package com.appiancorp.security.auth.oidc;

import com.appiancorp.security.auth.AutoSyncUserData;
import com.appiancorp.security.auth.UserSyncer;
import com.appiancorp.security.auth.oidc.persistence.entities.OidcSettings;
import com.appiancorp.security.auth.oidc.persistence.service.OidcSettingsService;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserProfileService;
import com.google.common.base.Strings;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

/* loaded from: input_file:com/appiancorp/security/auth/oidc/OidcAuthenticator.class */
public class OidcAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(OidcAuthenticator.class);
    private final UserProfileService adminUserProfileService;
    private final UserSyncer userSyncer;
    private final OidcSettingsService oidcSettingsService;

    public OidcAuthenticator(UserProfileService userProfileService, UserSyncer userSyncer, OidcSettingsService oidcSettingsService) {
        this.adminUserProfileService = userProfileService;
        this.userSyncer = userSyncer;
        this.oidcSettingsService = oidcSettingsService;
    }

    public UserProfile authenticateUser(OidcUser oidcUser) throws InvalidUserException, OidcUserDataMissingException {
        Optional oidcSettingsByFriendlyName = this.oidcSettingsService.getOidcSettingsByFriendlyName("oidc");
        if (!oidcSettingsByFriendlyName.isPresent()) {
            LOG.error("Unable to find OIDC settings.");
            throw new OidcAuthenticationException("Unable to find OIDC settings.");
        }
        OidcSettings oidcSettings = (OidcSettings) oidcSettingsByFriendlyName.get();
        OidcAutoSyncUserData parse = OidcUserDataParser.parse(oidcUser, oidcSettings);
        Optional<UserProfile> empty = Optional.empty();
        try {
            empty = Optional.ofNullable(this.adminUserProfileService.getUser(parse.getUsername()));
        } catch (InvalidUserException e) {
            if (!parse.createUser()) {
                LOG.error("OIDC authentication failed due to invalid username '{}'", parse.getUsername(), e);
                throw e;
            }
            LOG.debug("Creating '{}' user since they didn't exist and create user was enabled.", parse.getUsername());
        }
        if (!empty.isPresent() || parse.syncUserAttributes() || parse.syncUserGroups()) {
            return createOrUpdateUser(oidcSettings, parse, empty, !empty.isPresent());
        }
        return empty.get();
    }

    private UserProfile createOrUpdateUser(OidcSettings oidcSettings, AutoSyncUserData autoSyncUserData, Optional<UserProfile> optional, boolean z) {
        String groupTypeUuid = oidcSettings.getGroupTypeUuid();
        if (groupTypeUuid == null) {
            groupTypeUuid = "";
        }
        String appianGroupAttributeName = oidcSettings.getAppianGroupAttributeName();
        if (appianGroupAttributeName == null) {
            appianGroupAttributeName = "";
        }
        Optional empty = Optional.empty();
        if (!Strings.isNullOrEmpty(oidcSettings.getAuthenticationGroupUuid())) {
            empty = Optional.of(oidcSettings.getAuthenticationGroupUuid());
        }
        if (z) {
            LOG.debug("Creating user '{}' in group '{}'.", autoSyncUserData.getUsername(), oidcSettings.getGroupTypeUuid());
            return this.userSyncer.createAppianUser(autoSyncUserData, empty, groupTypeUuid, appianGroupAttributeName);
        }
        try {
            LOG.debug("Syncing user '{}'.", autoSyncUserData.getUsername());
            return this.userSyncer.updateAppianUser(autoSyncUserData, optional.get(), groupTypeUuid, appianGroupAttributeName);
        } catch (Exception e) {
            LOG.error("Error updating Appian user '{}'", autoSyncUserData.getUsername(), e);
            throw new OidcAuthenticationException("Error updating Appian user", e);
        }
    }
}
