package org.egov.infra.config.security.repository;

import com.mchange.rmi.NotAuthorizedException;
import java.util.HashSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.egov.infra.admin.master.entity.CustomUserDetails;
import org.egov.infra.admin.master.entity.Role;
import org.egov.infra.admin.master.entity.User;
import org.egov.infra.config.security.authentication.userdetail.CurrentUser;
import org.egov.infra.microservice.contract.UserSearchResponse;
import org.egov.infra.microservice.contract.UserSearchResponseContent;
import org.egov.infra.microservice.utils.MicroserviceUtils;
import org.egov.infra.persistence.entity.enums.Gender;
import org.egov.infra.persistence.entity.enums.UserType;
import org.egov.infra.utils.ApplicationConstant;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SecurityContextRepository;

/* loaded from: input_file:org/egov/infra/config/security/repository/ApplicationSecurityRepository.class */
public class ApplicationSecurityRepository implements SecurityContextRepository {
    private static final String AUTH_TOKEN = "auth_token";
    private static final String SESSION_ID = "session_id";
    private static final Logger LOGGER = Logger.getLogger(ApplicationSecurityRepository.class);

    @Autowired
    public RedisTemplate<Object, Object> redisTemplate;

    @Autowired
    public MicroserviceUtils microserviceUtils;

    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        try {
            HttpServletRequest request = httpRequestResponseHolder.getRequest();
            HttpSession session = request.getSession();
            LOGGER.info(" *** URI " + request.getRequestURL().toString());
            CurrentUser currentUser = (CurrentUser) this.microserviceUtils.readFromRedis(request.getSession().getId(), "current_user");
            if (currentUser == null) {
                LOGGER.info(" ***  Session is not available in redis.... , trying to login");
                currentUser = new CurrentUser(getUserDetails(request));
                this.microserviceUtils.savetoRedis(session.getId(), "current_user", currentUser);
            }
            String str = (String) session.getAttribute(ApplicationConstant.MS_USER_TOKEN);
            String str2 = (String) this.microserviceUtils.readFromRedis(session.getId(), AUTH_TOKEN);
            if (null != str && null != str2 && !str.equals(str2)) {
                session.setAttribute(ApplicationConstant.MS_USER_TOKEN, str2);
            }
            LOGGER.info(" ***  Session   found  in redis.... ," + request.getSession().getId());
            securityContextImpl.setAuthentication(prepareAuthenticationObj(request, currentUser));
            return securityContextImpl;
        } catch (SecurityException | NotAuthorizedException e) {
            LOGGER.error(e.getMessage());
            LOGGER.error(" ***  Session is not found in Redis. Creating empty security context");
            return SecurityContextHolder.createEmptyContext();
        }
    }

    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    public boolean containsContext(HttpServletRequest httpServletRequest) {
        LOGGER.debug("containsContext: checking context avialability in redis -" + httpServletRequest.getSession().getId() + " : " + this.redisTemplate.hasKey(httpServletRequest.getSession().getId()));
        return this.redisTemplate.hasKey(httpServletRequest.getSession().getId()).booleanValue();
    }

    private Authentication prepareAuthenticationObj(HttpServletRequest httpServletRequest, CurrentUser currentUser) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(currentUser, "dummy", currentUser.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(httpServletRequest));
        return usernamePasswordAuthenticationToken;
    }

    private User getUserDetails(HttpServletRequest httpServletRequest) throws NotAuthorizedException {
        String parameter = httpServletRequest.getParameter(AUTH_TOKEN);
        String parameter2 = httpServletRequest.getParameter("tenantId");
        HttpSession session = httpServletRequest.getSession();
        LOGGER.info(" *** authtoken " + parameter);
        if (parameter == null) {
            session.setAttribute("error-code", 440);
            throw new NotAuthorizedException("AuthToken not found");
        }
        String generateAdminToken = this.microserviceUtils.generateAdminToken(parameter2);
        session.setAttribute(ApplicationConstant.MS_USER_TOKEN, parameter);
        CustomUserDetails userDetails = this.microserviceUtils.getUserDetails(parameter, generateAdminToken);
        if (null == userDetails || userDetails.getId() == null) {
            throw new NotAuthorizedException("Invalid Token");
        }
        session.setAttribute(ApplicationConstant.MS_TENANTID_KEY, userDetails.getTenantId());
        session.setAttribute(ApplicationConstant.USERID_KEY, userDetails.getId());
        UserSearchResponse userInfo = this.microserviceUtils.getUserInfo(parameter, userDetails.getTenantId(), userDetails.getUuid());
        LOGGER.info("Before remove session::" + parameter + "::" + session.getId());
        this.microserviceUtils.removeSessionFromRedis(parameter, session.getId(), false);
        this.microserviceUtils.savetoRedis(session.getId(), AUTH_TOKEN, parameter);
        this.microserviceUtils.savetoRedis("session_token_fetch:" + parameter, SESSION_ID, session.getId());
        this.microserviceUtils.savetoRedis(session.getId(), "_details", userDetails);
        this.microserviceUtils.saveAuthToken(parameter, session.getId());
        this.microserviceUtils.setExpire(session.getId());
        this.microserviceUtils.setExpire(parameter);
        LOGGER.info("**Redis:: sessionID*****" + this.redisTemplate.opsForHash().get("session_token_fetch:" + parameter, SESSION_ID));
        return parepareCurrentUser(userInfo.getUserSearchResponseContent().get(0));
    }

    private User parepareCurrentUser(UserSearchResponseContent userSearchResponseContent) {
        User user = new User(UserType.valueOf(userSearchResponseContent.getType().toUpperCase()));
        user.setId(userSearchResponseContent.getId());
        user.setUsername(userSearchResponseContent.getUserName());
        user.setActive(userSearchResponseContent.getActive().booleanValue());
        user.setAccountLocked(userSearchResponseContent.getAccountLocked().booleanValue());
        user.setGender(Gender.valueOf(userSearchResponseContent.getGender().toUpperCase()));
        user.setPassword(ApplicationConstant.WHITESPACE);
        user.setName(userSearchResponseContent.getName());
        user.setPwdExpiryDate(userSearchResponseContent.getPwdExpiryDate());
        user.setLocale(userSearchResponseContent.getLocale());
        user.setUuid(userSearchResponseContent.getUuid());
        HashSet hashSet = new HashSet();
        userSearchResponseContent.getRoles().forEach(roleRequest -> {
            Role role = new Role();
            role.setId(roleRequest.getId());
            role.setName(roleRequest.getName());
            hashSet.add(role);
        });
        return user;
    }
}
