package tv.hd3g.authkit.mod.service;

import jakarta.transaction.Transactional;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import tv.hd3g.authkit.mod.controller.RestControllerUser;
import tv.hd3g.authkit.mod.dto.Password;
import tv.hd3g.authkit.mod.dto.validated.AddGroupOrRoleDto;
import tv.hd3g.authkit.mod.dto.validated.AddUserDto;
import tv.hd3g.authkit.mod.entity.Credential;
import tv.hd3g.authkit.mod.exception.BlockedUserException;
import tv.hd3g.authkit.mod.exception.ResetWithSamePasswordException;
import tv.hd3g.authkit.mod.repository.CredentialRepository;
import tv.hd3g.commons.authkit.CheckBefore;

@Service
/* loaded from: input_file:tv/hd3g/authkit/mod/service/CmdLineServiceImpl.class */
public class CmdLineServiceImpl implements CmdLineService {
    private static final Logger log = LoggerFactory.getLogger(CmdLineServiceImpl.class);

    @Autowired
    private CredentialRepository credentialRepository;

    @Autowired
    private AuthenticationService authenticationService;

    @Value("${authkit.realm:default}")
    private String realm;

    @Override // tv.hd3g.authkit.mod.service.CmdLineService
    @Transactional(Transactional.TxType.REQUIRES_NEW)
    public void addOrUpdateSecurityAdminUser(String str, Password password) throws ResetWithSamePasswordException {
        String addUser;
        Credential fromRealmLogin = this.credentialRepository.getFromRealmLogin(this.realm, str);
        if (fromRealmLogin != null) {
            addUser = fromRealmLogin.getUser().getUuid();
            this.authenticationService.resetUserLogonTrials(addUser);
            try {
                this.authenticationService.changeUserPassword(fromRealmLogin.getUser().getUuid(), password);
            } catch (BlockedUserException e) {
                log.error("Unexpected error", e);
            }
            this.authenticationService.enableUser(addUser);
        } else {
            AddUserDto addUserDto = new AddUserDto();
            addUserDto.setUserLogin(str);
            addUserDto.setUserPassword(password);
            addUser = this.authenticationService.addUser(addUserDto);
        }
        AddGroupOrRoleDto addGroupOrRoleDto = new AddGroupOrRoleDto();
        addGroupOrRoleDto.setName("SecurityAdmins");
        addGroupOrRoleDto.setDescription("Autogenerated group for " + str);
        this.authenticationService.addGroup(addGroupOrRoleDto);
        this.authenticationService.addUserInGroup(addUser, addGroupOrRoleDto.getName());
        AddGroupOrRoleDto addGroupOrRoleDto2 = new AddGroupOrRoleDto();
        addGroupOrRoleDto2.setName("SecurityOnly");
        addGroupOrRoleDto2.setName("Autogenerated role for " + str);
        this.authenticationService.addRole(addGroupOrRoleDto2);
        this.authenticationService.addGroupInRole(addGroupOrRoleDto.getName(), addGroupOrRoleDto2.getName());
        Arrays.stream(RestControllerUser.class.getAnnotationsByType(CheckBefore.class)).findFirst().map(checkBefore -> {
            return Arrays.stream(checkBefore.value());
        }).ifPresent(stream -> {
            stream.forEach(str2 -> {
                this.authenticationService.addRightInRole(addGroupOrRoleDto2.getName(), str2);
            });
        });
    }
}
