPDATE_USER_STATUS, requiredRole = "501", approvalRequestIdPattern = "USER_{0}")
    @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW, rollbackFor = {Throwable.class})
    public boolean updateUserStatusById(Long l, UserStatus userStatus) throws ServiceException {
        if (l == null) {
            throw new ServiceException(ApiResponseCode.PARAMETER_IMPERFECT, "id cannot be null");
        }
        if (userStatus == null) {
            throw new ServiceException(UserManagementApiResponseCode.STATUS_NOT_PROVIDED_ON_UPDATE_USER_STATUS);
        }
        Optional<User> findById = this.userDAO.findById(l);
        if (!findById.isPresent()) {
            throw new ServiceException(UserManagementApiResponseCode.USER_NOT_FOUND);
        }
        User user = findById.get();
        ActivityData orCreateInstance = ActivityData.getOrCreateInstance();
        orCreateInstance.setOriginalData(user);
        if (userStatus.equals(user.getStatus())) {
            return false;
        }
        user.setStatus(userStatus);
        user.setFailedLoginCount(0);
        user.setLastUpdatedBy(HttpAuthenticationUtils.getAuthorizedUsername());
        user.setLastUpdatedTime(Instant.now());
        this.userDAO.save(user);
        orCreateInstance.setNewData(user);
        return true;
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    @Approval(value = ApprovalActionType.SYSTEM_DELETE_USER, requiredRole = "501", approvalRequestIdPattern = "USER_{0}")
    @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW, rollbackFor = {Throwable.class})
    public boolean deleteUserById(Long l) throws ServiceException {
        if (l == null) {
            throw new ServiceException(ApiResponseCode.PARAMETER_IMPERFECT, "id cannot be null");
        }
        Optional<User> findById = this.userDAO.findById(l);
        if (!findById.isPresent()) {
            return false;
        }
        User user = findById.get();
        ActivityData.getOrCreateInstance().setOriginalData(user);
        this.userDAO.delete((UserDAO) user);
        return true;
    }

    private boolean setUserGroupsByDTO(User user, List<UserGroupDTO> list) {
        boolean z = false;
        List list2 = null;
        if (user.getGroups() != null && !user.getGroups().isEmpty()) {
            list2 = (List) user.getGroups().stream().map(userGroup -> {
                return userGroup.getId();
            }).collect(Collectors.toList());
        }
        List list3 = null;
        if (list != null && !list.isEmpty()) {
            list3 = (List) list.stream().map(userGroupDTO -> {
                return userGroupDTO.getId();
            }).collect(Collectors.toList());
        }
        if (list3 == null) {
            if (list2 != null) {
                user.getGroups().clear();
                z = true;
            }
        } else {
            if (list2 != null && new HashSet(list2).equals(new HashSet(list3))) {
                return false;
            }
            z = true;
            Iterable<UserGroup> findAllById = this.userGroupDAO.findAllById(list3);
            if (user.getGroups() == null) {
                user.setGroups(new ArrayList());
            } else {
                user.getGroups().clear();
            }
            findAllById.forEach(userGroup2 -> {
                user.getGroups().add(userGroup2);
            });
        }
        return z;
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    @Transactional(readOnly = false, propagation = Propagation.SUPPORTS, rollbackFor = {Throwable.class})
    public void incrementLoginFailedCount(String str) {
        User findUserByUsername = this.userDAO.findUserByUsername(str);
        if (findUserByUsername == null) {
            return;
        }
        int failedLoginCount = findUserByUsername.getFailedLoginCount() + 1;
        findUserByUsername.setFailedLoginCount(failedLoginCount);
        if (failedLoginCount >= this.maxLoginFailedCount) {
            findUserByUsername.setStatus(UserStatus.LOCKED);
        }
        this.userDAO.save(findUserByUsername);
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    @Transactional(readOnly = false, propagation = Propagation.SUPPORTS, rollbackFor = {Throwable.class})
    public void resetLoginFailedCount(String str) {
        User findUserByUsername = this.userDAO.findUserByUsername(str);
        if (findUserByUsername == null) {
            return;
        }
        findUserByUsername.setFailedLoginCount(0);
        this.userDAO.save(findUserByUsername);
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.usermgmt.service.IUserService
    @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW, rollbackFor = {Throwable.class})
    public void changeUserPassword(ChangePasswordRequestDTO changePasswordRequestDTO) throws ServiceException {
        if (!StringUtils.hasText(changePasswordRequestDTO.getUsername())) {
            throw new ServiceException(ApiResponseCode.PARAMETER_IMPERFECT, "username cannot be empty");
        }
        String originalPassword = changePasswordRequestDTO.getOriginalPassword();
        if (!StringUtils.hasText(originalPassword)) {
            throw new ServiceException(ApiResponseCode.PARAMETER_IMPERFECT, "originalPassword cannot be empty");
        }
        String newPassword = changePasswordRequestDTO.getNewPassword();
        if (!StringUtils.hasText(newPassword)) {
            throw new ServiceException(ApiResponseCode.PARAMETER_IMPERFECT, "newPassword cannot be empty");
        }
        User findUserByUsername = this.userDAO.findUserByUsername(changePasswordRequestDTO.getUsername());
        if (findUserByUsername == null) {
            throw new ServiceException(UserManagementApiResponseCode.USER_NOT_FOUND);
        }
        if (!PasswordEncryptionUtils.verifyPassword(originalPassword, findUserByUsername.getPassword())) {
            throw new ServiceException(UserManagementApiResponseCode.USER_PASSWORD_NOT_MATCH, "Password not matched");
        }
        Instant now = Instant.now();
        UserHistoricalPassword userHistoricalPassword = new UserHistoricalPassword();
        userHistoricalPassword.setUserId(findUserByUsername.getId());
        userHistoricalPassword.setPassword(findUserByUsername.getPassword());
        userHistoricalPassword.setCreationTime(now);
        findUserByUsername.addHistoricalPassword(userHistoricalPassword);
        List<UserHistoricalPassword> historicalPasswords = findUserByUsername.getHistoricalPasswords();
        PasswordData passwordData = new PasswordData(findUserByUsername.getUsername(), changePasswordRequestDTO.getNewPassword());
        if (this.historicalPasswordLimit > 0) {
            passwordData.setPasswordReferences(toPasswordReference(getLatestHistoricalPassword(historicalPasswords, this.historicalPasswordLimit)));
        }
        RuleResult validate = this.passwordValidator.validate(passwordData);
        if (!validate.isValid()) {
            throw new ServiceException(UserManagementApiResponseCode.PASSWORD_VIOLATED_POLICY, String.join("\n", this.passwordValidator.getMessages(validate)));
        }
        this.userHistoricalPasswordDAO.save(userHistoricalPassword);
        findUserByUsername.setPassword(PasswordEncryptionUtils.hashPassword(newPassword));
        findUserByUsername.setChangePassword(false);
        findUserByUsername.setLastUpdatedBy(findUserByUsername.getUsername());
        findUserByUsername.setLastUpdatedTime(now);
        findUserByUsername.setFailedLoginCount(0);
        findUserByUsername.setLastPasswordUpdatedTime(now);
        this.userDAO.save(findUserByUsername);
    }

    protected List<UserHistoricalPassword> getLatestHistoricalPassword(List<UserHistoricalPassword> list, int i) {
        if (list == null) {
            return null;
        }
        return (List) list.stream().sorted((userHistoricalPassword, userHistoricalPassword2) -> {
            return userHistoricalPassword2.getCreationTime().compareTo(userHistoricalPassword.getCreationTime());
        }).limit(i).collect(Collectors.toList());
    }

    protected List<PasswordData.Reference> toPasswordReference(List<UserHistoricalPassword> list) {
        if (list == null) {
            return null;
        }
        return (List) list.stream().map(userHistoricalPassword -> {
            return new PasswordData.HistoricalReference("bcrypt-history", userHistoricalPassword.getPassword());
        }).collect(Collectors.toList());
    }

    protected List<UserDTO> processPasswordExpiryDate(List<UserDTO> list) {
        if (list == null) {
            return null;
        }
        return (List) list.stream().map(this::processPasswordExpiryDate).collect(Collectors.toList());
    }

    protected UserDTO processPasswordExpiryDate(UserDTO userDTO) {
        if (userDTO == null) {
            return null;
        }
        userDTO.setPasswordExpiryDate(getPasswordExpiryDateFrom(userDTO.getLastPasswordUpdatedTime()));
        return userDTO;
    }

    protected Instant getPasswordExpiryDateFrom(Instant instant) {
        if (this.passwordValidityDays <= 0) {
            return null;
        }
        return instant == null ? Instant.now().minusSeconds(TimeUnit.DAYS.toSeconds(1L)) : instant.plusSeconds(TimeUnit.DAYS.toSeconds(this.passwordValidityDays));
    }
}
