package fr.ifremer.dali.security;

import com.google.common.collect.Lists;
import fr.ifremer.dali.config.DaliConfiguration;
import fr.ifremer.dali.dao.administration.user.DaliQuserDao;
import fr.ifremer.dali.dto.referential.PersonDTO;
import fr.ifremer.dali.service.DaliTechnicalException;
import fr.ifremer.quadrige3.core.dao.administration.user.PrivilegeCode;
import fr.ifremer.quadrige3.core.dao.referential.StatusCode;
import fr.ifremer.quadrige3.core.dao.technical.Assert;
import fr.ifremer.quadrige3.core.dao.technical.hibernate.TemporaryDataHelper;
import fr.ifremer.quadrige3.core.security.Encryption;
import fr.ifremer.quadrige3.core.security.QuadrigeUserDetails;
import fr.ifremer.quadrige3.ui.core.dto.QuadrigeBeans;
import java.util.List;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuiton.i18n.I18n;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Lazy
@Service("daliUserDetailsService")
/* loaded from: input_file:fr/ifremer/dali/security/DaliUserDetailsServiceImpl.class */
public class DaliUserDetailsServiceImpl implements UserDetailsService {
    private static final Log LOG = LogFactory.getLog(DaliUserDetailsServiceImpl.class);
    private boolean disabled;
    private final String mockUsername;
    private final String mockCryptPassword;
    private final Integer mockUserId;

    @Resource
    protected DaliQuserDao daliQuserDao;

    @Autowired
    public DaliUserDetailsServiceImpl(DaliConfiguration daliConfiguration) {
        this.disabled = daliConfiguration.isAuthenticationDisabled();
        if (!this.disabled) {
            this.mockUsername = null;
            this.mockCryptPassword = null;
            this.mockUserId = null;
        } else {
            Assert.notBlank(daliConfiguration.getAuthenticationMockUsername(), "Mock username must be set, when authentication is disable");
            Assert.notBlank(daliConfiguration.getAuthenticationMockPassword(), "Mock username must be set, when authentication is disable");
            this.mockUsername = daliConfiguration.getAuthenticationMockUsername();
            this.mockCryptPassword = Encryption.sha(daliConfiguration.getAuthenticationMockPassword());
            this.mockUserId = Integer.valueOf(daliConfiguration.getAuthenticationMockUserId());
            LOG.debug(String.format("Authentication disable. Only this login/password is allowed: [%s/%s]", this.mockUsername, daliConfiguration.getAuthenticationMockPassword()));
        }
    }

    public void setDisabled(boolean z) {
        this.disabled = z;
        if (z) {
            LOG.warn("Authentication has been disabled by the configuration. Please contact your administrator to ask the credentials for test.");
        }
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        if (StringUtils.isBlank(str)) {
            LOG.error("username must not be blank");
            throw new UsernameNotFoundException("username must not be blank");
        }
        if (this.disabled) {
            return loadTestUser(str);
        }
        try {
            PersonDTO userByLogin = this.daliQuserDao.getUserByLogin(Lists.newArrayList(new String[]{StatusCode.ENABLE.value()}), str);
            if (userByLogin != null) {
                return new QuadrigeUserDetails(userByLogin.getId().intValue(), userByLogin.getFirstName() + " " + userByLogin.getName(), this.daliQuserDao.getPasswordByUserId(userByLogin.getId().intValue()), this.daliQuserDao.getPrivilegeCodesByUserId(userByLogin.getId().intValue()), TemporaryDataHelper.isTemporaryId(userByLogin.getId()) || QuadrigeBeans.isLocalStatus(userByLogin.getStatus()));
            }
            String t = I18n.t("dali.error.authentication.userNotFoundOrDisable", new Object[]{str});
            LOG.error(t);
            throw new UsernameNotFoundException(t);
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            throw new DaliTechnicalException(e);
        }
    }

    private UserDetails loadTestUser(String str) throws UsernameNotFoundException {
        if (!this.mockUsername.equals(str)) {
            String format = String.format("Bad username [%s]. Only [%s] is allow, because authentication is disable.", str, this.mockUsername);
            LOG.error(format);
            throw new UsernameNotFoundException(format);
        }
        List privilegeCodesByUserId = this.daliQuserDao.getPrivilegeCodesByUserId(this.mockUserId.intValue());
        if (!privilegeCodesByUserId.contains(PrivilegeCode.REFERENTIAL_ADMINISTRATOR.value())) {
            privilegeCodesByUserId.add(PrivilegeCode.REFERENTIAL_ADMINISTRATOR.value());
        }
        if (!privilegeCodesByUserId.contains(PrivilegeCode.QUALIFIER.value())) {
            privilegeCodesByUserId.add(PrivilegeCode.QUALIFIER.value());
        }
        return new QuadrigeUserDetails(this.mockUserId.intValue(), this.mockUsername, this.mockCryptPassword, privilegeCodesByUserId, TemporaryDataHelper.isTemporaryId(this.mockUserId));
    }
}
