package fr.paris.lutece.plugins.fccertifier.service;

import fr.paris.lutece.plugins.fccertifier.business.FcIdentity;
import fr.paris.lutece.plugins.franceconnect.oidc.UserInfo;
import fr.paris.lutece.plugins.identitystore.web.rs.dto.AttributeDto;
import fr.paris.lutece.plugins.identitystore.web.rs.dto.AuthorDto;
import fr.paris.lutece.plugins.identitystore.web.rs.dto.IdentityChangeDto;
import fr.paris.lutece.plugins.identitystore.web.rs.dto.IdentityDto;
import fr.paris.lutece.plugins.identitystore.web.service.IdentityService;
import fr.paris.lutece.portal.service.security.LuteceUser;
import fr.paris.lutece.portal.service.security.SecurityService;
import fr.paris.lutece.portal.service.security.UserNotSignedException;
import fr.paris.lutece.portal.service.spring.SpringContextService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import java.io.Serializable;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:fr/paris/lutece/plugins/fccertifier/service/CertifierService.class */
public class CertifierService implements Serializable {
    private static final String MESSAGE_CODE_VALIDATION_OK = "module.identitystore.fccertifier.message.validation.ok";
    private static final String MESSAGE_CODE_VALIDATION_INVALID = "module.identitystore.fccertifier.message.validation.invalidCode";
    private static final String MESSAGE_SESSION_EXPIRED = "module.identitystore.fccertifier.message.validation.sessionExpired";
    private static final String MESSAGE_CODE_EXPIRED = "module.identitystore.fccertifier.message.validation.codeExpired";
    private static final String MESSAGE_TOO_MANY_ATTEMPS = "module.identitystore.fccertifier.message.validation.tooManyAttempts";
    private static final String BEAN_IDENTITYSTORE_SERVICE = "fccertifier.identitystore.service";
    private static final String CERTIFIER_CODE = "fccertifier";
    private static final String PROPERTY_MOCKED_CONNECTION_ID = "identitystore.fccertifier.mockedConnectionId";
    private static final String DEFAULT_CONNECTION_ID = "1";
    private static final String MOCKED_USER_CONNECTION_ID = AppPropertiesService.getProperty(PROPERTY_MOCKED_CONNECTION_ID, DEFAULT_CONNECTION_ID);
    private static final String PROPERTY_MOCKED_EMAIL = "identitystore.fccertifier.mockedEmail";
    private static final String DEFAULT_EMAIL = "test@test.fr";
    private static final String MOCKED_USER_EMAIL = AppPropertiesService.getProperty(PROPERTY_MOCKED_EMAIL, DEFAULT_EMAIL);
    private static final String PROPERTY_EXPIRES_DELAY = "identitystore.fccertifier.expiresDelay";
    private static final int DEFAULT_EXPIRES_DELAY = 5;
    private static final int EXPIRES_DELAY = AppPropertiesService.getPropertyInt(PROPERTY_EXPIRES_DELAY, DEFAULT_EXPIRES_DELAY);
    private static final String PROPERTY_IDENTITY_SERVICE_CLIENT_CODE = "fccertifier.identitystore.client.code";
    private static final String CLIENT_CODE = AppPropertiesService.getProperty(PROPERTY_IDENTITY_SERVICE_CLIENT_CODE);
    private static Map<String, ValidationInfos> _mapValidationInfos = new ConcurrentHashMap();

    /* loaded from: input_file:fr/paris/lutece/plugins/fccertifier/service/CertifierService$ValidationResult.class */
    public enum ValidationResult {
        OK(CertifierService.MESSAGE_CODE_VALIDATION_OK),
        INVALID_CODE(CertifierService.MESSAGE_CODE_VALIDATION_INVALID),
        SESSION_EXPIRED(CertifierService.MESSAGE_SESSION_EXPIRED),
        CODE_EXPIRED(CertifierService.MESSAGE_CODE_EXPIRED),
        TOO_MANY_ATTEMPS(CertifierService.MESSAGE_TOO_MANY_ATTEMPS);

        private String _strMessageKey;

        ValidationResult(String str) {
            this._strMessageKey = str;
        }

        public String getMessageKey() {
            return this._strMessageKey;
        }
    }

    public void startValidation(HttpServletRequest httpServletRequest) throws UserNotSignedException {
        HttpSession session = httpServletRequest.getSession(true);
        ValidationInfos validationInfos = new ValidationInfos();
        validationInfos.setExpiresTime(getExpiresTime());
        validationInfos.setUserConnectionId(getUserConnectionId(httpServletRequest));
        validationInfos.setUserEmail(getUserEmail(httpServletRequest));
        _mapValidationInfos.put(session.getId(), validationInfos);
    }

    public ValidationResult validate(HttpServletRequest httpServletRequest, UserInfo userInfo) {
        String id;
        ValidationInfos validationInfos;
        HttpSession session = httpServletRequest.getSession();
        if (session != null && (validationInfos = _mapValidationInfos.get((id = session.getId()))) != null) {
            _mapValidationInfos.remove(id);
            validationInfos.setFCUserInfo(new FcIdentity(userInfo));
            certify(validationInfos);
            return ValidationResult.OK;
        }
        return ValidationResult.SESSION_EXPIRED;
    }

    private void certify(ValidationInfos validationInfos) {
        IdentityService identityService = (IdentityService) SpringContextService.getBean(BEAN_IDENTITYSTORE_SERVICE);
        IdentityChangeDto identityChangeDto = new IdentityChangeDto();
        IdentityDto identityDto = new IdentityDto();
        identityDto.setConnectionId(validationInfos.getUserConnectionId());
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        FcIdentity fCUserInfo = validationInfos.getFCUserInfo();
        addAttribute(concurrentHashMap, "birthdate", fCUserInfo.getIdsBirthDate());
        addAttribute(concurrentHashMap, "birthplace", fCUserInfo.getIdsBirthPlace());
        addAttribute(concurrentHashMap, "birthcountry", fCUserInfo.getIdsBirthCountry());
        addAttribute(concurrentHashMap, "gender", fCUserInfo.getIdsGender());
        addAttribute(concurrentHashMap, "first_name", fCUserInfo.getGivenName());
        addAttribute(concurrentHashMap, "family_name", fCUserInfo.getFamilyName());
        addAttribute(concurrentHashMap, "fc_gender", fCUserInfo.getGender());
        addAttribute(concurrentHashMap, "fc_given_name", fCUserInfo.getGivenName());
        addAttribute(concurrentHashMap, "fc_family_name", fCUserInfo.getFamilyName());
        addAttribute(concurrentHashMap, "fc_birthdate", fCUserInfo.getBirthDate());
        addAttribute(concurrentHashMap, "fc_birthplace", fCUserInfo.getBirthPlace());
        addAttribute(concurrentHashMap, "fc_birthcountry", fCUserInfo.getBirthCountry());
        identityDto.setAttributes(concurrentHashMap);
        identityChangeDto.setIdentity(identityDto);
        AuthorDto authorDto = new AuthorDto();
        authorDto.setApplicationCode(CLIENT_CODE);
        identityChangeDto.setAuthor(authorDto);
        identityService.certifyAttributes(identityChangeDto, CERTIFIER_CODE);
    }

    private void addAttribute(Map<String, AttributeDto> map, String str, String str2) {
        AttributeDto attributeDto = new AttributeDto();
        attributeDto.setKey(str);
        attributeDto.setValue(str2);
        map.put(attributeDto.getKey(), attributeDto);
    }

    public static IdentityDto getIdentity(String str) {
        return ((IdentityService) SpringContextService.getBean(BEAN_IDENTITYSTORE_SERVICE)).getIdentityByConnectionId(str, CLIENT_CODE);
    }

    private static String getUserConnectionId(HttpServletRequest httpServletRequest) throws UserNotSignedException {
        if (!SecurityService.isAuthenticationEnable()) {
            return MOCKED_USER_CONNECTION_ID;
        }
        LuteceUser registeredUser = SecurityService.getInstance().getRegisteredUser(httpServletRequest);
        if (registeredUser != null) {
            return registeredUser.getName();
        }
        throw new UserNotSignedException();
    }

    private static String getUserEmail(HttpServletRequest httpServletRequest) throws UserNotSignedException {
        if (!SecurityService.isAuthenticationEnable()) {
            return MOCKED_USER_EMAIL;
        }
        LuteceUser registeredUser = SecurityService.getInstance().getRegisteredUser(httpServletRequest);
        if (registeredUser != null) {
            return registeredUser.getEmail();
        }
        throw new UserNotSignedException();
    }

    private static long getExpiresTime() {
        return now() + (EXPIRES_DELAY * 60000);
    }

    private static long now() {
        return new Date().getTime();
    }
}
