package ru.infotech24.apk23main.security.oauth;

import java.util.AbstractMap;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import ru.infotech24.apk23main.domain.institution.Institution;
import ru.infotech24.apk23main.logic.institution.dao.InstitutionDao;
import ru.infotech24.apk23main.security.AppSecurityException;
import ru.infotech24.apk23main.security.aop.AppSecured;
import ru.infotech24.apk23main.security.aop.AppUnsecured;
import ru.infotech24.apk23main.security.domain.User;
import ru.infotech24.apk23main.security.user.UserService;

@RequestMapping(value = {"/esia"}, produces = {"application/json"})
@RestController
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/oauth/EsiaResource.class */
public class EsiaResource {

    @Value("${esia.debug-user-id}")
    private Integer debugUserId;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) EsiaResource.class);
    private final EsiaService esiaService;
    private final UserService userService;
    private final InstitutionDao institutionDao;

    @Autowired
    public EsiaResource(EsiaService esiaService, UserService userService, InstitutionDao institutionDao) {
        this.esiaService = esiaService;
        this.userService = userService;
        this.institutionDao = institutionDao;
    }

    @GetMapping({"/get-login-url"})
    @AppUnsecured
    public Map.Entry<String, String> getLoginUrl(String str, String str2) throws EsiaAuthException {
        if (this.debugUserId != null) {
            return new AbstractMap.SimpleImmutableEntry("url", null);
        }
        if (str == null || "".equals(str)) {
            throw new EsiaAuthException("A state is required");
        }
        if (str2 == null || "".equals(str2)) {
            throw new EsiaAuthException("A redirectUri is required");
        }
        try {
            return new AbstractMap.SimpleImmutableEntry("url", this.esiaService.getLoginUrl(str, str2));
        } catch (Exception e) {
            logger.error("ESIA: Ошибка при создании loginUrl\n" + e.getMessage() + "\n" + ExceptionUtils.getFullStackTrace(e));
            throw new EsiaAuthException("Ошибка при создании URL", e);
        }
    }

    @GetMapping({"/get-login-url-extended"})
    @AppUnsecured
    public Map.Entry<String, String> getLoginUrlWithPersonScope(String str, String str2, Boolean bool) throws EsiaAuthException {
        if (this.debugUserId != null) {
            return new AbstractMap.SimpleImmutableEntry("url", null);
        }
        if (str == null || "".equals(str)) {
            throw new EsiaAuthException("A state is required");
        }
        if (str2 == null || "".equals(str2)) {
            throw new EsiaAuthException("A redirectUri is required");
        }
        try {
            return new AbstractMap.SimpleImmutableEntry("url", this.esiaService.getPersonLoginUrl(str, str2, bool.booleanValue()));
        } catch (Exception e) {
            logger.error("ESIA: Ошибка при создании loginUrl\n" + e.getMessage() + "\n" + ExceptionUtils.getFullStackTrace(e));
            throw new EsiaAuthException("Ошибка при создании URL", e);
        }
    }

    @GetMapping({"/auth"})
    @AppUnsecured
    public Map<String, String> authenticate(String str, String str2, Boolean bool) throws Exception {
        HashMap hashMap = new HashMap();
        if (this.debugUserId != null) {
            this.esiaService.authenticate(null, null);
            hashMap.put("accessToken", "debug user " + this.debugUserId);
            return hashMap;
        }
        String accessToken = (Objects.equals(bool, true) ? this.esiaService.getTokenForPerson(EsiaGrantType.AuthorizationCode, str, str2) : this.esiaService.getToken(EsiaGrantType.AuthorizationCode, str, str2)).getAccessToken();
        try {
            EsiaPrincipal authenticate = this.esiaService.authenticate(accessToken, null, bool);
            hashMap.put("accessToken", accessToken);
            hashMap.put("extended", String.valueOf(authenticate.getIDoc() != null));
            if (Objects.equals(this.userService.getCurrentUser().getInstitutionTypeId(), 4)) {
                hashMap.put("isPerson", "true");
            }
            return hashMap;
        } catch (Exception e) {
            if (e instanceof EsiaFoundMultipleInstitutionException) {
                ((EsiaFoundMultipleInstitutionException) e).getData().put("reason", "Обнаружено несколько учреждений, в которых зарегистрирован пользователь. Если Вам не предоставлена возможность выбора учреждения, значит используется устаревшая версия клиента.");
                ((EsiaFoundMultipleInstitutionException) e).getData().put("accessToken", accessToken);
                hashMap.put("notFound", ((EsiaFoundMultipleInstitutionException) e).getSerializedValue());
                return hashMap;
            }
            if (!(e instanceof EsiaNotFoundException) && !(e instanceof EsiaAuthException)) {
                logger.error(String.format("%s\n%s", e.getMessage(), ExceptionUtils.getFullStackTrace(e)));
            }
            SecurityContextHolder.clearContext();
            hashMap.put("notFound", e.getMessage());
            return hashMap;
        }
    }

    @GetMapping({"/reauth"})
    @AppSecured(allowAnyAuthenticated = true)
    public Map<String, String> authenticateExtra(String str, String str2, Boolean bool) throws Exception {
        return authenticate(str, str2, bool);
    }

    @GetMapping({"/auth-by-institution-id"})
    @AppUnsecured
    public Map<String, String> authenticate(Integer num, String str, Boolean bool) {
        Institution orElse;
        HashMap hashMap = new HashMap();
        if (num != null) {
            try {
                orElse = this.institutionDao.byId(num).orElse(null);
            } catch (Exception e) {
                if (!(e instanceof EsiaNotFoundException) && !(e instanceof EsiaAuthException)) {
                    logger.error(String.format("%s\n%s", e.getMessage(), ExceptionUtils.getFullStackTrace(e)));
                }
                SecurityContextHolder.clearContext();
                hashMap.put("notFound", e.getMessage());
                return hashMap;
            }
        } else {
            orElse = null;
        }
        Institution institution = orElse;
        EsiaPrincipal authenticate = this.esiaService.authenticate(str, num, Boolean.valueOf(Objects.equals(bool, true) || (institution != null && Objects.equals(institution.getInstitutionTypeId(), 4))));
        hashMap.put("accessToken", str);
        if (institution != null && Objects.equals(institution.getInstitutionTypeId(), 4)) {
            hashMap.put("isPerson", "true");
        }
        hashMap.put("extended", String.valueOf(authenticate.getIDoc() != null));
        return hashMap;
    }

    @GetMapping({"/impersonate"})
    @AppUnsecured
    public Map.Entry<String, String> impersonate(Integer num) throws EsiaAuthException {
        User mainUserIfImpersonated = this.userService.getMainUserIfImpersonated() != null ? this.userService.getMainUserIfImpersonated() : this.userService.getCurrentUser();
        if (mainUserIfImpersonated == null || !mainUserIfImpersonated.isAdministrator()) {
            throw new AppSecurityException("Нет доступа к функции");
        }
        try {
            String str = (String) SecurityContextHolder.getContext().getAuthentication().getCredentials();
            if (num != null) {
                this.esiaService.impersonate(num.intValue());
            } else {
                this.esiaService.deimpersonate();
            }
            return new AbstractMap.SimpleImmutableEntry("accessToken", str);
        } catch (Exception e) {
            if (!(e instanceof EsiaNotFoundException) && !(e instanceof EsiaAuthException)) {
                logger.error(String.format("%s\n%s", e.getMessage(), ExceptionUtils.getFullStackTrace(e)));
            }
            SecurityContextHolder.clearContext();
            return new AbstractMap.SimpleImmutableEntry("notFound", e.getMessage());
        }
    }

    @GetMapping({"/logout"})
    @AppUnsecured
    public Map.Entry<String, String> logout(String str) throws Exception {
        String logoutUrl = this.esiaService.getLogoutUrl(str);
        SecurityContextHolder.clearContext();
        return new AbstractMap.SimpleImmutableEntry("url", logoutUrl);
    }

    @GetMapping({"/get-logout-url"})
    @AppUnsecured
    public Map.Entry<String, String> getLogoutUrl(String str) throws Exception {
        return new AbstractMap.SimpleImmutableEntry("url", this.esiaService.getLogoutUrl(str));
    }

    @GetMapping({"/get-user-principal"})
    @AppSecured(allowAnyAuthenticated = true)
    public Object getUserPrincipal() {
        return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    }
}
