package org.mycore.user2;

import java.io.IOException;
import java.net.URLEncoder;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jdom2.Attribute;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.filter.Filters;
import org.jdom2.xpath.XPathFactory;
import org.mycore.access.MCRAccessManager;
import org.mycore.common.MCRSessionMgr;
import org.mycore.common.MCRSystemUserInformation;
import org.mycore.common.config.MCRConfiguration;
import org.mycore.common.content.MCRJAXBContent;
import org.mycore.common.content.MCRJDOMContent;
import org.mycore.datamodel.common.MCRISO8601Date;
import org.mycore.frontend.servlets.MCRServlet;
import org.mycore.frontend.servlets.MCRServletJob;
import org.mycore.services.i18n.MCRTranslation;
import org.mycore.user2.utils.MCRUserTransformer;

/* loaded from: input_file:org/mycore/user2/MCRUserServlet.class */
public class MCRUserServlet extends MCRServlet {
    private static final long serialVersionUID = 1;
    private static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone("UTC");
    private static final Logger LOGGER = LogManager.getLogger(MCRUserServlet.class);

    public void doGetPost(MCRServletJob mCRServletJob) throws Exception {
        MCRUser currentUser;
        HttpServletRequest request = mCRServletJob.getRequest();
        HttpServletResponse response = mCRServletJob.getResponse();
        if (forbidIfGuest(response)) {
            return;
        }
        String parameter = request.getParameter("action");
        String parameter2 = request.getParameter("id");
        if (parameter2 == null || parameter2.trim().length() == 0) {
            currentUser = MCRUserManager.getCurrentUser();
            parameter2 = currentUser != null ? String.valueOf(currentUser.getUserID()) : null;
            if (!(currentUser instanceof MCRTransientUser)) {
                currentUser = MCRUserManager.getUser(parameter2);
            }
        } else {
            currentUser = MCRUserManager.getUser(parameter2);
        }
        if ("show".equals(parameter)) {
            showUser(request, response, currentUser, parameter2);
            return;
        }
        if ("save".equals(parameter)) {
            saveUser(request, response);
            return;
        }
        if ("saveCurrentUser".equals(parameter)) {
            saveCurrentUser(request, response);
            return;
        }
        if ("changeMyPassword".equals(parameter)) {
            redirectToPasswordChangePage(request, response);
            return;
        }
        if ("password".equals(parameter)) {
            changePassword(request, response, currentUser, parameter2);
        } else if ("delete".equals(parameter)) {
            deleteUser(request, response, currentUser);
        } else {
            listUsers(request, response);
        }
    }

    private void redirectToPasswordChangePage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        MCRUser currentUser = MCRUserManager.getCurrentUser();
        if (!checkUserIsNotNull(httpServletResponse, currentUser, null) || checkUserIsLocked(httpServletResponse, currentUser) || checkUserIsDisabled(httpServletResponse, currentUser)) {
            return;
        }
        String passwordChangeURL = currentUser.getRealm().getPasswordChangeURL();
        if (passwordChangeURL == null) {
            httpServletResponse.sendError(500, MCRTranslation.translate("component.user2.UserServlet.missingRealPasswortChangeURL", currentUser.getRealmID()));
        } else {
            httpServletResponse.sendRedirect(passwordChangeURL);
        }
    }

    private static boolean checkUserIsNotNull(HttpServletResponse httpServletResponse, MCRUser mCRUser, String str) throws IOException {
        if (mCRUser != null) {
            return true;
        }
        httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.currentUserUnknown", str == null ? MCRSessionMgr.getCurrentSession().getUserInformation().getUserID() : str));
        return false;
    }

    private static boolean checkUserIsLocked(HttpServletResponse httpServletResponse, MCRUser mCRUser) throws IOException {
        if (!mCRUser.isLocked()) {
            return false;
        }
        httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.isLocked", mCRUser.getUserID()));
        return true;
    }

    private static boolean checkUserIsDisabled(HttpServletResponse httpServletResponse, MCRUser mCRUser) throws IOException {
        if (!mCRUser.isDisabled()) {
            return false;
        }
        httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.isDisabled", mCRUser.getUserID()));
        return true;
    }

    private static boolean forbidIfGuest(HttpServletResponse httpServletResponse) throws IOException {
        if (!MCRSessionMgr.getCurrentSession().getUserInformation().equals(MCRSystemUserInformation.getGuestInstance())) {
            return false;
        }
        httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.noGuestAction"));
        return true;
    }

    private void showUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MCRUser mCRUser, String str) throws Exception {
        MCRUser currentUser = MCRUserManager.getCurrentUser();
        if (checkUserIsNotNull(httpServletResponse, currentUser, null) && checkUserIsNotNull(httpServletResponse, mCRUser, str)) {
            if (!(MCRAccessManager.checkPermission("administrate-users") || currentUser.equals(mCRUser) || currentUser.equals(mCRUser.getOwner()))) {
                httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.noAdminPermission"));
            } else {
                LOGGER.info("show user {} {} {}", mCRUser.getUserID(), mCRUser.getUserName(), mCRUser.getRealmID());
                getLayoutService().doLayout(httpServletRequest, httpServletResponse, getContent(mCRUser));
            }
        }
    }

    public static boolean checkUserName(String str) {
        String id = MCRRealmFactory.getLocalRealm().getID();
        return str == null || id == null || !MCRUserManager.exists(str, id);
    }

    private void saveCurrentUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        MCRUser currentUser = MCRUserManager.getCurrentUser();
        if (!checkUserIsNotNull(httpServletResponse, currentUser, null) || checkUserIsLocked(httpServletResponse, currentUser) || checkUserIsDisabled(httpServletResponse, currentUser)) {
            return;
        }
        if (!currentUser.hasNoOwner() && currentUser.isLocked()) {
            httpServletResponse.sendError(403);
            return;
        }
        updateBasicUserInfo(((Document) httpServletRequest.getAttribute("MCRXEditorSubmission")).getRootElement(), currentUser);
        MCRUserManager.updateUser(currentUser);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("MCRUserServlet?action=show"));
    }

    private void saveUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        MCRUser user;
        MCRUser currentUser = MCRUserManager.getCurrentUser();
        if (checkUserIsNotNull(httpServletResponse, currentUser, null)) {
            boolean checkPermission = MCRAccessManager.checkPermission("administrate-users");
            if (!(checkPermission || MCRAccessManager.checkPermission("create-users"))) {
                httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.noCreatePermission"));
                return;
            }
            Element rootElement = ((Document) httpServletRequest.getAttribute("MCRXEditorSubmission")).getRootElement();
            String attributeValue = rootElement.getAttributeValue("name");
            String id = MCRRealmFactory.getLocalRealm().getID();
            if (checkPermission) {
                id = rootElement.getAttributeValue("realm");
            }
            boolean exists = MCRUserManager.exists(attributeValue, id);
            if (exists) {
                user = MCRUserManager.getUser(attributeValue, id);
                if (!checkPermission && !currentUser.equals(user) && !currentUser.equals(user.getOwner())) {
                    httpServletResponse.sendError(403);
                    return;
                }
            } else {
                user = new MCRUser(attributeValue, id);
                LOGGER.info("create new user {} {}", attributeValue, id);
                String childText = rootElement.getChildText("password");
                if (childText != null && childText.trim().length() > 0 && user.getRealm().equals(MCRRealmFactory.getLocalRealm())) {
                    MCRUserManager.updatePasswordHashToSHA256(user, childText);
                }
            }
            Attribute attribute = (Attribute) XPathFactory.instance().compile("password/@hint", Filters.attribute()).evaluateFirst(rootElement);
            String value = attribute == null ? null : attribute.getValue();
            if (value != null && value.trim().length() == 0) {
                value = null;
            }
            user.setHint(value);
            updateBasicUserInfo(rootElement, user);
            if (checkPermission) {
                user.setLocked(Boolean.valueOf("true".equals(rootElement.getAttributeValue("locked"))));
                user.setDisabled(Boolean.valueOf("true".equals(rootElement.getAttributeValue("disabled"))));
                Element child = rootElement.getChild("owner");
                if (child == null || child.getAttributes().isEmpty()) {
                    user.setOwner(null);
                } else {
                    String attributeValue2 = child.getAttributeValue("name");
                    String attributeValue3 = child.getAttributeValue("realm");
                    MCRUser user2 = MCRUserManager.getUser(attributeValue2, attributeValue3);
                    if (!checkUserIsNotNull(httpServletResponse, user2, attributeValue2 + "@" + attributeValue3)) {
                        return;
                    } else {
                        user.setOwner(user2);
                    }
                }
                String childTextTrim = rootElement.getChildTextTrim("validUntil");
                if (childTextTrim == null || childTextTrim.length() == 0) {
                    user.setValidUntil(null);
                } else {
                    String str = childTextTrim;
                    if (childTextTrim.length() == 10) {
                        str = convertToUTC(childTextTrim, "yyyy-MM-dd");
                    }
                    user.setValidUntil(new MCRISO8601Date(str).getDate());
                }
            } else {
                user.setRealm(MCRRealmFactory.getLocalRealm());
                user.setOwner(currentUser);
            }
            Element child2 = rootElement.getChild("roles");
            if (child2 != null) {
                user.getSystemRoleIDs().clear();
                user.getExternalRoleIDs().clear();
                Iterator it = child2.getChildren("role").iterator();
                while (it.hasNext()) {
                    String attributeValue4 = ((Element) it.next()).getAttributeValue("name");
                    if (checkPermission || currentUser.isUserInRole(attributeValue4)) {
                        user.assignRole(attributeValue4);
                    } else {
                        LOGGER.warn("Current user {} has not the permission to add user to group {}", currentUser.getUserID(), attributeValue4);
                    }
                }
            }
            if (exists) {
                MCRUserManager.updateUser(user);
            } else {
                MCRUserManager.createUser(user);
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("MCRUserServlet?action=show&id=" + URLEncoder.encode(user.getUserID(), "UTF-8")));
        }
    }

    private String convertToUTC(String str, String str2) throws ParseException {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(str2, Locale.ROOT);
        simpleDateFormat.setTimeZone(UTC_TIME_ZONE);
        SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSX", Locale.ROOT);
        Date parse = simpleDateFormat.parse(str);
        simpleDateFormat2.setTimeZone(UTC_TIME_ZONE);
        return simpleDateFormat2.format(parse);
    }

    private void updateBasicUserInfo(Element element, MCRUser mCRUser) {
        String childText = element.getChildText("realName");
        if (childText != null && childText.trim().length() == 0) {
            childText = null;
        }
        mCRUser.setRealName(childText);
        String childText2 = element.getChildText("eMail");
        if (childText2 != null && childText2.trim().length() == 0) {
            childText2 = null;
        }
        mCRUser.setEMail(childText2);
        Element child = element.getChild("attributes");
        if (child != null) {
            List<Element> children = child.getChildren("attribute");
            mCRUser.getAttributes().clear();
            for (Element element2 : children) {
                mCRUser.getAttributes().put(element2.getAttributeValue("name"), element2.getAttributeValue("value"));
            }
        }
    }

    private void changePassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MCRUser mCRUser, String str) throws Exception {
        MCRUser currentUser = MCRUserManager.getCurrentUser();
        if (checkUserIsNotNull(httpServletResponse, currentUser, null) && checkUserIsNotNull(httpServletResponse, mCRUser, str)) {
            if (!(MCRAccessManager.checkPermission("administrate-users") || currentUser.equals(mCRUser.getOwner()) || (currentUser.equals(mCRUser) && currentUser.hasNoOwner()) || !currentUser.isLocked())) {
                httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.noAdminPermission"));
                return;
            }
            LOGGER.info("change password of user {} {} {}", mCRUser.getUserID(), mCRUser.getUserName(), mCRUser.getRealmID());
            MCRUserManager.setPassword(mCRUser, ((Document) httpServletRequest.getAttribute("MCRXEditorSubmission")).getRootElement().getChildText("password"));
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("MCRUserServlet?action=show&XSL.step=changedPassword&id=" + URLEncoder.encode(mCRUser.getUserID(), "UTF-8")));
        }
    }

    private void deleteUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MCRUser mCRUser) throws Exception {
        if (!(MCRAccessManager.checkPermission("administrate-users") || MCRUserManager.getCurrentUser().equals(mCRUser.getOwner()))) {
            httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.noAdminPermission"));
            return;
        }
        LOGGER.info("delete user {} {} {}", mCRUser.getUserID(), mCRUser.getUserName(), mCRUser.getRealmID());
        MCRUserManager.deleteUser(mCRUser);
        getLayoutService().doLayout(httpServletRequest, httpServletResponse, getContent(mCRUser));
    }

    private MCRJAXBContent<MCRUser> getContent(MCRUser mCRUser) {
        return new MCRJAXBContent<>(MCRUserTransformer.JAXB_CONTEXT, mCRUser.getSafeCopy());
    }

    private void listUsers(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        MCRUser currentUser = MCRUserManager.getCurrentUser();
        List<MCRUser> listUsers = MCRUserManager.listUsers(currentUser);
        boolean checkPermission = MCRAccessManager.checkPermission("administrate-users");
        if (!(checkPermission || MCRAccessManager.checkPermission("create-users") || !listUsers.isEmpty())) {
            httpServletResponse.sendError(403, MCRTranslation.translate("component.user2.UserServlet.noCreatePermission"));
            return;
        }
        Element element = new Element("users");
        List<MCRUser> list = null;
        if (checkPermission) {
            String parameter = httpServletRequest.getParameter("search");
            if (parameter == null || parameter.trim().length() == 0) {
                parameter = null;
            }
            if (parameter != null) {
                element.setAttribute("search", parameter);
                parameter = "*" + parameter + "*";
            }
            LOGGER.info("search users like {}", parameter);
            int i = MCRConfiguration.instance().getInt("MCR.user2.Users.MaxResults", 100);
            int countUsers = MCRUserManager.countUsers(parameter, null, parameter);
            if (countUsers < i && countUsers > 0) {
                list = MCRUserManager.listUsers(parameter, null, parameter);
            }
            element.setAttribute("num", String.valueOf(countUsers));
            element.setAttribute("max", String.valueOf(i));
        } else {
            LOGGER.info("list owned users of {} {}", currentUser.getUserName(), currentUser.getRealmID());
            list = listUsers;
        }
        if (list != null) {
            for (MCRUser mCRUser : list) {
                Element detachRootElement = MCRUserTransformer.buildBasicXML(mCRUser).detachRootElement();
                addString(detachRootElement, "realName", mCRUser.getRealName());
                addString(detachRootElement, "eMail", mCRUser.getEMailAddress());
                element.addContent(detachRootElement);
            }
        }
        getLayoutService().doLayout(httpServletRequest, httpServletResponse, new MCRJDOMContent(element));
    }

    private void addString(Element element, String str, String str2) {
        if (str2 == null || str2.trim().length() <= 0) {
            return;
        }
        element.addContent(new Element(str).setText(str2.trim()));
    }
}
