package fi.vm.sade.authentication.business.service.impl;

import fi.vm.sade.authentication.business.service.AuthenticationBusinessService;
import fi.vm.sade.authentication.business.service.CryptoService;
import fi.vm.sade.authentication.dao.HenkiloDAO;
import fi.vm.sade.authentication.dao.IdentificationDAO;
import fi.vm.sade.authentication.dao.TicketDAO;
import fi.vm.sade.authentication.model.Henkilo;
import fi.vm.sade.authentication.model.Identification;
import fi.vm.sade.authentication.model.Password;
import fi.vm.sade.authentication.model.Ticket;
import java.util.Calendar;
import java.util.Date;
import javax.persistence.NoResultException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Service
/* loaded from: input_file:WEB-INF/classes/fi/vm/sade/authentication/business/service/impl/AuthenticationBusinessServiceImpl.class */
public class AuthenticationBusinessServiceImpl implements AuthenticationBusinessService {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationBusinessServiceImpl.class);

    @Autowired
    private HenkiloDAO henkiloDAO;

    @Autowired
    private TicketDAO ticketDAO;

    @Autowired
    private IdentificationDAO identificationDAO;

    @Autowired
    private CryptoService cryptoService;

    @Override // fi.vm.sade.authentication.business.service.AuthenticationBusinessService
    public String generateAuthTokenForHenkilo(Henkilo henkilo, String str, String str2) {
        Henkilo read = this.henkiloDAO.read(henkilo.getId());
        String generateSalt = this.cryptoService.generateSalt();
        try {
            Identification readByIdpAndIdentifier = this.identificationDAO.readByIdpAndIdentifier(str, str2);
            readByIdpAndIdentifier.setAuthtoken(generateSalt);
            this.identificationDAO.update(readByIdpAndIdentifier);
            return generateSalt;
        } catch (NoResultException e) {
            Identification identification = new Identification();
            identification.setHenkilo(read);
            identification.setIdentifier(str2);
            identification.setIdpEntityId(str);
            identification.setAuthtoken(generateSalt);
            this.identificationDAO.insert(identification);
            return generateSalt;
        }
    }

    @Override // fi.vm.sade.authentication.business.service.AuthenticationBusinessService
    public Identification validateAuthToken(String str) {
        Identification readByAuthToken = this.identificationDAO.readByAuthToken(str);
        if (readByAuthToken != null) {
            generateTicketForHenkilo(readByAuthToken.getHenkilo());
            readByAuthToken.setAuthtoken(null);
            this.identificationDAO.update(readByAuthToken);
        }
        return readByAuthToken;
    }

    @Override // fi.vm.sade.authentication.business.service.AuthenticationBusinessService
    public Identification validate(String str, String str2) {
        return validatePassword(str, str2).getIdentifications().iterator().next();
    }

    private Henkilo validatePassword(String str, String str2) {
        Henkilo findByOid = this.henkiloDAO.findByOid(str);
        if (findByOid == null || findByOid.getPassword() == null || StringUtils.isBlank(findByOid.getPassword().getPassword()) || StringUtils.isBlank(findByOid.getPassword().getSalt()) || !this.cryptoService.check(str2, findByOid.getPassword().getPassword(), findByOid.getPassword().getSalt())) {
            return null;
        }
        return findByOid;
    }

    @Override // fi.vm.sade.authentication.business.service.AuthenticationBusinessService
    public void changePassword(String str, String str2, String str3, String str4) {
        Henkilo henkilo = null;
        if (StringUtils.isNotBlank(str2)) {
            henkilo = validate(str2);
        } else if (str3 != null) {
            henkilo = validatePassword(str, str3);
        }
        if (henkilo == null) {
            throw new RuntimeException("Change password security");
        }
        setPasswordForHenkilo(henkilo, str4);
    }

    private void setPasswordForHenkilo(Henkilo henkilo, String str) {
        Password password = henkilo.getPassword();
        if (password == null) {
            password = new Password();
            henkilo.setPassword(password);
            password.setHenkilo(henkilo);
        }
        String generateSalt = this.cryptoService.generateSalt();
        String saltedHash = this.cryptoService.getSaltedHash(str, generateSalt);
        password.setSalt(generateSalt);
        password.setPassword(saltedHash);
    }

    @Override // fi.vm.sade.authentication.business.service.AuthenticationBusinessService
    public Henkilo validate(String str) {
        try {
            Ticket readValidByToken = this.ticketDAO.readValidByToken(str);
            extendTicket(readValidByToken);
            return readValidByToken.getHenkilo();
        } catch (NoResultException e) {
            LOGGER.info("No valid ticket for string: " + str);
            return null;
        }
    }

    private void extendTicket(Ticket ticket) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, 30);
        ticket.setExpireTime(calendar.getTime());
        this.ticketDAO.update(ticket);
    }

    private void generateNewTicket(Henkilo henkilo) {
        this.ticketDAO.removeByHenkiloId(henkilo.getId());
        Ticket ticket = new Ticket();
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, 30);
        ticket.setExpireTime(calendar.getTime());
        ticket.setHenkilo(henkilo);
        henkilo.setTicket(ticket);
        ticket.setTicket(this.cryptoService.generateSalt());
        this.ticketDAO.insert(ticket);
    }

    private void generateTicketForHenkilo(Henkilo henkilo) {
        Henkilo read = this.henkiloDAO.read(henkilo.getId());
        Ticket ticket = read.getTicket();
        if (ticket == null || ticket.getExpireTime() == null || ticket.getExpireTime().getTime() > new Date().getTime()) {
            generateNewTicket(read);
        } else {
            extendTicket(ticket);
        }
    }

    @Override // fi.vm.sade.authentication.business.service.AuthenticationBusinessService
    public void registerUser(String str, String str2, String str3, String str4) {
        if (str.equals("email")) {
            return;
        }
        Identification readByIdpAndIdentifier = this.identificationDAO.readByIdpAndIdentifier(str, str2);
        readByIdpAndIdentifier.setEmail(str3);
        readByIdpAndIdentifier.getHenkilo().setHetu(str4);
        this.identificationDAO.update(readByIdpAndIdentifier);
    }
}
