package africa.absa.inception.security;

import africa.absa.inception.core.service.InvalidArgumentException;
import africa.absa.inception.core.service.ServiceUnavailableException;
import africa.absa.inception.core.service.ValidationError;
import africa.absa.inception.core.sorting.SortDirection;
import africa.absa.inception.core.util.PasswordUtil;
import africa.absa.inception.core.util.RandomStringGenerator;
import africa.absa.inception.core.util.ResourceUtil;
import africa.absa.inception.mail.IMailService;
import africa.absa.inception.mail.MailTemplate;
import africa.absa.inception.mail.MailTemplateContentType;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Pageable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:africa/absa/inception/security/SecurityService.class */
public class SecurityService implements ISecurityService, InitializingBean {
    private static final int MAX_FILTERED_ORGANISATIONS = 100;
    private static final int MAX_FILTERED_USER_DIRECTORIES = 100;
    private static final String PASSWORD_RESET_MAIL_TEMPLATE_ID = "Inception.Security.PasswordResetMail";
    private static final Logger logger = LoggerFactory.getLogger(SecurityService.class);
    private final ApplicationContext applicationContext;
    private final FunctionRepository functionRepository;
    private final GroupRepository groupRepository;
    private final IMailService mailService;
    private final PasswordResetRepository passwordResetRepository;
    private final RoleRepository roleRepository;
    private final TenantRepository tenantRepository;
    private final UserDirectoryRepository userDirectoryRepository;
    private final UserDirectorySummaryRepository userDirectorySummaryRepository;
    private final UserDirectoryTypeRepository userDirectoryTypeRepository;
    private final UserRepository userRepository;
    private final Validator validator;
    private final RandomStringGenerator securityCodeGenerator = new RandomStringGenerator(20, new SecureRandom(), "1234567890ACEFGHJKLMNPQRUVWXYabcdefhijkprstuvwx");
    private Map<UUID, IUserDirectory> userDirectories = new ConcurrentHashMap();

    public SecurityService(ApplicationContext applicationContext, Validator validator, IMailService iMailService, FunctionRepository functionRepository, GroupRepository groupRepository, TenantRepository tenantRepository, PasswordResetRepository passwordResetRepository, RoleRepository roleRepository, UserDirectoryRepository userDirectoryRepository, UserDirectorySummaryRepository userDirectorySummaryRepository, UserDirectoryTypeRepository userDirectoryTypeRepository, UserRepository userRepository) {
        this.applicationContext = applicationContext;
        this.validator = validator;
        this.mailService = iMailService;
        this.functionRepository = functionRepository;
        this.groupRepository = groupRepository;
        this.tenantRepository = tenantRepository;
        this.passwordResetRepository = passwordResetRepository;
        this.roleRepository = roleRepository;
        this.userDirectoryRepository = userDirectoryRepository;
        this.userDirectorySummaryRepository = userDirectorySummaryRepository;
        this.userDirectoryTypeRepository = userDirectoryTypeRepository;
        this.userRepository = userRepository;
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void addMemberToGroup(UUID uuid, String str, GroupMemberType groupMemberType, String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (groupMemberType == null) {
            throw new InvalidArgumentException("memberType");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("memberName");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.addMemberToGroup(str, groupMemberType, str2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void addRoleToGroup(UUID uuid, String str, String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, RoleNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("roleCode");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.addRoleToGroup(str, str2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void addUserDirectoryToTenant(UUID uuid, UUID uuid2) throws InvalidArgumentException, TenantNotFoundException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        if (uuid2 == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            try {
                if (!this.tenantRepository.existsById(uuid)) {
                    throw new TenantNotFoundException(uuid);
                }
                if (!this.userDirectoryRepository.existsById(uuid2)) {
                    throw new UserDirectoryNotFoundException(uuid2);
                }
                if (this.tenantRepository.countTenantUserDirectory(uuid, uuid2) > 0) {
                    return;
                }
                this.tenantRepository.addUserDirectoryToTenant(uuid, uuid2);
            } catch (Throwable th) {
                throw new ServiceUnavailableException("Failed to add the user directory (" + uuid2 + ") to the tenant (" + uuid + ")", th);
            }
        } catch (TenantNotFoundException | UserDirectoryNotFoundException e) {
            throw e;
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void addUserToGroup(UUID uuid, String str, String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.addUserToGroup(str, str2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void adminChangePassword(UUID uuid, String str, String str2, boolean z, boolean z2, boolean z3, PasswordChangeReason passwordChangeReason) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("newPassword");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.adminChangePassword(str, str2, z, z2, z3, passwordChangeReason);
    }

    public void afterPropertiesSet() {
        try {
            if (!this.mailService.mailTemplateExists(PASSWORD_RESET_MAIL_TEMPLATE_ID)) {
                this.mailService.createMailTemplate(new MailTemplate(PASSWORD_RESET_MAIL_TEMPLATE_ID, "Password Reset", MailTemplateContentType.HTML, ResourceUtil.getClasspathResource("africa/absa/inception/security/PasswordReset.ftl")));
            }
            reloadUserDirectories();
        } catch (Throwable th) {
            throw new RuntimeException("Failed to initialize the Security Service", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public UUID authenticate(String str, String str2) throws InvalidArgumentException, AuthenticationFailedException, UserLockedException, ExpiredPasswordException, UserNotFoundException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("password");
        }
        try {
            try {
                Optional<UUID> internalUserDirectoryIdForUser = getInternalUserDirectoryIdForUser(str);
                if (internalUserDirectoryIdForUser.isPresent()) {
                    UUID uuid = internalUserDirectoryIdForUser.get();
                    IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
                    if (iUserDirectory == null) {
                        throw new ServiceUnavailableException("The user directory ID (" + uuid + ") for the internal user (" + str + ") is invalid");
                    }
                    iUserDirectory.authenticate(str, str2);
                    return uuid;
                }
                for (UUID uuid2 : this.userDirectories.keySet()) {
                    IUserDirectory iUserDirectory2 = this.userDirectories.get(uuid2);
                    if (iUserDirectory2 != null && !(iUserDirectory2 instanceof InternalUserDirectory) && iUserDirectory2.isExistingUser(str)) {
                        iUserDirectory2.authenticate(str, str2);
                        return uuid2;
                    }
                }
                throw new UserNotFoundException(str);
            } catch (AuthenticationFailedException | ExpiredPasswordException | UserLockedException | UserNotFoundException e) {
                throw e;
            }
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to authenticate the user (" + str + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public UUID changePassword(String str, String str2, String str3) throws InvalidArgumentException, AuthenticationFailedException, UserLockedException, ExistingPasswordException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("password");
        }
        if (!StringUtils.hasText(str3)) {
            throw new InvalidArgumentException("newPassword");
        }
        try {
            try {
                Optional<UUID> internalUserDirectoryIdForUser = getInternalUserDirectoryIdForUser(str);
                if (internalUserDirectoryIdForUser.isPresent()) {
                    UUID uuid = internalUserDirectoryIdForUser.get();
                    IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
                    if (iUserDirectory == null) {
                        throw new ServiceUnavailableException("The user directory ID (" + uuid + ") for the internal user (" + str + ") is invalid");
                    }
                    iUserDirectory.changePassword(str, str2, str3);
                    return uuid;
                }
                for (UUID uuid2 : this.userDirectories.keySet()) {
                    IUserDirectory iUserDirectory2 = this.userDirectories.get(uuid2);
                    if (iUserDirectory2 != null && !(iUserDirectory2 instanceof InternalUserDirectory) && iUserDirectory2.isExistingUser(str)) {
                        iUserDirectory2.changePassword(str, str2, str3);
                        return uuid2;
                    }
                }
                throw new AuthenticationFailedException("Authentication failed while attempting to change the password for the user (" + str + ")");
            } catch (Throwable th) {
                throw new ServiceUnavailableException("Failed to change the password for the user (" + str + ")", th);
            }
        } catch (AuthenticationFailedException | ExistingPasswordException | UserLockedException e) {
            throw e;
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void createFunction(Function function) throws InvalidArgumentException, DuplicateFunctionException, ServiceUnavailableException {
        validateFunction(function);
        try {
            if (this.functionRepository.existsById(function.getCode())) {
                throw new DuplicateFunctionException(function.getCode());
            }
            this.functionRepository.saveAndFlush(function);
        } catch (DuplicateFunctionException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to create the function (" + function.getCode() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void createGroup(Group group) throws InvalidArgumentException, UserDirectoryNotFoundException, DuplicateGroupException, ServiceUnavailableException {
        validateGroup(group);
        IUserDirectory iUserDirectory = this.userDirectories.get(group.getUserDirectoryId());
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(group.getUserDirectoryId());
        }
        iUserDirectory.createGroup(group);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public Optional<UserDirectory> createTenant(Tenant tenant, boolean z) throws InvalidArgumentException, DuplicateTenantException, ServiceUnavailableException {
        validateTenant(tenant);
        UserDirectory userDirectory = null;
        try {
            if (tenant.getId() != null && this.tenantRepository.existsById(tenant.getId())) {
                throw new DuplicateTenantException(tenant.getId());
            }
            if (this.tenantRepository.existsByNameIgnoreCase(tenant.getName())) {
                throw new DuplicateTenantException(tenant.getName());
            }
            if (z) {
                userDirectory = newInternalUserDirectoryForTenant(tenant);
                tenant.linkUserDirectory(userDirectory);
            }
            this.tenantRepository.saveAndFlush(tenant);
            try {
                reloadUserDirectories();
            } catch (Throwable th) {
                logger.error("Failed to reload the user directories", th);
            }
            return Optional.ofNullable(userDirectory);
        } catch (DuplicateTenantException e) {
            throw e;
        } catch (Throwable th2) {
            throw new ServiceUnavailableException("Failed to create the tenant (" + tenant.getId() + ")", th2);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void createUser(User user, boolean z, boolean z2) throws InvalidArgumentException, UserDirectoryNotFoundException, DuplicateUserException, ServiceUnavailableException {
        validateUser(user);
        IUserDirectory iUserDirectory = this.userDirectories.get(user.getUserDirectoryId());
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(user.getUserDirectoryId());
        }
        if (getUserDirectoryIdForUser(user.getUsername()).isPresent()) {
            throw new DuplicateUserException(user.getUsername());
        }
        iUserDirectory.createUser(user, z, z2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void createUserDirectory(UserDirectory userDirectory) throws InvalidArgumentException, DuplicateUserDirectoryException, ServiceUnavailableException {
        validateUserDirectory(userDirectory);
        try {
            if (userDirectory.getId() != null && this.userDirectoryRepository.existsById(userDirectory.getId())) {
                throw new DuplicateUserDirectoryException(userDirectory.getId());
            }
            if (this.userDirectoryRepository.existsByNameIgnoreCase(userDirectory.getName())) {
                throw new DuplicateUserDirectoryException(userDirectory.getName());
            }
            this.userDirectoryRepository.saveAndFlush(userDirectory);
            try {
                reloadUserDirectories();
            } catch (Throwable th) {
                logger.error("Failed to reload the user directories", th);
            }
        } catch (DuplicateUserDirectoryException e) {
            throw e;
        } catch (Throwable th2) {
            throw new ServiceUnavailableException("Failed to create the user directory (" + userDirectory.getName() + ")", th2);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void deleteFunction(String str) throws InvalidArgumentException, FunctionNotFoundException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("functionCode");
        }
        try {
            if (!this.functionRepository.existsById(str)) {
                throw new FunctionNotFoundException(str);
            }
            this.functionRepository.deleteById(str);
        } catch (FunctionNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to delete the function (" + str + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void deleteGroup(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ExistingGroupMembersException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.deleteGroup(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void deleteTenant(UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        try {
            if (!this.tenantRepository.existsById(uuid)) {
                throw new TenantNotFoundException(uuid);
            }
            this.tenantRepository.deleteById(uuid);
        } catch (TenantNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to delete the tenant (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void deleteUser(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.deleteUser(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void deleteUserDirectory(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            if (!this.userDirectoryRepository.existsById(uuid)) {
                throw new UserDirectoryNotFoundException(uuid);
            }
            this.userDirectoryRepository.deleteById(uuid);
            try {
                reloadUserDirectories();
            } catch (Throwable th) {
                logger.error("Failed to reload the user directories", th);
            }
        } catch (UserDirectoryNotFoundException e) {
            throw e;
        } catch (Throwable th2) {
            throw new ServiceUnavailableException("Failed to delete the user directory (" + uuid + ")", th2);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<User> findUsers(UUID uuid, List<UserAttribute> list) throws InvalidArgumentException, UserDirectoryNotFoundException, InvalidAttributeException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (list == null) {
            throw new InvalidArgumentException("attributes");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.findUsers(list);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public Function getFunction(String str) throws InvalidArgumentException, FunctionNotFoundException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("functionCode");
        }
        try {
            Optional findById = this.functionRepository.findById(str);
            if (findById.isPresent()) {
                return (Function) findById.get();
            }
            throw new FunctionNotFoundException(str);
        } catch (FunctionNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the function (" + str + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<String> getFunctionCodesForUser(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getFunctionCodesForUser(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<Function> getFunctions() throws ServiceUnavailableException {
        try {
            return this.functionRepository.findAll();
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the functions", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public Group getGroup(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getGroup(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<String> getGroupNames(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getGroupNames();
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<String> getGroupNamesForUser(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getGroupNamesForUser(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<Group> getGroups(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getGroups();
    }

    @Override // africa.absa.inception.security.ISecurityService
    public Groups getGroups(UUID uuid, String str, SortDirection sortDirection, Integer num, Integer num2) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (num != null && num.intValue() < 0) {
            throw new InvalidArgumentException("pageIndex");
        }
        if (num2 != null && num2.intValue() <= 0) {
            throw new InvalidArgumentException("pageSize");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getGroups(str, sortDirection, num, num2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<Group> getGroupsForUser(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getGroupsForUser(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<GroupMember> getMembersForGroup(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getMembersForGroup(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public GroupMembers getMembersForGroup(UUID uuid, String str, String str2, SortDirection sortDirection, Integer num, Integer num2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (num != null && num.intValue() < 0) {
            throw new InvalidArgumentException("pageIndex");
        }
        if (num2 != null && num2.intValue() <= 0) {
            throw new InvalidArgumentException("pageSize");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getMembersForGroup(str, str2, sortDirection, num, num2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<String> getRoleCodesForGroup(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getRoleCodesForGroup(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<String> getRoleCodesForUser(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getRoleCodesForUser(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<Role> getRoles() throws ServiceUnavailableException {
        try {
            return this.roleRepository.findAll();
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the roles", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<GroupRole> getRolesForGroup(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getRolesForGroup(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public Tenant getTenant(UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        try {
            Optional findById = this.tenantRepository.findById(uuid);
            if (findById.isPresent()) {
                return (Tenant) findById.get();
            }
            throw new TenantNotFoundException(uuid);
        } catch (TenantNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the tenant (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<UUID> getTenantIdsForUserDirectory(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            if (this.userDirectoryRepository.existsById(uuid)) {
                return this.userDirectoryRepository.getTenantIdsById(uuid);
            }
            throw new UserDirectoryNotFoundException(uuid);
        } catch (UserDirectoryNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the IDs for the tenants for the user directory (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public String getTenantName(UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        try {
            Optional<String> nameById = this.tenantRepository.getNameById(uuid);
            if (nameById.isPresent()) {
                return nameById.get();
            }
            throw new TenantNotFoundException(uuid);
        } catch (TenantNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the name of the tenant (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<Tenant> getTenants() throws ServiceUnavailableException {
        try {
            return this.tenantRepository.findAll();
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the tenants", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public Tenants getTenants(String str, SortDirection sortDirection, Integer num, Integer num2) throws InvalidArgumentException, ServiceUnavailableException {
        String str2;
        if (num != null && num.intValue() < 0) {
            throw new InvalidArgumentException("pageIndex");
        }
        if (num2 != null && num2.intValue() <= 0) {
            throw new InvalidArgumentException("pageSize");
        }
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 100;
        }
        Pageable of = PageRequest.of(num.intValue(), Math.min(num2.intValue(), 100));
        try {
            Page<Tenant> findByNameContainingIgnoreCaseOrderByNameAsc = StringUtils.hasText(str) ? sortDirection == SortDirection.ASCENDING ? this.tenantRepository.findByNameContainingIgnoreCaseOrderByNameAsc(str, of) : this.tenantRepository.findByNameContainingIgnoreCaseOrderByNameDesc(str, of) : sortDirection == SortDirection.ASCENDING ? this.tenantRepository.findAllByOrderByNameAsc(of) : this.tenantRepository.findAllByOrderByNameDesc(of);
            return new Tenants(findByNameContainingIgnoreCaseOrderByNameAsc.toList(), findByNameContainingIgnoreCaseOrderByNameAsc.getTotalElements(), str, sortDirection, num, num2);
        } catch (Throwable th) {
            str2 = "Failed to retrieve the tenants";
            throw new ServiceUnavailableException((((StringUtils.hasText(str) ? str2 + String.format(" matching the filter \"%s\"", str) : "Failed to retrieve the tenants") + " for the page " + num + " using the page size " + num2) + ": ") + th.getMessage(), th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<Tenant> getTenantsForUserDirectory(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            if (this.userDirectoryRepository.existsById(uuid)) {
                return this.tenantRepository.findAllByUserDirectoryId(uuid);
            }
            throw new UserDirectoryNotFoundException(uuid);
        } catch (UserDirectoryNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the tenants associated with the user directory (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public User getUser(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getUser(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<UserDirectory> getUserDirectories() throws ServiceUnavailableException {
        try {
            return this.userDirectoryRepository.findAll();
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the user directories", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public UserDirectories getUserDirectories(String str, SortDirection sortDirection, Integer num, Integer num2) throws InvalidArgumentException, ServiceUnavailableException {
        if (num != null && num.intValue() < 0) {
            throw new InvalidArgumentException("pageIndex");
        }
        if (num2 != null && num2.intValue() <= 0) {
            throw new InvalidArgumentException("pageSize");
        }
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 100;
        }
        Pageable of = PageRequest.of(num.intValue(), Math.min(num2.intValue(), 100));
        try {
            Page<UserDirectory> findByNameContainingIgnoreCaseOrderByNameAsc = StringUtils.hasText(str) ? sortDirection == SortDirection.ASCENDING ? this.userDirectoryRepository.findByNameContainingIgnoreCaseOrderByNameAsc(str, of) : this.userDirectoryRepository.findByNameContainingIgnoreCaseOrderByNameDesc(str, of) : sortDirection == SortDirection.ASCENDING ? this.userDirectoryRepository.findAllByOrderByNameAsc(of) : this.userDirectoryRepository.findAllByOrderByNameDesc(of);
            return new UserDirectories(findByNameContainingIgnoreCaseOrderByNameAsc.toList(), findByNameContainingIgnoreCaseOrderByNameAsc.getTotalElements(), str, sortDirection, num, num2);
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the filtered user directories", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<UserDirectory> getUserDirectoriesForTenant(UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        try {
            if (this.tenantRepository.existsById(uuid)) {
                return this.userDirectoryRepository.findAllByTenantId(uuid);
            }
            throw new TenantNotFoundException(uuid);
        } catch (TenantNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the user directories associated with the tenant (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public UserDirectory getUserDirectory(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            Optional findById = this.userDirectoryRepository.findById(uuid);
            if (findById.isPresent()) {
                return (UserDirectory) findById.get();
            }
            throw new UserDirectoryNotFoundException(uuid);
        } catch (UserDirectoryNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the user directory (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public UserDirectoryCapabilities getUserDirectoryCapabilities(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getCapabilities();
    }

    @Override // africa.absa.inception.security.ISecurityService
    public Optional<UUID> getUserDirectoryIdForUser(String str) throws InvalidArgumentException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        try {
            Optional<UUID> internalUserDirectoryIdForUser = getInternalUserDirectoryIdForUser(str);
            if (internalUserDirectoryIdForUser.isPresent()) {
                return internalUserDirectoryIdForUser;
            }
            for (UUID uuid : this.userDirectories.keySet()) {
                IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
                if (iUserDirectory != null && !(iUserDirectory instanceof InternalUserDirectory) && iUserDirectory.isExistingUser(str)) {
                    return Optional.of(uuid);
                }
            }
            return Optional.empty();
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the user directory ID for the user (" + str + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<UUID> getUserDirectoryIdsForTenant(UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        try {
            if (this.tenantRepository.existsById(uuid)) {
                return this.tenantRepository.getUserDirectoryIdsById(uuid);
            }
            throw new TenantNotFoundException(uuid);
        } catch (TenantNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the IDs for the user directories associated with the tenant (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<UUID> getUserDirectoryIdsForUser(String str) throws InvalidArgumentException, UserNotFoundException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        try {
            ArrayList arrayList = new ArrayList();
            Optional<UUID> userDirectoryIdForUser = getUserDirectoryIdForUser(str);
            if (userDirectoryIdForUser.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            Iterator<UUID> it = getTenantIdsForUserDirectory(userDirectoryIdForUser.get()).iterator();
            while (it.hasNext()) {
                arrayList.addAll(getUserDirectoryIdsForTenant(it.next()));
            }
            return arrayList;
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the IDs for the user directories the user (" + str + ") is associated with", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public String getUserDirectoryName(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            Optional<String> nameById = this.userDirectoryRepository.getNameById(uuid);
            if (nameById.isPresent()) {
                return nameById.get();
            }
            throw new UserDirectoryNotFoundException(uuid);
        } catch (UserDirectoryNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the name of the user directory (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public UserDirectorySummaries getUserDirectorySummaries(String str, SortDirection sortDirection, Integer num, Integer num2) throws InvalidArgumentException, ServiceUnavailableException {
        if (num != null && num.intValue() < 0) {
            throw new InvalidArgumentException("pageIndex");
        }
        if (num2 != null && num2.intValue() <= 0) {
            throw new InvalidArgumentException("pageSize");
        }
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 100;
        }
        Pageable of = PageRequest.of(num.intValue(), Math.min(num2.intValue(), 100));
        try {
            Page<UserDirectorySummary> findByNameContainingIgnoreCaseOrderByNameAsc = StringUtils.hasText(str) ? sortDirection == SortDirection.ASCENDING ? this.userDirectorySummaryRepository.findByNameContainingIgnoreCaseOrderByNameAsc(str, of) : this.userDirectorySummaryRepository.findByNameContainingIgnoreCaseOrderByNameDesc(str, of) : sortDirection == SortDirection.ASCENDING ? this.userDirectorySummaryRepository.findAllByOrderByNameAsc(of) : this.userDirectorySummaryRepository.findAllByOrderByNameDesc(of);
            return new UserDirectorySummaries(findByNameContainingIgnoreCaseOrderByNameAsc.toList(), findByNameContainingIgnoreCaseOrderByNameAsc.getTotalElements(), str, sortDirection, num, num2);
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the filtered summaries for the user directories", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<UserDirectorySummary> getUserDirectorySummariesForTenant(UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        try {
            if (this.tenantRepository.existsById(uuid)) {
                return this.userDirectorySummaryRepository.findAllByTenantId(uuid);
            }
            throw new TenantNotFoundException(uuid);
        } catch (TenantNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the summaries for the user directories associated with the tenant (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public UserDirectoryType getUserDirectoryTypeForUserDirectory(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, UserDirectoryTypeNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            try {
                Optional<String> typeForUserDirectoryById = this.userDirectoryRepository.getTypeForUserDirectoryById(uuid);
                if (typeForUserDirectoryById.isEmpty()) {
                    throw new UserDirectoryNotFoundException(uuid);
                }
                Optional findById = this.userDirectoryTypeRepository.findById(typeForUserDirectoryById.get());
                if (findById.isPresent()) {
                    return (UserDirectoryType) findById.get();
                }
                throw new UserDirectoryTypeNotFoundException(typeForUserDirectoryById.get());
            } catch (Throwable th) {
                throw new ServiceUnavailableException("Failed to retrieve the user directory type for the user directory (" + uuid + ")", th);
            }
        } catch (UserDirectoryNotFoundException | UserDirectoryTypeNotFoundException e) {
            throw e;
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<UserDirectoryType> getUserDirectoryTypes() throws ServiceUnavailableException {
        try {
            return this.userDirectoryTypeRepository.findAll();
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the user directory types", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public String getUserName(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getUserName(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public List<User> getUsers(UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getUsers();
    }

    @Override // africa.absa.inception.security.ISecurityService
    public Users getUsers(UUID uuid, String str, UserSortBy userSortBy, SortDirection sortDirection, Integer num, Integer num2) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (userSortBy == null) {
            userSortBy = UserSortBy.NAME;
        }
        if (sortDirection == null) {
            sortDirection = SortDirection.ASCENDING;
        }
        if (num != null && num.intValue() < 0) {
            throw new InvalidArgumentException("pageIndex");
        }
        if (num2 != null && num2.intValue() <= 0) {
            throw new InvalidArgumentException("pageSize");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.getUsers(str, userSortBy, sortDirection, num, num2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void initiatePasswordReset(String str, String str2, boolean z) throws InvalidArgumentException, UserNotFoundException, ServiceUnavailableException {
        initiatePasswordReset(str, str2, z, null);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void initiatePasswordReset(String str, String str2, boolean z, String str3) throws InvalidArgumentException, UserNotFoundException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("resetPasswordUrl");
        }
        try {
            Optional<UUID> userDirectoryIdForUser = getUserDirectoryIdForUser(str);
            if (userDirectoryIdForUser.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            User user = this.userDirectories.get(userDirectoryIdForUser.get()).getUser(str);
            if (StringUtils.hasText(user.getEmail())) {
                if (!StringUtils.hasText(str3)) {
                    str3 = this.securityCodeGenerator.nextString();
                }
                PasswordReset passwordReset = new PasswordReset(str, PasswordUtil.createPasswordHash(str3));
                if (z) {
                    sendPasswordResetEmail(user, str2, str3);
                }
                this.passwordResetRepository.saveAndFlush(passwordReset);
            } else {
                logger.warn("Failed to send the password reset communication to the user (" + str + ") who does not have a valid e-mail address");
            }
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to initiate the password reset process for the user (" + str + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    public boolean isExistingUser(UUID uuid, String str) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.isExistingUser(str);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public boolean isUserInGroup(UUID uuid, String str, String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        return iUserDirectory.isUserInGroup(str, str2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    public void reloadUserDirectories() throws ServiceUnavailableException {
        try {
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
            List<UserDirectoryType> userDirectoryTypes = getUserDirectoryTypes();
            for (UserDirectory userDirectory : getUserDirectories()) {
                UserDirectoryType orElse = userDirectoryTypes.stream().filter(userDirectoryType -> {
                    return userDirectoryType.getCode().equals(userDirectory.getType());
                }).findFirst().orElse(null);
                if (orElse == null) {
                    logger.error("Failed to load the user directory (" + userDirectory.getId() + "): The user directory type (" + userDirectory.getType() + ") was not loaded");
                } else {
                    try {
                        Class<?> loadClass = Thread.currentThread().getContextClassLoader().loadClass(orElse.getUserDirectoryClassName());
                        if (!IUserDirectory.class.isAssignableFrom(loadClass)) {
                            throw new ServiceUnavailableException("The user directory class (" + orElse.getUserDirectoryClassName() + ") does not implement the IUserDirectory interface");
                        }
                        try {
                            IUserDirectory iUserDirectory = (IUserDirectory) loadClass.asSubclass(IUserDirectory.class).getConstructor(UUID.class, List.class, GroupRepository.class, UserRepository.class, RoleRepository.class).newInstance(userDirectory.getId(), userDirectory.getParameters(), this.groupRepository, this.userRepository, this.roleRepository);
                            this.applicationContext.getAutowireCapableBeanFactory().autowireBean(iUserDirectory);
                            concurrentHashMap.put(userDirectory.getId(), iUserDirectory);
                        } catch (NoSuchMethodException e) {
                            throw new ServiceUnavailableException("The user directory class (" + orElse.getUserDirectoryClassName() + ") does not provide a valid constructor (long, Map<String,String>)");
                        }
                    } catch (Throwable th) {
                        throw new ServiceUnavailableException("Failed to initialize the user directory (" + userDirectory.getId() + ")(" + userDirectory.getName() + ")", th);
                    }
                }
            }
            this.userDirectories = concurrentHashMap;
        } catch (Throwable th2) {
            throw new ServiceUnavailableException("Failed to reload the user directories", th2);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void removeMemberFromGroup(UUID uuid, String str, GroupMemberType groupMemberType, String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, GroupMemberNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (groupMemberType == null) {
            throw new InvalidArgumentException("memberType");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("memberName");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.removeMemberFromGroup(str, groupMemberType, str2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void removeRoleFromGroup(UUID uuid, String str, String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, GroupRoleNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("roleCode");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.removeRoleFromGroup(str, str2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void removeUserDirectoryFromTenant(UUID uuid, UUID uuid2) throws InvalidArgumentException, TenantNotFoundException, TenantUserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        if (uuid2 == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        try {
            if (!this.tenantRepository.existsById(uuid)) {
                throw new TenantNotFoundException(uuid);
            }
            if (this.tenantRepository.countTenantUserDirectory(uuid, uuid2) == 0) {
                throw new TenantUserDirectoryNotFoundException(uuid, uuid2);
            }
            this.tenantRepository.removeUserDirectoryFromTenant(uuid, uuid2);
        } catch (TenantNotFoundException | TenantUserDirectoryNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to add the user directory (" + uuid2 + ") to the tenant (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void removeUserFromGroup(UUID uuid, String str, String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("username");
        }
        IUserDirectory iUserDirectory = this.userDirectories.get(uuid);
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(uuid);
        }
        iUserDirectory.removeUserFromGroup(str, str2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void resetPassword(String str, String str2, String str3) throws InvalidArgumentException, InvalidSecurityCodeException, UserLockedException, ExistingPasswordException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        if (!StringUtils.hasText(str2)) {
            throw new InvalidArgumentException("newPassword");
        }
        if (!StringUtils.hasText(str3)) {
            throw new InvalidArgumentException("securityCode");
        }
        try {
            try {
                Optional<UUID> userDirectoryIdForUser = getUserDirectoryIdForUser(str);
                if (userDirectoryIdForUser.isEmpty()) {
                    throw new InvalidSecurityCodeException(str);
                }
                List<PasswordReset> findAllByUsernameAndStatus = this.passwordResetRepository.findAllByUsernameAndStatus(str, PasswordResetStatus.REQUESTED);
                String createPasswordHash = PasswordUtil.createPasswordHash(str3);
                Iterator<PasswordReset> it = findAllByUsernameAndStatus.iterator();
                while (it.hasNext()) {
                    if (it.next().getSecurityCodeHash().equals(createPasswordHash)) {
                        this.userDirectories.get(userDirectoryIdForUser.get()).resetPassword(str, str2);
                        return;
                    }
                }
                throw new InvalidSecurityCodeException(str);
            } catch (Throwable th) {
                throw new ServiceUnavailableException("Failed to reset the password for the user (" + str + ")", th);
            }
        } catch (ExistingPasswordException | InvalidSecurityCodeException | UserLockedException e) {
            throw e;
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void updateFunction(Function function) throws InvalidArgumentException, FunctionNotFoundException, ServiceUnavailableException {
        validateFunction(function);
        try {
            if (!this.functionRepository.existsById(function.getCode())) {
                throw new FunctionNotFoundException(function.getCode());
            }
            this.functionRepository.saveAndFlush(function);
        } catch (FunctionNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to update the function (" + function.getCode() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void updateGroup(Group group) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        validateGroup(group);
        IUserDirectory iUserDirectory = this.userDirectories.get(group.getUserDirectoryId());
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(group.getUserDirectoryId());
        }
        iUserDirectory.updateGroup(group);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void updateTenant(Tenant tenant) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        validateTenant(tenant);
        try {
            Optional findById = this.tenantRepository.findById(tenant.getId());
            if (!findById.isPresent()) {
                throw new TenantNotFoundException(tenant.getId());
            }
            Tenant tenant2 = (Tenant) findById.get();
            tenant2.setName(tenant.getName());
            tenant2.setStatus(tenant.getStatus());
            this.tenantRepository.saveAndFlush(tenant2);
        } catch (TenantNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to update the tenant (" + tenant.getId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void updateUser(User user, boolean z, boolean z2) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        validateUser(user);
        IUserDirectory iUserDirectory = this.userDirectories.get(user.getUserDirectoryId());
        if (iUserDirectory == null) {
            throw new UserDirectoryNotFoundException(user.getUserDirectoryId());
        }
        iUserDirectory.updateUser(user, z, z2);
    }

    @Override // africa.absa.inception.security.ISecurityService
    @Transactional
    public void updateUserDirectory(UserDirectory userDirectory) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        validateUserDirectory(userDirectory);
        try {
            if (!this.userDirectoryRepository.existsById(userDirectory.getId())) {
                throw new UserDirectoryNotFoundException(userDirectory.getId());
            }
            this.userDirectoryRepository.saveAndFlush(userDirectory);
            reloadUserDirectories();
        } catch (UserDirectoryNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to update the user directory (" + userDirectory.getName() + ")", th);
        }
    }

    private Optional<UUID> getInternalUserDirectoryIdForUser(String str) throws ServiceUnavailableException {
        try {
            return this.userRepository.getUserDirectoryIdByUsernameIgnoreCase(str);
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the ID for the internal user directory for the internal user (" + str + ")", th);
        }
    }

    private boolean isNullOrEmpty(Object obj) {
        if (obj == null) {
            return true;
        }
        return (obj instanceof String) && ((String) obj).length() == 0;
    }

    private UserDirectory newInternalUserDirectoryForTenant(Tenant tenant) throws ServiceUnavailableException {
        UserDirectory userDirectory = new UserDirectory();
        if (tenant.getId() != null) {
            userDirectory.setId(tenant.getId());
        }
        userDirectory.setType(ISecurityService.INTERNAL_USER_DIRECTORY_TYPE);
        userDirectory.setName(tenant.getName() + " Internal User Directory");
        try {
            userDirectory.setConfiguration("<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE userDirectory SYSTEM \"UserDirectoryConfiguration.dtd\"><userDirectory><parameter><name>MaxPasswordAttempts</name><value>5</value></parameter><parameter><name>PasswordExpiryMonths</name><value>12</value></parameter><parameter><name>PasswordHistoryMonths</name><value>24</value></parameter><parameter><name>MaxFilteredUsers</name><value>100</value></parameter></userDirectory>");
            return userDirectory;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to set the configuration for the user directory", th);
        }
    }

    private void sendPasswordResetEmail(User user, String str, String str2) throws ServiceUnavailableException {
        try {
            if (StringUtils.hasText(user.getEmail())) {
                HashMap hashMap = new HashMap();
                hashMap.put("preferredName", user.getPreferredName().toUpperCase());
                hashMap.put("securityCode", str2);
                hashMap.put("resetPasswordUrl", str + "?username=" + URLEncoder.encode(user.getUsername(), StandardCharsets.UTF_8) + "&securityCode=" + URLEncoder.encode(str2, StandardCharsets.UTF_8));
                this.mailService.sendMail(Collections.singletonList(user.getEmail()), "Password Reset", "no-reply@inception.digital", "Inception", PASSWORD_RESET_MAIL_TEMPLATE_ID, hashMap);
            }
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to send the password reset e-mail", th);
        }
    }

    private void validateFunction(Function function) throws InvalidArgumentException {
        if (function == null) {
            throw new InvalidArgumentException("function");
        }
        Set validate = this.validator.validate(function, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("function", ValidationError.toValidationErrors(validate));
        }
    }

    private void validateGroup(Group group) throws InvalidArgumentException {
        if (group == null) {
            throw new InvalidArgumentException("group");
        }
        Set validate = this.validator.validate(group, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("group", ValidationError.toValidationErrors(validate));
        }
    }

    private void validateTenant(Tenant tenant) throws InvalidArgumentException {
        if (tenant == null) {
            throw new InvalidArgumentException("tenant");
        }
        Set validate = this.validator.validate(tenant, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("tenant", ValidationError.toValidationErrors(validate));
        }
    }

    private void validateUser(User user) throws InvalidArgumentException {
        if (user == null) {
            throw new InvalidArgumentException("user");
        }
        Set validate = this.validator.validate(user, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("user", ValidationError.toValidationErrors(validate));
        }
    }

    private void validateUserDirectory(UserDirectory userDirectory) throws InvalidArgumentException {
        if (userDirectory == null) {
            throw new InvalidArgumentException("userDirectory");
        }
        Set validate = this.validator.validate(userDirectory, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("userDirectory", ValidationError.toValidationErrors(validate));
        }
    }
}
