package de.sep.sesam.restapi.dao.impl;

import de.sep.sesam.acl.AclManager;
import de.sep.sesam.auth.PasswordUtil;
import de.sep.sesam.gui.common.logging.ContextLogger;
import de.sep.sesam.gui.common.logging.LogGroup;
import de.sep.sesam.gui.common.logging.SesamComponent;
import de.sep.sesam.gui.common.logging.messages.SecurityMessages;
import de.sep.sesam.gui.common.logging.messages.SimpleMessage;
import de.sep.sesam.model.AclUser;
import de.sep.sesam.model.Groups;
import de.sep.sesam.model.Permissions;
import de.sep.sesam.model.Roles;
import de.sep.sesam.model.UserAllowedHosts;
import de.sep.sesam.model.UserGroupRelations;
import de.sep.sesam.model.Users;
import de.sep.sesam.model.type.AclUserType;
import de.sep.sesam.model.type.DiffCacheType;
import de.sep.sesam.model.type.UserOrigin;
import de.sep.sesam.restapi.authentication.SessionContext;
import de.sep.sesam.restapi.dao.DaoAccessor;
import de.sep.sesam.restapi.dao.GenericLongDao;
import de.sep.sesam.restapi.dao.UsersDaoServer;
import de.sep.sesam.restapi.dao.cache.CacheFactory;
import de.sep.sesam.restapi.dao.cache.MtimeCache;
import de.sep.sesam.restapi.dao.cache.SimpleEntityCache;
import de.sep.sesam.restapi.dao.example.criterion.Example;
import de.sep.sesam.restapi.dao.filter.AbstractFilter;
import de.sep.sesam.restapi.dao.filter.UsersFilter;
import de.sep.sesam.restapi.exception.AuthenticationException;
import de.sep.sesam.restapi.exception.AuthorityException;
import de.sep.sesam.restapi.exception.ObjectNotFoundException;
import de.sep.sesam.restapi.exception.OperationNotPossibleException;
import de.sep.sesam.restapi.exception.ServiceException;
import de.sep.sesam.restapi.mapper.UsersMapper;
import de.sep.sesam.restapi.mapper.example.UsersExample;
import de.sep.sesam.security.PasswordController;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.jdesktop.swingx.JXLoginPane;
import org.jdesktop.swingx.combobox.ListComboBoxModel;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service("usersDao")
/* loaded from: input_file:de/sep/sesam/restapi/dao/impl/UsersDaoImpl.class */
public class UsersDaoImpl extends GenericLongDao<Users, UsersExample> implements UsersDaoServer {
    private UsersMapper usersMapper;

    @Autowired
    private DaoAccessor daos;
    private final ContextLogger logger = new ContextLogger(UsersDaoImpl.class, SesamComponent.DATA_ACCESS);
    static final /* synthetic */ boolean $assertionsDisabled;

    public UsersDaoImpl() {
        setBypassAclAllThreads(true);
    }

    @Override // de.sep.sesam.restapi.dao.GenericDao
    public SimpleEntityCache<Long, Users> cache() {
        return CacheFactory.get(Users.class);
    }

    @Autowired
    public void setUsersMapper(UsersMapper usersMapper) {
        this.usersMapper = usersMapper;
        super.setMapper(usersMapper, UsersExample.class);
    }

    @Override // de.sep.sesam.restapi.dao.IGenericDao
    public Class<Users> getEntityClass() {
        return Users.class;
    }

    @Override // de.sep.sesam.restapi.dao.AbstractAclEnabledDao, de.sep.sesam.restapi.dao.GenericDao, de.sep.sesam.restapi.dao.IGenericDao
    @Transactional
    public Users update(Users users) throws ServiceException {
        validate(users);
        Users user = getUser(users.getId());
        String str = null;
        String salt = user.getSalt();
        if (StringUtils.isNotBlank(salt)) {
            str = PasswordController.getInstance().decrypt(salt);
        }
        if (StringUtils.isBlank(str)) {
            str = user.getName();
        }
        if (!$assertionsDisabled && !StringUtils.isNotBlank(str)) {
            throw new AssertionError();
        }
        if (StringUtils.isBlank(salt)) {
            users.setSalt(PasswordController.getInstance().encrypt(str));
        } else {
            users.setSalt(salt);
        }
        if (user.getPassword().equals(users.getPassword()) || !StringUtils.isNotBlank(users.getPassword()) || users.getPassword().equals(PasswordUtil.STARS)) {
            users.setPassword(user.getPassword());
        } else {
            users.setPassword(PasswordUtil.encodePassword(str, users.getPassword()));
            this.logger.info(ListComboBoxModel.UPDATE, LogGroup.SECURITY, SecurityMessages.PASSWORD_CHANGED, users.getName(), users.getPassword());
        }
        super.update((UsersDaoImpl) users);
        if (users.getAllowedHosts() != null) {
            updateHostList(users.getId(), users.getAllowedHosts());
        } else {
            this.usersMapper.deleteHostsByUser(users.getId());
        }
        return fixOutput(users);
    }

    private void updateHostList(Long l, List<UserAllowedHosts> list) {
        if (list == null) {
            return;
        }
        List<UserAllowedHosts> hosts = this.usersMapper.getHosts(l);
        for (UserAllowedHosts userAllowedHosts : list) {
            boolean z = false;
            Iterator<UserAllowedHosts> it = hosts.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserAllowedHosts next = it.next();
                if (next.getName().equals(userAllowedHosts.getName())) {
                    hosts.remove(next);
                    z = true;
                    break;
                }
            }
            if (!z) {
                Long selectHostMaxId = this.usersMapper.selectHostMaxId();
                if (selectHostMaxId == null) {
                    selectHostMaxId = 0L;
                }
                userAllowedHosts.setId(Long.valueOf(selectHostMaxId.longValue() + 1));
                this.usersMapper.insertHost(l, userAllowedHosts);
            }
        }
        Iterator<UserAllowedHosts> it2 = hosts.iterator();
        while (it2.hasNext()) {
            this.usersMapper.deleteHost(it2.next().getId());
        }
    }

    @Override // de.sep.sesam.restapi.dao.GenericLongDao, de.sep.sesam.restapi.dao.AbstractAclEnabledDao, de.sep.sesam.restapi.dao.GenericDao, de.sep.sesam.restapi.dao.IGenericDao
    @Transactional
    public Users create(Users users) throws ServiceException {
        if (!$assertionsDisabled && users == null) {
            throw new AssertionError();
        }
        if (users.getOrigin() == null) {
            users.setOrigin(UserOrigin.USER);
        }
        String uuid = UUID.randomUUID().toString();
        users.setSalt(PasswordController.getInstance().encrypt(uuid));
        users.setPassword(PasswordUtil.encodePassword(uuid, users.getPassword()));
        super.create((UsersDaoImpl) users);
        if (users.getAllowedHosts() != null) {
            updateHostList(users.getId(), users.getAllowedHosts());
        }
        return get(users.getId());
    }

    @Override // de.sep.sesam.restapi.dao.UsersDao
    public Boolean setPassword(String str, String str2, String str3) throws ServiceException {
        Users users = get(str);
        if (users == null) {
            throw new ObjectNotFoundException("user", str);
        }
        if (!users.getEnabled().booleanValue() || users.getAccountExpired().booleanValue()) {
            this.logger.info("setPassword", LogGroup.SECURITY, new SimpleMessage("Account for user {0} is " + (users.getAccountExpired().booleanValue() ? "expired." : "disabled.")), str);
            throw new AuthenticationException(AuthenticationException.AuthMessage.ACCOUNT_INVALID, str);
        }
        String str4 = null;
        String salt = users.getSalt();
        if (StringUtils.isNotBlank(salt)) {
            str4 = PasswordController.getInstance().decrypt(salt);
        }
        if (StringUtils.isBlank(str4)) {
            str4 = users.getName();
        }
        if (!$assertionsDisabled && !StringUtils.isNotBlank(str4)) {
            throw new AssertionError();
        }
        SessionContext session = AclManager.getInstance().getSession();
        if (session != null && session.hasAnyPermission("COMMON_UPDATE")) {
            String encodePassword = PasswordUtil.encodePassword(str4, str2);
            if (!StringUtils.isEmpty(users.getPassword()) && !users.getPassword().equals(encodePassword)) {
                throw new AuthorityException("invalid password");
            }
        }
        users.setPassword(PasswordUtil.encodePassword(str4, str3));
        this.logger.info("setPassword", LogGroup.SECURITY, SecurityMessages.PASSWORD_CHANGED, users.getName(), users.getPassword());
        super.update((UsersDaoImpl) users);
        return true;
    }

    @Override // de.sep.sesam.restapi.dao.AbstractAclEnabledDao, de.sep.sesam.restapi.dao.GenericDao, de.sep.sesam.restapi.dao.IGenericDao
    public Users get(Long l) throws ServiceException {
        Users users = (Users) super.get((UsersDaoImpl) l);
        if (users == null) {
            return null;
        }
        return fixOutput(users);
    }

    @Override // de.sep.sesam.restapi.dao.UsersDaoServer
    public Users login(String str, String str2) throws AuthenticationException {
        Users users = get(str);
        if (users != null && users.getOrigin() != null) {
            switch (users.getOrigin()) {
                case LDAP:
                case AD:
                    return null;
            }
        }
        if (StringUtils.isEmpty(str2)) {
            this.logger.info(JXLoginPane.LOGIN_ACTION_COMMAND, LogGroup.SECURITY, new SimpleMessage("User {0} provided empty password."), str);
            throw new AuthenticationException(AuthenticationException.AuthMessage.INVALID_CREDENTIALS, str);
        }
        if (users == null) {
            this.logger.info(JXLoginPane.LOGIN_ACTION_COMMAND, LogGroup.SECURITY, new SimpleMessage("User {0} does not exist."), str);
            throw new AuthenticationException(AuthenticationException.AuthMessage.INVALID_CREDENTIALS, str);
        }
        if (!users.getEnabled().booleanValue() || users.getAccountExpired().booleanValue()) {
            this.logger.info(JXLoginPane.LOGIN_ACTION_COMMAND, LogGroup.SECURITY, new SimpleMessage("Account for user {0} is " + (users.getAccountExpired().booleanValue() ? "expired." : "disabled.")), str);
            throw new AuthenticationException(AuthenticationException.AuthMessage.ACCOUNT_INVALID, str);
        }
        if (users.getPasswordExpired().booleanValue()) {
            throw new AuthenticationException(AuthenticationException.AuthMessage.PASSWORD_INVALID, str);
        }
        String str3 = null;
        String salt = users.getSalt();
        if (StringUtils.isNotBlank(salt)) {
            str3 = PasswordController.getInstance().decrypt(salt);
        }
        if (StringUtils.isBlank(str3)) {
            str3 = users.getName();
        }
        if (!$assertionsDisabled && !StringUtils.isNotBlank(str3)) {
            throw new AssertionError();
        }
        if (users.getPassword().equals(PasswordUtil.encodePassword(str3, str2))) {
            return users;
        }
        this.logger.info(JXLoginPane.LOGIN_ACTION_COMMAND, LogGroup.SECURITY, new SimpleMessage("User {0} provided wrong password."), str);
        throw new AuthenticationException(AuthenticationException.AuthMessage.INVALID_CREDENTIALS, str);
    }

    @Override // de.sep.sesam.restapi.dao.UsersDaoServer
    public Collection<SimpleGrantedAuthority> getPermissions(Users users) {
        try {
            List<Groups> groupsByUser = this.daos.getGroupsDao().getGroupsByUser(users);
            HashSet hashSet = new HashSet();
            for (Groups groups : groupsByUser) {
                if (!Boolean.FALSE.equals(groups.getEnabled())) {
                    Iterator<Roles> it = this.daos.getRolesDao().getByGroup(groups).iterator();
                    while (it.hasNext()) {
                        hashSet.addAll(this.daos.getPermissionsDao().getByRole(it.next()));
                    }
                }
            }
            HashSet hashSet2 = new HashSet();
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                Permissions permissions = (Permissions) it2.next();
                if (!Boolean.FALSE.equals(permissions.getEnabled())) {
                    hashSet2.add(new SimpleGrantedAuthority(permissions.getName()));
                }
            }
            return hashSet2;
        } catch (ServiceException e) {
            this.logger.error("getPermissions", e, users);
            return null;
        }
    }

    @Override // de.sep.sesam.restapi.dao.UsersDaoServer
    public Users getUser(Long l) throws ServiceException {
        return (Users) super.get((UsersDaoImpl) l);
    }

    @Override // de.sep.sesam.restapi.dao.AbstractAclEnabledDao, de.sep.sesam.restapi.dao.GenericDao, de.sep.sesam.restapi.dao.IGenericDao
    public List<Users> getAll() throws ServiceException {
        return fixOutput(super.getAll());
    }

    @Override // de.sep.sesam.restapi.dao.UsersDao
    public Users getByName(String str) throws ServiceException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        for (Users users : getAll()) {
            if (str.equals(users.getName()) || str.equals(users.getDisplayLabel())) {
                return fixOutput(users);
            }
        }
        try {
            return fixOutput(get(Long.valueOf(Long.parseLong(str))));
        } catch (NumberFormatException e) {
            return null;
        }
    }

    private Users fixOutput(Users users) {
        Users users2 = new Users(users);
        users2.setPassword(PasswordUtil.STARS);
        return users2;
    }

    private List<Users> fixOutput(List<Users> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<Users> it = list.iterator();
        while (it.hasNext()) {
            Users users = new Users(it.next());
            users.setPassword(PasswordUtil.STARS);
            arrayList.add(users);
        }
        return arrayList;
    }

    @Override // de.sep.sesam.restapi.dao.UsersDaoServer
    public Users get(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        Example<UsersExample> example = new Example<>(UsersExample.class);
        example.createCriteria().andNameEqualTo(str);
        example.setOrderByClause("name");
        example.setLimitBy(1);
        List<Users> selectByExample = this.usersMapper.selectByExample(example);
        if (selectByExample.isEmpty()) {
            return null;
        }
        Users users = selectByExample.get(0);
        users.setAllowedHosts(this.usersMapper.getHosts(users.getId()));
        return users;
    }

    @Override // de.sep.sesam.restapi.dao.AbstractAclEnabledDao, de.sep.sesam.restapi.dao.GenericDao, de.sep.sesam.restapi.dao.IGenericDao
    public Long remove(Long l) throws ServiceException {
        if (!$assertionsDisabled && l == null) {
            throw new AssertionError();
        }
        this.daos.getUserGroupRelationsDao().removeByUser(l);
        this.usersMapper.deleteHostsByUser(l);
        AclUser aclUser = new AclUser();
        aclUser.setId(l.toString());
        aclUser.setType(AclUserType.USER);
        this.daos.getAclsDao().removeFromAcls(aclUser);
        return (Long) super.remove((UsersDaoImpl) l);
    }

    @Override // de.sep.sesam.restapi.dao.UsersDao
    public List<Users> getByGroup(Long l) throws ServiceException {
        if (!$assertionsDisabled && l == null) {
            throw new AssertionError();
        }
        ArrayList arrayList = new ArrayList();
        List<Users> all = getAll();
        List<UserGroupRelations> byGroupId = this.daos.getUserGroupRelationsDao().getByGroupId(l);
        for (Users users : all) {
            Iterator<UserGroupRelations> it = byGroupId.iterator();
            while (true) {
                if (it.hasNext()) {
                    UserGroupRelations next = it.next();
                    if (users.getId() != null && users.getId().equals(next.getUserId())) {
                        arrayList.add(users);
                        break;
                    }
                }
            }
        }
        return fixOutput(arrayList);
    }

    @Override // de.sep.sesam.restapi.dao.UsersDao
    public List<Users> filter(UsersFilter usersFilter) throws ServiceException {
        return fixOutput(super.filter((AbstractFilter) usersFilter));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.sep.sesam.restapi.dao.GenericDao
    public void validate(Users users) throws ServiceException {
        boolean isBypassAcl = isBypassAcl();
        setBypassAcl(true);
        Users users2 = get(users.getName());
        setBypassAcl(isBypassAcl);
        if (users2 != null && !users2.getId().equals(users.getId())) {
            throw new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.DUPLICATE_ENTRY, users.getClass().getSimpleName(), users.getName());
        }
        super.validate((UsersDaoImpl) users);
    }

    @Override // de.sep.sesam.restapi.dao.ICountableDao
    public int count() {
        return this.usersMapper.countByExample(null);
    }

    @Override // de.sep.sesam.restapi.dao.IMtimeCacheDao
    public List<Users> getByMTime(Date date) {
        if (date == null) {
            return this.usersMapper.selectByExample(null);
        }
        Example<UsersExample> example = new Example<>(UsersExample.class);
        example.createCriteria().andMTimeGreaterThan(date);
        return this.usersMapper.selectByExample(example);
    }

    @Override // de.sep.sesam.restapi.dao.UsersDao
    public /* bridge */ /* synthetic */ Users persist(Users users) throws ServiceException {
        return (Users) super.persist((UsersDaoImpl) users);
    }

    static {
        $assertionsDisabled = !UsersDaoImpl.class.desiredAssertionStatus();
        CacheFactory.add(Users.class, new MtimeCache(UsersDaoServer.class, "users", DiffCacheType.USERS));
    }
}
