package de.hsrm.sls.subato.intellij.core.api.http.auth;

import com.intellij.openapi.application.ApplicationManager;
import com.intellij.openapi.components.Service;
import com.intellij.openapi.diagnostic.Logger;
import de.hsrm.sls.subato.intellij.core.api.service.PrincipalService;
import de.hsrm.sls.subato.intellij.core.common.JsonService;
import de.hsrm.sls.subato.intellij.core.common.LogMessage;
import de.hsrm.sls.subato.intellij.core.fides.pseudonym.PseudonymService;
import de.hsrm.sls.subato.intellij.core.login.NoConsentException;
import java.time.LocalDateTime;
import java.util.Objects;

@Service
/* loaded from: input_file:de/hsrm/sls/subato/intellij/core/api/http/auth/AuthService.class */
public final class AuthService {
    private static final Logger LOG = Logger.getInstance(AuthService.class);
    private AuthContext context;

    public static AuthService getInstance() {
        return (AuthService) ApplicationManager.getApplication().getService(AuthService.class);
    }

    public AuthService() {
        AuthContext load = AuthStateService.getInstance().load();
        this.context = load == null ? new AuthContext(null, null) : load;
    }

    public synchronized void authenticate(String str, char[] cArr) {
        TokenState authenticate = AuthProvider.getInstance().authenticate(str, cArr);
        SubatoPrincipal principal = PrincipalService.getInstance().getPrincipal(new AuthContext(authenticate, null));
        PseudonymService.getInstance().generateAndStore(principal.getLoginName(), cArr);
        ConsentCache consentCache = ConsentCache.getInstance();
        consentCache.setConsent(principal.isConsentedToCollection() ? new ConsentState(principal.getLoginName()) : null);
        if (!consentCache.hasConsent()) {
            throw new NoConsentException();
        }
        AuthContext authContext = new AuthContext(authenticate, principal);
        setContext(authContext);
        ((AuthListener) ApplicationManager.getApplication().getMessageBus().syncPublisher(AuthListener.AUTH_TOPIC)).afterLogin(authContext);
    }

    public synchronized void requestRefresh(boolean z) {
        if (this.context.token().isAccessTokenExpired() || z) {
            try {
                TokenState refresh = AuthProvider.getInstance().refresh(this.context.token());
                SubatoPrincipal principal = PrincipalService.getInstance().getPrincipal(new AuthContext(refresh, null));
                ConsentCache.getInstance().setConsent(principal.isConsentedToCollection() ? new ConsentState(principal.getLoginName()) : null);
                JsonService jsonService = JsonService.getInstance();
                LocalDateTime lastPWChange = this.context.token().getLastPWChange(jsonService);
                LocalDateTime lastPWChange2 = refresh.getLastPWChange(jsonService);
                LOG.debug("oldLastPwUpdate: %s, newLastPwUpdate: %s".formatted(lastPWChange, lastPWChange2));
                if (lastPWChange == null || lastPWChange2 == null) {
                    LOG.warn(LogMessage.from("lastPWChange not found in old or new token for %s, is keycloak correctly configured?".formatted(principal.getLoginName())));
                }
                if (!Objects.equals(lastPWChange, lastPWChange2)) {
                    throw new SessionExpiredException(SessionExpiredReason.PASSWORD_CHANGED);
                }
                setContext(new AuthContext(refresh, principal));
            } catch (SessionExpiredException e) {
                logOut(LogoutReason.SESSION_EXPIRED, e.getReason());
                throw e;
            }
        }
        if (!ConsentCache.getInstance().hasConsent()) {
            throw new NoConsentException();
        }
    }

    public synchronized void logOut(LogoutReason logoutReason, SessionExpiredReason sessionExpiredReason) {
        setContext(new AuthContext(null, null));
        ((AuthListener) ApplicationManager.getApplication().getMessageBus().syncPublisher(AuthListener.AUTH_TOPIC)).afterLogout(logoutReason, sessionExpiredReason);
    }

    public synchronized AuthContext getAuthContext() {
        return this.context;
    }

    private void setContext(AuthContext authContext) {
        this.context = authContext;
        AuthStateService.getInstance().save(authContext);
        ((AuthListener) ApplicationManager.getApplication().getMessageBus().syncPublisher(AuthListener.AUTH_TOPIC)).stateChanged(authContext);
    }
}
