package org.apache.directory.fortress.core.impl;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.PasswordException;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.ValidationException;
import org.apache.directory.fortress.core.model.AdminRole;
import org.apache.directory.fortress.core.model.Administrator;
import org.apache.directory.fortress.core.model.ConstraintUtil;
import org.apache.directory.fortress.core.model.ObjectFactory;
import org.apache.directory.fortress.core.model.OrgUnit;
import org.apache.directory.fortress.core.model.PwPolicy;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.RoleConstraint;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserAdminRole;
import org.apache.directory.fortress.core.model.UserRole;
import org.apache.directory.fortress.core.util.Config;
import org.apache.directory.fortress.core.util.VUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/directory/fortress/core/impl/UserP.class */
public final class UserP {
    private static final String CLS_NM = UserP.class.getName();
    private static final Logger LOG = LoggerFactory.getLogger(CLS_NM);
    private UserDAO uDao = new UserDAO();
    private PolicyP policyP = new PolicyP();
    private AdminRoleP admRoleP = new AdminRoleP();
    private OrgUnitP orgUnitP = new OrgUnitP();

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<User> search(User user) throws SecurityException {
        return this.uDao.findUsers(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<User> search(OrgUnit orgUnit, boolean z) throws SecurityException {
        return this.uDao.findUsers(orgUnit, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> search(User user, int i) throws SecurityException {
        return this.uDao.findUsers(user, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<User> getAuthorizedUsers(Role role) throws SecurityException {
        return this.uDao.getAuthorizedUsers(role);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getAssignedUsers(Set<String> set, String str) throws SecurityException {
        return this.uDao.getAssignedUsers(set, str);
    }

    List<String> getAuthorizedUsers(Role role, int i) throws SecurityException {
        return this.uDao.getAuthorizedUsers(role, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<User> getAssignedUsers(Role role) throws SecurityException {
        return this.uDao.getAssignedUsers(role, (RoleConstraint) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<User> getAssignedUsers(Role role, RoleConstraint roleConstraint) throws SecurityException {
        return this.uDao.getAssignedUsers(role, roleConstraint);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<UserRole> getAssignedUsers(Role role, RoleConstraint.RCType rCType, String str) throws SecurityException {
        return this.uDao.getUserRoles(role, rCType, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getAssignedUserIds(Role role) throws SecurityException {
        return this.uDao.getAssignedUserIds(role);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<User> getAssignedUsers(AdminRole adminRole) throws SecurityException {
        return this.uDao.getAssignedUsers(adminRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getAssignedRoles(User user) throws SecurityException {
        return this.uDao.getRoles(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User read(User user, boolean z) throws SecurityException {
        return this.uDao.getUser(user, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User add(User user) throws SecurityException {
        return add(user, true);
    }

    User add(User user, boolean z) throws SecurityException {
        if (z) {
            validate(user, false);
        }
        return this.uDao.create(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User update(User user) throws SecurityException {
        return update(user, true);
    }

    User update(User user, boolean z) throws SecurityException {
        if (z) {
            validate(user, true);
        }
        return this.uDao.update(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String softDelete(User user) throws SecurityException {
        User read = read(user, true);
        if (read.isSystem() != null && read.isSystem().booleanValue()) {
            throw new SecurityException(GlobalErrIds.USER_PLCY_VIOLATION, "softDelete userId [" + user.getUserId() + "] can't be removed due to policy violation, rc=1011");
        }
        user.setDescription("DELETED");
        return this.uDao.update(user).getDn();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String delete(User user) throws SecurityException {
        User read = read(user, true);
        if (read.isSystem() == null || !read.isSystem().booleanValue()) {
            return this.uDao.remove(user);
        }
        throw new SecurityException(GlobalErrIds.USER_PLCY_VIOLATION, "delete userId [" + user.getUserId() + "] can't be removed due to policy violation, rc=1011");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deletePwPolicy(User user) throws SecurityException {
        this.uDao.deletePwPolicy(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session authenticate(User user) throws SecurityException {
        Session checkPassword = this.uDao.checkPassword(user);
        if (checkPassword.isAuthenticated()) {
            VUtil.getInstance().validateConstraints(checkPassword, VUtil.ConstraintType.USER, false);
            return checkPassword;
        }
        throw new PasswordException(checkPassword.getErrorId(), "UserP.authenticate failed  for userId [" + user.getUserId() + "] reason code [" + checkPassword.getErrorId() + "] msg [" + checkPassword.getMsg() + "]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session createSession(User user, boolean z) throws SecurityException {
        Session createSession;
        if (z) {
            createSession = createSessionTrusted(user);
            VUtil.getInstance().validateConstraints(createSession, VUtil.ConstraintType.USER, false);
        } else {
            VUtil.assertNotNullOrEmpty(user.getPassword(), GlobalErrIds.USER_PW_NULL, CLS_NM + ".createSession");
            createSession = createSession(user);
        }
        createSession.setContextId(user.getContextId());
        if (CollectionUtils.isNotEmpty(user.getRoles())) {
            List<UserRole> roles = createSession.getRoles();
            ArrayList arrayList = new ArrayList();
            createSession.setRoles(arrayList);
            Iterator<UserRole> it = user.getRoles().iterator();
            while (it.hasNext()) {
                int indexOf = roles.indexOf(it.next());
                if (indexOf != -1) {
                    arrayList.add(roles.get(indexOf));
                }
            }
        }
        if (user.getProps() != null) {
            createSession.getUser().addProperties(user.getProperties());
        }
        VUtil.getInstance().validateConstraints(createSession, VUtil.ConstraintType.ROLE, true);
        return createSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session createSession(User user, List<RoleConstraint> list, boolean z) throws SecurityException {
        Properties properties = new Properties();
        for (RoleConstraint roleConstraint : list) {
            VUtil.assertNotNullOrEmpty(roleConstraint.getKey(), GlobalErrIds.ROLE_CONSTRAINT_KEY_NULL, CLS_NM + ".createSession");
            VUtil.assertNotNullOrEmpty(roleConstraint.getValue(), GlobalErrIds.ROLE_CONSTRAINT_VALUE_NULL, CLS_NM + ".createSession");
            properties.setProperty(roleConstraint.getKey(), roleConstraint.getValue());
        }
        user.addProperties(properties);
        return createSession(user, z);
    }

    private Session createSession(User user) throws SecurityException {
        User read = read(user, true);
        read.setContextId(user.getContextId());
        Session authenticate = authenticate(user);
        authenticate.setUser(read);
        return authenticate;
    }

    private Session createSessionTrusted(User user) throws SecurityException {
        User read = read(user, true);
        read.setContextId(user.getContextId());
        if (read.isLocked()) {
            String str = "createSession failed for userId [" + user.getUserId() + "] reason user is locked";
            LOG.warn(str);
            throw new SecurityException(GlobalErrIds.USER_LOCKED_BY_CONST, str);
        }
        Session createSession = new ObjectFactory().createSession();
        createSession.setUserId(user.getUserId());
        createSession.setAuthenticated(false);
        createSession.setUser(read);
        return createSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void lock(User user) throws SecurityException {
        this.uDao.lock(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unlock(User user) throws SecurityException {
        this.uDao.unlock(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void changePassword(User user, String str) throws SecurityException {
        String userId = user.getUserId();
        if (this.uDao.changePassword(user, str)) {
            return;
        }
        LOG.warn("changePassword failed for user [{}]", userId);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resetPassword(User user) throws SecurityException {
        this.uDao.resetUserPassword(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String assign(UserRole userRole) throws SecurityException {
        validate(userRole);
        return this.uDao.assign(userRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assign(UserRole userRole, RoleConstraint roleConstraint) throws SecurityException {
        validate(roleConstraint, userRole.getContextId());
        this.uDao.assign(userRole, roleConstraint);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deassign(UserRole userRole, RoleConstraint roleConstraint) throws SecurityException {
        this.uDao.deassign(userRole, roleConstraint);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String deassign(UserRole userRole) throws SecurityException {
        validate(userRole);
        return this.uDao.deassign(userRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String assign(UserAdminRole userAdminRole) throws SecurityException {
        validate(userAdminRole);
        return this.uDao.assign(userAdminRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String deassign(UserAdminRole userAdminRole) throws SecurityException {
        validate(userAdminRole);
        return this.uDao.deassign(userAdminRole);
    }

    private void validate(UserRole userRole) throws ValidationException {
        if (StringUtils.isEmpty(userRole.getUserId())) {
            throw new ValidationException(GlobalErrIds.USER_ID_NULL, CLS_NM + ".validate userId is NULL");
        }
        if (StringUtils.isEmpty(userRole.getName())) {
            throw new ValidationException(GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".validate name is NULL");
        }
    }

    private void validate(RoleConstraint roleConstraint, String str) throws ValidationException {
        if (roleConstraint.getType() != RoleConstraint.RCType.USER) {
            if (StringUtils.isEmpty(roleConstraint.getKey())) {
                throw new ValidationException(GlobalErrIds.PERM_ATTRIBUTE_SET_NM_NULL, CLS_NM + ".validate pa set name is NULL");
            }
            try {
                new PermP().validatePaSet(roleConstraint.getKey(), str);
            } catch (SecurityException e) {
                throw new ValidationException(GlobalErrIds.PERM_ATTRIBUTE_SET_NOT_FOUND, "validate - paSetName not found with name [" + roleConstraint.getKey() + "] caught SecurityException=" + e);
            }
        }
        if (roleConstraint.getType() == null) {
            throw new ValidationException(GlobalErrIds.ROLE_CONSTRAINT_TYPE_NULL, CLS_NM + ".validate type is NULL");
        }
        if (StringUtils.isEmpty(roleConstraint.getValue())) {
            throw new ValidationException(GlobalErrIds.ROLE_CONSTRAINT_VALUE_NULL, CLS_NM + ".validate value is NULL");
        }
    }

    private void validate(User user, boolean z) throws SecurityException {
        if (z) {
            if (StringUtils.isNotEmpty(user.getCn())) {
                VUtil.safeText(user.getCn(), 80);
            }
            if (StringUtils.isNotEmpty(user.getSn())) {
                VUtil.safeText(user.getSn(), 80);
            }
            if (StringUtils.isNotEmpty(user.getPassword())) {
                VUtil.safeText(user.getPassword(), 50);
            }
            if (StringUtils.isNotEmpty(user.getOu())) {
                VUtil.orgUnit(user.getOu());
                OrgUnit orgUnit = new OrgUnit(user.getOu(), OrgUnit.Type.USER);
                orgUnit.setContextId(user.getContextId());
                if (!this.orgUnitP.isValid(orgUnit)) {
                    throw new ValidationException(GlobalErrIds.USER_OU_INVALID, "validate detected invalid orgUnit name [" + user.getOu() + "] updating user wth userId [" + user.getUserId() + "]");
                }
            }
            if (StringUtils.isNotEmpty(user.getDescription())) {
                VUtil.description(user.getDescription());
            }
        } else {
            VUtil.userId(user.getUserId());
            if (StringUtils.isNotEmpty(user.getCn())) {
                VUtil.safeText(user.getCn(), 80);
            }
            if (StringUtils.isNotEmpty(user.getSn())) {
                VUtil.safeText(user.getSn(), 80);
            }
            if (StringUtils.isNotEmpty(user.getPassword())) {
                VUtil.safeText(user.getPassword(), 50);
            }
            if (StringUtils.isEmpty(user.getOu())) {
                throw new ValidationException(GlobalErrIds.ORG_NULL_USER, "OU validation failed, null or empty value");
            }
            VUtil.orgUnit(user.getOu());
            OrgUnit orgUnit2 = new OrgUnit(user.getOu(), OrgUnit.Type.USER);
            orgUnit2.setContextId(user.getContextId());
            if (!this.orgUnitP.isValid(orgUnit2)) {
                throw new ValidationException(GlobalErrIds.USER_OU_INVALID, "validate detected invalid orgUnit name [" + user.getOu() + "] adding user with userId [" + user.getUserId() + "]");
            }
            if (StringUtils.isNotEmpty(user.getDescription())) {
                VUtil.description(user.getDescription());
            }
        }
        if (StringUtils.isNotEmpty(user.getPwPolicy()) && (Config.getInstance().isOpenldap() || Config.getInstance().isApacheds())) {
            PwPolicy pwPolicy = new PwPolicy(user.getPwPolicy());
            pwPolicy.setContextId(user.getContextId());
            if (!this.policyP.isValid(pwPolicy)) {
                throw new ValidationException(GlobalErrIds.USER_PW_PLCY_INVALID, "validate detected invalid OpenLDAP policy name [" + user.getPwPolicy() + "] for userId [" + user.getUserId() + "]. Assignment is optional for User but must be valid if specified.");
            }
        }
        ConstraintUtil.validate(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void copyAdminAttrs(Administrator administrator, Administrator administrator2) {
        administrator2.setBeginInclusive(administrator.isBeginInclusive());
        administrator2.setEndInclusive(administrator.isEndInclusive());
        administrator2.setBeginRange(administrator.getBeginRange());
        administrator2.setEndRange(administrator.getEndRange());
        administrator2.setOsPSet(administrator.getOsPSet());
        administrator2.setOsUSet(administrator.getOsUSet());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<RoleConstraint> findRoleConstraints(Set<String> set, User user, RoleConstraint.RCType rCType, Set<String> set2) throws SecurityException {
        ArrayList arrayList = new ArrayList();
        for (UserRole userRole : this.uDao.getUser(user, true).getRoles()) {
            if (set.contains(userRole.getName())) {
                for (RoleConstraint roleConstraint : userRole.getRoleConstraints()) {
                    if (roleConstraint.getType().equals(rCType) && set2.contains(roleConstraint.getKey())) {
                        arrayList.add(roleConstraint);
                    }
                }
            }
        }
        return arrayList;
    }
}
