package com.atlassian.plugins.authentication.sso.config;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.spring.scanner.annotation.export.ExportAsService;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugins.authentication.api.config.IdpConfig;
import com.atlassian.plugins.authentication.api.config.IdpConfigService;
import com.atlassian.plugins.authentication.api.config.IdpSearchParameters;
import com.atlassian.plugins.authentication.api.config.SsoConfig;
import com.atlassian.plugins.authentication.api.config.SsoConfigService;
import com.atlassian.plugins.authentication.api.config.ValidationError;
import com.atlassian.plugins.authentication.api.exception.CannotDisableLoginFormException;
import com.atlassian.plugins.authentication.api.exception.InvalidConfigException;
import com.atlassian.plugins.authentication.sso.event.LoginFormToggledEvent;
import com.atlassian.plugins.authentication.sso.event.OidcDiscoveryRefreshCronUpdatedEvent;
import com.atlassian.plugins.authentication.sso.util.ApplicationStateValidator;
import com.atlassian.plugins.authentication.sso.util.ProductLicenseDataProvider;
import com.google.common.collect.Multimap;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ExportAsService({SsoConfigService.class})
@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/config/SsoConfigServiceImpl.class */
public class SsoConfigServiceImpl implements SsoConfigService {
    private static final Logger logger = LoggerFactory.getLogger(SsoConfigServiceImpl.class);
    private final EventPublisher eventPublisher;
    private final SsoConfigDao ssoConfigDao;
    private final SsoConfigValidator ssoConfigValidator;
    private final IdpConfigService idpConfigService;
    private final ProductLicenseDataProvider productLicenseDataProvider;
    private final ApplicationStateValidator applicationStateValidator;
    private final CachingSsoConfigService cachingSsoConfigService;

    @Inject
    public SsoConfigServiceImpl(@ComponentImport EventPublisher eventPublisher, SsoConfigDao ssoConfigDao, SsoConfigValidator ssoConfigValidator, IdpConfigService idpConfigService, ProductLicenseDataProvider productLicenseDataProvider, ApplicationStateValidator applicationStateValidator, CachingSsoConfigService cachingSsoConfigService) {
        this.eventPublisher = eventPublisher;
        this.ssoConfigDao = ssoConfigDao;
        this.ssoConfigValidator = ssoConfigValidator;
        this.idpConfigService = idpConfigService;
        this.productLicenseDataProvider = productLicenseDataProvider;
        this.applicationStateValidator = applicationStateValidator;
        this.cachingSsoConfigService = cachingSsoConfigService;
    }

    @Override // com.atlassian.plugins.authentication.api.config.SsoConfigService
    public SsoConfig getSsoConfig() {
        return this.ssoConfigDao.getSsoConfig();
    }

    @Override // com.atlassian.plugins.authentication.api.config.SsoConfigService
    public SsoConfig updateSsoConfig(@Nonnull SsoConfig ssoConfig) {
        Objects.requireNonNull(ssoConfig, "SSO configuration cannot be null");
        SsoConfig ssoConfig2 = this.ssoConfigDao.getSsoConfig();
        validateSufficientLoginOptionsAreEnabled(ssoConfig, ssoConfig2);
        validateSufficientLoginOptionsForJsmAreEnabled(ssoConfig, ssoConfig2);
        SsoConfig updateSsoConfigInternal = updateSsoConfigInternal(ssoConfig2, ssoConfig);
        this.cachingSsoConfigService.update();
        return updateSsoConfigInternal;
    }

    private void validateSufficientLoginOptionsAreEnabled(@Nonnull SsoConfig ssoConfig, SsoConfig ssoConfig2) {
        if (!ssoConfig2.getShowLoginForm() || ssoConfig.getShowLoginForm()) {
            return;
        }
        Stream<IdpConfig> stream = this.idpConfigService.getIdpConfigs(IdpSearchParameters.allEnabled()).stream();
        ApplicationStateValidator applicationStateValidator = this.applicationStateValidator;
        applicationStateValidator.getClass();
        if (((List) stream.filter(applicationStateValidator::canProcessAuthenticationRequest).collect(Collectors.toList())).size() < 1) {
            throw new CannotDisableLoginFormException("Can't disable login form");
        }
    }

    private void validateSufficientLoginOptionsForJsmAreEnabled(@Nonnull SsoConfig ssoConfig, SsoConfig ssoConfig2) {
        if (this.productLicenseDataProvider.isServiceManagementProduct() && ssoConfig2.getShowLoginFormForJsm() && !ssoConfig.getShowLoginFormForJsm() && this.idpConfigService.getIdpConfigs(IdpSearchParameters.builder().setIncludeCustomerLoginsRestriction(true).build()).size() < 1) {
            throw new CannotDisableLoginFormException("Can't disable login form for Jira Service Management");
        }
    }

    private SsoConfig updateSsoConfigInternal(@Nullable SsoConfig ssoConfig, @Nonnull SsoConfig ssoConfig2) {
        if (Objects.equals(ssoConfig2, ssoConfig)) {
            return ssoConfig;
        }
        Multimap<String, ValidationError> validate = this.ssoConfigValidator.validate(ssoConfig2);
        if (!validate.isEmpty()) {
            throw new InvalidConfigException(validate);
        }
        publishEvents(ssoConfig, ssoConfig2);
        return this.ssoConfigDao.saveSsoConfig(ssoConfig2);
    }

    private void publishEvents(SsoConfig ssoConfig, SsoConfig ssoConfig2) {
        if (ssoConfig == null || ssoConfig.getShowLoginForm() != ssoConfig2.getShowLoginForm()) {
            this.eventPublisher.publish(new LoginFormToggledEvent(ssoConfig2.getShowLoginForm()));
        }
        if (ssoConfig == null || !Objects.equals(ssoConfig.getDiscoveryRefreshCron(), ssoConfig2.getDiscoveryRefreshCron())) {
            this.eventPublisher.publish(new OidcDiscoveryRefreshCronUpdatedEvent());
        }
    }

    @Override // com.atlassian.plugins.authentication.api.config.SsoConfigService
    public void resetConfig() {
        this.ssoConfigDao.removeSsoConfig();
        this.cachingSsoConfigService.update();
        this.eventPublisher.publish(new LoginFormToggledEvent(true));
    }
}
