package org.jahia.community.aws.cognito.provider;

import io.netty.handler.codec.http.websocketx.WebSocketServerHandshaker;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.jahia.community.aws.cognito.api.AwsCognitoConfiguration;
import org.jahia.community.aws.cognito.api.AwsCognitoConstants;
import org.jahia.community.aws.cognito.client.AwsCognitoClientService;
import org.jahia.community.aws.cognito.client.AwsCognitoGroup;
import org.jahia.community.aws.cognito.client.AwsCognitoUser;
import org.jahia.exceptions.JahiaRuntimeException;
import org.jahia.modules.external.users.BaseUserGroupProvider;
import org.jahia.modules.external.users.GroupNotFoundException;
import org.jahia.modules.external.users.Member;
import org.jahia.modules.external.users.UserNotFoundException;
import org.jahia.services.usermanager.JahiaGroup;
import org.jahia.services.usermanager.JahiaGroupManagerService;
import org.jahia.services.usermanager.JahiaUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/community/aws/cognito/provider/AwsCognitoUserGroupProvider.class */
public class AwsCognitoUserGroupProvider extends BaseUserGroupProvider {
    private static final Logger logger = LoggerFactory.getLogger(AwsCognitoUserGroupProvider.class);
    private static final String PROP_USERNAME = "username";
    private static final String PROP_GROUPNAME = "groupname";
    private final AwsCognitoCacheManager awsCognitoCacheManager;
    private final AwsCognitoClientService awsCognitoClientService;
    private AwsCognitoConfiguration awsCognitoConfiguration;

    public AwsCognitoUserGroupProvider(AwsCognitoCacheManager awsCognitoCacheManager, AwsCognitoClientService awsCognitoClientService) {
        this.awsCognitoCacheManager = awsCognitoCacheManager;
        this.awsCognitoClientService = awsCognitoClientService;
    }

    public void setAwsCognitoConfiguration(AwsCognitoConfiguration awsCognitoConfiguration) {
        this.awsCognitoConfiguration = awsCognitoConfiguration;
    }

    protected String getSiteKey() {
        if (this.awsCognitoConfiguration == null) {
            return null;
        }
        return this.awsCognitoConfiguration.getTargetSite();
    }

    public JahiaUser getUser(String str) throws UserNotFoundException {
        if (isAvailable()) {
            return this.awsCognitoCacheManager.getOrRefreshUser(getKey(), getSiteKey(), str, () -> {
                return this.awsCognitoClientService.getUser(this.awsCognitoConfiguration, PROP_USERNAME, str);
            }).orElseThrow(() -> {
                return new UserNotFoundException("User '" + str + "' not found.");
            }).getJahiaUser();
        }
        throw new UserNotFoundException();
    }

    public JahiaGroup getGroup(String str) throws GroupNotFoundException {
        if (!isAvailable()) {
            throw new GroupNotFoundException();
        }
        if (!JahiaGroupManagerService.PROTECTED_GROUPS.contains(str) && !JahiaGroupManagerService.POWERFUL_GROUPS.contains(str)) {
            return this.awsCognitoCacheManager.getOrRefreshGroup(getKey(), getSiteKey(), str, () -> {
                return this.awsCognitoClientService.getGroup(this.awsCognitoConfiguration, str);
            }).orElseThrow(() -> {
                return new GroupNotFoundException("Group '" + str + "' not found.");
            }).getJahiaGroup();
        }
        logger.warn("Group {} is protected", str);
        return null;
    }

    public List<Member> getGroupMembers(String str) {
        if (!isAvailable()) {
            throw new JahiaRuntimeException("Service not available");
        }
        if (JahiaGroupManagerService.PROTECTED_GROUPS.contains(str) || JahiaGroupManagerService.POWERFUL_GROUPS.contains(str)) {
            logger.warn("Group {} is protected", str);
            return null;
        }
        Optional<AwsCognitoGroup> group = this.awsCognitoCacheManager.getGroup(getKey(), getSiteKey(), str);
        if (!group.isPresent()) {
            return Collections.emptyList();
        }
        if (CollectionUtils.isNotEmpty(group.get().getMembers())) {
            return (List) group.get().getMembers().stream().map(str2 -> {
                return new Member(str2, Member.MemberType.USER);
            }).collect(Collectors.toList());
        }
        ArrayList arrayList = new ArrayList();
        this.awsCognitoClientService.getGroupMembers(this.awsCognitoConfiguration, str).orElse(Collections.emptyList()).forEach(awsCognitoUser -> {
            arrayList.add(new Member(awsCognitoUser.getUsername(), Member.MemberType.USER));
        });
        this.awsCognitoCacheManager.getOrRefreshGroup(getKey(), getSiteKey(), str, () -> {
            return this.awsCognitoClientService.getGroup(this.awsCognitoConfiguration, str);
        }).ifPresent(awsCognitoGroup -> {
            awsCognitoGroup.setMembers((List) arrayList.stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList()));
        });
        return Collections.unmodifiableList(arrayList);
    }

    public List<String> getMembership(Member member) {
        if (!isAvailable()) {
            throw new JahiaRuntimeException("Service not available");
        }
        if (member.getType() == Member.MemberType.GROUP) {
            return Collections.emptyList();
        }
        String name = member.getName();
        Optional<AwsCognitoUser> user = this.awsCognitoCacheManager.getUser(getKey(), getSiteKey(), name);
        if (!user.isPresent()) {
            return Collections.emptyList();
        }
        if (CollectionUtils.isNotEmpty(user.get().getGroups())) {
            return user.get().getGroups();
        }
        ArrayList arrayList = new ArrayList();
        this.awsCognitoClientService.getMembership(this.awsCognitoConfiguration, name).orElse(Collections.emptyList()).forEach(awsCognitoGroup -> {
            arrayList.add(awsCognitoGroup.getName());
        });
        this.awsCognitoCacheManager.getOrRefreshUser(getKey(), getSiteKey(), name, () -> {
            return this.awsCognitoClientService.getUser(this.awsCognitoConfiguration, PROP_USERNAME, name);
        }).ifPresent(awsCognitoUser -> {
            awsCognitoUser.setGroups(arrayList);
        });
        return Collections.unmodifiableList(arrayList);
    }

    public List<String> searchUsers(Properties properties, long j, long j2) {
        if (!isAvailable()) {
            throw new JahiaRuntimeException("Service not available");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Search users: {}", properties);
        }
        if (properties.containsKey(PROP_USERNAME) && properties.size() == 1 && !properties.getProperty(PROP_USERNAME).contains(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD)) {
            String property = properties.getProperty(PROP_USERNAME);
            return (List) this.awsCognitoCacheManager.getOrRefreshUser(getKey(), getSiteKey(), property, () -> {
                return this.awsCognitoClientService.getUser(this.awsCognitoConfiguration, PROP_USERNAME, property);
            }).map(awsCognitoUser -> {
                return Collections.singletonList(awsCognitoUser.getUsername());
            }).orElse(Collections.emptyList());
        }
        if (properties.containsKey(AwsCognitoConstants.CUSTOM_PROPERTY_EMAIL)) {
            return (List) this.awsCognitoClientService.getUser(this.awsCognitoConfiguration, AwsCognitoConstants.CUSTOM_PROPERTY_EMAIL, properties.getProperty(AwsCognitoConstants.CUSTOM_PROPERTY_EMAIL).replace(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD, "")).map(awsCognitoUser2 -> {
                this.awsCognitoCacheManager.cacheUser(getKey(), getSiteKey(), awsCognitoUser2);
                return Collections.singletonList(awsCognitoUser2.getUsername());
            }).orElse(Collections.emptyList());
        }
        Optional<List<AwsCognitoUser>> searchUsers = properties.containsKey(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD) ? this.awsCognitoClientService.searchUsers(this.awsCognitoConfiguration, Collections.singletonMap(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD, properties.getProperty(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD).replace(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD, "")), (int) j, (int) j2) : properties.isEmpty() ? this.awsCognitoClientService.getUsers(this.awsCognitoConfiguration, (int) j, (int) j2) : this.awsCognitoClientService.searchUsers(this.awsCognitoConfiguration, (Map) properties.entrySet().stream().collect(Collectors.toMap(entry -> {
            return entry.getKey().toString();
        }, entry2 -> {
            return entry2.getValue().toString().replace(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD, "");
        })), (int) j, (int) j2);
        ArrayList arrayList = new ArrayList();
        searchUsers.orElse(Collections.emptyList()).forEach(awsCognitoUser3 -> {
            arrayList.add(awsCognitoUser3.getUsername());
            this.awsCognitoCacheManager.cacheUser(getKey(), getSiteKey(), awsCognitoUser3);
        });
        return Collections.unmodifiableList(arrayList);
    }

    public List<String> searchGroups(Properties properties, long j, long j2) {
        Optional<List<AwsCognitoGroup>> empty;
        if (!isAvailable()) {
            throw new JahiaRuntimeException("Service not available");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Search groups: {}", properties);
        }
        if (properties.containsKey(PROP_GROUPNAME) && properties.size() == 1 && !properties.getProperty(PROP_GROUPNAME).contains(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD)) {
            String property = properties.getProperty(PROP_GROUPNAME);
            if (!JahiaGroupManagerService.PROTECTED_GROUPS.contains(property) && !JahiaGroupManagerService.POWERFUL_GROUPS.contains(property)) {
                return (List) this.awsCognitoCacheManager.getOrRefreshGroup(getKey(), getSiteKey(), property, () -> {
                    return this.awsCognitoClientService.getGroup(this.awsCognitoConfiguration, property);
                }).map(awsCognitoGroup -> {
                    return Collections.singletonList(awsCognitoGroup.getName());
                }).orElse(Collections.emptyList());
            }
            logger.warn("Group {} is protected", property);
            return Collections.emptyList();
        }
        if (properties.containsKey(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD)) {
            empty = this.awsCognitoClientService.getGroups(this.awsCognitoConfiguration, properties.getProperty(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD).replace(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD, ""), (int) j, (int) j2);
        } else if (properties.isEmpty()) {
            empty = this.awsCognitoClientService.getGroups(this.awsCognitoConfiguration, null, (int) j, (int) j2);
        } else if (properties.containsKey(PROP_GROUPNAME)) {
            empty = this.awsCognitoClientService.getGroups(this.awsCognitoConfiguration, properties.getProperty(PROP_GROUPNAME).replace(WebSocketServerHandshaker.SUB_PROTOCOL_WILDCARD, ""), (int) j, (int) j2);
        } else {
            logger.warn("Unable to search groups multiple attributes");
            empty = Optional.empty();
        }
        ArrayList arrayList = new ArrayList();
        empty.orElse(Collections.emptyList()).forEach(awsCognitoGroup2 -> {
            arrayList.add(awsCognitoGroup2.getName());
            this.awsCognitoCacheManager.cacheGroup(getKey(), getSiteKey(), awsCognitoGroup2);
        });
        return Collections.unmodifiableList(arrayList);
    }

    public boolean verifyPassword(String str, String str2) {
        return this.awsCognitoClientService.getUser(this.awsCognitoConfiguration, PROP_USERNAME, str).filter(awsCognitoUser -> {
            return this.awsCognitoClientService.login(this.awsCognitoConfiguration, awsCognitoUser.getUsername(), str2).isPresent();
        }).isPresent();
    }

    public boolean supportsGroups() {
        return isAvailable();
    }

    public boolean isAvailable() {
        return (this.awsCognitoClientService == null || this.awsCognitoConfiguration == null) ? false : true;
    }
}
