package net.solarnetwork.node.setup.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import net.solarnetwork.codec.JsonUtils;
import net.solarnetwork.node.backup.BackupResource;
import net.solarnetwork.node.backup.BackupResourceInfo;
import net.solarnetwork.node.backup.BackupResourceProvider;
import net.solarnetwork.node.backup.BackupResourceProviderInfo;
import net.solarnetwork.node.backup.ResourceBackupResource;
import net.solarnetwork.node.backup.SimpleBackupResourceInfo;
import net.solarnetwork.node.backup.SimpleBackupResourceProviderInfo;
import net.solarnetwork.node.dao.BasicBatchOptions;
import net.solarnetwork.node.dao.BatchableDao;
import net.solarnetwork.node.dao.SettingDao;
import net.solarnetwork.node.domain.Setting;
import net.solarnetwork.node.service.IdentityService;
import net.solarnetwork.node.setup.UserAuthenticationInfo;
import net.solarnetwork.node.setup.UserProfile;
import net.solarnetwork.node.setup.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.MessageSource;
import org.springframework.core.io.FileSystemResource;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.FileCopyUtils;

/* loaded from: input_file:net/solarnetwork/node/setup/security/SettingsUserService.class */
public class SettingsUserService implements UserService, UserDetailsService, BackupResourceProvider {
    public static final String SETTING_TYPE_USER = "solarnode.user";
    public static final String SETTING_TYPE_ROLE = "solarnode.role";
    public static final String GRANTED_AUTH_USER = "ROLE_USER";
    public static final String DEFAULT_USERS_FILE_PATH = "conf/users.json";
    private static final String BACKUP_RESOURCE_NAME_USERS_FILE = "users.json";
    private final SettingDao settingDao;
    private final IdentityService identityService;
    private final PasswordEncoder passwordEncoder;
    private MessageSource messageSource;
    private static final Pattern BCRYPT_PAT = Pattern.compile("(\\$2[abxy]\\$\\d{2}\\$.{22}).+");
    private final Logger log = LoggerFactory.getLogger(getClass());
    private String usersFilePath = DEFAULT_USERS_FILE_PATH;
    private final ObjectMapper objectMapper = JsonUtils.newObjectMapper();

    public SettingsUserService(SettingDao settingDao, IdentityService identityService, PasswordEncoder passwordEncoder) {
        this.settingDao = settingDao;
        this.identityService = identityService;
        this.passwordEncoder = passwordEncoder;
    }

    public synchronized UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        Map<String, UserEntity> loadUsersFile = loadUsersFile();
        UserDetails loadUserByUsername = loadUserByUsername(str, loadUsersFile);
        if (loadUserByUsername != null && !loadUsersFile.containsKey(str) && this.settingDao.getSetting(str, SETTING_TYPE_USER) != null) {
            long currentTimeMillis = System.currentTimeMillis();
            loadUsersFile.put(str, new UserEntity(currentTimeMillis, currentTimeMillis, str, loadUserByUsername.getPassword(), (Set) loadUserByUsername.getAuthorities().stream().map(grantedAuthority -> {
                return grantedAuthority.getAuthority();
            }).collect(Collectors.toSet())));
            saveUsersFile(loadUsersFile);
            this.settingDao.deleteSetting(str, SETTING_TYPE_USER);
            this.settingDao.deleteSetting(str, SETTING_TYPE_ROLE);
        }
        return loadUserByUsername;
    }

    private UserDetails loadUserByUsername(String str, Map<String, UserEntity> map) throws UsernameNotFoundException {
        User user = null;
        UserEntity userEntity = map.get(str);
        if (userEntity != null) {
            user = new User(str, userEntity.getPassword(), (Collection) userEntity.getRoles().stream().map(str2 -> {
                return new SimpleGrantedAuthority(str2);
            }).collect(Collectors.toList()));
        } else {
            String setting = this.settingDao.getSetting(str, SETTING_TYPE_USER);
            if (setting == null && this.identityService != null && this.passwordEncoder != null && !someUserExists(map)) {
                Long nodeId = this.identityService.getNodeId();
                if (nodeId != null && nodeId.toString().equalsIgnoreCase(str)) {
                    user = new User(str, this.passwordEncoder.encode("solar"), Collections.singleton(new SimpleGrantedAuthority(GRANTED_AUTH_USER)));
                }
            } else if (setting != null) {
                String setting2 = this.settingDao.getSetting(str, SETTING_TYPE_ROLE);
                user = new User(str, setting, setting2 != null ? Collections.singleton(new SimpleGrantedAuthority(setting2)) : Collections.emptySet());
            }
        }
        if (user == null) {
            throw new UsernameNotFoundException(str);
        }
        return user;
    }

    private synchronized Map<String, UserEntity> loadUsersFile() {
        File file = new File(this.usersFilePath);
        LinkedHashMap linkedHashMap = new LinkedHashMap(4);
        if (file.canRead()) {
            try {
                for (UserEntity userEntity : (UserEntity[]) this.objectMapper.readValue(file, UserEntity[].class)) {
                    linkedHashMap.put(userEntity.getUsername(), userEntity);
                }
            } catch (IOException e) {
                this.log.warn("Error reading users data from {}: {}", this.usersFilePath, e.getMessage());
            }
        }
        return linkedHashMap;
    }

    private synchronized void saveUsersFile(Map<String, UserEntity> map) {
        Path path = Paths.get(this.usersFilePath, new String[0]);
        try {
            Path parent = path.getParent();
            if (!Files.isDirectory(parent, new LinkOption[0])) {
                Files.createDirectories(parent, new FileAttribute[0]);
            }
            if (map == null || map.isEmpty()) {
                Files.deleteIfExists(path);
            } else {
                this.objectMapper.writeValue(path.toFile(), map.values());
                try {
                    Files.setPosixFilePermissions(path, EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE));
                } catch (UnsupportedOperationException e) {
                }
            }
        } catch (IOException e2) {
            this.log.error("Error saving users data to {}: {}", new Object[]{this.usersFilePath, e2.getMessage(), e2});
        }
    }

    public boolean someUserExists() {
        return someUserExists(loadUsersFile());
    }

    private boolean someUserExists(Map<String, UserEntity> map) {
        if (map.values().stream().filter(userEntity -> {
            return userEntity.getRoles().contains(GRANTED_AUTH_USER);
        }).findAny().isPresent()) {
            return true;
        }
        final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        final HashMap hashMap = new HashMap(2);
        this.settingDao.batchProcess(new BatchableDao.BatchCallback<Setting>() { // from class: net.solarnetwork.node.setup.security.SettingsUserService.1
            public BatchableDao.BatchCallbackResult handle(Setting setting) {
                if (setting.getType().equals(SettingsUserService.SETTING_TYPE_ROLE) && SettingsUserService.GRANTED_AUTH_USER.equals(setting.getValue())) {
                    if (hashMap.containsKey(setting.getKey())) {
                        atomicBoolean.set(true);
                        return BatchableDao.BatchCallbackResult.STOP;
                    }
                    hashMap.put(setting.getKey(), Boolean.TRUE);
                } else if (setting.getType().equals(SettingsUserService.SETTING_TYPE_USER)) {
                    if (Boolean.TRUE.equals(hashMap.get(setting.getKey()))) {
                        atomicBoolean.set(true);
                        return BatchableDao.BatchCallbackResult.STOP;
                    }
                    hashMap.put(setting.getKey(), Boolean.FALSE);
                }
                return BatchableDao.BatchCallbackResult.CONTINUE;
            }
        }, new BasicBatchOptions("FindUser"));
        return atomicBoolean.get();
    }

    public void changePassword(String str, String str2, String str3) {
        if (str2 == null || str3 == null || !str2.equals(str3)) {
            throw new IllegalArgumentException("New password not provided or does not match repeated password.");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        UserDetails userDetails = authentication == null ? null : (UserDetails) authentication.getPrincipal();
        if (userDetails == null) {
            throw new InsufficientAuthenticationException("Active user not found.");
        }
        Map<String, UserEntity> loadUsersFile = loadUsersFile();
        UserDetails loadUserByUsername = loadUserByUsername(userDetails.getUsername(), loadUsersFile);
        if (loadUserByUsername == null) {
            throw new UsernameNotFoundException("User not found");
        }
        boolean containsKey = loadUsersFile.containsKey(userDetails.getUsername());
        if (this.passwordEncoder != null) {
            if (!this.passwordEncoder.matches(str, loadUserByUsername.getPassword())) {
                throw new BadCredentialsException("Existing password does not match.");
            }
        } else if (!str.equals(loadUserByUsername.getPassword())) {
            throw new BadCredentialsException("Existing password does not match.");
        }
        String encode = this.passwordEncoder != null ? this.passwordEncoder.encode(str2) : str2;
        loadUsersFile.compute(loadUserByUsername.getUsername(), (str4, userEntity) -> {
            if (userEntity != null) {
                return userEntity.withPassword(encode);
            }
            long currentTimeMillis = System.currentTimeMillis();
            return new UserEntity(currentTimeMillis, currentTimeMillis, loadUserByUsername.getUsername(), encode, Collections.singleton(GRANTED_AUTH_USER));
        });
        saveUsersFile(loadUsersFile);
        if (containsKey) {
            return;
        }
        this.settingDao.deleteSetting(loadUserByUsername.getUsername(), SETTING_TYPE_USER);
        this.settingDao.deleteSetting(loadUserByUsername.getUsername(), SETTING_TYPE_ROLE);
    }

    public void changeUsername(String str, String str2) {
        if (str == null || str2 == null || !str.equals(str2)) {
            throw new IllegalArgumentException("New username not provided or does not match repeated username.");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        UserDetails userDetails = authentication == null ? null : (UserDetails) authentication.getPrincipal();
        if (userDetails == null) {
            throw new InsufficientAuthenticationException("Active user not found.");
        }
        Map<String, UserEntity> loadUsersFile = loadUsersFile();
        final UserDetails loadUserByUsername = loadUserByUsername(userDetails.getUsername(), loadUsersFile);
        if (loadUserByUsername == null) {
            throw new UsernameNotFoundException("User not found");
        }
        UserEntity remove = loadUsersFile.remove(userDetails.getUsername());
        if (remove != null) {
            loadUsersFile.put(str, remove.withUsername(str));
        } else {
            final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            final AtomicBoolean atomicBoolean2 = new AtomicBoolean(false);
            this.settingDao.batchProcess(new BatchableDao.BatchCallback<Setting>() { // from class: net.solarnetwork.node.setup.security.SettingsUserService.2
                public BatchableDao.BatchCallbackResult handle(Setting setting) {
                    if (setting.getType().equals(SettingsUserService.SETTING_TYPE_USER) && setting.getKey().equals(loadUserByUsername.getUsername())) {
                        atomicBoolean.set(true);
                        return atomicBoolean2.get() ? BatchableDao.BatchCallbackResult.UPDATE_STOP : BatchableDao.BatchCallbackResult.DELETE;
                    }
                    if (!setting.getType().equals(SettingsUserService.SETTING_TYPE_ROLE) || !setting.getKey().equals(loadUserByUsername.getUsername())) {
                        return BatchableDao.BatchCallbackResult.CONTINUE;
                    }
                    atomicBoolean2.set(true);
                    return atomicBoolean.get() ? BatchableDao.BatchCallbackResult.UPDATE_STOP : BatchableDao.BatchCallbackResult.DELETE;
                }
            }, new BasicBatchOptions("UpdateUser", 50, true, (Map) null));
            if (!atomicBoolean.get()) {
                UserProfile userProfile = new UserProfile();
                userProfile.setUsername(str);
                userProfile.setPassword("solar");
                userProfile.setPasswordAgain("solar");
                storeUserProfile(userProfile, loadUsersFile);
            }
        }
        saveUsersFile(loadUsersFile);
        User user = new User(str, "", Collections.singleton(new SimpleGrantedAuthority(GRANTED_AUTH_USER)));
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user, (Object) null, user.getAuthorities()));
    }

    public void storeUserProfile(UserProfile userProfile) {
        storeUserProfile(userProfile, loadUsersFile());
    }

    private void storeUserProfile(UserProfile userProfile, Map<String, UserEntity> map) {
        if (userProfile.getUsername() == null || userProfile.getPassword() == null || !userProfile.getPassword().equals(userProfile.getPasswordAgain())) {
            throw new IllegalArgumentException("Username, password, and repeated password must be provided.");
        }
        this.settingDao.storeSetting(userProfile.getUsername(), SETTING_TYPE_USER, this.passwordEncoder != null ? this.passwordEncoder.encode(userProfile.getPassword()) : userProfile.getPassword());
        this.settingDao.storeSetting(userProfile.getUsername(), SETTING_TYPE_ROLE, GRANTED_AUTH_USER);
    }

    public UserAuthenticationInfo authenticationInfo(String str) {
        try {
            UserDetails loadUserByUsername = loadUserByUsername(str);
            if (loadUserByUsername == null) {
                return null;
            }
            String password = loadUserByUsername.getPassword();
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            return new UserAuthenticationInfo(hashAlgorithmFromPassword(password, linkedHashMap), linkedHashMap);
        } catch (AuthenticationException e) {
            return null;
        }
    }

    private String hashAlgorithmFromPassword(String str, Map<String, Object> map) {
        Matcher matcher = BCRYPT_PAT.matcher(str);
        if (!matcher.matches()) {
            return null;
        }
        map.put("salt", matcher.group(1));
        return "bcrypt";
    }

    public String getKey() {
        return "net.solarnetwork.node.setup.security.SettingsUserService";
    }

    public Iterable<BackupResource> getBackupResources() {
        File file = new File(this.usersFilePath);
        if (!file.isFile() || !file.canRead()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(new ResourceBackupResource(new FileSystemResource(file), BACKUP_RESOURCE_NAME_USERS_FILE, getKey()));
        return arrayList;
    }

    public boolean restoreBackupResource(BackupResource backupResource) {
        boolean renameTo;
        if (backupResource == null || !BACKUP_RESOURCE_NAME_USERS_FILE.equalsIgnoreCase(backupResource.getBackupPath())) {
            return false;
        }
        File file = new File(this.usersFilePath);
        File parentFile = file.getParentFile();
        if (!parentFile.isDirectory() && !parentFile.mkdirs()) {
            this.log.warn("Error creating users database directory {}", parentFile.getAbsolutePath());
            return false;
        }
        synchronized (this) {
            File file2 = null;
            try {
                try {
                    file2 = File.createTempFile(".users-", ".json", parentFile);
                    FileCopyUtils.copy(backupResource.getInputStream(), new FileOutputStream(file2));
                    file2.setLastModified(backupResource.getModificationDate());
                    if (file.exists()) {
                        file.delete();
                    }
                    renameTo = file2.renameTo(file);
                    if (file2 != null && file2.exists()) {
                        file2.delete();
                    }
                } catch (Throwable th) {
                    if (0 != 0 && file2.exists()) {
                        file2.delete();
                    }
                    throw th;
                }
            } catch (IOException e) {
                this.log.error("IO error restoring user database resource {}: {}", file.getAbsolutePath(), e.getMessage());
                if (file2 != null && file2.exists()) {
                    file2.delete();
                }
                return false;
            }
        }
        return renameTo;
    }

    public BackupResourceProviderInfo providerInfo(Locale locale) {
        String str = "User Database Provider";
        String str2 = "Backs up the SolarNode user database.";
        MessageSource messageSource = this.messageSource;
        if (messageSource != null) {
            str = messageSource.getMessage("title", (Object[]) null, str, locale);
            str2 = messageSource.getMessage("desc", (Object[]) null, str2, locale);
        }
        return new SimpleBackupResourceProviderInfo(getKey(), str, str2);
    }

    public BackupResourceInfo resourceInfo(BackupResource backupResource, Locale locale) {
        String str;
        str = "Node login user information.";
        MessageSource messageSource = this.messageSource;
        return new SimpleBackupResourceInfo(backupResource.getProviderKey(), backupResource.getBackupPath(), messageSource != null ? messageSource.getMessage("users.desc", (Object[]) null, str, locale) : "Node login user information.");
    }

    public SettingDao getSettingDao() {
        return this.settingDao;
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public String getUsersFilePath() {
        return this.usersFilePath;
    }

    public void setUsersFilePath(String str) {
        this.usersFilePath = (str == null || str.isEmpty()) ? DEFAULT_USERS_FILE_PATH : str;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messageSource = messageSource;
    }
}
