package de.sep.sesam.restapi.v2.users.impl;

import de.sep.sesam.common.security.PasswordController;
import de.sep.sesam.common.text.I18n;
import de.sep.sesam.model.Credentials;
import de.sep.sesam.model.Groups;
import de.sep.sesam.model.Roles;
import de.sep.sesam.model.Users;
import de.sep.sesam.model.cli.CertificateResultDto;
import de.sep.sesam.model.core.defaults.DefaultUserNames;
import de.sep.sesam.rest.exceptions.ObjectNotFoundException;
import de.sep.sesam.rest.exceptions.OperationNotPossibleException;
import de.sep.sesam.rest.exceptions.ServiceException;
import de.sep.sesam.restapi.authentication.SecurityContextSourceDataProvider;
import de.sep.sesam.restapi.authentication.util.LdapQueryUtil;
import de.sep.sesam.restapi.core.filter.UsersFilter;
import de.sep.sesam.restapi.dao.CredentialsDao;
import de.sep.sesam.restapi.dao.GroupsDaoServer;
import de.sep.sesam.restapi.dao.RolesDaoServer;
import de.sep.sesam.restapi.dao.UsersDaoServer;
import de.sep.sesam.restapi.v2.base.AbstractWritableRestServiceImpl;
import de.sep.sesam.restapi.v2.users.UsersServiceServer;
import de.sep.sesam.restapi.v2.users.dto.GenerateUserCertificatesDto;
import de.sep.sesam.security.CertificateGenerateUtils;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.Name;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.operator.OperatorCreationException;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/sep/sesam/restapi/v2/users/impl/UsersServiceImpl.class */
public class UsersServiceImpl extends AbstractWritableRestServiceImpl<Users, Long> implements UsersServiceServer {
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // de.sep.sesam.restapi.core.interfaces.IWritableRestService, de.sep.sesam.restapi.dao.AccountsDao
    public Users create(Users users) throws ServiceException {
        return ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).create(users);
    }

    @Override // de.sep.sesam.restapi.core.interfaces.IWritableRestService, de.sep.sesam.restapi.dao.AccountsDao
    public Users update(Users users) throws ServiceException {
        return ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).update(users);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // de.sep.sesam.restapi.core.interfaces.IWritableRestService
    public Long delete(Long l) throws ServiceException {
        return ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).remove(l);
    }

    @Override // de.sep.sesam.restapi.core.interfaces.IReadableRestService
    public Long pkFromString(String str) throws ServiceException {
        return ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).pkFromString(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.sep.sesam.restapi.core.interfaces.IReadableRestService
    public Users get(Long l) throws ServiceException {
        return (Users) ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).get(l);
    }

    @Override // de.sep.sesam.restapi.core.interfaces.IReadableRestService
    public List<Users> getAll() throws ServiceException {
        return ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getAll();
    }

    @Override // de.sep.sesam.restapi.core.interfaces.IReadableRestService
    public Class<Users> getEntityClass() {
        return Users.class;
    }

    @Override // de.sep.sesam.restapi.v2.users.UsersService, de.sep.sesam.restapi.core.interfaces.ISearchableRestService
    public List<Users> find(UsersFilter usersFilter) throws ServiceException {
        return ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).filter(usersFilter);
    }

    @Override // de.sep.sesam.restapi.v2.users.UsersService
    public List<Groups> groups(Long l) throws ServiceException {
        Users users = new Users();
        users.setId(l);
        return ((GroupsDaoServer) getDaos().getService(GroupsDaoServer.class)).getGroupsByUser(users);
    }

    @Override // de.sep.sesam.restapi.v2.users.UsersService
    public List<Roles> roles(Long l) throws ServiceException {
        List<Groups> groups = groups(l);
        ArrayList arrayList = new ArrayList();
        Iterator<Groups> it = groups.iterator();
        while (it.hasNext()) {
            arrayList.addAll(((RolesDaoServer) getDaos().getService(RolesDaoServer.class)).getByGroup(it.next()));
        }
        return arrayList;
    }

    @Override // de.sep.sesam.restapi.v2.users.UsersService
    public List<String> generateUserCertificates(GenerateUserCertificatesDto generateUserCertificatesDto) throws ServiceException {
        if (generateUserCertificatesDto == null || StringUtils.isBlank(generateUserCertificatesDto.getUsername())) {
            return Collections.emptyList();
        }
        try {
            return CertificateGenerateUtils.generateUserCertificate(generateUserCertificatesDto.getUsername());
        } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException | OperatorCreationException e) {
            throw new OperationNotPossibleException(e, OperationNotPossibleException.ONPMessage.EXCEPTION, e.getLocalizedMessage());
        }
    }

    @Override // de.sep.sesam.restapi.v2.users.UsersService
    public CertificateResultDto generateCertificateCli(GenerateUserCertificatesDto generateUserCertificatesDto) throws ServiceException {
        if (generateUserCertificatesDto == null) {
            throw new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.INVALID_REQUEST, "generate certificate", "dto is NULL");
        }
        Users byIdInternal = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getByIdInternal(generateUserCertificatesDto.getUsername());
        if (byIdInternal == null) {
            byIdInternal = ((UsersDaoServer) getDaos().getService(UsersDaoServer.class)).getByName(generateUserCertificatesDto.getUsername());
        }
        if (byIdInternal == null) {
            throw new ObjectNotFoundException("user", generateUserCertificatesDto.getUsername());
        }
        try {
            List<String> generateUserCertificate = CertificateGenerateUtils.generateUserCertificate(byIdInternal.getName());
            if (CollectionUtils.isEmpty(generateUserCertificate) || CollectionUtils.size(generateUserCertificate) < 3) {
                throw new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.EXCEPTION, I18n.get("UserSettingsPanel.Message.EmptyResult", new Object[0]));
            }
            char[] charArray = ("#" + byIdInternal.getName() + "#").toCharArray();
            String str = generateUserCertificate.get(2);
            if (StringUtils.isNotBlank(str)) {
                byIdInternal.setThumbprint(format(PasswordController.getInstance().decrypt(charArray, str)));
                update(byIdInternal);
            }
            return new CertificateResultDto(generateUserCertificate.get(1), generateUserCertificatesDto.getFile(), byIdInternal.getName(), null);
        } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException | OperatorCreationException e) {
            throw new OperationNotPossibleException(e, OperationNotPossibleException.ONPMessage.EXCEPTION, e.getLocalizedMessage());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.sep.sesam.restapi.v2.users.UsersService
    public List<String> fetchLdapUserNames(Long l) throws ServiceException {
        Credentials credentials = (Credentials) ((CredentialsDao) getDaos().getService(CredentialsDao.class)).get(l);
        if (!$assertionsDisabled && credentials == null) {
            throw new AssertionError();
        }
        String path = credentials.getPath();
        String osAccessName = credentials.getOsAccessName();
        SecurityContextSourceDataProvider build = SecurityContextSourceDataProvider.builder().withUrl(path).withBase(getBaseFromManagerDn(osAccessName)).withUser(osAccessName).withPassword(restoreSecret(credentials.getSecret())).build();
        return (List) LdapQueryUtil.getLdapTemplate(build, build.getUser(), build.getPassword()).list((Name) LdapUtils.newLdapName("CN=Users")).stream().map(str -> {
            return StringUtils.removeStart(str, "CN=");
        }).filter(str2 -> {
            return (str2.equals(DefaultUserNames.ADMIN_USER) || str2.equals(DefaultUserNames.SESAM_USER)) ? false : true;
        }).collect(Collectors.toList());
    }

    protected String restoreSecret(String str) {
        if (str == null) {
            return null;
        }
        String decrypt = PasswordController.getInstance().decrypt(str);
        return decrypt != null ? decrypt : str;
    }

    private String getBaseFromManagerDn(String str) {
        String str2 = "";
        if (StringUtils.isNotBlank(str)) {
            List list = null;
            String[] split = StringUtils.split(str, ",");
            if (ArrayUtils.isNotEmpty(split)) {
                list = (List) Stream.of((Object[]) split).filter(str3 -> {
                    return StringUtils.startsWithAny(StringUtils.lowerCase(str3), "o=", "dc=");
                }).collect(Collectors.toList());
            }
            if (CollectionUtils.isNotEmpty(list)) {
                str2 = String.join(",", list);
            }
        }
        return str2;
    }

    private String format(String str) {
        StringBuilder sb = new StringBuilder(str.toUpperCase());
        int i = 2;
        while (true) {
            int i2 = i;
            if (i2 >= sb.length()) {
                return sb.toString();
            }
            sb.insert(i2, ":");
            i = i2 + 1 + 2;
        }
    }

    @Override // de.sep.sesam.restapi.v2.users.UsersService
    public /* bridge */ /* synthetic */ Long deleteByEntity(Users users) throws ServiceException {
        return (Long) super.deleteByEntity((UsersServiceImpl) users);
    }

    static {
        $assertionsDisabled = !UsersServiceImpl.class.desiredAssertionStatus();
    }
}
