package org.openvpms.web.security.login;

import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import org.apache.commons.collections4.map.PassiveExpiringMap;
import org.openvpms.archetype.rules.party.Contacts;
import org.openvpms.archetype.rules.practice.PracticeService;
import org.openvpms.component.model.party.Party;
import org.openvpms.component.model.user.User;
import org.openvpms.component.service.archetype.ArchetypeService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openvpms/web/security/login/SecurityCodeService.class */
public abstract class SecurityCodeService {
    protected static final int MAX_ATTEMPTS = 3;
    private final Map<String, SecurityCode> codes = Collections.synchronizedMap(new PassiveExpiringMap(10, TimeUnit.MINUTES));
    private final ArchetypeService service;
    private final PracticeService practiceService;
    private final Contacts contacts;
    private volatile boolean missingEmailLogged;
    private static final Logger log = LoggerFactory.getLogger(SecurityCodeService.class);

    /* loaded from: input_file:org/openvpms/web/security/login/SecurityCodeService$Factor.class */
    public enum Factor {
        EMAIL,
        TOTP;

        public static Factor fromString(String str) {
            if (str != null) {
                return (Factor) Arrays.stream(values()).filter(factor -> {
                    return factor.name().equals(str);
                }).findFirst().orElse(null);
            }
            return null;
        }
    }

    /* loaded from: input_file:org/openvpms/web/security/login/SecurityCodeService$Status.class */
    public enum Status {
        EXPIRED,
        CODE_MISMATCH,
        DATA_MISMATCH,
        ERROR,
        SUCCESS
    }

    public SecurityCodeService(ArchetypeService archetypeService, PracticeService practiceService) {
        this.service = archetypeService;
        this.practiceService = practiceService;
        this.contacts = new Contacts(archetypeService);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String sendCode(User user) {
        String str = null;
        String toAddress = getToAddress(user);
        if (toAddress != null) {
            str = sendCode(user, toAddress);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String sendCode(User user, String str) {
        String str2 = null;
        String fromAddress = getFromAddress();
        if (fromAddress != null) {
            SecurityCode generateCode = generateCode(user, Factor.EMAIL);
            if (sendCode(user, generateCode.getCode(), fromAddress, str)) {
                str2 = generateCode.getId();
            }
        }
        return str2;
    }

    protected abstract boolean sendCode(User user, String str, String str2, String str3);

    /* JADX INFO: Access modifiers changed from: protected */
    public Status applyCode(String str, String str2, Function<Long, Status> function) {
        SecurityCode code = getCode(str);
        Status verifyCode = verifyCode(str, str2, Factor.EMAIL, code);
        if (verifyCode == Status.SUCCESS) {
            verifyCode = function.apply(Long.valueOf(code.getUserId()));
        }
        return verifyCode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getFromAddress() {
        String email = getEmail(this.practiceService.getPractice());
        if (email != null) {
            this.missingEmailLogged = false;
        } else if (!this.missingEmailLogged) {
            log.error("Cannot send security mails as the practice has no email address configured");
            this.missingEmailLogged = true;
        }
        return email;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getToAddress(User user) {
        String email = getEmail(user);
        if (email == null) {
            log.error("Cannot send security mails to {} as the user has no email address configured", user.getUsername());
        }
        return email;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityCode getCode(String str) {
        return this.codes.get(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityCode generateCode(User user, Factor factor) {
        SecurityCode securityCode = new SecurityCode(user, factor);
        this.codes.put(securityCode.getId(), securityCode);
        return securityCode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Status verifyCode(String str, String str2, Factor factor, SecurityCode securityCode) {
        Status status;
        if (securityCode == null || factor != securityCode.getFactor()) {
            status = Status.EXPIRED;
        } else if (Objects.equals(securityCode.getCode(), str2)) {
            status = Status.SUCCESS;
            removeCode(str);
        } else {
            status = codeMismatch(securityCode);
        }
        return status;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Status codeMismatch(SecurityCode securityCode) {
        Status status;
        if (securityCode.incAttempts() < MAX_ATTEMPTS) {
            status = Status.CODE_MISMATCH;
        } else {
            status = Status.EXPIRED;
            removeCode(securityCode.getId());
        }
        return status;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ArchetypeService getArchetypeService() {
        return this.service;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PracticeService getPracticeService() {
        return this.practiceService;
    }

    private void removeCode(String str) {
        this.codes.remove(str);
    }

    protected String getEmail(Party party) {
        if (party != null) {
            return this.contacts.getEmail(party);
        }
        return null;
    }
}
