package de.sep.sesam.restapi.service;

import com.jidesoft.swing.Calculator;
import de.sep.sesam.gui.common.DefaultGroupNames;
import de.sep.sesam.gui.common.DefaultUserNames;
import de.sep.sesam.gui.common.logging.ContextLogger;
import de.sep.sesam.gui.common.logging.LogGroup;
import de.sep.sesam.gui.common.logging.SesamComponent;
import de.sep.sesam.gui.common.logging.messages.SecurityMessages;
import de.sep.sesam.gui.common.logging.messages.SimpleMessage;
import de.sep.sesam.gui.server.GUIServerParam;
import de.sep.sesam.model.Groups;
import de.sep.sesam.model.Permissions;
import de.sep.sesam.model.UserAllowedHosts;
import de.sep.sesam.model.Users;
import de.sep.sesam.model.dto.GroupsDto;
import de.sep.sesam.model.type.UserOrigin;
import de.sep.sesam.restapi.authentication.SessionContext;
import de.sep.sesam.restapi.authentication.util.PasswordGenerator;
import de.sep.sesam.restapi.dao.DaoAccessor;
import de.sep.sesam.restapi.exception.ServiceException;
import de.sep.sesam.restapi.service.impl.LoginServiceImpl;
import de.sep.sesam.restapi.util.ContextLoggable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/sep/sesam/restapi/service/ConsistencyCheckService.class */
public class ConsistencyCheckService implements ContextLoggable {

    @Autowired
    private DaoAccessor daos;
    private ContextLogger logger = new ContextLogger(getClass(), SesamComponent.SERVER);
    private static final String SUPERUSER_ROLE = "SuperUser";
    private static final String ALL_ROLE = "All";
    private static final String DISABLE_ROLE = "Disabled";
    private static final String READ_ONLY_ROLE = "ReadOnly";
    private static final String RESTORE_ROLE = "Restore";
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX WARN: Multi-variable type inference failed */
    public void checkDB() throws ServiceException {
        Permissions permissions = (Permissions) this.daos.getPermissionsDao().get(1L);
        if (permissions == null) {
            this.logger.error("checkDB", LogGroup.SECURITY, new SimpleMessage("Check DB for correct UI permissions set ... FAILED. Permissions table is empty. Please force an DB update."), new Object[0]);
        }
        if (SessionContext.SKIPRIGHT_AUTH.equals(permissions.getName())) {
            this.logger.info("checkDB", LogGroup.SECURITY, new SimpleMessage("Check DB for correct UI permissions set ... SUCCEEDED."), new Object[0]);
        } else {
            this.logger.error("checkDB", LogGroup.SECURITY, new SimpleMessage("Check DB for correct UI permissions set ...FAILED. Deprecated set of permissions detected. Please force an DB update."), new Object[0]);
        }
    }

    public void checkSystemUsers(boolean z) throws ServiceException {
        this.logger.debug("checkSystemUsers", LogGroup.SECURITY, new SimpleMessage("Checking {0} user; reset = {1}"), DefaultUserNames.ADMIN_USER, Boolean.valueOf(z));
        Users users = this.daos.getUsersDao().get(DefaultUserNames.ADMIN_USER);
        if (users == null) {
            Users users2 = new Users();
            users2.setName(DefaultUserNames.ADMIN_USER);
            users2.setEnabled(true);
            users2.setPasswordExpired(false);
            users2.setOrigin(UserOrigin.SYSTEM);
            users2.setPassword(PasswordGenerator.generate());
            users2.setUsercomment("Administrator user");
            this.logger.warn("checkSystemUsers", LogGroup.SECURITY, SecurityMessages.USER_GENERATED, DefaultUserNames.ADMIN_USER, users2.getPassword());
            users2.setLocked(false);
            this.daos.getUsersDao().create(users2);
        } else if (z) {
            users.setLocked(false);
            users.setAccountExpired(false);
            users.setEnabled(true);
            users.setOrigin(UserOrigin.SYSTEM);
            users.setPasswordExpired(false);
            users.setPassword(PasswordGenerator.generate());
            this.logger.warn("checkSystemUsers", LogGroup.SECURITY, SecurityMessages.USER_RESET, DefaultUserNames.ADMIN_USER);
            this.daos.getUsersDao().update(users);
        } else if (users.getOrigin() != UserOrigin.SYSTEM) {
            users.setOrigin(UserOrigin.SYSTEM);
            this.daos.getUsersDao().update(users);
        }
        this.logger.debug("checkSystemUsers", LogGroup.SECURITY, new SimpleMessage("Checking {0} user"), DefaultUserNames.SESAM_USER, Boolean.valueOf(z));
        Users users3 = this.daos.getUsersDao().get(DefaultUserNames.SESAM_USER);
        if (users3 != null) {
            users3.setLocked(false);
            users3.setAccountExpired(false);
            users3.setEnabled(true);
            users3.setOrigin(UserOrigin.INTERNAL);
            users3.setPasswordExpired(false);
            users3.setUsercomment("Internal System user");
            this.daos.getUsersDao().update(users3);
            return;
        }
        Users users4 = new Users();
        users4.setName(DefaultUserNames.SESAM_USER);
        users4.setEnabled(true);
        users4.setPasswordExpired(false);
        users4.setOrigin(UserOrigin.INTERNAL);
        users4.setPassword(PasswordGenerator.generate());
        users4.setUsercomment("Internal System user");
        this.logger.warn("checkSystemUsers", LogGroup.SECURITY, SecurityMessages.USER_GENERATED, users4.getName());
        users4.setLocked(false);
        this.daos.getUsersDao().create(users4);
    }

    public String resetPassword(String str) throws ServiceException {
        Users users = this.daos.getUsersDao().get(str);
        if (users == null) {
            return null;
        }
        String generate = PasswordGenerator.generate();
        users.setPassword(generate);
        users.setPasswordExpired(false);
        this.daos.getUsersDao().update(users);
        return generate;
    }

    public void checkAdminGroup() throws ServiceException {
        Groups byName = this.daos.getGroupsDao().getByName(DefaultGroupNames.ADMIN);
        if (byName == null) {
            byName = new Groups();
            byName.setName(DefaultGroupNames.ADMIN);
            byName.setUsercomment("Automatically generated administration group with all permissions");
            byName.setEnabled(true);
            this.daos.getGroupsDao().create(byName);
        } else {
            byName.setEnabled(true);
            this.daos.getGroupsDao().update(byName);
        }
        Users users = this.daos.getUsersDao().get(DefaultUserNames.ADMIN_USER);
        Users users2 = this.daos.getUsersDao().get(DefaultUserNames.SESAM_USER);
        GroupsDto details = this.daos.getGroupsDao().getDetails(byName.getId());
        boolean z = false;
        boolean z2 = false;
        for (Users users3 : details.getUsers()) {
            if (users3.getId() != null && users != null && users3.getId().equals(users.getId())) {
                z = true;
            }
            if (users3.getId() != null && users2 != null && users3.getId().equals(users2.getId())) {
                z2 = true;
            }
        }
        if (!z && users != null) {
            details.getUsers().add(users);
        }
        if (!z2 && users2 != null) {
            details.getUsers().add(users2);
        }
        details.setRoles(new ArrayList());
        details.getRoles().add(this.daos.getRolesDao().getByName(SUPERUSER_ROLE));
        this.daos.getGroupsDao().persistGroup(details);
    }

    @Override // de.sep.sesam.restapi.util.ContextLoggable, de.sep.sesam.restapi.dao.IGenericDao
    public ContextLogger logger() {
        return this.logger;
    }

    public void checkPolicyUser(String str, String str2, String str3) throws ServiceException {
        String findPolicyGroup = findPolicyGroup(str3);
        this.daos.getGroupsDao().persistGroup(verifyPolicyUser(str, findPolicyGroup, this.daos.getGroupsDao().getByName(findPolicyGroup), str2));
    }

    private String findPolicyGroup(String str) {
        return str.equalsIgnoreCase("admin") ? DefaultGroupNames.ADMIN : str.equalsIgnoreCase("backup") ? DefaultGroupNames.BACKUP : str.equalsIgnoreCase("restore") ? DefaultGroupNames.RESTORE : DefaultGroupNames.OPERATOR;
    }

    public void checkPolicyGroups(GUIServerParam gUIServerParam) throws ServiceException {
        if (!$assertionsDisabled && gUIServerParam == null) {
            throw new AssertionError();
        }
        this.daos.getGroupsDao().persistGroup(verifyPolicyUser(gUIServerParam.defaultAdminUser, DefaultGroupNames.ADMIN, this.daos.getGroupsDao().getByName(DefaultGroupNames.ADMIN), null));
        Groups byName = this.daos.getGroupsDao().getByName(DefaultGroupNames.OPERATOR);
        if (byName == null) {
            byName = new Groups();
            byName.setName(DefaultGroupNames.OPERATOR);
            byName.setUsercomment("Automatically generated operator group");
            byName.setEnabled(true);
            this.daos.getGroupsDao().create(byName);
        } else {
            byName.setEnabled(true);
            this.daos.getGroupsDao().update(byName);
        }
        GroupsDto verifyPolicyUser = verifyPolicyUser(gUIServerParam.defaultOperatorUser, DefaultGroupNames.OPERATOR, byName, null);
        verifyPolicyUser.setRoles(new ArrayList());
        verifyPolicyUser.getRoles().add(this.daos.getRolesDao().getByName(READ_ONLY_ROLE));
        this.daos.getGroupsDao().persistGroup(verifyPolicyUser);
        Groups byName2 = this.daos.getGroupsDao().getByName(DefaultGroupNames.RESTORE);
        if (byName2 == null) {
            byName2 = new Groups();
            byName2.setName(DefaultGroupNames.RESTORE);
            byName2.setUsercomment("Automatically generated restore group");
            byName2.setEnabled(true);
            this.daos.getGroupsDao().create(byName2);
        } else {
            byName2.setEnabled(true);
            this.daos.getGroupsDao().update(byName2);
        }
        GroupsDto verifyPolicyUser2 = verifyPolicyUser(gUIServerParam.defaultRestoreUser, DefaultGroupNames.RESTORE, byName2, null);
        verifyPolicyUser2.setRoles(new ArrayList());
        verifyPolicyUser2.getRoles().add(this.daos.getRolesDao().getByName(RESTORE_ROLE));
        this.daos.getGroupsDao().persistGroup(verifyPolicyUser2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private GroupsDto verifyPolicyUser(String str, String str2, Groups groups, String str3) throws ServiceException {
        Users users = this.daos.getUsersDao().get(str);
        if (users == null) {
            Users users2 = new Users();
            users2.setName(str);
            users2.setEnabled(true);
            users2.setPasswordExpired(false);
            users2.setAllowHostAuth(true);
            users2.setOrigin(UserOrigin.POLICY);
            users2.setFromJavaPolicy(true);
            users2.setPassword("");
            users2.setUsercomment("Default " + str2 + " user from java_policy");
            this.logger.warn("verifyPolicyUser", LogGroup.SECURITY, "GENERATED NEW POLICY " + str2 + " USER: name={0} password={1}", str, users2.getPassword());
            users2.setLocked(false);
            users = (Users) this.daos.getUsersDao().create(users2);
        } else {
            users.setEnabled(true);
            if (users.getOrigin() == null) {
                users.setOrigin(UserOrigin.POLICY);
            }
            users.setAllowHostAuth(true);
            users.setFromJavaPolicy(true);
            users.setLocked(false);
        }
        if (users.getAllowedHosts() == null) {
            users.setAllowedHosts(new ArrayList());
        }
        if (str3 != null) {
            boolean z = false;
            Iterator<UserAllowedHosts> it = users.getAllowedHosts().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserAllowedHosts next = it.next();
                if (next.getName().equalsIgnoreCase(str3)) {
                    next.setFromJavaPolicy(true);
                    z = true;
                    break;
                }
            }
            if (!z) {
                UserAllowedHosts userAllowedHosts = new UserAllowedHosts();
                userAllowedHosts.setName(str3);
                userAllowedHosts.setFromJavaPolicy(true);
                users.getAllowedHosts().add(userAllowedHosts);
            }
        }
        this.daos.getUsersDao().update(users);
        GroupsDto details = this.daos.getGroupsDao().getDetails(groups.getId());
        boolean z2 = false;
        if (details != null) {
            Iterator<Users> it2 = details.getUsers().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (users.getPK().equals(it2.next().getPK())) {
                    z2 = true;
                    break;
                }
            }
        }
        if (!z2) {
            details.getUsers().add(users);
        }
        return details;
    }

    public void addHostToDefaultPolicyUser(String str, String str2) throws ServiceException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        GUIServerParam params = LoginServiceImpl.getParams();
        if (params == null) {
            return;
        }
        String str3 = null;
        if ("admin".equalsIgnoreCase(str)) {
            str3 = params.defaultAdminUser;
        } else if (Calculator.PROPERTY_OPERATOR.equalsIgnoreCase(str)) {
            str3 = params.defaultOperatorUser;
        } else if ("restore".equalsIgnoreCase(str)) {
            str3 = params.defaultRestoreUser;
        } else if ("backup".equalsIgnoreCase(str)) {
            str3 = params.defaultBackupUser;
        }
        if (str3 == null) {
            return;
        }
        checkPolicyUser(str3, str2, str);
    }

    public void removeAllPolicyUsersBut(List<String> list) throws ServiceException {
        for (T t : this.daos.getUsersDao().getAll()) {
            if (UserOrigin.POLICY.equals(t.getOrigin()) && (list == null || !list.contains(t.getName()))) {
                this.daos.getUsersDao().removeByObject(t);
            }
            if (!UserOrigin.POLICY.equals(t.getOrigin()) && t.isFromJavaPolicy() && (list == null || !list.contains(t.getName()))) {
                t.setFromJavaPolicy(false);
                this.daos.getUsersDao().update(t);
            }
        }
    }

    public void removeAllHostsFromDefaultPolicyUsers() throws ServiceException {
        List<UserAllowedHosts> allowedHosts;
        GUIServerParam params = LoginServiceImpl.getParams();
        if (params == null) {
            return;
        }
        for (String str : new String[]{params.defaultAdminUser, params.defaultOperatorUser, params.defaultRestoreUser, params.defaultBackupUser}) {
            Users users = this.daos.getUsersDao().get(str);
            if (users != null && (allowedHosts = users.getAllowedHosts()) != null && !allowedHosts.isEmpty()) {
                users.setAllowedHosts(null);
                this.daos.getUsersDao().update(users);
            }
        }
    }

    public void cleanUser(String str) throws ServiceException {
        Groups byName;
        GroupsDto details;
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        Users users = this.daos.getUsersDao().get(str);
        if (users != null) {
            if (users.isFromJavaPolicy() || !(DefaultUserNames.ADMIN_USER.equals(str) || DefaultUserNames.SESAM_USER.equals(str))) {
                this.daos.getUserGroupRelationsDao().removeByUser(users.getPK());
                users.setAllowedHosts(null);
                this.daos.getUsersDao().update(users);
                if ((!DefaultUserNames.ADMIN_USER.equals(str) && !DefaultUserNames.SESAM_USER.equals(str)) || (byName = this.daos.getGroupsDao().getByName(DefaultGroupNames.ADMIN)) == null || (details = this.daos.getGroupsDao().getDetails(byName.getId())) == null) {
                    return;
                }
                details.getUsers().add(users);
                this.daos.getGroupsDao().persistGroup(details);
            }
        }
    }

    static {
        $assertionsDisabled = !ConsistencyCheckService.class.desiredAssertionStatus();
    }
}
