package de.hsrm.sls.subato.intellij.core.api.http.auth;

import com.intellij.openapi.application.ApplicationManager;
import com.intellij.openapi.components.Service;
import com.intellij.openapi.diagnostic.Logger;
import de.hsrm.sls.subato.intellij.core.api.service.PrincipalService;
import de.hsrm.sls.subato.intellij.core.common.JsonService;
import de.hsrm.sls.subato.intellij.core.fides.pseudonym.PseudonymService;
import de.hsrm.sls.subato.intellij.core.fides.pseudonym.PseudonymState;
import de.hsrm.sls.subato.intellij.core.login.NoConsentException;
import java.time.LocalDateTime;

@Service
/* loaded from: input_file:de/hsrm/sls/subato/intellij/core/api/http/auth/AuthService.class */
public final class AuthService {
    private static final Logger LOG = Logger.getInstance(AuthService.class);
    private AuthContext context;

    public static AuthService getInstance() {
        return (AuthService) ApplicationManager.getApplication().getService(AuthService.class);
    }

    public AuthContext getAuthContext() {
        return this.context;
    }

    public AuthService() {
        AuthContext load = AuthStateService.getInstance().load();
        this.context = load == null ? new AuthContext(null, null) : load;
    }

    public void authenticate(String str, String str2) {
        TokenState authenticate = AuthProvider.getInstance().authenticate(str, str2);
        SubatoPrincipal principal = PrincipalService.getInstance().getPrincipal(new AuthContext(authenticate, null));
        ConsentCache consentCache = ConsentCache.getInstance();
        consentCache.setConsent(principal.isConsentedToCollection() ? new ConsentState(principal.getLoginName()) : null);
        if (!consentCache.hasConsent()) {
            throw new NoConsentException();
        }
        ((PseudonymService) ApplicationManager.getApplication().getService(PseudonymService.class)).generateAndStore(principal.getLoginName(), str2);
        AuthContext authContext = new AuthContext(authenticate, principal);
        setContext(authContext);
        ((AuthListener) ApplicationManager.getApplication().getMessageBus().syncPublisher(AuthListener.AUTH_TOPIC)).afterLogin(authContext);
    }

    public void requestRefresh(boolean z) {
        if (!this.context.isAuthenticated()) {
            throw new RuntimeException();
        }
        if (this.context.token().isAccessTokenExpired() || z) {
            try {
                TokenState refresh = AuthProvider.getInstance().refresh(this.context.token());
                SubatoPrincipal principal = PrincipalService.getInstance().getPrincipal(new AuthContext(refresh, null));
                ConsentCache.getInstance().setConsent(principal.isConsentedToCollection() ? new ConsentState(principal.getLoginName()) : null);
                setContext(new AuthContext(refresh, principal));
                LocalDateTime lastPWChange = refresh.getLastPWChange(JsonService.getInstance());
                if (lastPWChange != null) {
                    PseudonymState pseudonymState = ((PseudonymService) ApplicationManager.getApplication().getService(PseudonymService.class)).getPseudonymState(principal.getLoginName());
                    if (pseudonymState == null || pseudonymState.getLastUpdate() == null || lastPWChange.isAfter(pseudonymState.getLastUpdate())) {
                        throw new SessionExpiredException();
                    }
                } else {
                    LOG.warn("last password change not in token for %s, is keycloak correctly configured?".formatted(principal.getLoginName()));
                }
            } catch (SessionExpiredException e) {
                logOut();
                throw e;
            }
        }
        if (!ConsentCache.getInstance().hasConsent()) {
            throw new NoConsentException();
        }
    }

    public void logOut() {
        setContext(new AuthContext(null, null));
    }

    private void setContext(AuthContext authContext) {
        this.context = authContext;
        AuthStateService.getInstance().save(authContext);
        ((AuthListener) ApplicationManager.getApplication().getMessageBus().syncPublisher(AuthListener.AUTH_TOPIC)).stateChanged(authContext);
    }
}
