package ru.infotech24.apk23main.security.user;

import com.google.common.collect.Sets;
import java.security.cert.X509Certificate;
import java.time.LocalDate;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import ru.infotech24.apk23main.domain.docs.Document;
import ru.infotech24.apk23main.domain.institution.Institution;
import ru.infotech24.apk23main.domain.institution.InstitutionEmployee;
import ru.infotech24.apk23main.domain.person.Person;
import ru.infotech24.apk23main.logic.address.AddressDao;
import ru.infotech24.apk23main.logic.institution.dao.InstitutionDao;
import ru.infotech24.apk23main.logic.institution.dao.InstitutionEmployeeDao;
import ru.infotech24.apk23main.logic.person.PersonDao;
import ru.infotech24.apk23main.logic.person.bl.PersonBl;
import ru.infotech24.apk23main.logic.stash.PerRequestStash;
import ru.infotech24.apk23main.security.AppSecurityException;
import ru.infotech24.apk23main.security.aop.AppSecuredContextManager;
import ru.infotech24.apk23main.security.domain.SecurityRole;
import ru.infotech24.apk23main.security.domain.User;
import ru.infotech24.apk23main.security.oauth.EsiaPrincipal;
import ru.infotech24.apk23main.security.oauth.IdentificationData;
import ru.infotech24.common.exceptions.BusinessLogicException;
import ru.infotech24.common.helpers.ObjectUtils;
import ru.infotech24.common.helpers.StringUtils;

@Service
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/user/UserServiceEsia.class */
public class UserServiceEsia implements UserService {

    @Value("${application-settings.main-institution-id}")
    private Integer mainInstitutionId;

    @Value("${application-settings.soc-contract-create-enabled}")
    private Boolean canCreateSocContract;
    private final HttpServletRequest httpServletRequest;
    private final InstitutionEmployeeDao institutionEmployeeDao;
    private final PerRequestStash stash;
    private final InstitutionDao institutionDao;
    private final AddressDao addressDao;
    private final PersonBl personBl;
    private final PersonDao personDao;
    private static ThreadLocal<User> impersonatedUserData = new ThreadLocal<>();

    @Autowired
    public UserServiceEsia(HttpServletRequest httpServletRequest, InstitutionEmployeeDao institutionEmployeeDao, PerRequestStash perRequestStash, InstitutionDao institutionDao, AddressDao addressDao, PersonBl personBl, PersonDao personDao) {
        this.httpServletRequest = httpServletRequest;
        this.institutionEmployeeDao = institutionEmployeeDao;
        this.stash = perRequestStash;
        this.institutionDao = institutionDao;
        this.addressDao = addressDao;
        this.personBl = personBl;
        this.personDao = personDao;
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public User getCurrentUser() {
        User tryGetImpersonatedUser = tryGetImpersonatedUser();
        return tryGetImpersonatedUser != null ? tryGetImpersonatedUser : loadUser((EsiaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal(), getCurrentUserId());
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public boolean isExternalApiRequest() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            if (!isX509Authentication(authentication)) {
                return false;
            }
        }
        return true;
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public Integer getCurrentUserId() {
        User tryGetImpersonatedUser = tryGetImpersonatedUser();
        if (tryGetImpersonatedUser != null) {
            return Integer.valueOf(tryGetImpersonatedUser.getId());
        }
        EsiaPrincipal esiaPrincipal = (EsiaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return Integer.valueOf(esiaPrincipal.getImpersonateAsUserId() != null ? esiaPrincipal.getImpersonateAsUserId().intValue() : esiaPrincipal.getId());
    }

    private User tryGetImpersonatedUser() {
        User user = impersonatedUserData.get();
        if (user != null) {
            return user;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || isX509Authentication(authentication)) {
            throw new SecurityException("Пользователь не аутентифицирован и не имперсонализирован");
        }
        return null;
    }

    public static boolean isX509Authentication(Authentication authentication) {
        return authentication != null && (authentication.getCredentials() instanceof X509Certificate);
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public String getCurrentInstitutionShortCaption() {
        return this.institutionDao.byId(getCurrentUser().getInstitutionId()).orElseThrow(() -> {
            return new BusinessLogicException(null, "a18main.Common.objectNotFound");
        }).getShortCaption();
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public Institution getCurrentInstitution() {
        return this.institutionDao.byIdStrong(getCurrentUser().getInstitutionId());
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    @Transactional
    public Integer ensureUserPersonId(User user) {
        Objects.requireNonNull(user, "Данные о пользователе не переданы");
        if (StringUtils.isNullOrWhitespace(user.getFio())) {
            throw new BusinessLogicException("Нет ФИО пользователя");
        }
        if (user.getSnils() == null) {
            throw new BusinessLogicException(null, "Нет информации о СНИЛС пользователя %s %s", user.getLastName(), user.getFirstName());
        }
        InstitutionEmployee byUserId = user.isNewUser() ? null : this.institutionEmployeeDao.byUserId(Integer.valueOf(user.getId()));
        Integer personId = byUserId != null ? byUserId.getPersonId() : null;
        if (personId == null) {
            personId = this.personBl.ensurePersonExists(user.getSnils(), null, null, null, null, null, null, null, 11, StringUtils.makeDigitsLiteral(user.getLastName()), StringUtils.makeDigitsLiteral(user.getFirstName()), StringUtils.makeDigitsLiteral(user.getMiddleName()), user.getBirthDate(), user.getInn(), true).getId();
        }
        if (byUserId != null && !Objects.equals(byUserId.getPersonId(), personId)) {
            byUserId.setPersonId(personId);
            this.institutionEmployeeDao.update(byUserId, byUserId.getKey());
        }
        Person byIdStashed = this.personDao.byIdStashed(personId);
        if (!Objects.equals(byIdStashed.getSnils(), user.getSnils()) || !Objects.equals(byIdStashed.getInn(), user.getInn())) {
            byIdStashed.setSnils(user.getSnils());
            byIdStashed.setInn(user.getInn());
            this.personDao.update(byIdStashed, byIdStashed.getId());
        }
        return personId;
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public Optional<Integer> getUserPersonId(User user) {
        Objects.requireNonNull(user, "Данные о пользователе не переданы");
        if (user.getSnils() == null && user.getBirthDate() == null) {
            throw new BusinessLogicException("Нет ни СНИЛС, ни даты рождения пользователя");
        }
        if (StringUtils.isNullOrWhitespace(user.getFio())) {
            throw new BusinessLogicException("Нет ФИО пользователя");
        }
        InstitutionEmployee byUserId = user.isNewUser() ? null : this.institutionEmployeeDao.byUserId(Integer.valueOf(user.getId()));
        Integer personId = byUserId != null ? byUserId.getPersonId() : null;
        if (personId == null) {
            Person findPerson = this.personBl.findPerson(user.getSnils(), null, null, null, StringUtils.makeDigitsLiteral(user.getLastName()), StringUtils.makeDigitsLiteral(user.getFirstName()), StringUtils.makeDigitsLiteral(user.getMiddleName()), user.getBirthDate(), user.getInn());
            personId = findPerson != null ? findPerson.getId() : null;
        }
        return Optional.ofNullable(personId);
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public Integer ensureCurrentUserPersonId() {
        User currentUser = getCurrentUser();
        if (currentUser == null) {
            throw new BusinessLogicException("Нет данных о текущем пользователе");
        }
        return (Integer) getWithSystemUser(() -> {
            return ensureUserPersonId(currentUser);
        });
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public Optional<Integer> getCurrentUserPersonId() {
        User currentUser = getCurrentUser();
        if (currentUser == null) {
            throw new BusinessLogicException("Нет данных о текущем пользователе");
        }
        return getUserPersonId(currentUser);
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public Optional<User> getUserByPersonId(int i) {
        final InstitutionEmployee byUserPersonId = this.institutionEmployeeDao.byUserPersonId(Integer.valueOf(i));
        final Person orElse = byUserPersonId == null ? this.personDao.byId(Integer.valueOf(i)).orElse(null) : null;
        if (byUserPersonId == null && orElse == null) {
            return Optional.empty();
        }
        if (byUserPersonId != null) {
            Objects.requireNonNull(byUserPersonId.getUniqueUserId(), String.format("У работника %s нет идентификатора пользователя", byUserPersonId.getId()));
        }
        final int intValue = byUserPersonId != null ? byUserPersonId.getUniqueUserId().intValue() : Integer.MIN_VALUE;
        return Optional.of(loadUser(new IdentificationData() { // from class: ru.infotech24.apk23main.security.user.UserServiceEsia.1
            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public int getId() {
                return intValue;
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public String getLastName() {
                return orElse != null ? orElse.getLastName() : byUserPersonId.getLastName();
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public String getFirstName() {
                return orElse != null ? orElse.getFirstName() : byUserPersonId.getFirstName();
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public String getMiddleName() {
                return orElse != null ? orElse.getMiddleName() : byUserPersonId.getMiddleName();
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public LocalDate getBirthDate() {
                return orElse != null ? orElse.getBirthDate() : byUserPersonId.getBirthDate();
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public Long getSnils() {
                return orElse != null ? orElse.getSnils() : byUserPersonId.getSnils();
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public Long getInn() {
                return orElse != null ? orElse.getInn() : byUserPersonId.getInn();
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public String getPhone() {
                return null;
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public String getEmail() {
                return null;
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public Boolean getGender() {
                return true;
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public Document getIDoc() {
                return null;
            }

            @Override // ru.infotech24.apk23main.security.oauth.IdentificationData
            public boolean isImpersonated() {
                return false;
            }
        }, Integer.valueOf(intValue)));
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public User getUserForEmployee(Integer num, Integer num2) {
        return buildUserFromInstitutionEmployee(null, this.institutionEmployeeDao.byIdStrong(new InstitutionEmployee.Key(num, num2)));
    }

    private User loadUser(IdentificationData identificationData, Integer num) {
        if (Objects.equals(num, Integer.MIN_VALUE)) {
            return User.builder().id(num.intValue()).lastName(identificationData.getLastName()).firstName(identificationData.getFirstName()).middleName(identificationData.getMiddleName()).birthDate(identificationData.getBirthDate()).snils(identificationData.getSnils()).inn(identificationData.getInn()).allowedEmployees(new HashSet()).serviceRegionIds(new HashSet()).roleIds(Sets.newHashSet(SecurityRole.APP_ROLE_NEW_USER)).build();
        }
        User user = (User) this.stash.getKeyValueStorage().get("UserServiceEsia_User_" + num);
        if (user == null) {
            InstitutionEmployee byUserId = this.institutionEmployeeDao.byUserId(num);
            if (byUserId == null) {
                throw new AppSecurityException("Пользователь c Ид = " + num + " не зарегистрирован в системе. Доступ невозможен.");
            }
            user = buildUserFromInstitutionEmployee(identificationData, byUserId);
            this.stash.getKeyValueStorage().put("UserServiceEsia_User_" + num, user);
        }
        return user;
    }

    private User buildUserFromInstitutionEmployee(IdentificationData identificationData, InstitutionEmployee institutionEmployee) {
        Institution orElseThrow = this.institutionDao.byId(institutionEmployee.getInstitutionId()).orElseThrow(() -> {
            return new RuntimeException("Учреждение не найдено");
        });
        Integer regionId = orElseThrow.getAddressId() != null ? this.addressDao.byIdStrong(orElseThrow.getAddressId()).getRegionId() : null;
        LocalDate birthDate = (identificationData == null || identificationData.isImpersonated()) ? null : identificationData.getBirthDate();
        Long snils = (identificationData == null || identificationData.isImpersonated()) ? null : identificationData.getSnils();
        Long inn = (identificationData == null || identificationData.isImpersonated()) ? null : identificationData.getInn();
        if (institutionEmployee.getUniqueUserId() == null) {
            throw new BusinessLogicException(String.format("Работнику %s %s не предоставлен доступ к ИС", institutionEmployee.getLastName(), institutionEmployee.getFirstName()));
        }
        return User.builder().id(institutionEmployee.getUniqueUserId().intValue()).lastName(institutionEmployee.getLastName()).firstName(institutionEmployee.getFirstName()).middleName(institutionEmployee.getMiddleName()).birthDate((LocalDate) ObjectUtils.isNull(institutionEmployee.getBirthDate(), birthDate)).snils((Long) ObjectUtils.isNull(institutionEmployee.getSnils(), snils)).inn((Long) ObjectUtils.isNull(institutionEmployee.getInn(), inn)).institutionId(institutionEmployee.getInstitutionId()).institutionEmployeeId(institutionEmployee.getId()).defaultCityId(institutionEmployee.getDefaultCityId()).defaultRegionId(institutionEmployee.getDefaultRegionId()).serviceRegionIds((Set) ObjectUtils.isNull(orElseThrow.getServiceRegions(), new HashSet())).institutionRegRegionId(regionId).allowedEmployees(new HashSet(institutionEmployee.getAllowedEmployees())).roleIds(new HashSet(institutionEmployee.getAsoiRoles())).phone(institutionEmployee.getPhone()).headInstitutionId(orElseThrow.getHeadInstitutionId()).institutionTypeId(orElseThrow.getInstitutionTypeId()).canCreateSocContract(this.canCreateSocContract).build();
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public User getMainUserIfImpersonated() {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            return null;
        }
        EsiaPrincipal esiaPrincipal = (EsiaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if (esiaPrincipal.getImpersonateAsUserId() == null) {
            return null;
        }
        return loadUser(esiaPrincipal, Integer.valueOf(esiaPrincipal.getId()));
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public String getCurrentUserIp() {
        if (SecurityContextHolder.getContext().getAuthentication() == null && impersonatedUserData.get() != null) {
            return "127.0.0.1";
        }
        String header = this.httpServletRequest.getHeader("X-FORWARDED-FOR");
        if (header == null || "".equals(header)) {
            header = this.httpServletRequest.getRemoteAddr();
        }
        return header;
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public void impersonateUser(User user) {
        impersonatedUserData.set(user);
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public void impersonateAsSysuser() {
        if (impersonatedUserData.get() != null) {
            throw new RuntimeException("Пользователь уже аутентифицирован или имперсонализован");
        }
        impersonatedUserData.set(User.builder().id(0).roleIds(Sets.newHashSet(SecurityRole.APP_ROLE_ADMINISTRATOR)).lastName("Система").firstName("Асои").institutionId(this.mainInstitutionId).institutionEmployeeId(0).build());
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public void runWithSystemUser(Runnable runnable) {
        Objects.requireNonNull(runnable);
        User andResetImpersonated = getAndResetImpersonated();
        try {
            impersonateAsSysuser();
            AppSecuredContextManager.runWithoutContext(runnable);
        } finally {
            impersonateUser(andResetImpersonated);
        }
    }

    @Override // ru.infotech24.apk23main.security.user.UserService
    public <T> T getWithSystemUser(Supplier<T> supplier) {
        Objects.requireNonNull(supplier);
        User andResetImpersonated = getAndResetImpersonated();
        try {
            impersonateAsSysuser();
            T t = (T) AppSecuredContextManager.getWithoutContext(supplier);
            impersonateUser(andResetImpersonated);
            return t;
        } catch (Throwable th) {
            impersonateUser(andResetImpersonated);
            throw th;
        }
    }

    private User getAndResetImpersonated() {
        User user = null;
        if (impersonatedUserData.get() != null) {
            user = impersonatedUserData.get();
            impersonateUser(null);
        }
        return user;
    }
}
