package com.enonic.app.auth0.impl;

import com.auth0.Auth0User;
import com.auth0.authentication.ParameterBuilder;
import com.auth0.authentication.result.UserIdentity;
import com.enonic.xp.context.ContextAccessor;
import com.enonic.xp.context.ContextBuilder;
import com.enonic.xp.data.PropertySet;
import com.enonic.xp.data.PropertyTree;
import com.enonic.xp.lib.content.mapper.JsonToPropertyTreeTranslator;
import com.enonic.xp.query.expr.OrderExpr;
import com.enonic.xp.query.expr.QueryExpr;
import com.enonic.xp.query.parser.QueryParser;
import com.enonic.xp.security.CreateUserParams;
import com.enonic.xp.security.PrincipalKey;
import com.enonic.xp.security.PrincipalKeys;
import com.enonic.xp.security.PrincipalRelationship;
import com.enonic.xp.security.RoleKeys;
import com.enonic.xp.security.SecurityService;
import com.enonic.xp.security.UpdateUserParams;
import com.enonic.xp.security.User;
import com.enonic.xp.security.UserQuery;
import com.enonic.xp.security.UserQueryResult;
import com.enonic.xp.security.UserStoreKey;
import com.enonic.xp.security.auth.AuthenticationInfo;
import com.enonic.xp.security.auth.VerifiedUsernameAuthToken;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.Callable;
import javax.servlet.http.HttpServletRequest;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {Auth0LoginService.class})
/* loaded from: input_file:com/enonic/app/auth0/impl/Auth0LoginService.class */
public class Auth0LoginService {
    private Auth0ConfigurationService configurationService;
    private SecurityService securityService;

    public void login(HttpServletRequest httpServletRequest, Auth0User auth0User, UserStoreKey userStoreKey) {
        PrincipalKey ofUser = PrincipalKey.ofUser(userStoreKey, auth0User.getUserId().replace('|', '-'));
        User user = (User) ((Optional) runAs(() -> {
            return this.securityService.getUser(ofUser);
        }, RoleKeys.AUTHENTICATED)).orElse(null);
        if (user == null && auth0User.getEmail() != null) {
            UserQuery build = UserQuery.create().size(1).queryExpr(QueryExpr.from(QueryParser.parseCostraintExpression("userstorekey = '" + userStoreKey + "' AND email = '" + auth0User.getEmail() + "'"), new OrderExpr[0])).build();
            user = (User) ((UserQueryResult) runAs(() -> {
                return this.securityService.query(build);
            }, RoleKeys.AUTHENTICATED)).getUsers().first();
        }
        if (user == null) {
            user = createUser(auth0User, ofUser);
        }
        updateProfile(auth0User, user.getKey());
        authenticate(httpServletRequest, user.getKey());
    }

    private User createUser(Auth0User auth0User, PrincipalKey principalKey) {
        String email = auth0User.getEmail();
        String name = auth0User.getName();
        PrincipalKeys defaultPrincipals = this.configurationService.getDefaultPrincipals(principalKey.getUserStore());
        CreateUserParams build = CreateUserParams.create().login(principalKey.getId()).displayName(name).email(email).userKey(principalKey).build();
        return (User) runAs(() -> {
            User createUser = this.securityService.createUser(build);
            Iterator it = defaultPrincipals.iterator();
            while (it.hasNext()) {
                this.securityService.addRelationship(PrincipalRelationship.from((PrincipalKey) it.next()).to(principalKey));
            }
            return createUser;
        }, RoleKeys.ADMIN);
    }

    private void updateProfile(Auth0User auth0User, PrincipalKey principalKey) {
        UpdateUserParams build = UpdateUserParams.create().userKey(principalKey).editor(editableUser -> {
            updateProfile(editableUser.profile, auth0User);
        }).build();
        runAs(() -> {
            return this.securityService.updateUser(build);
        }, RoleKeys.ADMIN);
    }

    private void authenticate(HttpServletRequest httpServletRequest, PrincipalKey principalKey) {
        VerifiedUsernameAuthToken verifiedUsernameAuthToken = new VerifiedUsernameAuthToken();
        verifiedUsernameAuthToken.setUserStore(principalKey.getUserStore());
        verifiedUsernameAuthToken.setUsername(principalKey.getId());
        verifiedUsernameAuthToken.setRememberMe(true);
        AuthenticationInfo authenticationInfo = (AuthenticationInfo) runAs(() -> {
            return this.securityService.authenticate(verifiedUsernameAuthToken);
        }, RoleKeys.AUTHENTICATED);
        if (authenticationInfo.isAuthenticated()) {
            httpServletRequest.getSession(true).setAttribute(authenticationInfo.getClass().getName(), authenticationInfo);
        }
    }

    private void updateProfile(PropertyTree propertyTree, Auth0User auth0User) {
        PropertySet propertySet = null;
        Iterator it = propertyTree.getSets("auth0Identities").iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            PropertySet propertySet2 = (PropertySet) it.next();
            if (auth0User.getUserId().equals(propertySet2.getString("userId"))) {
                propertySet = propertySet2;
                break;
            }
        }
        if (propertySet == null) {
            propertySet = propertyTree.addSet("auth0Identities");
        }
        propertySet.setString("userId", auth0User.getUserId());
        propertySet.setString("name", auth0User.getName());
        propertySet.setString("nickname", auth0User.getNickname());
        propertySet.setString("picture", auth0User.getPicture());
        propertySet.setString("email", auth0User.getEmail());
        propertySet.setBoolean("emailVerified", Boolean.valueOf(auth0User.isEmailVerified()));
        propertySet.setString("givenName", auth0User.getGivenName());
        propertySet.setString("familyName", auth0User.getFamilyName());
        propertySet.setSet("userMetaData", createPropertySet(auth0User.getUserMetadata()));
        propertySet.setSet("appMetaData", createPropertySet(auth0User.getAppMetadata()));
        propertySet.setInstant("createdAt", auth0User.getCreatedAt().toInstant());
        propertySet.removeProperty("identities");
        Iterator<UserIdentity> it2 = auth0User.getIdentities().iterator();
        while (it2.hasNext()) {
            propertySet.setSet("identities", createPropertySet(it2.next()));
        }
        propertySet.setSet("extraInfo", createPropertySet(auth0User.getExtraInfo()));
        propertySet.removeProperty("roles");
        Iterator<String> it3 = auth0User.getRoles().iterator();
        while (it3.hasNext()) {
            propertySet.addString("roles", it3.next());
        }
        propertySet.removeProperty("groups");
        Iterator<String> it4 = auth0User.getGroups().iterator();
        while (it4.hasNext()) {
            propertySet.addString("groups", it4.next());
        }
    }

    private PropertySet createPropertySet(UserIdentity userIdentity) {
        PropertySet propertySet = new PropertySet();
        propertySet.setString("id", userIdentity.getId());
        propertySet.setString(ParameterBuilder.CONNECTION_KEY, userIdentity.getConnection());
        propertySet.setString("provider", userIdentity.getProvider());
        propertySet.setBoolean("social", Boolean.valueOf(userIdentity.isSocial()));
        propertySet.setSet("profileInfo", createPropertySet(userIdentity.getProfileInfo()));
        return propertySet;
    }

    private PropertySet createPropertySet(Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        return new JsonToPropertyTreeTranslator(null, false).translate(createJsonNode(map)).getRoot();
    }

    private JsonNode createJsonNode(Map<String, Object> map) {
        return new ObjectMapper().valueToTree(map);
    }

    private <T> T runAs(Callable<T> callable, PrincipalKey principalKey) {
        return (T) ContextBuilder.from(ContextAccessor.current()).authInfo(AuthenticationInfo.create().principals(new PrincipalKey[]{principalKey}).user(User.ANONYMOUS).build()).build().callWith(callable);
    }

    @Reference
    public void setConfigurationService(Auth0ConfigurationService auth0ConfigurationService) {
        this.configurationService = auth0ConfigurationService;
    }

    @Reference
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }
}
