package org.dspace.authenticate;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.sql.SQLException;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.ResourcePolicy_;
import org.dspace.content.Item;
import org.dspace.core.Constants;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.service.EPersonService;
import org.dspace.orcid.OrcidToken;
import org.dspace.orcid.client.OrcidClient;
import org.dspace.orcid.client.OrcidConfiguration;
import org.dspace.orcid.model.OrcidTokenResponseDTO;
import org.dspace.orcid.service.OrcidSynchronizationService;
import org.dspace.orcid.service.OrcidTokenService;
import org.dspace.profile.ResearcherProfile;
import org.dspace.profile.service.ResearcherProfileService;
import org.dspace.services.ConfigurationService;
import org.orcid.jaxb.model.v3.release.record.Email;
import org.orcid.jaxb.model.v3.release.record.Person;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/dspace/authenticate/OrcidAuthenticationBean.class */
public class OrcidAuthenticationBean implements AuthenticationMethod {
    public static final String ORCID_AUTH_ATTRIBUTE = "orcid-authentication";
    private static final Logger LOGGER = LoggerFactory.getLogger(OrcidAuthenticationBean.class);
    private static final String LOGIN_PAGE_URL_FORMAT = "%s?client_id=%s&response_type=code&scope=%s&redirect_uri=%s";

    @Autowired
    private OrcidClient orcidClient;

    @Autowired
    private OrcidConfiguration orcidConfiguration;

    @Autowired
    private ConfigurationService configurationService;

    @Autowired
    private EPersonService ePersonService;

    @Autowired
    private ResearcherProfileService researcherProfileService;

    @Autowired
    private OrcidSynchronizationService orcidSynchronizationService;

    @Autowired
    private OrcidTokenService orcidTokenService;

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int authenticate(Context context, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws SQLException {
        if (httpServletRequest == null) {
            LOGGER.warn("Unable to authenticate using ORCID because the request object is null.");
            return 5;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isEmpty(parameter)) {
            LOGGER.warn("The incoming request has not code parameter");
            return 4;
        }
        httpServletRequest.setAttribute(ORCID_AUTH_ATTRIBUTE, true);
        return authenticateWithOrcid(context, parameter, httpServletRequest);
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageURL(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String authorizeEndpointUrl = this.orcidConfiguration.getAuthorizeEndpointUrl();
        String clientId = this.orcidConfiguration.getClientId();
        String redirectUrl = this.orcidConfiguration.getRedirectUrl();
        String join = String.join("+", this.orcidConfiguration.getScopes());
        if (StringUtils.isAnyBlank(new CharSequence[]{authorizeEndpointUrl, clientId, redirectUrl, join})) {
            LOGGER.error("Missing mandatory configuration properties for OrcidAuthentication");
            return "";
        }
        try {
            return String.format(LOGIN_PAGE_URL_FORMAT, authorizeEndpointUrl, clientId, join, URLEncoder.encode(redirectUrl, Constants.DEFAULT_ENCODING));
        } catch (UnsupportedEncodingException e) {
            LOGGER.error(e.getMessage(), e);
            return "";
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isUsed(Context context, HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute(ORCID_AUTH_ATTRIBUTE) != null;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canChangePassword(Context context, EPerson ePerson, String str) {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canSelfRegister(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return canSelfRegister();
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public void initEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException {
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean allowSetPassword(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isImplicit() {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public List<Group> getSpecialGroups(Context context, HttpServletRequest httpServletRequest) throws SQLException {
        return Collections.emptyList();
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String getName() {
        return "orcid";
    }

    private int authenticateWithOrcid(Context context, String str, HttpServletRequest httpServletRequest) throws SQLException {
        OrcidTokenResponseDTO orcidAccessToken = getOrcidAccessToken(str);
        if (orcidAccessToken == null) {
            return 4;
        }
        EPerson findByNetid = this.ePersonService.findByNetid(context, orcidAccessToken.getOrcid());
        if (findByNetid != null) {
            if (findByNetid.canLogIn()) {
                return logInEPerson(context, orcidAccessToken, findByNetid);
            }
            return 5;
        }
        Person personFromOrcid = getPersonFromOrcid(orcidAccessToken);
        if (personFromOrcid == null) {
            return 4;
        }
        EPerson findByEmail = this.ePersonService.findByEmail(context, getEmail(personFromOrcid).orElse(null));
        if (findByEmail != null) {
            if (findByEmail.canLogIn()) {
                return logInEPerson(context, orcidAccessToken, findByEmail);
            }
            return 5;
        }
        if (canSelfRegister()) {
            return registerNewEPerson(context, personFromOrcid, orcidAccessToken);
        }
        return 4;
    }

    private int logInEPerson(Context context, OrcidTokenResponseDTO orcidTokenResponseDTO, EPerson ePerson) throws SQLException {
        context.setCurrentUser(ePerson);
        setOrcidMetadataOnEPerson(context, ePerson, orcidTokenResponseDTO);
        ResearcherProfile findProfile = findProfile(context, ePerson);
        if (findProfile == null) {
            return 1;
        }
        this.orcidSynchronizationService.linkProfile(context, findProfile.getItem(), orcidTokenResponseDTO);
        return 1;
    }

    private ResearcherProfile findProfile(Context context, EPerson ePerson) throws SQLException {
        try {
            return this.researcherProfileService.findById(context, ePerson.getID());
        } catch (AuthorizeException e) {
            throw new RuntimeException(e);
        }
    }

    private int registerNewEPerson(Context context, Person person, OrcidTokenResponseDTO orcidTokenResponseDTO) throws SQLException {
        try {
            try {
                context.turnOffAuthorisationSystem();
                String orElseThrow = getEmail(person).orElseThrow(() -> {
                    return new IllegalStateException("The email is configured private on orcid");
                });
                String orcid = orcidTokenResponseDTO.getOrcid();
                EPerson create = this.ePersonService.create(context);
                create.setNetid(orcid);
                create.setEmail(orElseThrow);
                Optional<String> firstName = getFirstName(person);
                if (firstName.isPresent()) {
                    create.setFirstName(context, firstName.get());
                }
                Optional<String> lastName = getLastName(person);
                if (lastName.isPresent()) {
                    create.setLastName(context, lastName.get());
                }
                create.setCanLogIn(true);
                create.setSelfRegistered(true);
                setOrcidMetadataOnEPerson(context, create, orcidTokenResponseDTO);
                this.ePersonService.update(context, create);
                context.setCurrentUser(create);
                context.dispatchEvents();
                context.restoreAuthSystemState();
                return 1;
            } catch (Exception e) {
                LOGGER.error("An error occurs registering a new EPerson from ORCID", e);
                context.rollback();
                context.restoreAuthSystemState();
                return 4;
            }
        } catch (Throwable th) {
            context.restoreAuthSystemState();
            throw th;
        }
    }

    private void setOrcidMetadataOnEPerson(Context context, EPerson ePerson, OrcidTokenResponseDTO orcidTokenResponseDTO) throws SQLException {
        String orcid = orcidTokenResponseDTO.getOrcid();
        String accessToken = orcidTokenResponseDTO.getAccessToken();
        String[] scopeAsArray = orcidTokenResponseDTO.getScopeAsArray();
        this.ePersonService.setMetadataSingleValue(context, ePerson, ResourcePolicy_.EPERSON, "orcid", null, null, orcid);
        this.ePersonService.clearMetadata(context, ePerson, ResourcePolicy_.EPERSON, "orcid", "scope", Item.ANY);
        for (String str : scopeAsArray) {
            this.ePersonService.addMetadata(context, (Context) ePerson, ResourcePolicy_.EPERSON, "orcid", "scope", (String) null, str);
        }
        OrcidToken findByEPerson = this.orcidTokenService.findByEPerson(context, ePerson);
        if (findByEPerson == null) {
            this.orcidTokenService.create(context, ePerson, accessToken);
        } else {
            findByEPerson.setAccessToken(accessToken);
        }
    }

    private Person getPersonFromOrcid(OrcidTokenResponseDTO orcidTokenResponseDTO) {
        try {
            return this.orcidClient.getPerson(orcidTokenResponseDTO.getAccessToken(), orcidTokenResponseDTO.getOrcid());
        } catch (Exception e) {
            LOGGER.error("An error occurs retriving the ORCID record with id " + orcidTokenResponseDTO.getOrcid(), e);
            return null;
        }
    }

    private Optional<String> getEmail(Person person) {
        List emails = person.getEmails() != null ? person.getEmails().getEmails() : Collections.emptyList();
        return CollectionUtils.isEmpty(emails) ? Optional.empty() : Optional.ofNullable(((Email) emails.get(0)).getEmail());
    }

    private Optional<String> getFirstName(Person person) {
        return Optional.ofNullable(person.getName()).map(name -> {
            return name.getGivenNames();
        }).map(givenNames -> {
            return givenNames.getContent();
        });
    }

    private Optional<String> getLastName(Person person) {
        return Optional.ofNullable(person.getName()).map(name -> {
            return name.getFamilyName();
        }).map(familyName -> {
            return familyName.getContent();
        });
    }

    private boolean canSelfRegister() {
        String property = this.configurationService.getProperty("authentication-orcid.can-self-register", "true");
        if (StringUtils.isBlank(property)) {
            return true;
        }
        return BooleanUtils.toBoolean(property);
    }

    private OrcidTokenResponseDTO getOrcidAccessToken(String str) {
        try {
            return this.orcidClient.getAccessToken(str);
        } catch (Exception e) {
            LOGGER.error("An error occurs retriving the ORCID access_token", e);
            return null;
        }
    }

    public OrcidClient getOrcidClient() {
        return this.orcidClient;
    }

    public void setOrcidClient(OrcidClient orcidClient) {
        this.orcidClient = orcidClient;
    }
}
