package org.molgenis.security.oidc;

import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.molgenis.data.DataService;
import org.molgenis.data.UnknownEntityException;
import org.molgenis.data.security.auth.User;
import org.molgenis.data.security.auth.UserFactory;
import org.molgenis.security.core.runas.RunAsSystemAspect;
import org.molgenis.security.oidc.model.OidcClient;
import org.molgenis.security.oidc.model.OidcClientMetadata;
import org.molgenis.security.oidc.model.OidcUserMapping;
import org.molgenis.security.oidc.model.OidcUserMappingFactory;
import org.molgenis.security.oidc.model.OidcUserMappingMetadata;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/molgenis/security/oidc/OidcUserMapperImpl.class */
public class OidcUserMapperImpl implements OidcUserMapper {
    private final DataService dataService;
    private final OidcUserMappingFactory oidcUserMappingFactory;
    private final UserFactory userFactory;

    public OidcUserMapperImpl(DataService dataService, OidcUserMappingFactory oidcUserMappingFactory, UserFactory userFactory) {
        this.dataService = (DataService) Objects.requireNonNull(dataService);
        this.oidcUserMappingFactory = (OidcUserMappingFactory) Objects.requireNonNull(oidcUserMappingFactory);
        this.userFactory = (UserFactory) Objects.requireNonNull(userFactory);
    }

    @Override // org.molgenis.security.oidc.OidcUserMapper
    @Transactional
    public User toUser(OidcUser oidcUser, OidcUserRequest oidcUserRequest) {
        verifyOidcUser(oidcUser);
        return (User) RunAsSystemAspect.runAsSystem(() -> {
            return getUser(oidcUser, oidcUserRequest).orElseGet(() -> {
                return createUserMapping(oidcUser, oidcUserRequest);
            });
        });
    }

    private void verifyOidcUser(OidcUser oidcUser) {
        if (oidcUser.getEmail() == null) {
            throw new OidcUserMissingEmailException(oidcUser);
        }
        Boolean emailVerified = oidcUser.getEmailVerified();
        if (emailVerified != null && !emailVerified.booleanValue()) {
            throw new OidcUserEmailVerificationException(oidcUser);
        }
    }

    private Optional<User> getUser(OidcUser oidcUser, OidcUserRequest oidcUserRequest) {
        OidcUserMapping findOne = this.dataService.query(OidcUserMappingMetadata.OIDC_USER_MAPPING, OidcUserMapping.class).eq(OidcUserMappingMetadata.OIDC_CLIENT, oidcUserRequest.getClientRegistration().getRegistrationId()).and().eq(OidcUserMappingMetadata.OIDC_USERNAME, oidcUser.getSubject()).findOne();
        return findOne != null ? Optional.of(findOne.getUser()) : Optional.empty();
    }

    private User createUserMapping(OidcUser oidcUser, OidcUserRequest oidcUserRequest) {
        User user = (User) this.dataService.query("sys_sec_User", User.class).eq("Email", oidcUser.getEmail()).findOne();
        if (user == null) {
            user = createUser(oidcUser);
        }
        OidcClient oidcClient = getOidcClient(oidcUserRequest);
        OidcUserMapping create = this.oidcUserMappingFactory.create();
        create.setLabel(oidcUserRequest.getClientRegistration().getRegistrationId() + ":" + oidcUser.getSubject());
        create.setOidcClient(oidcClient);
        create.setOidcUsername(oidcUser.getSubject());
        create.setUser(user);
        this.dataService.add(OidcUserMappingMetadata.OIDC_USER_MAPPING, create);
        return user;
    }

    private User createUser(OidcUser oidcUser) {
        User create = this.userFactory.create();
        create.setUsername(oidcUser.getEmail());
        create.setPassword(UUID.randomUUID().toString());
        create.setEmail(oidcUser.getEmail());
        create.setActive(true);
        create.setFirstName(oidcUser.getGivenName());
        create.setLastName(oidcUser.getFamilyName());
        this.dataService.add("sys_sec_User", create);
        return create;
    }

    private OidcClient getOidcClient(OidcUserRequest oidcUserRequest) {
        String registrationId = oidcUserRequest.getClientRegistration().getRegistrationId();
        OidcClient findOneById = this.dataService.findOneById(OidcClientMetadata.OIDC_CLIENT, registrationId, OidcClient.class);
        if (findOneById == null) {
            throw new UnknownEntityException(OidcClientMetadata.OIDC_CLIENT, registrationId);
        }
        return findOneById;
    }
}
