package org.squashtest.tm.service.internal.servers;

import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Provider;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import org.squashtest.tm.core.foundation.exception.NullArgumentException;
import org.squashtest.tm.core.foundation.logger.Logger;
import org.squashtest.tm.core.foundation.logger.LoggerFactory;
import org.squashtest.tm.domain.servers.AuthenticationPolicy;
import org.squashtest.tm.domain.servers.AuthenticationProtocol;
import org.squashtest.tm.domain.servers.Credentials;
import org.squashtest.tm.domain.servers.OAuth2Credentials;
import org.squashtest.tm.domain.servers.ThirdPartyServer;
import org.squashtest.tm.domain.servers.TokenAuthCredentials;
import org.squashtest.tm.exception.bugtracker.CannotObtainOauth2TokensException;
import org.squashtest.tm.exception.bugtracker.InvalidOauth2RequestException;
import org.squashtest.tm.security.UserContextHolder;
import org.squashtest.tm.service.feature.FeatureManager;
import org.squashtest.tm.service.servers.CredentialsProvider;
import org.squashtest.tm.service.servers.ManageableCredentials;
import org.squashtest.tm.service.servers.StoredCredentialsManager;
import org.squashtest.tm.service.servers.UserCredentialsCache;

@Service("squashtest.tm.service.CredentialsProvider")
/* loaded from: input_file:WEB-INF/lib/tm.service-9.0.0.RC2.jar:org/squashtest/tm/service/internal/servers/CredentialsProviderImpl.class */
public class CredentialsProviderImpl implements CredentialsProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(CredentialsProviderImpl.class);
    private static final String CREDENTIALS_FOUND = "CredentialsProviderImpl : credentials found";
    private static final String CREDENTIALS_NOT_FOUND = "CredentialsProviderImpl : credentials not found";
    private static final String CREDENTIALS_FOUND_IN_DB = "CredentialsProviderImpl : found in database";

    @Inject
    private StoredCredentialsManager storedCredentialsManager;

    @Inject
    private FeatureManager featureManager;

    @Inject
    private Provider<OAuth2ConsumerService> oAuth2ConsumerServiceProvider;
    private final ThreadLocal<UserCredentialsCache> threadedCache = new ThreadLocal<>();

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public String currentUser() {
        return getCache().getUser();
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public boolean hasCredentials(ThirdPartyServer thirdPartyServer) {
        return getCurrentUserCredentials(thirdPartyServer).isPresent();
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public boolean hasAppLevelCredentials(ThirdPartyServer thirdPartyServer) {
        return getAppLevelCredentials(thirdPartyServer).isPresent();
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public Optional<Credentials> getCurrentUserCredentials(ThirdPartyServer thirdPartyServer) {
        Optional<Credentials> empty;
        LOGGER.debug("CredentialsProviderImpl : looking for credentials for server '{}' for current user", thirdPartyServer.getName());
        Credentials credentialsFromCache = getCredentialsFromCache(thirdPartyServer);
        if (credentialsFromCache == null) {
            credentialsFromCache = getCurrentUserCredentialsFromStore(thirdPartyServer);
        }
        if (credentialsFromCache != null) {
            Credentials refreshOauth2TokensIfNeeded = refreshOauth2TokensIfNeeded(thirdPartyServer.getId(), credentialsFromCache, currentUser());
            LOGGER.debug(CREDENTIALS_FOUND, new Object[0]);
            empty = Optional.of(refreshOauth2TokensIfNeeded);
        } else {
            LOGGER.debug(CREDENTIALS_NOT_FOUND, new Object[0]);
            empty = Optional.empty();
        }
        return empty;
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public Optional<Credentials> getUserCredentials(ThirdPartyServer thirdPartyServer, String str) {
        Optional<Credentials> empty;
        LOGGER.debug("CredentialsProviderImpl : looking for credentials for server '{}' for user '{}'", thirdPartyServer.getName(), str);
        Credentials userCredentialsFromStore = getUserCredentialsFromStore(thirdPartyServer, str);
        if (userCredentialsFromStore != null) {
            Credentials refreshOauth2TokensIfNeeded = refreshOauth2TokensIfNeeded(thirdPartyServer.getId(), userCredentialsFromStore, str);
            LOGGER.debug(CREDENTIALS_FOUND, new Object[0]);
            empty = Optional.of(refreshOauth2TokensIfNeeded);
        } else {
            LOGGER.debug(CREDENTIALS_NOT_FOUND, new Object[0]);
            empty = Optional.empty();
        }
        return empty;
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public Optional<Credentials> getAppLevelCredentials(ThirdPartyServer thirdPartyServer) {
        Optional<Credentials> empty;
        LOGGER.debug("CredentialsProviderImpl : looking for app-level credentials for server '{}'", thirdPartyServer.getName());
        Credentials appLevelCredentialsFromStore = getAppLevelCredentialsFromStore(thirdPartyServer);
        if (appLevelCredentialsFromStore != null) {
            Credentials refreshOauth2TokensIfNeeded = refreshOauth2TokensIfNeeded(thirdPartyServer.getId(), appLevelCredentialsFromStore, null);
            LOGGER.debug(CREDENTIALS_FOUND, new Object[0]);
            empty = Optional.of(refreshOauth2TokensIfNeeded);
        } else {
            LOGGER.debug(CREDENTIALS_NOT_FOUND, new Object[0]);
            empty = Optional.empty();
        }
        return empty;
    }

    private Credentials refreshOauth2TokensIfNeeded(Long l, Credentials credentials, String str) {
        if (credentials.getImplementedProtocol() == AuthenticationProtocol.OAUTH_2) {
            OAuth2Credentials oAuth2Credentials = (OAuth2Credentials) credentials;
            if (Long.valueOf(System.currentTimeMillis()).longValue() > oAuth2Credentials.getExpirationDate().longValue()) {
                try {
                    return this.oAuth2ConsumerServiceProvider.get().refreshOauth2Token(l, oAuth2Credentials, str);
                } catch (CannotObtainOauth2TokensException | InvalidOauth2RequestException e) {
                    LOGGER.error("Could not refresh Oauth2 token", e);
                }
            }
        }
        return credentials;
    }

    private Credentials getCredentialsFromCache(ThirdPartyServer thirdPartyServer) {
        UserCredentialsCache cache = getCache();
        Credentials credentials = null;
        if (cache.hasCredentials(thirdPartyServer)) {
            credentials = cache.getCredentials(thirdPartyServer);
            LOGGER.trace("CredentialsProviderImpl : found in cache", new Object[0]);
        }
        return credentials;
    }

    private Credentials getCurrentUserCredentialsFromStore(ThirdPartyServer thirdPartyServer) {
        Credentials credentials = null;
        ManageableCredentials findUserCredentials = this.storedCredentialsManager.findUserCredentials(thirdPartyServer.getId().longValue(), currentUser());
        if (findUserCredentials != null) {
            LOGGER.trace(CREDENTIALS_FOUND_IN_DB, new Object[0]);
            credentials = findUserCredentials.build(this.storedCredentialsManager, thirdPartyServer, getCache().getUser());
        }
        return credentials;
    }

    private Credentials getUserCredentialsFromStore(ThirdPartyServer thirdPartyServer, String str) {
        Credentials credentials = null;
        ManageableCredentials findUserCredentials = this.storedCredentialsManager.findUserCredentials(thirdPartyServer.getId().longValue(), str);
        if (findUserCredentials != null) {
            LOGGER.trace(CREDENTIALS_FOUND_IN_DB, new Object[0]);
            credentials = findUserCredentials.build(this.storedCredentialsManager, thirdPartyServer, getCache().getUser());
        }
        return credentials;
    }

    private Credentials getAppLevelCredentialsFromStore(ThirdPartyServer thirdPartyServer) {
        Credentials credentials = null;
        ManageableCredentials unsecuredFindAppLevelCredentials = this.storedCredentialsManager.unsecuredFindAppLevelCredentials(thirdPartyServer.getId().longValue());
        if (unsecuredFindAppLevelCredentials != null) {
            LOGGER.trace(CREDENTIALS_FOUND_IN_DB, new Object[0]);
            credentials = unsecuredFindAppLevelCredentials.build(this.storedCredentialsManager, thirdPartyServer, null);
        }
        return credentials;
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public void cacheCredentials(ThirdPartyServer thirdPartyServer, Credentials credentials) {
        if (thirdPartyServer.getAuthenticationPolicy() == AuthenticationPolicy.APP_LEVEL) {
            LOGGER.debug("CredentialsProviderImpl : refused to cache application-level credentials", new Object[0]);
        } else {
            LOGGER.debug("CredentialsProviderImpl : caching credentials for server '{}'", thirdPartyServer.getName());
            getCache().cacheIfAllowed(thirdPartyServer, credentials);
        }
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public void uncacheCredentials(ThirdPartyServer thirdPartyServer) {
        getCache().uncache(thirdPartyServer);
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public void restoreCache(UserCredentialsCache userCredentialsCache) {
        if (userCredentialsCache == null) {
            throw new NullArgumentException("Cannot store null credentials");
        }
        LOGGER.debug("CredentialsProviderImpl : restoring credentials cache for user '{}'", userCredentialsCache.getUser());
        this.threadedCache.set(userCredentialsCache);
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public void unloadCache() {
        UserCredentialsCache userCredentialsCache = this.threadedCache.get();
        if (userCredentialsCache != null) {
            LOGGER.debug("CredentialsProviderImpl : unloading credentials cache for user '{}'", userCredentialsCache.getUser());
        }
        this.threadedCache.remove();
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public Optional<TokenAuthCredentials> getProjectLevelCredentials(Long l, Long l2) {
        Optional ofNullable = Optional.ofNullable(this.storedCredentialsManager.findProjectCredentials(l.longValue(), l2.longValue()));
        Class<TokenAuthCredentials> cls = TokenAuthCredentials.class;
        TokenAuthCredentials.class.getClass();
        Optional filter = ofNullable.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<TokenAuthCredentials> cls2 = TokenAuthCredentials.class;
        TokenAuthCredentials.class.getClass();
        return filter.map((v1) -> {
            return r1.cast(v1);
        });
    }

    @Override // org.squashtest.tm.service.servers.CredentialsProvider
    public UserCredentialsCache getCache() {
        UserCredentialsCache userCredentialsCache = this.threadedCache.get();
        if (userCredentialsCache == null) {
            LOGGER.trace("CredentialsProviderImpl : current user has no credentials cache (yet).", new Object[0]);
            userCredentialsCache = createDefaultOrDie();
            this.threadedCache.set(userCredentialsCache);
        }
        return userCredentialsCache;
    }

    private UserCredentialsCache createDefaultOrDie() {
        LOGGER.debug("CredentialsProviderImpl : attempting to create a default cache", new Object[0]);
        String username = UserContextHolder.getUsername();
        if (StringUtils.isBlank(username)) {
            throw new IllegalStateException("CredentialsProviderImpl : attempted to get the credentials cache for current user but none were found. This is a programming error, which means that either there is no user context, or that the thread was initiated in an illegal way (the credentials cache were not loaded from the session)");
        }
        return new UserCredentialsCache(username, this.featureManager);
    }
}
