package de.sep.sesam.restapi.service;

import de.sep.sesam.common.json.JsonUtil;
import de.sep.sesam.common.logging.LogGroup;
import de.sep.sesam.common.logging.messages.ErrorMessages;
import de.sep.sesam.common.logging.messages.SecurityMessages;
import de.sep.sesam.common.logging.messages.SimpleMessage;
import de.sep.sesam.common.security.PasswordController;
import de.sep.sesam.model.Groups;
import de.sep.sesam.model.Permissions;
import de.sep.sesam.model.Users;
import de.sep.sesam.model.core.defaults.DefaultGroupNames;
import de.sep.sesam.model.core.defaults.DefaultRoleNames;
import de.sep.sesam.model.core.defaults.DefaultUserNames;
import de.sep.sesam.model.dto.GroupsDto;
import de.sep.sesam.model.type.UserOrigin;
import de.sep.sesam.rest.exceptions.ServiceException;
import de.sep.sesam.restapi.dao.GroupsDaoServer;
import de.sep.sesam.restapi.dao.PermissionsDaoServer;
import de.sep.sesam.restapi.dao.RolesDaoServer;
import de.sep.sesam.restapi.dao.UsersDaoServer;
import de.sep.sesam.restapi.dao.sql.DynamicSqlPropertiesProvider;
import de.sep.sesam.restapi.service.util.PasswordGenerator;
import de.sep.sesam.restapi.v2.base.AbstractRestServiceImpl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/sep/sesam/restapi/service/ConsistencyCheckService.class */
public class ConsistencyCheckService extends AbstractRestServiceImpl {
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX WARN: Multi-variable type inference failed */
    public void checkDB() throws ServiceException {
        Permissions permissions = (Permissions) ((PermissionsDaoServer) getDaos().getService(PermissionsDaoServer.class)).get(1L);
        if (permissions == null) {
            getLogger().error("checkDB", LogGroup.SECURITY, new SimpleMessage("Check DB for correct UI permissions set ... FAILED. Permissions table is empty. Please force an DB update."), new Object[0]);
        } else if ("SUPERUSER".equals(permissions.getName())) {
            getLogger().info("checkDB", LogGroup.SECURITY, new SimpleMessage("Check DB for correct UI permissions set ... SUCCEEDED."), new Object[0]);
        } else {
            getLogger().error("checkDB", LogGroup.SECURITY, new SimpleMessage("Check DB for correct UI permissions set ...FAILED. Deprecated set of permissions detected. Please force an DB update."), new Object[0]);
        }
    }

    public void checkSystemUsers(boolean z) {
        getLogger().debug("checkSystemUsers", LogGroup.SECURITY, new SimpleMessage("Checking {0} user; reset = {1}"), DefaultUserNames.ADMIN_USER, Boolean.valueOf(z));
        Users byNameInternal = getByNameInternal(DefaultUserNames.ADMIN_USER);
        try {
            if (byNameInternal == null) {
                Users users = new Users();
                users.setName(DefaultUserNames.ADMIN_USER);
                users.setEnabled(true);
                users.setPasswordExpired(false);
                users.setPassword(PasswordGenerator.generate());
                users.setOrigin(UserOrigin.SYSTEM);
                users.setUsercomment("Administrator user");
                getLogger().warn("checkSystemUsers", LogGroup.SECURITY, SecurityMessages.USER_GENERATED, DefaultUserNames.ADMIN_USER, users.getPassword());
                users.setLocked(false);
                createUser(users);
            } else if (z) {
                byNameInternal.setLocked(false);
                byNameInternal.setAccountExpired(false);
                byNameInternal.setEnabled(true);
                byNameInternal.setOrigin(UserOrigin.SYSTEM);
                byNameInternal.setPasswordExpired(false);
                byNameInternal.setPassword(PasswordGenerator.generate());
                getLogger().warn("checkSystemUsers", LogGroup.SECURITY, SecurityMessages.USER_RESET, DefaultUserNames.ADMIN_USER);
                ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).update(byNameInternal);
            } else if (byNameInternal.getOrigin() != UserOrigin.SYSTEM) {
                byNameInternal.setOrigin(UserOrigin.SYSTEM);
                ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).update(byNameInternal);
            }
        } catch (ServiceException e) {
            getLogger().error("checkSystemUsers", LogGroup.ERROR, ErrorMessages.EXCEPTION, "Failed to verify system user ''{0}''. Cause: {1}", DefaultUserNames.ADMIN_USER, e.getMessage());
        }
        getLogger().debug("checkSystemUsers", LogGroup.SECURITY, new SimpleMessage("Checking {0} user"), DefaultUserNames.SESAM_USER, Boolean.valueOf(z));
        Users byNameInternal2 = getByNameInternal(DefaultUserNames.SESAM_USER);
        try {
            if (byNameInternal2 == null) {
                Users users2 = new Users();
                users2.setName(DefaultUserNames.SESAM_USER);
                users2.setEnabled(true);
                users2.setPasswordExpired(false);
                users2.setPassword(PasswordGenerator.generate());
                users2.setOrigin(UserOrigin.INTERNAL);
                users2.setUsercomment("Internal System user");
                getLogger().warn("checkSystemUsers", LogGroup.SECURITY, SecurityMessages.USER_GENERATED, users2.getName());
                users2.setLocked(false);
                createUser(users2);
            } else {
                String str = null;
                try {
                    str = JsonUtil.getString(byNameInternal2);
                } catch (IOException e2) {
                }
                byNameInternal2.setLocked(false);
                byNameInternal2.setAccountExpired(false);
                byNameInternal2.setEnabled(true);
                byNameInternal2.setOrigin(UserOrigin.INTERNAL);
                byNameInternal2.setPasswordExpired(false);
                if (StringUtils.isBlank(byNameInternal2.getPassword())) {
                    byNameInternal2.setPassword(PasswordGenerator.generate());
                }
                byNameInternal2.setUsercomment("Internal System user");
                String str2 = null;
                try {
                    str2 = JsonUtil.getString(byNameInternal2);
                } catch (IOException e3) {
                }
                if (StringUtils.equals(str, str2)) {
                    ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).update(byNameInternal2);
                }
            }
        } catch (ServiceException e4) {
            getLogger().error("checkSystemUsers", LogGroup.ERROR, ErrorMessages.EXCEPTION, "Failed to verify system user ''{0}''. Cause: {1}", DefaultUserNames.SESAM_USER, e4.getMessage());
        }
    }

    public Users getByNameInternal(String str) {
        DynamicSqlPropertiesProvider dynamicSqlPropertiesProvider;
        if (!$assertionsDisabled && !StringUtils.isNotBlank(str)) {
            throw new AssertionError();
        }
        Users users = null;
        try {
            dynamicSqlPropertiesProvider = new DynamicSqlPropertiesProvider();
        } catch (ServiceException e) {
        }
        if (!$assertionsDisabled && dynamicSqlPropertiesProvider == null) {
            throw new AssertionError();
        }
        dynamicSqlPropertiesProvider.getWhereClause().andEqualTo("name", str);
        dynamicSqlPropertiesProvider.setOrderByClause("name");
        dynamicSqlPropertiesProvider.setLimitBy(1);
        List<Users> selectDynamic = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).selectDynamic(dynamicSqlPropertiesProvider);
        if (CollectionUtils.isNotEmpty(selectDynamic)) {
            users = selectDynamic.get(0);
        }
        return users;
    }

    public Users createUser(Users users) throws ServiceException {
        if (!$assertionsDisabled && users == null) {
            throw new AssertionError();
        }
        boolean z = users.getPK() == null;
        boolean z2 = false;
        int i = 5;
        Users users2 = null;
        do {
            if (z) {
                users.setId(null);
            }
            try {
                users2 = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).create(users);
                z2 = true;
            } catch (ServiceException e) {
                if (StringUtils.containsIgnoreCase(e.getLocalizedMessage(), "duplicate key value violates unique constraint")) {
                    int i2 = i;
                    i--;
                    if (i2 > 0) {
                        if (getByNameInternal(users.getName()) != null) {
                            z2 = true;
                        }
                    }
                }
                throw e;
            }
        } while (!z2);
        return users2;
    }

    public String resetPassword(String str) throws ServiceException {
        Users byIdInternal = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getByIdInternal(str);
        if (byIdInternal == null) {
            byIdInternal = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getByNameInternal(str, new UserOrigin[0]);
        }
        if (byIdInternal == null) {
            return null;
        }
        byIdInternal.setSalt(PasswordController.getInstance().encrypt(UUID.randomUUID().toString()));
        String generate = PasswordGenerator.generate();
        byIdInternal.setPassword(generate);
        byIdInternal.setPasswordExpired(false);
        ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).update(byIdInternal);
        return generate;
    }

    public void checkSuperUserGroup() throws ServiceException {
        Groups byName = ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).getByName("SUPERUSER");
        if (byName == null) {
            byName = new Groups();
            byName.setName("SUPERUSER");
            byName.setUsercomment("Automatically generated super user group");
            byName.setEnabled(true);
            ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).create(byName);
        } else {
            byName.setEnabled(true);
            ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).update(byName);
        }
        Users byNameInternal = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getByNameInternal(DefaultUserNames.ADMIN_USER, new UserOrigin[0]);
        Users byNameInternal2 = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getByNameInternal(DefaultUserNames.SESAM_USER, new UserOrigin[0]);
        Users byNameInternal3 = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getByNameInternal("root", new UserOrigin[0]);
        GroupsDto details = ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).getDetails(byName.getId());
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (Users users : details.getUsers()) {
            if (users.getId() != null && byNameInternal != null && users.getId().equals(byNameInternal.getId())) {
                z = true;
            }
            if (users.getId() != null && byNameInternal2 != null && users.getId().equals(byNameInternal2.getId())) {
                z2 = true;
            }
            if (users.getId() != null && byNameInternal3 != null && users.getId().equals(byNameInternal3.getId())) {
                z3 = true;
            }
        }
        if (!z && byNameInternal != null) {
            details.getUsers().add(byNameInternal);
        }
        if (!z2 && byNameInternal2 != null) {
            details.getUsers().add(byNameInternal2);
        }
        if (!z3 && byNameInternal3 != null) {
            details.getUsers().add(byNameInternal3);
        }
        details.setRoles(new ArrayList());
        details.getRoles().add(((RolesDaoServer) getDaos().getService(RolesDaoServer.class)).getByName(DefaultRoleNames.SUPERUSER_ROLE));
        ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).persistGroup(details);
    }

    public void checkAdminGroup() throws ServiceException {
        Groups byName = ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).getByName(DefaultGroupNames.ADMIN);
        if (byName == null) {
            byName = new Groups();
            byName.setName(DefaultGroupNames.ADMIN);
            byName.setUsercomment("Automatically generated administration group");
            byName.setEnabled(true);
            ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).create(byName);
        } else {
            byName.setEnabled(true);
            ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).update(byName);
        }
        GroupsDto details = ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).getDetails(byName.getId());
        details.setRoles(new ArrayList());
        details.getRoles().add(((RolesDaoServer) getDaos().getService(RolesDaoServer.class)).getByName(DefaultRoleNames.ALL_ROLE));
        ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).persistGroup(details);
    }

    public void checkBackupGroup() throws ServiceException {
        Groups byName = ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).getByName(DefaultGroupNames.BACKUP);
        if (byName == null) {
            byName = new Groups();
            byName.setName(DefaultGroupNames.BACKUP);
            byName.setUsercomment("Automatically generated backup group");
            byName.setEnabled(true);
            ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).create(byName);
        } else {
            byName.setEnabled(true);
            ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).update(byName);
        }
        GroupsDto details = ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).getDetails(byName.getId());
        details.setRoles(new ArrayList());
        details.getRoles().add(((RolesDaoServer) getDaos().getService(RolesDaoServer.class)).getByName(DefaultRoleNames.BACKUP_ROLE));
        ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).persistGroup(details);
    }

    static {
        $assertionsDisabled = !ConsistencyCheckService.class.desiredAssertionStatus();
    }
}
