package com.helger.photon.security.login;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.annotation.ReturnsMutableObject;
import com.helger.commons.annotation.UsedViaReflection;
import com.helger.commons.callback.CallbackList;
import com.helger.commons.collection.CollectionHelper;
import com.helger.commons.scope.IScope;
import com.helger.commons.scope.ISessionScope;
import com.helger.commons.scope.mgr.ScopeManager;
import com.helger.commons.scope.singleton.AbstractGlobalSingleton;
import com.helger.commons.state.EChange;
import com.helger.commons.string.StringHelper;
import com.helger.commons.string.ToStringGenerator;
import com.helger.photon.basic.audit.AuditHelper;
import com.helger.photon.basic.auth.ICurrentUserIDProvider;
import com.helger.photon.core.login.CLogin;
import com.helger.photon.core.servlet.LogoutServlet;
import com.helger.photon.security.lock.ObjectLockManager;
import com.helger.photon.security.mgr.PhotonSecurityManager;
import com.helger.photon.security.password.GlobalPasswordSettings;
import com.helger.photon.security.user.IUser;
import com.helger.photon.security.user.UserManager;
import com.helger.photon.security.util.SecurityHelper;
import com.helger.web.scope.ISessionWebScope;
import com.helger.web.scope.session.ISessionWebScopeActivationHandler;
import com.helger.web.scope.singleton.AbstractSessionWebSingleton;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnegative;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import org.joda.time.Period;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/ph-oton-security-6.2.0.jar:com/helger/photon/security/login/LoggedInUserManager.class */
public final class LoggedInUserManager extends AbstractGlobalSingleton implements ICurrentUserIDProvider {
    public static final boolean DEFAULT_LOGOUT_ALREADY_LOGGED_IN_USER = false;
    private static final Logger s_aLogger = LoggerFactory.getLogger((Class<?>) LoggedInUserManager.class);

    @GuardedBy("m_aRWLock")
    private final Map<String, LoginInfo> m_aLoggedInUsers = new HashMap();
    private final CallbackList<IUserLoginCallback> m_aUserLoginCallbacks = new CallbackList<>();
    private final CallbackList<IUserLogoutCallback> m_aUserLogoutCallbacks = new CallbackList<>();
    private boolean m_bLogoutAlreadyLoggedInUser = false;

    /* loaded from: input_file:WEB-INF/lib/ph-oton-security-6.2.0.jar:com/helger/photon/security/login/LoggedInUserManager$InternalSessionUserHolder.class */
    public static final class InternalSessionUserHolder extends AbstractSessionWebSingleton implements ISessionWebScopeActivationHandler {
        private static final long serialVersionUID = 2322897734799334L;
        private transient IUser m_aUser;
        private String m_sUserID;
        private transient LoggedInUserManager m_aOwningMgr;

        @Deprecated
        @UsedViaReflection
        public InternalSessionUserHolder() {
        }

        @Nonnull
        static InternalSessionUserHolder getInstance() {
            return (InternalSessionUserHolder) getSessionSingleton(InternalSessionUserHolder.class);
        }

        @Nullable
        static InternalSessionUserHolder getInstanceIfInstantiated() {
            return (InternalSessionUserHolder) getSessionSingletonIfInstantiated(InternalSessionUserHolder.class);
        }

        @Nullable
        static InternalSessionUserHolder getInstanceIfInstantiatedInScope(@Nullable ISessionScope iSessionScope) {
            return (InternalSessionUserHolder) getSingletonIfInstantiated(iSessionScope, InternalSessionUserHolder.class);
        }

        private void readObject(@Nonnull ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
            objectInputStream.defaultReadObject();
            if (this.m_sUserID != null) {
                this.m_aUser = PhotonSecurityManager.getUserMgr().getUserOfID(this.m_sUserID);
                if (this.m_aUser == null) {
                    throw new IllegalStateException("Failed to resolve user with ID '" + this.m_sUserID + "'");
                }
            }
            this.m_aOwningMgr = LoggedInUserManager.getInstance();
        }

        @Override // com.helger.web.scope.session.ISessionWebScopeActivationHandler
        public void onSessionDidActivate(@Nonnull ISessionWebScope iSessionWebScope) {
            this.m_aOwningMgr.internalSessionActivateUser(this.m_aUser, iSessionWebScope);
        }

        boolean hasUser() {
            return this.m_aUser != null;
        }

        @Nullable
        String getUserID() {
            return this.m_sUserID;
        }

        void setUser(@Nonnull LoggedInUserManager loggedInUserManager, @Nonnull IUser iUser) {
            ValueEnforcer.notNull(loggedInUserManager, "OwningMgr");
            ValueEnforcer.notNull(iUser, "User");
            if (this.m_aUser != null) {
                throw new IllegalStateException("Session already has a user!");
            }
            this.m_aOwningMgr = loggedInUserManager;
            this.m_aUser = iUser;
            this.m_sUserID = iUser.getID();
        }

        void _reset() {
            this.m_aUser = null;
            this.m_sUserID = null;
            this.m_aOwningMgr = null;
        }

        @Override // com.helger.commons.scope.singleton.AbstractSingleton
        protected void onDestroy(@Nonnull IScope iScope) {
            LoggedInUserManager loggedInUserManager = this.m_aOwningMgr;
            String str = this.m_sUserID;
            _reset();
            if (loggedInUserManager != null) {
                loggedInUserManager.logoutUser(str);
            }
        }

        @Override // com.helger.commons.scope.singleton.AbstractSingleton
        public String toString() {
            return ToStringGenerator.getDerived(super.toString()).append("userID", this.m_sUserID).toString();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ph-oton-security-6.2.0.jar:com/helger/photon/security/login/LoggedInUserManager$UserLogoutCallbackUnlockAllObjects.class */
    final class UserLogoutCallbackUnlockAllObjects extends DefaultUserLogoutCallback {
        UserLogoutCallbackUnlockAllObjects() {
        }

        @Override // com.helger.photon.security.login.DefaultUserLogoutCallback, com.helger.photon.security.login.IUserLogoutCallback
        public void onUserLogout(@Nonnull LoginInfo loginInfo) {
            ObjectLockManager instanceIfInstantiated = ObjectLockManager.getInstanceIfInstantiated();
            if (instanceIfInstantiated != null) {
                instanceIfInstantiated.getDefaultLockMgr().unlockAllObjectsOfUser(loginInfo.getUserID());
            }
        }
    }

    @Deprecated
    @UsedViaReflection
    public LoggedInUserManager() {
        this.m_aUserLogoutCallbacks.addCallback(new UserLogoutCallbackUnlockAllObjects());
    }

    @Nonnull
    public static LoggedInUserManager getInstance() {
        return (LoggedInUserManager) getGlobalSingleton(LoggedInUserManager.class);
    }

    @Nonnull
    @ReturnsMutableObject("design")
    public CallbackList<IUserLoginCallback> getUserLoginCallbacks() {
        return this.m_aUserLoginCallbacks;
    }

    @Nonnull
    @ReturnsMutableObject("design")
    public CallbackList<IUserLogoutCallback> getUserLogoutCallbacks() {
        return this.m_aUserLogoutCallbacks;
    }

    public boolean isLogoutAlreadyLoggedInUser() {
        this.m_aRWLock.readLock().lock();
        try {
            return this.m_bLogoutAlreadyLoggedInUser;
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    public void setLogoutAlreadyLoggedInUser(boolean z) {
        this.m_aRWLock.writeLock().lock();
        try {
            this.m_bLogoutAlreadyLoggedInUser = z;
        } finally {
            this.m_aRWLock.writeLock().unlock();
        }
    }

    @Nonnull
    public ELoginResult loginUser(@Nullable String str, @Nullable String str2) {
        return loginUser(str, str2, (Collection<String>) null);
    }

    @Nonnull
    public ELoginResult loginUser(@Nullable String str, @Nullable String str2, @Nullable Collection<String> collection) {
        IUser userOfLoginName = PhotonSecurityManager.getUserMgr().getUserOfLoginName(str);
        if (userOfLoginName != null) {
            return loginUser(userOfLoginName, str2, collection);
        }
        AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, str, "no-such-loginname");
        return ELoginResult.USER_NOT_EXISTING;
    }

    @Nonnull
    private ELoginResult _onLoginError(@Nonnull @Nonempty String str, @Nonnull ELoginResult eLoginResult) {
        for (IUserLoginCallback iUserLoginCallback : this.m_aUserLoginCallbacks.getAllCallbacks()) {
            try {
                iUserLoginCallback.onUserLoginError(str, eLoginResult);
            } catch (Throwable th) {
                s_aLogger.error("Failed to invoke onUserLoginError callback on " + iUserLoginCallback + "(" + str + "," + eLoginResult.toString() + ")", th);
            }
        }
        return eLoginResult;
    }

    void internalSessionActivateUser(@Nonnull IUser iUser, @Nonnull ISessionScope iSessionScope) {
        ValueEnforcer.notNull(iUser, "User");
        ValueEnforcer.notNull(iSessionScope, "SessionScope");
        this.m_aRWLock.writeLock().lock();
        try {
            this.m_aLoggedInUsers.put(iUser.getID(), new LoginInfo(iUser, iSessionScope));
            this.m_aRWLock.writeLock().unlock();
        } catch (Throwable th) {
            this.m_aRWLock.writeLock().unlock();
            throw th;
        }
    }

    @Nonnull
    public ELoginResult loginUser(@Nullable IUser iUser, @Nullable String str, @Nullable Collection<String> collection) {
        if (iUser == null) {
            return ELoginResult.USER_NOT_EXISTING;
        }
        String id = iUser.getID();
        if (iUser.isDeleted()) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-is-deleted");
            return _onLoginError(id, ELoginResult.USER_IS_DELETED);
        }
        if (iUser.isDisabled()) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-is-disabled");
            return _onLoginError(id, ELoginResult.USER_IS_DISABLED);
        }
        if (!SecurityHelper.hasUserAllRoles(id, collection)) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-is-missing-required-roles", StringHelper.getToString(collection));
            return _onLoginError(id, ELoginResult.USER_IS_MISSING_ROLE);
        }
        UserManager userMgr = PhotonSecurityManager.getUserMgr();
        if (!userMgr.areUserIDAndPasswordValid(id, str)) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "invalid-password");
            return _onLoginError(id, ELoginResult.INVALID_PASSWORD);
        }
        String algorithmName = iUser.getPasswordHash().getAlgorithmName();
        String defaultPasswordHashCreatorAlgorithmName = GlobalPasswordSettings.getPasswordHashCreatorManager().getDefaultPasswordHashCreatorAlgorithmName();
        if (!algorithmName.equals(defaultPasswordHashCreatorAlgorithmName)) {
            userMgr.setUserPassword(id, str);
            s_aLogger.info("Updated password hash of user '" + id + "' from algorithm '" + algorithmName + "' to '" + defaultPasswordHashCreatorAlgorithmName + "'");
        }
        boolean z = false;
        this.m_aRWLock.writeLock().lock();
        try {
            if (this.m_aLoggedInUsers.containsKey(id)) {
                if (!isLogoutAlreadyLoggedInUser()) {
                    AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-already-logged-in");
                    ELoginResult _onLoginError = _onLoginError(id, ELoginResult.USER_ALREADY_LOGGED_IN);
                    this.m_aRWLock.writeLock().unlock();
                    return _onLoginError;
                }
                logoutUser(id);
                if (this.m_aLoggedInUsers.containsKey(id)) {
                    throw new IllegalStateException("Failed to logout '" + id + "'");
                }
                AuditHelper.onAuditExecuteSuccess("logout-in-login", id);
                z = true;
            }
            InternalSessionUserHolder internalSessionUserHolder = InternalSessionUserHolder.getInstance();
            if (internalSessionUserHolder.hasUser()) {
                s_aLogger.warn("The session user holder already has the user ID '" + internalSessionUserHolder.getUserID() + "' so the new ID '" + id + "' will not be set!");
                AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "session-already-has-user");
                ELoginResult _onLoginError2 = _onLoginError(id, ELoginResult.SESSION_ALREADY_HAS_USER);
                this.m_aRWLock.writeLock().unlock();
                return _onLoginError2;
            }
            LoginInfo loginInfo = new LoginInfo(iUser, ScopeManager.getSessionScope());
            this.m_aLoggedInUsers.put(id, loginInfo);
            internalSessionUserHolder.setUser(this, iUser);
            this.m_aRWLock.writeLock().unlock();
            s_aLogger.info("Logged in user '" + id + "' with login name '" + iUser.getLoginName() + "'");
            AuditHelper.onAuditExecuteSuccess("login-user", id, iUser.getLoginName());
            for (IUserLoginCallback iUserLoginCallback : this.m_aUserLoginCallbacks.getAllCallbacks()) {
                try {
                    iUserLoginCallback.onUserLogin(loginInfo);
                } catch (Throwable th) {
                    s_aLogger.error("Failed to invoke onUserLogin callback on " + iUserLoginCallback.toString() + "(" + loginInfo.toString() + ")", th);
                }
            }
            return z ? ELoginResult.SUCCESS_WITH_LOGOUT : ELoginResult.SUCCESS;
        } catch (Throwable th2) {
            this.m_aRWLock.writeLock().unlock();
            throw th2;
        }
    }

    @Nonnull
    public EChange logoutUser(@Nullable String str) {
        this.m_aRWLock.writeLock().lock();
        try {
            LoginInfo remove = this.m_aLoggedInUsers.remove(str);
            if (remove == null) {
                AuditHelper.onAuditExecuteSuccess(LogoutServlet.SERVLET_DEFAULT_NAME, str, "user-not-logged-in");
                EChange eChange = EChange.UNCHANGED;
                this.m_aRWLock.writeLock().unlock();
                return eChange;
            }
            InternalSessionUserHolder instanceIfInstantiatedInScope = InternalSessionUserHolder.getInstanceIfInstantiatedInScope(remove.getSessionScope());
            if (instanceIfInstantiatedInScope != null) {
                instanceIfInstantiatedInScope._reset();
            }
            remove.setLogoutDTNow();
            this.m_aRWLock.writeLock().unlock();
            s_aLogger.info("Logged out user '" + str + "' after " + new Period(remove.getLoginDT(), remove.getLogoutDT()).toString());
            AuditHelper.onAuditExecuteSuccess(LogoutServlet.SERVLET_DEFAULT_NAME, str);
            for (IUserLogoutCallback iUserLogoutCallback : this.m_aUserLogoutCallbacks.getAllCallbacks()) {
                try {
                    iUserLogoutCallback.onUserLogout(remove);
                } catch (Throwable th) {
                    s_aLogger.error("Failed to invoke onUserLogout callback on " + iUserLogoutCallback.toString() + "(" + remove.toString() + ")", th);
                }
            }
            return EChange.CHANGED;
        } catch (Throwable th2) {
            this.m_aRWLock.writeLock().unlock();
            throw th2;
        }
    }

    @Nonnull
    public EChange logoutCurrentUser() {
        return logoutUser(getCurrentUserID());
    }

    public boolean isUserLoggedIn(@Nullable String str) {
        this.m_aRWLock.readLock().lock();
        try {
            return this.m_aLoggedInUsers.containsKey(str);
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    @Nonnull
    @ReturnsMutableCopy
    public Set<String> getAllLoggedInUserIDs() {
        this.m_aRWLock.readLock().lock();
        try {
            return CollectionHelper.newSet((Collection) this.m_aLoggedInUsers.keySet());
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    @Nullable
    public LoginInfo getLoginInfo(@Nullable String str) {
        this.m_aRWLock.readLock().lock();
        try {
            return this.m_aLoggedInUsers.get(str);
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    @Nonnull
    @ReturnsMutableCopy
    public Collection<LoginInfo> getAllLoginInfos() {
        this.m_aRWLock.readLock().lock();
        try {
            return CollectionHelper.newList((Collection) this.m_aLoggedInUsers.values());
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    @Nonnegative
    public int getLoggedInUserCount() {
        this.m_aRWLock.readLock().lock();
        try {
            return this.m_aLoggedInUsers.size();
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    @Override // com.helger.photon.basic.auth.ICurrentUserIDProvider
    @Nullable
    public String getCurrentUserID() {
        InternalSessionUserHolder instanceIfInstantiated = InternalSessionUserHolder.getInstanceIfInstantiated();
        if (instanceIfInstantiated == null) {
            return null;
        }
        return instanceIfInstantiated.m_sUserID;
    }

    public boolean isUserLoggedInInCurrentSession() {
        return getCurrentUserID() != null;
    }

    public boolean isNoUserLoggedInInCurrentSession() {
        return getCurrentUserID() == null;
    }

    @Nullable
    public IUser getCurrentUser() {
        InternalSessionUserHolder instanceIfInstantiated = InternalSessionUserHolder.getInstanceIfInstantiated();
        if (instanceIfInstantiated == null) {
            return null;
        }
        return instanceIfInstantiated.m_aUser;
    }

    public boolean isCurrentUserAdministrator() {
        IUser currentUser = getCurrentUser();
        return currentUser != null && currentUser.isAdministrator();
    }

    @Override // com.helger.commons.scope.singleton.AbstractSingleton
    public String toString() {
        return ToStringGenerator.getDerived(super.toString()).append("loggedInUsers", this.m_aLoggedInUsers).append("userLoginCallbacks", this.m_aUserLoginCallbacks).append("userLogoutCallbacks", this.m_aUserLogoutCallbacks).append("logoutAlreadyLoggedInUser", this.m_bLogoutAlreadyLoggedInUser).toString();
    }
}
