package org.kuali.kfs.kns.service.impl;

import java.util.Collections;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.kim.api.KimConstants;
import org.kuali.kfs.kim.api.identity.IdentityService;
import org.kuali.kfs.kim.api.permission.PermissionService;
import org.kuali.kfs.kim.api.services.KimApiServiceLocator;
import org.kuali.kfs.kim.impl.identity.principal.Principal;
import org.kuali.kfs.kns.bo.AuthenticationValidationResponse;
import org.kuali.kfs.kns.service.CfAuthenticationService;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2021-07-08.jar:org/kuali/kfs/kns/service/impl/CfAuthenticationServiceImpl.class */
public class CfAuthenticationServiceImpl implements CfAuthenticationService {
    private static final Logger LOG = LogManager.getLogger();
    private IdentityService identityService;
    private PermissionService permissionService;

    @Override // org.kuali.kfs.kns.service.CfAuthenticationService
    public AuthenticationValidationResponse validatePrincipalName(String str) {
        LOG.debug("validatePrincipalName() started");
        if (StringUtils.isBlank(str)) {
            return AuthenticationValidationResponse.INVALID_PRINCIPAL_NAME_BLANK;
        }
        Principal principalByPrincipalName = getIdentityService().getPrincipalByPrincipalName(str);
        return principalByPrincipalName == null ? AuthenticationValidationResponse.INVALID_PRINCIPAL_DOES_NOT_EXIST : !isAuthorizedToLogin(principalByPrincipalName.getPrincipalId()) ? AuthenticationValidationResponse.INVALID_PRINCIPAL_CANNOT_LOGIN : AuthenticationValidationResponse.VALID_AUTHENTICATION;
    }

    protected boolean isAuthorizedToLogin(String str) {
        return getPermissionService().isAuthorized(str, "KFS-SYS", KimConstants.PermissionNames.LOG_IN, Collections.singletonMap("principalId", str));
    }

    public IdentityService getIdentityService() {
        if (this.identityService == null) {
            this.identityService = KimApiServiceLocator.getIdentityService();
        }
        return this.identityService;
    }

    public PermissionService getPermissionService() {
        if (this.permissionService == null) {
            this.permissionService = KimApiServiceLocator.getPermissionService();
        }
        return this.permissionService;
    }
}
