package org.apache.archiva.redback.struts2.action.admin;

import com.opensymphony.xwork2.Action;
import java.util.Arrays;
import java.util.Date;
import javax.inject.Inject;
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.configuration.UserConfiguration;
import org.apache.archiva.redback.integration.interceptor.SecureActionBundle;
import org.apache.archiva.redback.integration.interceptor.SecureActionException;
import org.apache.archiva.redback.integration.model.EditUserCredentials;
import org.apache.archiva.redback.integration.util.AutoLoginCookies;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.struts2.action.AuditEvent;
import org.apache.archiva.redback.system.SecuritySession;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.struts2.ServletActionContext;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;

@Scope("prototype")
@Controller("redback-admin-account")
/* loaded from: input_file:WEB-INF/lib/redback-struts2-integration-2.0.jar:org/apache/archiva/redback/struts2/action/admin/AddAdminUserAction.class */
public class AddAdminUserAction extends AbstractAdminUserCredentialsAction {
    private static final String LOGIN_ERROR = "login-error";
    private static final String LOGIN_SUCCESS = "security-login-success";
    private static final String PASSWORD_CHANGE = "security-must-change-password";
    private static final String ACCOUNT_LOCKED = "security-login-locked";

    @Inject
    private RoleManager roleManager;

    @Inject
    private UserConfiguration config;
    private EditUserCredentials user;

    @Inject
    private AutoLoginCookies autologinCookies;

    public String show() {
        if (this.user != null) {
            return Action.INPUT;
        }
        this.user = new EditUserCredentials(this.config.getString("redback.default.admin"));
        return Action.INPUT;
    }

    public String submit() {
        if (this.user == null) {
            this.user = new EditUserCredentials(this.config.getString("redback.default.admin"));
            addActionError(getText("invalid.admin.credentials"));
            return Action.ERROR;
        }
        this.log.info("user = {}", this.user);
        this.internalUser = this.user;
        validateCredentialsStrict();
        UserManager userManager = this.securitySystem.getUserManager();
        if (userManager.userExists(this.config.getString("redback.default.admin"))) {
            addActionError(getText("admin.user.already.exists"));
            return Action.ERROR;
        }
        if (hasActionErrors() || hasFieldErrors()) {
            return Action.ERROR;
        }
        User createUser = userManager.createUser(this.config.getString("redback.default.admin"), this.user.getFullName(), this.user.getEmail());
        if (createUser == null) {
            addActionError(getText("cannot.operate.on.null.user"));
            return Action.ERROR;
        }
        createUser.setPassword(this.user.getPassword());
        createUser.setLocked(false);
        createUser.setPasswordChangeRequired(false);
        createUser.setPermanent(true);
        userManager.addUser(createUser);
        AuditEvent auditEvent = new AuditEvent(getText("log.account.create"));
        auditEvent.setAffectedUser(createUser.getUsername());
        auditEvent.log();
        try {
            this.roleManager.assignRole("system-administrator", createUser.getPrincipal().toString());
            AuditEvent auditEvent2 = new AuditEvent(getText("log.assign.role"));
            auditEvent2.setAffectedUser(createUser.getUsername());
            auditEvent2.setRole("system-administrator");
            auditEvent2.log();
            PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = new PasswordBasedAuthenticationDataSource();
            passwordBasedAuthenticationDataSource.setPrincipal(this.user.getUsername());
            passwordBasedAuthenticationDataSource.setPassword(this.user.getPassword());
            return webLogin(passwordBasedAuthenticationDataSource);
        } catch (RoleManagerException e) {
            addActionError(getText("cannot.assign.admin.role"));
            return Action.ERROR;
        }
    }

    public EditUserCredentials getUser() {
        return this.user;
    }

    public void setUser(EditUserCredentials editUserCredentials) {
        this.user = editUserCredentials;
    }

    @Override // org.apache.archiva.redback.struts2.action.AbstractSecurityAction
    public SecureActionBundle initSecureActionBundle() throws SecureActionException {
        return SecureActionBundle.OPEN;
    }

    private String webLogin(AuthenticationDataSource authenticationDataSource) {
        setAuthTokens(null);
        clearErrorsAndMessages();
        String principal = authenticationDataSource.getPrincipal();
        try {
            SecuritySession authenticate = this.securitySystem.authenticate(authenticationDataSource);
            if (authenticate.getAuthenticationResult().isAuthenticated()) {
                setAuthTokens(authenticate);
                setCookies(authenticationDataSource);
                AuditEvent auditEvent = new AuditEvent(getText("log.login.success"));
                auditEvent.setAffectedUser(principal);
                auditEvent.log();
                User user = authenticate.getUser();
                user.setLastLoginDate(new Date());
                this.securitySystem.getUserManager().updateUser(user);
                return LOGIN_SUCCESS;
            }
            this.log.debug("Login Action failed against principal : {}", authenticate.getAuthenticationResult().getPrincipal(), authenticate.getAuthenticationResult().getException());
            AuthenticationResult authenticationResult = authenticate.getAuthenticationResult();
            if (authenticationResult.getExceptionsMap() == null || authenticationResult.getExceptionsMap().isEmpty()) {
                addActionError(getText("authentication.failed"));
            } else if (authenticationResult.getExceptionsMap().get("1") != null) {
                addActionError(getText("incorrect.username.password"));
            } else {
                addActionError(getText("authentication.failed"));
            }
            AuditEvent auditEvent2 = new AuditEvent(getText("log.login.fail"));
            auditEvent2.setAffectedUser(principal);
            auditEvent2.log();
            return LOGIN_ERROR;
        } catch (AuthenticationException e) {
            addActionError(getText("authentication.exception", Arrays.asList(e.getMessage())));
            return LOGIN_ERROR;
        } catch (AccountLockedException e2) {
            addActionError(getText("account.locked"));
            AuditEvent auditEvent3 = new AuditEvent(getText("log.login.fail.locked"));
            auditEvent3.setAffectedUser(principal);
            auditEvent3.log();
            return ACCOUNT_LOCKED;
        } catch (MustChangePasswordException e3) {
            setCookies(authenticationDataSource);
            AuditEvent auditEvent4 = new AuditEvent(getText("log.login.fail.locked"));
            auditEvent4.setAffectedUser(principal);
            auditEvent4.log();
            return PASSWORD_CHANGE;
        } catch (UserNotFoundException e4) {
            addActionError(getText("user.not.found.exception", Arrays.asList(principal, e4.getMessage())));
            AuditEvent auditEvent5 = new AuditEvent(getText("log.login.fail"));
            auditEvent5.setAffectedUser(principal);
            auditEvent5.log();
            return LOGIN_ERROR;
        }
    }

    private void setCookies(AuthenticationDataSource authenticationDataSource) {
        this.autologinCookies.setSignonCookie(authenticationDataSource.getPrincipal(), ServletActionContext.getResponse(), ServletActionContext.getRequest());
    }
}
