package org.thingsboard.server.dao.oauth2;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import javax.transaction.Transactional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.oauth2.ClientRegistrationDto;
import org.thingsboard.server.common.data.oauth2.DomainInfo;
import org.thingsboard.server.common.data.oauth2.MapperType;
import org.thingsboard.server.common.data.oauth2.OAuth2BasicMapperConfig;
import org.thingsboard.server.common.data.oauth2.OAuth2ClientInfo;
import org.thingsboard.server.common.data.oauth2.OAuth2ClientRegistrationInfo;
import org.thingsboard.server.common.data.oauth2.OAuth2ClientsDomainParams;
import org.thingsboard.server.common.data.oauth2.OAuth2ClientsParams;
import org.thingsboard.server.common.data.oauth2.OAuth2CustomMapperConfig;
import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig;
import org.thingsboard.server.common.data.oauth2.SchemeType;
import org.thingsboard.server.common.data.oauth2.TenantNameStrategyType;
import org.thingsboard.server.dao.entity.AbstractEntityService;
import org.thingsboard.server.dao.exception.DataValidationException;
import org.thingsboard.server.dao.exception.IncorrectParameterException;
import org.thingsboard.server.dao.service.Validator;

@Service
/* loaded from: input_file:org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.class */
public class OAuth2ServiceImpl extends AbstractEntityService implements OAuth2Service {
    private static final Logger log = LoggerFactory.getLogger(OAuth2ServiceImpl.class);
    public static final String INCORRECT_TENANT_ID = "Incorrect tenantId ";
    public static final String INCORRECT_CLIENT_REGISTRATION_ID = "Incorrect clientRegistrationId ";
    public static final String INCORRECT_DOMAIN_NAME = "Incorrect domainName ";
    public static final String INCORRECT_DOMAIN_SCHEME = "Incorrect domainScheme ";

    @Autowired
    private OAuth2ClientRegistrationInfoDao clientRegistrationInfoDao;

    @Autowired
    private OAuth2ClientRegistrationDao clientRegistrationDao;
    private final Consumer<OAuth2ClientsParams> clientParamsValidator = oAuth2ClientsParams -> {
        if (oAuth2ClientsParams == null || oAuth2ClientsParams.getDomainsParams() == null) {
            throw new DataValidationException("Domain params should be specified!");
        }
        for (OAuth2ClientsDomainParams oAuth2ClientsDomainParams : oAuth2ClientsParams.getDomainsParams()) {
            if (oAuth2ClientsDomainParams.getDomainInfos() == null || oAuth2ClientsDomainParams.getDomainInfos().isEmpty()) {
                throw new DataValidationException("List of domain configuration should be specified!");
            }
            for (DomainInfo domainInfo : oAuth2ClientsDomainParams.getDomainInfos()) {
                if (StringUtils.isEmpty(domainInfo.getName())) {
                    throw new DataValidationException("Domain name should be specified!");
                }
                if (domainInfo.getScheme() == null) {
                    throw new DataValidationException("Domain scheme should be specified!");
                }
            }
            ((Map) oAuth2ClientsDomainParams.getDomainInfos().stream().collect(Collectors.groupingBy((v0) -> {
                return v0.getName();
            }))).forEach((str, list) -> {
                if (list.size() > 1 && list.stream().anyMatch(domainInfo2 -> {
                    return domainInfo2.getScheme() == SchemeType.MIXED;
                })) {
                    throw new DataValidationException("MIXED scheme type shouldn't be combined with another scheme type!");
                }
            });
            if (oAuth2ClientsDomainParams.getClientRegistrations() == null || oAuth2ClientsDomainParams.getClientRegistrations().isEmpty()) {
                throw new DataValidationException("Client registrations should be specified!");
            }
            for (ClientRegistrationDto clientRegistrationDto : oAuth2ClientsDomainParams.getClientRegistrations()) {
                if (StringUtils.isEmpty(clientRegistrationDto.getClientId())) {
                    throw new DataValidationException("Client ID should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getClientSecret())) {
                    throw new DataValidationException("Client secret should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getAuthorizationUri())) {
                    throw new DataValidationException("Authorization uri should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getAccessTokenUri())) {
                    throw new DataValidationException("Token uri should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getScope())) {
                    throw new DataValidationException("Scope should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getUserInfoUri())) {
                    throw new DataValidationException("User info uri should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getUserNameAttributeName())) {
                    throw new DataValidationException("User name attribute name should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getClientAuthenticationMethod())) {
                    throw new DataValidationException("Client authentication method should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getLoginButtonLabel())) {
                    throw new DataValidationException("Login button label should be specified!");
                }
                OAuth2MapperConfig mapperConfig = clientRegistrationDto.getMapperConfig();
                if (mapperConfig == null) {
                    throw new DataValidationException("Mapper config should be specified!");
                }
                if (mapperConfig.getType() == null) {
                    throw new DataValidationException("Mapper config type should be specified!");
                }
                if (mapperConfig.getType() == MapperType.BASIC) {
                    OAuth2BasicMapperConfig basic = mapperConfig.getBasic();
                    if (basic == null) {
                        throw new DataValidationException("Basic config should be specified!");
                    }
                    if (StringUtils.isEmpty(basic.getEmailAttributeKey())) {
                        throw new DataValidationException("Email attribute key should be specified!");
                    }
                    if (basic.getTenantNameStrategy() == null) {
                        throw new DataValidationException("Tenant name strategy should be specified!");
                    }
                    if (basic.getTenantNameStrategy() == TenantNameStrategyType.CUSTOM && StringUtils.isEmpty(basic.getTenantNamePattern())) {
                        throw new DataValidationException("Tenant name pattern should be specified!");
                    }
                }
                if (mapperConfig.getType() == MapperType.GITHUB) {
                    OAuth2BasicMapperConfig basic2 = mapperConfig.getBasic();
                    if (basic2 == null) {
                        throw new DataValidationException("Basic config should be specified!");
                    }
                    if (!StringUtils.isEmpty(basic2.getEmailAttributeKey())) {
                        throw new DataValidationException("Email attribute key cannot be configured for GITHUB mapper type!");
                    }
                    if (basic2.getTenantNameStrategy() == null) {
                        throw new DataValidationException("Tenant name strategy should be specified!");
                    }
                    if (basic2.getTenantNameStrategy() == TenantNameStrategyType.CUSTOM && StringUtils.isEmpty(basic2.getTenantNamePattern())) {
                        throw new DataValidationException("Tenant name pattern should be specified!");
                    }
                }
                if (mapperConfig.getType() == MapperType.CUSTOM) {
                    OAuth2CustomMapperConfig custom = mapperConfig.getCustom();
                    if (custom == null) {
                        throw new DataValidationException("Custom config should be specified!");
                    }
                    if (StringUtils.isEmpty(custom.getUrl())) {
                        throw new DataValidationException("Custom mapper URL should be specified!");
                    }
                }
            }
        }
    };

    public List<OAuth2ClientInfo> getOAuth2Clients(String str, String str2) {
        log.trace("Executing getOAuth2Clients [{}://{}]", str, str2);
        if (str == null) {
            throw new IncorrectParameterException(INCORRECT_DOMAIN_SCHEME);
        }
        try {
            SchemeType valueOf = SchemeType.valueOf(str.toUpperCase());
            Validator.validateString(str2, INCORRECT_DOMAIN_NAME + str2);
            return (List) this.clientRegistrationInfoDao.findByDomainSchemesAndDomainName(Arrays.asList(valueOf, SchemeType.MIXED), str2).stream().filter((v0) -> {
                return v0.isEnabled();
            }).map(OAuth2Utils::toClientInfo).collect(Collectors.toList());
        } catch (IllegalArgumentException e) {
            throw new IncorrectParameterException(INCORRECT_DOMAIN_SCHEME);
        }
    }

    @Transactional
    public void saveOAuth2Params(OAuth2ClientsParams oAuth2ClientsParams) {
        log.trace("Executing saveOAuth2Params [{}]", oAuth2ClientsParams);
        this.clientParamsValidator.accept(oAuth2ClientsParams);
        this.clientRegistrationDao.deleteAll();
        this.clientRegistrationInfoDao.deleteAll();
        oAuth2ClientsParams.getDomainsParams().forEach(oAuth2ClientsDomainParams -> {
            oAuth2ClientsDomainParams.getClientRegistrations().forEach(clientRegistrationDto -> {
                OAuth2ClientRegistrationInfo save = this.clientRegistrationInfoDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.toClientRegistrationInfo(oAuth2ClientsParams.isEnabled(), clientRegistrationDto));
                oAuth2ClientsDomainParams.getDomainInfos().forEach(domainInfo -> {
                    this.clientRegistrationDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.toClientRegistration(save.getId(), domainInfo.getScheme(), domainInfo.getName()));
                });
            });
        });
    }

    public OAuth2ClientsParams findOAuth2Params() {
        log.trace("Executing findOAuth2Params");
        return OAuth2Utils.toOAuth2Params(this.clientRegistrationInfoDao.findAllExtended());
    }

    public OAuth2ClientRegistrationInfo findClientRegistrationInfo(UUID uuid) {
        log.trace("Executing findClientRegistrationInfo [{}]", uuid);
        Validator.validateId(uuid, INCORRECT_CLIENT_REGISTRATION_ID + uuid);
        return this.clientRegistrationInfoDao.findById(null, uuid);
    }

    public List<OAuth2ClientRegistrationInfo> findAllClientRegistrationInfos() {
        log.trace("Executing findAllClientRegistrationInfos");
        return this.clientRegistrationInfoDao.findAll();
    }
}
