package africa.absa.inception.security;

import africa.absa.inception.core.service.ServiceUnavailableException;
import africa.absa.inception.core.sorting.SortDirection;
import africa.absa.inception.core.util.PasswordUtil;
import com.github.f4b6a3.uuid.UuidCreator;
import java.security.SecureRandom;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import org.springframework.data.domain.Example;
import org.springframework.data.domain.ExampleMatcher;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.StringUtils;

/* loaded from: input_file:africa/absa/inception/security/InternalUserDirectory.class */
public class InternalUserDirectory extends UserDirectoryBase {
    private static final int DEFAULT_MAX_FILTERED_GROUPS = 100;
    private static final int DEFAULT_MAX_FILTERED_GROUP_MEMBERS = 100;
    private static final int DEFAULT_MAX_FILTERED_USERS = 100;
    private static final int DEFAULT_MAX_PASSWORD_ATTEMPTS = 5;
    private static final int DEFAULT_PASSWORD_EXPIRY_MONTHS = 3;
    private static final int DEFAULT_PASSWORD_HISTORY_MONTHS = 12;
    private static final UserDirectoryCapabilities INTERNAL_USER_DIRECTORY_CAPABILITIES = new UserDirectoryCapabilities(true, true, true, true, true, true, true, true);
    private final int maxFilteredGroupMembers;
    private final int maxFilteredGroups;
    private final int maxFilteredUsers;
    private final int maxPasswordAttempts;
    private final PasswordEncoder passwordEncoder;
    private final int passwordExpiryMonths;
    private final int passwordHistoryMonths;

    public InternalUserDirectory(UUID uuid, List<UserDirectoryParameter> list, GroupRepository groupRepository, UserRepository userRepository, RoleRepository roleRepository) throws ServiceUnavailableException {
        super(uuid, list, groupRepository, userRepository, roleRepository);
        this.passwordEncoder = new BCryptPasswordEncoder(10, new SecureRandom());
        try {
            if (UserDirectoryParameter.contains(list, "MaxPasswordAttempts")) {
                this.maxPasswordAttempts = UserDirectoryParameter.getIntegerValue(list, "MaxPasswordAttempts");
            } else {
                this.maxPasswordAttempts = DEFAULT_MAX_PASSWORD_ATTEMPTS;
            }
            if (UserDirectoryParameter.contains(list, "PasswordExpiryMonths")) {
                this.passwordExpiryMonths = UserDirectoryParameter.getIntegerValue(list, "PasswordExpiryMonths");
            } else {
                this.passwordExpiryMonths = DEFAULT_PASSWORD_EXPIRY_MONTHS;
            }
            if (UserDirectoryParameter.contains(list, "PasswordHistoryMonths")) {
                this.passwordHistoryMonths = UserDirectoryParameter.getIntegerValue(list, "PasswordHistoryMonths");
            } else {
                this.passwordHistoryMonths = DEFAULT_PASSWORD_HISTORY_MONTHS;
            }
            if (UserDirectoryParameter.contains(list, "MaxFilteredUsers")) {
                this.maxFilteredUsers = UserDirectoryParameter.getIntegerValue(list, "MaxFilteredUsers");
            } else {
                this.maxFilteredUsers = 100;
            }
            if (UserDirectoryParameter.contains(list, "MaxFilteredGroups")) {
                this.maxFilteredGroups = UserDirectoryParameter.getIntegerValue(list, "MaxFilteredGroups");
            } else {
                this.maxFilteredGroups = 100;
            }
            if (UserDirectoryParameter.contains(list, "MaxFilteredGroupMembers")) {
                this.maxFilteredGroupMembers = UserDirectoryParameter.getIntegerValue(list, "MaxFilteredGroupMembers");
            } else {
                this.maxFilteredGroupMembers = 100;
            }
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to initialize the user directory (" + uuid + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void addMemberToGroup(String str, GroupMemberType groupMemberType, String str2) throws GroupNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (groupMemberType != GroupMemberType.USER) {
            throw new ServiceUnavailableException("Unsupported group member type (" + groupMemberType.description() + ")");
        }
        if (isUserInGroup(str, str2)) {
            return;
        }
        addUserToGroup(str, str2);
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void addRoleToGroup(String str, String str2) throws GroupNotFoundException, RoleNotFoundException, ServiceUnavailableException {
        try {
            try {
                Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
                if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                    throw new GroupNotFoundException(str);
                }
                if (!getRoleRepository().existsById(str2)) {
                    throw new RoleNotFoundException(str2);
                }
                if (getGroupRepository().countGroupRole(idByUserDirectoryIdAndNameIgnoreCase.get(), str2) > 0) {
                    return;
                }
                getGroupRepository().addRoleToGroup(idByUserDirectoryIdAndNameIgnoreCase.get(), str2);
            } catch (Throwable th) {
                throw new ServiceUnavailableException("Failed to add the role (" + str2 + ") to the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
            }
        } catch (GroupNotFoundException | RoleNotFoundException e) {
            throw e;
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str2);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str2);
            }
            getGroupRepository().addUserToGroup(idByUserDirectoryIdAndNameIgnoreCase.get(), idByUserDirectoryIdAndUsernameIgnoreCase.get());
        } catch (GroupNotFoundException | UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to add the user (" + str2 + ") to the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void adminChangePassword(String str, String str2, boolean z, boolean z2, boolean z3, PasswordChangeReason passwordChangeReason) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            String encode = this.passwordEncoder.encode(str2);
            int i = 0;
            if (z2) {
                i = this.maxPasswordAttempts;
            }
            getUserRepository().changePassword(idByUserDirectoryIdAndUsernameIgnoreCase.get(), encode, i, Optional.of(z ? LocalDateTime.now() : LocalDateTime.now().plus(this.passwordExpiryMonths, (TemporalUnit) ChronoUnit.MONTHS)));
            if (z3) {
                getUserRepository().resetPasswordHistory(idByUserDirectoryIdAndUsernameIgnoreCase.get());
            }
            getUserRepository().savePasswordInPasswordHistory(idByUserDirectoryIdAndUsernameIgnoreCase.get(), encode);
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to change the password for the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void authenticate(String str, String str2) throws AuthenticationFailedException, UserLockedException, ExpiredPasswordException, UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<User> findByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().findByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (findByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            User user = findByUserDirectoryIdAndUsernameIgnoreCase.get();
            if (user.getPasswordAttempts() != null && user.getPasswordAttempts().intValue() >= this.maxPasswordAttempts) {
                throw new UserLockedException(str);
            }
            if (this.passwordEncoder.matches(str2, user.getPassword())) {
                if (user.hasPasswordExpired()) {
                    throw new ExpiredPasswordException(str);
                }
            } else {
                if (user.getPasswordAttempts() != null && user.getPasswordAttempts().intValue() != -1) {
                    getUserRepository().incrementPasswordAttempts(user.getId());
                }
                throw new AuthenticationFailedException("Authentication failed for the user (" + str + ")");
            }
        } catch (AuthenticationFailedException | ExpiredPasswordException | UserLockedException | UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to authenticate the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void changePassword(String str, String str2, String str3) throws AuthenticationFailedException, UserLockedException, ExistingPasswordException, ServiceUnavailableException {
        try {
            Optional<User> findByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().findByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (findByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new AuthenticationFailedException("Authentication failed while attempting to change the password for the user (" + str + ")");
            }
            User user = findByUserDirectoryIdAndUsernameIgnoreCase.get();
            if (user.getPasswordAttempts() != null && user.getPasswordAttempts().intValue() > this.maxPasswordAttempts) {
                throw new UserLockedException(str);
            }
            String encode = this.passwordEncoder.encode(str3);
            if (!this.passwordEncoder.matches(str2, user.getPassword())) {
                throw new AuthenticationFailedException("Authentication failed while attempting to change the password for the user (" + str + ")");
            }
            if (isPasswordInHistory(user.getId(), str3)) {
                throw new ExistingPasswordException(str);
            }
            getUserRepository().changePassword(user.getId(), encode, 0, Optional.of(LocalDateTime.now().plus(this.passwordExpiryMonths, (TemporalUnit) ChronoUnit.MONTHS)));
            getUserRepository().savePasswordInPasswordHistory(user.getId(), encode);
        } catch (AuthenticationFailedException | ExistingPasswordException | UserLockedException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to change the password for the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void createGroup(Group group) throws DuplicateGroupException, ServiceUnavailableException {
        try {
            if (getGroupRepository().existsByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), group.getName())) {
                throw new DuplicateGroupException(group.getName());
            }
            group.setId(UuidCreator.getShortPrefixComb());
            getGroupRepository().saveAndFlush(group);
        } catch (DuplicateGroupException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to create the group (" + group.getName() + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void createUser(User user, boolean z, boolean z2) throws DuplicateUserException, ServiceUnavailableException {
        try {
            if (getUserRepository().existsByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), user.getUsername())) {
                throw new DuplicateUserException(user.getUsername());
            }
            user.setId(UuidCreator.getShortPrefixComb());
            String encode = !isNullOrEmpty(user.getPassword()) ? this.passwordEncoder.encode(user.getPassword()) : this.passwordEncoder.encode(PasswordUtil.generateRandomPassword());
            user.setPassword(encode);
            if (z2) {
                user.setPasswordAttempts(this.maxPasswordAttempts);
            } else {
                user.setPasswordAttempts(0);
            }
            if (z) {
                user.setPasswordExpiry(LocalDateTime.now());
            } else {
                user.setPasswordExpiry(LocalDateTime.now().plus(this.passwordExpiryMonths, (TemporalUnit) ChronoUnit.MONTHS));
            }
            getUserRepository().saveAndFlush(user);
            getUserRepository().savePasswordInPasswordHistory(user.getId(), encode);
        } catch (DuplicateUserException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to create the user (" + user.getUsername() + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void deleteGroup(String str) throws GroupNotFoundException, ExistingGroupMembersException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            if (getGroupRepository().countUsersById(idByUserDirectoryIdAndNameIgnoreCase.get()) > 0) {
                throw new ExistingGroupMembersException(str);
            }
            getGroupRepository().deleteById(idByUserDirectoryIdAndNameIgnoreCase.get());
        } catch (ExistingGroupMembersException | GroupNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to delete the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void deleteUser(String str) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            getUserRepository().deleteById(idByUserDirectoryIdAndUsernameIgnoreCase.get());
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to delete the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<User> findUsers(List<UserAttribute> list) throws InvalidAttributeException, ServiceUnavailableException {
        try {
            User user = new User();
            user.setUserDirectoryId(getUserDirectoryId());
            for (UserAttribute userAttribute : list) {
                if (userAttribute.getName().equalsIgnoreCase("status")) {
                    user.setStatus(UserStatus.fromCode(userAttribute.getValue()));
                } else if (userAttribute.getName().equalsIgnoreCase("email")) {
                    user.setEmail(userAttribute.getValue());
                } else if (userAttribute.getName().equalsIgnoreCase("name")) {
                    user.setName(userAttribute.getValue());
                } else if (userAttribute.getName().equalsIgnoreCase("preferredName")) {
                    user.setPreferredName(userAttribute.getValue());
                } else if (userAttribute.getName().equalsIgnoreCase("phoneNumber")) {
                    user.setPhoneNumber(userAttribute.getValue());
                } else if (userAttribute.getName().equalsIgnoreCase("mobileNumber")) {
                    user.setMobileNumber(userAttribute.getValue());
                } else {
                    if (!userAttribute.getName().equalsIgnoreCase("username")) {
                        throw new InvalidAttributeException(userAttribute.getName());
                    }
                    user.setUsername(userAttribute.getValue());
                }
            }
            return getUserRepository().findAll(Example.of(user, ExampleMatcher.matching().withIgnoreNullValues().withIgnoreCase().withStringMatcher(ExampleMatcher.StringMatcher.CONTAINING)));
        } catch (InvalidAttributeException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to find the users for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public UserDirectoryCapabilities getCapabilities() {
        return INTERNAL_USER_DIRECTORY_CAPABILITIES;
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<String> getFunctionCodesForUser(String str) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            return getUserRepository().getFunctionCodesByUserId(idByUserDirectoryIdAndUsernameIgnoreCase.get());
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the function codes for the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public Group getGroup(String str) throws GroupNotFoundException, ServiceUnavailableException {
        try {
            Optional<Group> findByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().findByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (findByUserDirectoryIdAndNameIgnoreCase.isPresent()) {
                return findByUserDirectoryIdAndNameIgnoreCase.get();
            }
            throw new GroupNotFoundException(str);
        } catch (GroupNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<String> getGroupNames() throws ServiceUnavailableException {
        try {
            return getGroupRepository().getNamesByUserDirectoryId(getUserDirectoryId());
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the group names for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<String> getGroupNamesForUser(String str) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            return getUserRepository().getGroupNamesByUserId(idByUserDirectoryIdAndUsernameIgnoreCase.get());
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the names of the groups the user (" + str + ") is a member of for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<Group> getGroups() throws ServiceUnavailableException {
        try {
            return getGroupRepository().findByUserDirectoryId(getUserDirectoryId());
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the groups for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public Groups getGroups(String str, SortDirection sortDirection, Integer num, Integer num2) throws ServiceUnavailableException {
        if (num == null) {
            try {
                num = 0;
            } catch (Throwable th) {
                throw new ServiceUnavailableException("Failed to retrieve the filtered groups for the user directory (" + getUserDirectoryId() + ")", th);
            }
        }
        if (num2 == null) {
            num2 = Integer.valueOf(this.maxFilteredGroups);
        }
        PageRequest of = PageRequest.of(num.intValue(), Math.min(num2.intValue(), this.maxFilteredGroups), sortDirection == SortDirection.ASCENDING ? Sort.Direction.ASC : Sort.Direction.DESC, new String[]{"name"});
        Page<Group> findFiltered = StringUtils.hasText(str) ? getGroupRepository().findFiltered(getUserDirectoryId(), "%" + str + "%", of) : getGroupRepository().findByUserDirectoryId(getUserDirectoryId(), of);
        return new Groups(getUserDirectoryId(), findFiltered.toList(), findFiltered.getTotalElements(), str, sortDirection, num, num2);
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<Group> getGroupsForUser(String str) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            return getUserRepository().getGroupsByUserId(idByUserDirectoryIdAndUsernameIgnoreCase.get());
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the groups the user is a member of (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<GroupMember> getMembersForGroup(String str) throws GroupNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            List<String> usernamesForGroup = getGroupRepository().getUsernamesForGroup(getUserDirectoryId(), idByUserDirectoryIdAndNameIgnoreCase.get());
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = usernamesForGroup.iterator();
            while (it.hasNext()) {
                arrayList.add(new GroupMember(getUserDirectoryId(), str, GroupMemberType.USER, it.next()));
            }
            return arrayList;
        } catch (GroupNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the group members for the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public GroupMembers getMembersForGroup(String str, String str2, SortDirection sortDirection, Integer num, Integer num2) throws GroupNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            if (num == null) {
                num = 0;
            }
            if (num2 == null) {
                num2 = Integer.valueOf(this.maxFilteredGroups);
            }
            PageRequest of = PageRequest.of(num.intValue(), Math.min(num2.intValue(), this.maxFilteredGroupMembers));
            Page<String> filteredUsernamesForGroup = StringUtils.hasText(str2) ? getGroupRepository().getFilteredUsernamesForGroup(getUserDirectoryId(), idByUserDirectoryIdAndNameIgnoreCase.get(), "%" + str2 + "%", of) : getGroupRepository().getUsernamesForGroup(getUserDirectoryId(), idByUserDirectoryIdAndNameIgnoreCase.get(), of);
            ArrayList arrayList = new ArrayList();
            Iterator it = filteredUsernamesForGroup.iterator();
            while (it.hasNext()) {
                arrayList.add(new GroupMember(getUserDirectoryId(), str, GroupMemberType.USER, (String) it.next()));
            }
            if (sortDirection == null || sortDirection == SortDirection.ASCENDING) {
                arrayList.sort(Comparator.comparing((v0) -> {
                    return v0.getMemberName();
                }));
            } else {
                arrayList.sort(Comparator.comparing((v0) -> {
                    return v0.getMemberName();
                }).reversed());
            }
            return new GroupMembers(getUserDirectoryId(), str, arrayList, filteredUsernamesForGroup.getTotalElements(), str2, sortDirection, num, num2);
        } catch (GroupNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the group members for the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<String> getRoleCodesForGroup(String str) throws GroupNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            return getGroupRepository().getRoleCodesByGroupId(idByUserDirectoryIdAndNameIgnoreCase.get());
        } catch (GroupNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the role codes for the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<String> getRoleCodesForUser(String str) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            return getUserRepository().getRoleCodesByUserId(idByUserDirectoryIdAndUsernameIgnoreCase.get());
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the role codes for the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<GroupRole> getRolesForGroup(String str) throws GroupNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = getGroupRepository().getRoleCodesByGroupId(idByUserDirectoryIdAndNameIgnoreCase.get()).iterator();
            while (it.hasNext()) {
                arrayList.add(new GroupRole(getUserDirectoryId(), str, it.next()));
            }
            return arrayList;
        } catch (GroupNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the roles for the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public User getUser(String str) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<User> findByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().findByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (findByUserDirectoryIdAndUsernameIgnoreCase.isPresent()) {
                return findByUserDirectoryIdAndUsernameIgnoreCase.get();
            }
            throw new UserNotFoundException(str);
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public String getUserName(String str) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<String> nameByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getNameByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (nameByUserDirectoryIdAndUsernameIgnoreCase.isPresent()) {
                return nameByUserDirectoryIdAndUsernameIgnoreCase.get();
            }
            throw new UserNotFoundException(str);
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the name of the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public List<User> getUsers() throws ServiceUnavailableException {
        try {
            return getUserRepository().findByUserDirectoryId(getUserDirectoryId());
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to retrieve the users for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public Users getUsers(String str, UserSortBy userSortBy, SortDirection sortDirection, Integer num, Integer num2) throws ServiceUnavailableException {
        PageRequest pageRequest = null;
        if (num == null) {
            try {
                num = 0;
            } catch (Throwable th) {
                throw new ServiceUnavailableException("Failed to retrieve the filtered users for the user directory (" + getUserDirectoryId() + ")", th);
            }
        }
        if (num2 == null) {
            num2 = Integer.valueOf(this.maxFilteredUsers);
        }
        if (userSortBy == UserSortBy.USERNAME) {
            pageRequest = PageRequest.of(num.intValue(), Math.min(num2.intValue(), this.maxFilteredUsers), sortDirection == SortDirection.ASCENDING ? Sort.Direction.ASC : Sort.Direction.DESC, new String[]{"username"});
        } else if (userSortBy == UserSortBy.NAME) {
            pageRequest = PageRequest.of(num.intValue(), Math.min(num2.intValue(), this.maxFilteredUsers), sortDirection == SortDirection.ASCENDING ? Sort.Direction.ASC : Sort.Direction.DESC, new String[]{"name"});
        } else if (userSortBy == UserSortBy.PREFERRED_NAME) {
            pageRequest = PageRequest.of(num.intValue(), Math.min(num2.intValue(), this.maxFilteredUsers), sortDirection == SortDirection.ASCENDING ? Sort.Direction.ASC : Sort.Direction.DESC, new String[]{"preferredName"});
        }
        Page<User> findFiltered = StringUtils.hasText(str) ? getUserRepository().findFiltered(getUserDirectoryId(), "%" + str + "%", pageRequest) : getUserRepository().findByUserDirectoryId(getUserDirectoryId(), pageRequest);
        return new Users(getUserDirectoryId(), findFiltered.toList(), findFiltered.getTotalElements(), str, userSortBy, sortDirection, num, num2);
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public boolean isExistingUser(String str) throws ServiceUnavailableException {
        try {
            return getUserRepository().existsByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to check whether the user (" + str + ") is an existing user for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public boolean isUserInGroup(String str, String str2) throws UserNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str2);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str2);
            }
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            return getUserRepository().isUserInGroup(idByUserDirectoryIdAndUsernameIgnoreCase.get(), idByUserDirectoryIdAndNameIgnoreCase.get());
        } catch (GroupNotFoundException | UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to check if the user (" + str2 + ") is in the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void removeMemberFromGroup(String str, GroupMemberType groupMemberType, String str2) throws GroupNotFoundException, GroupMemberNotFoundException, ServiceUnavailableException {
        if (groupMemberType != GroupMemberType.USER) {
            throw new ServiceUnavailableException("Unsupported group member type (" + groupMemberType.description() + ")");
        }
        try {
            removeUserFromGroup(str, str2);
        } catch (UserNotFoundException e) {
            throw new GroupMemberNotFoundException(groupMemberType, str2);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void removeRoleFromGroup(String str, String str2) throws GroupNotFoundException, GroupRoleNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            if (getGroupRepository().removeRoleFromGroup(idByUserDirectoryIdAndNameIgnoreCase.get(), str2) == 0) {
                throw new GroupRoleNotFoundException(str2);
            }
        } catch (GroupNotFoundException | GroupRoleNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to remove the role (" + str2 + ") from the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void removeUserFromGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<UUID> idByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().getIdByUserDirectoryIdAndNameIgnoreCase(getUserDirectoryId(), str);
            if (idByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(str);
            }
            Optional<UUID> idByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().getIdByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str2);
            if (idByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str2);
            }
            getGroupRepository().removeUserFromGroup(idByUserDirectoryIdAndNameIgnoreCase.get(), idByUserDirectoryIdAndUsernameIgnoreCase.get());
        } catch (GroupNotFoundException | UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to remove the user (" + str2 + ") from the group (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void resetPassword(String str, String str2) throws UserNotFoundException, UserLockedException, ExistingPasswordException, ServiceUnavailableException {
        try {
            Optional<User> findByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().findByUserDirectoryIdAndUsernameIgnoreCase(getUserDirectoryId(), str);
            if (findByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(str);
            }
            User user = findByUserDirectoryIdAndUsernameIgnoreCase.get();
            if (user.getPasswordAttempts() != null && user.getPasswordAttempts().intValue() > this.maxPasswordAttempts) {
                throw new UserLockedException(str);
            }
            String encode = this.passwordEncoder.encode(str2);
            if (isPasswordInHistory(user.getId(), str2)) {
                throw new ExistingPasswordException(str);
            }
            getUserRepository().resetPassword(user.getId(), encode, LocalDateTime.now().plus(this.passwordExpiryMonths, (TemporalUnit) ChronoUnit.MONTHS));
            getUserRepository().savePasswordInPasswordHistory(user.getId(), encode);
        } catch (ExistingPasswordException | UserLockedException | UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to reset the password for the user (" + str + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void updateGroup(Group group) throws GroupNotFoundException, ServiceUnavailableException {
        try {
            Optional<Group> findByUserDirectoryIdAndNameIgnoreCase = getGroupRepository().findByUserDirectoryIdAndNameIgnoreCase(group.getUserDirectoryId(), group.getName());
            if (findByUserDirectoryIdAndNameIgnoreCase.isEmpty()) {
                throw new GroupNotFoundException(group.getName());
            }
            Group group2 = findByUserDirectoryIdAndNameIgnoreCase.get();
            group2.setDescription(group.getDescription());
            getGroupRepository().saveAndFlush(group2);
        } catch (GroupNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to update the group (" + group.getName() + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    @Override // africa.absa.inception.security.IUserDirectory
    public void updateUser(User user, boolean z, boolean z2) throws UserNotFoundException, ServiceUnavailableException {
        try {
            Optional<User> findByUserDirectoryIdAndUsernameIgnoreCase = getUserRepository().findByUserDirectoryIdAndUsernameIgnoreCase(user.getUserDirectoryId(), user.getUsername());
            if (findByUserDirectoryIdAndUsernameIgnoreCase.isEmpty()) {
                throw new UserNotFoundException(user.getUsername());
            }
            User user2 = findByUserDirectoryIdAndUsernameIgnoreCase.get();
            if (user.getName() != null) {
                user2.setName(user.getName());
            }
            if (user.getPreferredName() != null) {
                user2.setPreferredName(user.getPreferredName());
            }
            if (user.getEmail() != null) {
                user2.setEmail(user.getEmail());
            }
            if (user.getPhoneNumber() != null) {
                user2.setPhoneNumber(user.getPhoneNumber());
            }
            if (user.getMobileNumber() != null) {
                user2.setMobileNumber(user.getMobileNumber());
            }
            if (StringUtils.hasText(user.getPassword())) {
                user2.setPassword(this.passwordEncoder.encode(user.getPassword()));
            }
            if (z2) {
                user2.setPasswordAttempts(this.maxPasswordAttempts);
            } else if (user.getPasswordAttempts() != null) {
                user2.setPasswordAttempts(user.getPasswordAttempts().intValue());
            }
            if (z) {
                user2.setPasswordExpiry(LocalDateTime.now());
            } else if (user.getPasswordExpiry() != null) {
                user2.setPasswordExpiry(user.getPasswordExpiry());
            }
            getUserRepository().saveAndFlush(user2);
        } catch (UserNotFoundException e) {
            throw e;
        } catch (Throwable th) {
            throw new ServiceUnavailableException("Failed to update the user (" + user.getUsername() + ") for the user directory (" + getUserDirectoryId() + ")", th);
        }
    }

    private boolean isPasswordInHistory(UUID uuid, String str) {
        Iterator<String> it = getUserRepository().getPasswordHistory(uuid, LocalDateTime.now().minus(this.passwordHistoryMonths, (TemporalUnit) ChronoUnit.MONTHS)).iterator();
        while (it.hasNext()) {
            if (this.passwordEncoder.matches(str, it.next())) {
                return true;
            }
        }
        return false;
    }
}
