package org.mycore.user2;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.TypedQuery;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.JoinType;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import javax.persistence.metamodel.SingularAttribute;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mycore.access.MCRAccessManager;
import org.mycore.backend.jpa.MCREntityManagerProvider;
import org.mycore.common.MCRException;
import org.mycore.common.MCRSessionMgr;
import org.mycore.common.MCRSystemUserInformation;
import org.mycore.common.MCRUserInformation;
import org.mycore.common.MCRUtils;
import org.mycore.common.config.MCRConfiguration2;
import org.mycore.common.xml.MCRXMLFunctions;
import org.mycore.datamodel.classifications2.MCRCategoryID;
import org.mycore.datamodel.common.MCRISO8601Format;

/* loaded from: input_file:org/mycore/user2/MCRUserManager.class */
public class MCRUserManager {
    private static final int HASH_ITERATIONS = ((Integer) MCRConfiguration2.getInt("MCR.user2.HashIterations").orElse(1000)).intValue();
    private static final Logger LOGGER = LogManager.getLogger();
    private static final SecureRandom SECURE_RANDOM;
    static String table;

    public static MCRUser getUser(String str) {
        if (!str.contains("@")) {
            return getUser(str, MCRRealmFactory.getLocalRealm());
        }
        String[] split = str.split("@");
        if (split.length == 2) {
            return getUser(split[0], split[1]);
        }
        return null;
    }

    public static MCRUser getUser(String str, MCRRealm mCRRealm) {
        return getUser(str, mCRRealm.getID());
    }

    public static MCRUser getUser(String str, String str2) {
        return (MCRUser) getByNaturalID(MCREntityManagerProvider.getCurrentEntityManager(), str, str2).map(MCRUserManager::setRoles).orElseGet(() -> {
            LOGGER.warn("Could not find requested user: {}@{}", str, str2);
            return null;
        });
    }

    public static Stream<MCRUser> getUsers(String str, String str2) {
        EntityManager currentEntityManager = MCREntityManagerProvider.getCurrentEntityManager();
        TypedQuery createNamedQuery = currentEntityManager.createNamedQuery("MCRUser.byPropertyValue", MCRUser.class);
        createNamedQuery.setParameter(MCRUserAttribute_.NAME, str);
        createNamedQuery.setParameter(MCRUserAttribute_.VALUE, str2);
        MCRUserAttribute mCRUserAttribute = new MCRUserAttribute(str, str2);
        Stream filter = createNamedQuery.getResultList().stream().filter(mCRUser -> {
            return mCRUser.getAttributes().contains(mCRUserAttribute);
        });
        Objects.requireNonNull(currentEntityManager);
        return filter.peek((v1) -> {
            r1.refresh(v1);
        });
    }

    private static MCRUser setRoles(MCRUser mCRUser) {
        Collection<MCRCategoryID> roleIDs = MCRRoleManager.getRoleIDs(mCRUser);
        mCRUser.getSystemRoleIDs().clear();
        mCRUser.getExternalRoleIDs().clear();
        for (MCRCategoryID mCRCategoryID : roleIDs) {
            if (mCRCategoryID.getRootID().equals(MCRUser2Constants.ROLE_CLASSID.getRootID())) {
                mCRUser.getSystemRoleIDs().add(mCRCategoryID.getID());
            } else {
                mCRUser.getExternalRoleIDs().add(mCRCategoryID.toString());
            }
        }
        return mCRUser;
    }

    public static boolean exists(String str) {
        return exists(str, MCRRealmFactory.getLocalRealm());
    }

    public static boolean exists(String str, MCRRealm mCRRealm) {
        return exists(str, mCRRealm.getID());
    }

    public static boolean exists(String str, String str2) {
        EntityManager currentEntityManager = MCREntityManagerProvider.getCurrentEntityManager();
        CriteriaBuilder criteriaBuilder = currentEntityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Number.class);
        Root from = createQuery.from(MCRUser.class);
        return ((Number) currentEntityManager.createQuery(createQuery.select(criteriaBuilder.count(from)).where(getUserRealmCriterion(criteriaBuilder, from, str, str2))).getSingleResult()).intValue() > 0;
    }

    public static void createUser(MCRUser mCRUser) {
        if (isInvalidUser(mCRUser)) {
            throw new MCRException("User is invalid: " + mCRUser.getUserID());
        }
        if (mCRUser instanceof MCRTransientUser) {
            createUser((MCRTransientUser) mCRUser);
            return;
        }
        MCREntityManagerProvider.getCurrentEntityManager().persist(mCRUser);
        LOGGER.info(() -> {
            return "user saved: " + mCRUser.getUserID();
        });
        MCRRoleManager.storeRoleAssignments(mCRUser);
    }

    public static void createUser(MCRTransientUser mCRTransientUser) {
        if (isInvalidUser(mCRTransientUser)) {
            throw new MCRException("User is invalid: " + mCRTransientUser.getUserID());
        }
        createUser(mCRTransientUser.m7clone());
    }

    public static boolean isInvalidUser(MCRUser mCRUser) {
        if (MCRSystemUserInformation.getGuestInstance().getUserID().equals(mCRUser.getUserID())) {
            return true;
        }
        return MCRSystemUserInformation.getSystemUserInstance().getUserID().equals(mCRUser.getUserID());
    }

    public static void updateUser(MCRUser mCRUser) {
        if (isInvalidUser(mCRUser)) {
            throw new MCRException("User is invalid: " + mCRUser.getUserID());
        }
        EntityManager currentEntityManager = MCREntityManagerProvider.getCurrentEntityManager();
        Optional<MCRUser> byNaturalID = getByNaturalID(currentEntityManager, mCRUser.getUserName(), mCRUser.getRealmID());
        if (byNaturalID.isPresent()) {
            byNaturalID.ifPresent(mCRUser2 -> {
                mCRUser.internalID = mCRUser2.internalID;
                currentEntityManager.detach(mCRUser2);
                currentEntityManager.merge(mCRUser);
                MCRRoleManager.unassignRoles(mCRUser);
                MCRRoleManager.storeRoleAssignments(mCRUser);
            });
        } else {
            createUser(mCRUser);
        }
    }

    public static void deleteUser(String str) {
        if (!str.contains("@")) {
            deleteUser(str, MCRRealmFactory.getLocalRealm());
        } else {
            String[] split = str.split("@");
            deleteUser(split[0], split[1]);
        }
    }

    public static void deleteUser(String str, MCRRealm mCRRealm) {
        deleteUser(str, mCRRealm.getID());
    }

    public static void deleteUser(String str, String str2) {
        MCRUser user = getUser(str, str2);
        MCRRoleManager.unassignRoles(user);
        MCREntityManagerProvider.getCurrentEntityManager().remove(user);
    }

    public static void deleteUser(MCRUser mCRUser) {
        deleteUser(mCRUser.getUserName(), mCRUser.getRealmID());
    }

    public static List<MCRUser> listUsers(MCRUser mCRUser) {
        EntityManager currentEntityManager = MCREntityManagerProvider.getCurrentEntityManager();
        CriteriaBuilder criteriaBuilder = currentEntityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(MCRUser.class);
        Root from = createQuery.from(MCRUser.class);
        from.fetch(MCRUser_.owner);
        return currentEntityManager.createQuery(createQuery.distinct(true).where(criteriaBuilder.equal(from.get(MCRUser_.owner), mCRUser))).getResultList();
    }

    private static Predicate[] buildCondition(CriteriaBuilder criteriaBuilder, Root<MCRUser> root, String str, String str2, String str3, String str4) {
        ArrayList arrayList = new ArrayList(2);
        addEqualsPredicate(criteriaBuilder, root, MCRUser_.realmID, str2, arrayList);
        ArrayList arrayList2 = new ArrayList(3);
        addSearchPredicate(criteriaBuilder, root, MCRUser_.userName, str, arrayList2);
        addSearchPredicate(criteriaBuilder, root, MCRUser_.realName, str3, arrayList2);
        addSearchPredicate(criteriaBuilder, root, MCRUser_.EMail, str4, arrayList2);
        if (!arrayList2.isEmpty()) {
            if (1 == arrayList2.size()) {
                arrayList.add((Predicate) arrayList2.get(0));
            } else {
                arrayList.add(criteriaBuilder.or((Predicate[]) arrayList2.toArray(new Predicate[arrayList2.size()])));
            }
        }
        return (Predicate[]) arrayList.toArray(new Predicate[arrayList.size()]);
    }

    private static void addEqualsPredicate(CriteriaBuilder criteriaBuilder, Root<MCRUser> root, SingularAttribute<MCRUser, String> singularAttribute, String str, ArrayList<Predicate> arrayList) {
        if (null == str || str.isEmpty()) {
            return;
        }
        arrayList.add(criteriaBuilder.equal(root.get(singularAttribute), str));
    }

    private static void addSearchPredicate(CriteriaBuilder criteriaBuilder, Root<MCRUser> root, SingularAttribute<MCRUser, String> singularAttribute, String str, ArrayList<Predicate> arrayList) {
        if (null == str || str.isEmpty()) {
            return;
        }
        arrayList.add(buildSearchPredicate(criteriaBuilder, root, singularAttribute, str));
    }

    private static Predicate buildSearchPredicate(CriteriaBuilder criteriaBuilder, Root<MCRUser> root, SingularAttribute<MCRUser, String> singularAttribute, String str) {
        return criteriaBuilder.like(criteriaBuilder.lower(root.get(singularAttribute)), str.replace('*', '%').replace('?', '_').toLowerCase(MCRSessionMgr.getCurrentSession().getLocale()));
    }

    @Deprecated
    public static List<MCRUser> listUsers(String str, String str2, String str3) {
        return listUsers(str, str2, str3, null);
    }

    public static List<MCRUser> listUsers(String str, String str2, String str3, String str4) {
        EntityManager currentEntityManager = MCREntityManagerProvider.getCurrentEntityManager();
        CriteriaBuilder criteriaBuilder = currentEntityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(MCRUser.class);
        return currentEntityManager.createQuery(createQuery.where(buildCondition(criteriaBuilder, createQuery.from(MCRUser.class), str, str2, str3, str4))).getResultList();
    }

    @Deprecated
    public static int countUsers(String str, String str2, String str3) {
        return countUsers(str, str2, str3, null);
    }

    public static int countUsers(String str, String str2, String str3, String str4) {
        EntityManager currentEntityManager = MCREntityManagerProvider.getCurrentEntityManager();
        CriteriaBuilder criteriaBuilder = currentEntityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Number.class);
        Root from = createQuery.from(MCRUser.class);
        return ((Number) currentEntityManager.createQuery(createQuery.select(criteriaBuilder.count(from)).where(buildCondition(criteriaBuilder, from, str, str2, str3, str4))).getSingleResult()).intValue();
    }

    public static MCRUser login(String str, String str2) {
        MCRUser checkPassword = checkPassword(str, str2);
        if (checkPassword == null) {
            return null;
        }
        checkPassword.setLastLogin();
        updateUser(checkPassword);
        MCRSessionMgr.getCurrentSession().setUserInformation(checkPassword);
        return checkPassword;
    }

    public static MCRUser getCurrentUser() {
        MCRUserInformation userInformation = MCRSessionMgr.getCurrentSession().getUserInformation();
        return userInformation instanceof MCRUser ? (MCRUser) userInformation : new MCRTransientUser(userInformation);
    }

    public static MCRUser checkPassword(String str, String str2) {
        MCRUser user = getUser(str);
        if (user == null || user.getHashType() == null) {
            LOGGER.warn(() -> {
                return "User not found: " + str;
            });
            waitLoginPanalty();
            return null;
        }
        if (str2 == null) {
            LOGGER.warn("No password for user {} entered", str);
            waitLoginPanalty();
            return null;
        }
        if (!user.loginAllowed()) {
            if (user.isDisabled()) {
                LOGGER.warn("User {} was disabled!", user.getUserID());
                return null;
            }
            LOGGER.warn("Password expired for user {} on {}", user.getUserID(), MCRXMLFunctions.getISODate(user.getValidUntil(), MCRISO8601Format.COMPLETE_HH_MM_SS.toString()));
            return null;
        }
        try {
            switch (user.getHashType()) {
                case crypt:
                    String password = user.getPassword();
                    if (!MCRUtils.asCryptString(password.substring(0, 3), str2).equals(password)) {
                        waitLoginPanalty();
                        return null;
                    }
                    updatePasswordHashToSHA256(user, str2);
                    break;
                case md5:
                    if (!MCRUtils.asMD5String(1, (byte[]) null, str2).equals(user.getPassword())) {
                        waitLoginPanalty();
                        return null;
                    }
                    updatePasswordHashToSHA256(user, str2);
                    break;
                case sha1:
                    if (!MCRUtils.asSHA1String(HASH_ITERATIONS, Base64.getDecoder().decode(user.getSalt()), str2).equals(user.getPassword())) {
                        waitLoginPanalty();
                        return null;
                    }
                    updatePasswordHashToSHA256(user, str2);
                    break;
                case sha256:
                    if (!MCRUtils.asSHA256String(HASH_ITERATIONS, Base64.getDecoder().decode(user.getSalt()), str2).equals(user.getPassword())) {
                        waitLoginPanalty();
                        return null;
                    }
                    break;
                default:
                    throw new MCRException("Cannot validate hash type " + user.getHashType());
            }
            return user;
        } catch (NoSuchAlgorithmException e) {
            throw new MCRException("Error while validating login", e);
        }
    }

    private static void waitLoginPanalty() {
        try {
            Thread.sleep(3000L);
        } catch (InterruptedException e) {
        }
    }

    public static void setPassword(MCRUser mCRUser, String str) {
        MCRUserInformation userInformation = MCRSessionMgr.getCurrentSession().getUserInformation();
        MCRUser user = getUser(mCRUser.getUserName(), mCRUser.getRealmID());
        if (!(MCRAccessManager.checkPermission("administrate-users") || userInformation.equals(user.getOwner()) || (userInformation.equals(mCRUser) && user.hasNoOwner()) || !user.isLocked())) {
            throw new MCRException("You are not allowed to change password of user: " + mCRUser);
        }
        updatePasswordHashToSHA256(user, str);
        updateUser(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void updatePasswordHashToSHA256(MCRUser mCRUser, String str) {
        byte[] generateSalt = generateSalt();
        try {
            String asSHA256String = MCRUtils.asSHA256String(HASH_ITERATIONS, generateSalt, str);
            mCRUser.setSalt(Base64.getEncoder().encodeToString(generateSalt));
            mCRUser.setHashType(MCRPasswordHashType.sha256);
            mCRUser.setPassword(asSHA256String);
        } catch (Exception e) {
            throw new MCRException("Could not update user password hash to SHA-256.", e);
        }
    }

    private static byte[] generateSalt() {
        return SECURE_RANDOM.generateSeed(8);
    }

    private static Optional<MCRUser> getByNaturalID(EntityManager entityManager, String str, String str2) {
        CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(MCRUser.class);
        Root from = createQuery.from(MCRUser.class);
        from.fetch(MCRUser_.owner.getName(), JoinType.LEFT);
        try {
            return Optional.of((MCRUser) entityManager.createQuery(createQuery.distinct(true).where(getUserRealmCriterion(criteriaBuilder, from, str, str2))).getSingleResult());
        } catch (NoResultException e) {
            return Optional.empty();
        }
    }

    private static Predicate[] getUserRealmCriterion(CriteriaBuilder criteriaBuilder, Root<MCRUser> root, String str, String str2) {
        if (str2 == null) {
            str2 = MCRRealmFactory.getLocalRealm().getID();
        }
        return new Predicate[]{criteriaBuilder.equal(root.get(MCRUser_.userName), str), criteriaBuilder.equal(root.get(MCRUser_.realmID), str2)};
    }

    static {
        try {
            SECURE_RANDOM = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new MCRException("Could not initialize secure SECURE_RANDOM number", e);
        }
    }
}
