package com.helger.phoss.smp.domain.user;

import com.helger.http.basicauth.BasicAuthClientCredentials;
import com.helger.peppolid.IParticipantIdentifier;
import com.helger.phoss.smp.domain.SMPMetaManager;
import com.helger.phoss.smp.domain.servicegroup.ISMPServiceGroup;
import com.helger.phoss.smp.exception.SMPNotFoundException;
import com.helger.phoss.smp.exception.SMPUnauthorizedException;
import com.helger.phoss.smp.exception.SMPUnknownUserException;
import com.helger.photon.security.mgr.PhotonSecurityManager;
import com.helger.photon.security.user.IUser;
import com.helger.photon.security.user.IUserManager;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/phoss-smp-backend-6.0.0-rc1.jar:com/helger/phoss/smp/domain/user/SMPUserManagerPhoton.class */
public final class SMPUserManagerPhoton {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SMPUserManagerPhoton.class);

    private SMPUserManagerPhoton() {
    }

    @Nonnull
    public static IUser validateUserCredentials(@Nonnull BasicAuthClientCredentials basicAuthClientCredentials) throws SMPUnknownUserException, SMPUnauthorizedException {
        IUserManager userMgr = PhotonSecurityManager.getUserMgr();
        IUser userOfLoginName = userMgr.getUserOfLoginName(basicAuthClientCredentials.getUserName());
        if (userOfLoginName == null || userOfLoginName.isDeleted()) {
            LOGGER.warn("Invalid login name provided: '" + basicAuthClientCredentials.getUserName() + "'");
            throw new SMPUnknownUserException(basicAuthClientCredentials.getUserName());
        }
        if (!userMgr.areUserIDAndPasswordValid(userOfLoginName.getID(), basicAuthClientCredentials.getPassword())) {
            LOGGER.warn("Invalid password provided for '" + basicAuthClientCredentials.getUserName() + "'");
            throw new SMPUnauthorizedException("Username and/or password are invalid!");
        }
        if (!userOfLoginName.isDisabled()) {
            return userOfLoginName;
        }
        LOGGER.warn("User '" + basicAuthClientCredentials.getUserName() + "' is disabled");
        throw new SMPUnauthorizedException("User is disabled!");
    }

    public static void verifyOwnership(@Nonnull IParticipantIdentifier iParticipantIdentifier, @Nonnull IUser iUser) throws SMPNotFoundException, SMPUnauthorizedException {
        ISMPServiceGroup sMPServiceGroupOfID = SMPMetaManager.getServiceGroupMgr().getSMPServiceGroupOfID(iParticipantIdentifier);
        if (sMPServiceGroupOfID == null) {
            throw new SMPNotFoundException("Service group " + iParticipantIdentifier.getURIEncoded() + " does not exist");
        }
        if (!sMPServiceGroupOfID.getOwnerID().equals(iUser.getID())) {
            throw new SMPUnauthorizedException("User '" + iUser.getLoginName() + "' does not own " + iParticipantIdentifier.getURIEncoded());
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Verified service group " + sMPServiceGroupOfID.getID() + " is owned by user '" + iUser.getLoginName() + "'");
        }
    }
}
