package org.apache.wiki.auth.user;

import java.io.BufferedWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.Principal;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Properties;
import java.util.TreeSet;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang.StringUtils;
import org.apache.wiki.WikiEngine;
import org.apache.wiki.api.exceptions.NoRequiredPropertyException;
import org.apache.wiki.auth.NoSuchPrincipalException;
import org.apache.wiki.auth.WikiPrincipal;
import org.apache.wiki.auth.WikiSecurityException;
import org.apache.wiki.util.Serializer;
import org.apache.wiki.util.TextUtil;
import org.intabulas.sandler.elements.AtomElement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/jspwiki-main-2.11.0.M2.jar:org/apache/wiki/auth/user/XMLUserDatabase.class */
public class XMLUserDatabase extends AbstractUserDatabase {
    public static final String PROP_USERDATABASE = "jspwiki.xmlUserDatabaseFile";
    private static final String DEFAULT_USERDATABASE = "userdatabase.xml";
    private static final String ATTRIBUTES_TAG = "attributes";
    private static final String CREATED = "created";
    private static final String EMAIL = "email";
    private static final String FULL_NAME = "fullName";
    private static final String LOGIN_NAME = "loginName";
    private static final String LAST_MODIFIED = "lastModified";
    private static final String LOCK_EXPIRY = "lockExpiry";
    private static final String PASSWORD = "password";
    private static final String UID = "uid";
    private static final String USER_TAG = "user";
    private static final String WIKI_NAME = "wikiName";
    private static final String DATE_FORMAT = "yyyy.MM.dd 'at' HH:mm:ss:SSS z";
    private Document c_dom = null;
    private File c_file = null;
    private long c_lastCheck = 0;
    private long c_lastModified = 0;

    @Override // org.apache.wiki.auth.user.UserDatabase
    public synchronized void deleteByLoginName(String str) throws NoSuchPrincipalException, WikiSecurityException {
        if (this.c_dom == null) {
            throw new WikiSecurityException("FATAL: database does not exist");
        }
        NodeList elementsByTagName = this.c_dom.getDocumentElement().getElementsByTagName("user");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element = (Element) elementsByTagName.item(i);
            if (element.getAttribute("loginName").equals(str)) {
                this.c_dom.getDocumentElement().removeChild(element);
                saveDOM();
                return;
            }
        }
        throw new NoSuchPrincipalException("Not in database: " + str);
    }

    @Override // org.apache.wiki.auth.user.AbstractUserDatabase, org.apache.wiki.auth.user.UserDatabase
    public UserProfile findByEmail(String str) throws NoSuchPrincipalException {
        UserProfile findByAttribute = findByAttribute("email", str);
        if (findByAttribute != null) {
            return findByAttribute;
        }
        throw new NoSuchPrincipalException("Not in database: " + str);
    }

    @Override // org.apache.wiki.auth.user.AbstractUserDatabase, org.apache.wiki.auth.user.UserDatabase
    public UserProfile findByFullName(String str) throws NoSuchPrincipalException {
        UserProfile findByAttribute = findByAttribute("fullName", str);
        if (findByAttribute != null) {
            return findByAttribute;
        }
        throw new NoSuchPrincipalException("Not in database: " + str);
    }

    @Override // org.apache.wiki.auth.user.AbstractUserDatabase, org.apache.wiki.auth.user.UserDatabase
    public UserProfile findByLoginName(String str) throws NoSuchPrincipalException {
        UserProfile findByAttribute = findByAttribute("loginName", str);
        if (findByAttribute != null) {
            return findByAttribute;
        }
        throw new NoSuchPrincipalException("Not in database: " + str);
    }

    @Override // org.apache.wiki.auth.user.UserDatabase
    public UserProfile findByUid(String str) throws NoSuchPrincipalException {
        UserProfile findByAttribute = findByAttribute("uid", str);
        if (findByAttribute != null) {
            return findByAttribute;
        }
        throw new NoSuchPrincipalException("Not in database: " + str);
    }

    @Override // org.apache.wiki.auth.user.AbstractUserDatabase, org.apache.wiki.auth.user.UserDatabase
    public UserProfile findByWikiName(String str) throws NoSuchPrincipalException {
        UserProfile findByAttribute = findByAttribute("wikiName", str);
        if (findByAttribute != null) {
            return findByAttribute;
        }
        throw new NoSuchPrincipalException("Not in database: " + str);
    }

    @Override // org.apache.wiki.auth.user.UserDatabase
    public Principal[] getWikiNames() throws WikiSecurityException {
        if (this.c_dom == null) {
            throw new IllegalStateException("FATAL: database does not exist");
        }
        TreeSet treeSet = new TreeSet();
        NodeList elementsByTagName = this.c_dom.getElementsByTagName("user");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            String attribute = ((Element) elementsByTagName.item(i)).getAttribute("wikiName");
            if (attribute == null) {
                log.warn("Detected null wiki name in XMLUserDataBase. Check your user database.");
            } else {
                treeSet.add(new WikiPrincipal(attribute, "wikiName"));
            }
        }
        return (Principal[]) treeSet.toArray(new Principal[treeSet.size()]);
    }

    @Override // org.apache.wiki.auth.user.AbstractUserDatabase, org.apache.wiki.auth.user.UserDatabase
    public void initialize(WikiEngine wikiEngine, Properties properties) throws NoRequiredPropertyException {
        File file;
        if (wikiEngine.getRootPath() == null) {
            log.warn("Cannot identify JSPWiki root path");
            file = new File("WEB-INF/userdatabase.xml").getAbsoluteFile();
        } else {
            file = new File(wikiEngine.getRootPath() + "/WEB-INF/" + DEFAULT_USERDATABASE);
        }
        String stringProperty = TextUtil.getStringProperty(properties, PROP_USERDATABASE, file.getAbsolutePath());
        if (stringProperty == null) {
            log.warn("XML user database property jspwiki.xmlUserDatabaseFile not found; trying " + file);
            this.c_file = file;
        } else {
            this.c_file = new File(stringProperty);
        }
        log.info("XML user database at " + this.c_file.getAbsolutePath());
        buildDOM();
        sanitizeDOM();
    }

    private void buildDOM() {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setValidating(false);
        newInstance.setExpandEntityReferences(false);
        newInstance.setIgnoringComments(true);
        newInstance.setNamespaceAware(false);
        try {
            this.c_dom = newInstance.newDocumentBuilder().parse(this.c_file);
            log.debug("Database successfully initialized");
            this.c_lastModified = this.c_file.lastModified();
            this.c_lastCheck = System.currentTimeMillis();
        } catch (FileNotFoundException e) {
            log.info("User database not found; creating from scratch...");
        } catch (IOException e2) {
            log.error("IO error: " + e2.getMessage());
        } catch (ParserConfigurationException e3) {
            log.error("Configuration error: " + e3.getMessage());
        } catch (SAXException e4) {
            log.error("SAX error: " + e4.getMessage());
        }
        if (this.c_dom == null) {
            try {
                this.c_dom = newInstance.newDocumentBuilder().newDocument();
                this.c_dom.appendChild(this.c_dom.createElement("users"));
            } catch (ParserConfigurationException e5) {
                log.fatal("Could not create in-memory DOM");
            }
        }
    }

    private void saveDOM() throws WikiSecurityException {
        if (this.c_dom == null) {
            log.fatal("User database doesn't exist in memory.");
        }
        File file = new File(this.c_file.getAbsolutePath() + ".new");
        try {
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(file), "UTF-8"));
            bufferedWriter.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
            bufferedWriter.write("<users>\n");
            NodeList elementsByTagName = this.c_dom.getDocumentElement().getElementsByTagName("user");
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                Element element = (Element) elementsByTagName.item(i);
                bufferedWriter.write("    <user ");
                bufferedWriter.write("uid");
                bufferedWriter.write("=\"" + element.getAttribute("uid") + "\" ");
                bufferedWriter.write("loginName");
                bufferedWriter.write("=\"" + element.getAttribute("loginName") + "\" ");
                bufferedWriter.write("wikiName");
                bufferedWriter.write("=\"" + element.getAttribute("wikiName") + "\" ");
                bufferedWriter.write("fullName");
                bufferedWriter.write("=\"" + element.getAttribute("fullName") + "\" ");
                bufferedWriter.write("email");
                bufferedWriter.write("=\"" + element.getAttribute("email") + "\" ");
                bufferedWriter.write("password");
                bufferedWriter.write("=\"" + element.getAttribute("password") + "\" ");
                bufferedWriter.write("created");
                bufferedWriter.write("=\"" + element.getAttribute("created") + "\" ");
                bufferedWriter.write(LAST_MODIFIED);
                bufferedWriter.write("=\"" + element.getAttribute(LAST_MODIFIED) + "\" ");
                bufferedWriter.write(LOCK_EXPIRY);
                bufferedWriter.write("=\"" + element.getAttribute(LOCK_EXPIRY) + "\" ");
                bufferedWriter.write(AtomElement.HTMLTAG_CLOSE);
                NodeList elementsByTagName2 = element.getElementsByTagName("attributes");
                for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                    String extractText = extractText((Element) elementsByTagName2.item(i2));
                    bufferedWriter.write("\n        <attributes>");
                    bufferedWriter.write(extractText);
                    bufferedWriter.write("</attributes>");
                }
                bufferedWriter.write("\n    </user>\n");
            }
            bufferedWriter.write("</users>");
            bufferedWriter.close();
            File file2 = new File(this.c_file.getAbsolutePath() + ".old");
            if (file2.exists() && !file2.delete()) {
                log.error("Could not delete old user database backup: " + file2);
            }
            if (!this.c_file.renameTo(file2)) {
                log.error("Could not create user database backup: " + file2);
            }
            if (file.renameTo(this.c_file)) {
                return;
            }
            log.error("Could not save database: " + file2 + " restoring backup.");
            if (!file2.renameTo(this.c_file)) {
                log.error("Restore failed. Check the file permissions.");
            }
            log.error("Could not save database: " + this.c_file + ". Check the file permissions");
        } catch (IOException e) {
            throw new WikiSecurityException(e.getLocalizedMessage(), e);
        }
    }

    private void checkForRefresh() {
        if (System.currentTimeMillis() - this.c_lastCheck <= 60000 || this.c_file.lastModified() <= this.c_lastModified) {
            return;
        }
        buildDOM();
    }

    @Override // org.apache.wiki.auth.user.UserDatabase
    public synchronized void rename(String str, String str2) throws NoSuchPrincipalException, DuplicateUserException, WikiSecurityException {
        if (this.c_dom == null) {
            log.fatal("Could not rename profile '" + str + "'; database does not exist");
            throw new IllegalStateException("FATAL: database does not exist");
        }
        checkForRefresh();
        UserProfile findByLoginName = findByLoginName(str);
        if (findByLoginName(str2) != null) {
            throw new DuplicateUserException("security.error.cannot.rename", str2);
        }
        NodeList elementsByTagName = this.c_dom.getElementsByTagName("user");
        int i = 0;
        while (true) {
            if (i >= elementsByTagName.getLength()) {
                break;
            }
            Element element = (Element) elementsByTagName.item(i);
            if (element.getAttribute("loginName").equals(str)) {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
                Date date = new Date(System.currentTimeMillis());
                setAttribute(element, "loginName", str2);
                setAttribute(element, LAST_MODIFIED, simpleDateFormat.format(date));
                findByLoginName.setLoginName(str2);
                findByLoginName.setLastModified(date);
                break;
            }
            i++;
        }
        saveDOM();
    }

    @Override // org.apache.wiki.auth.user.AbstractUserDatabase, org.apache.wiki.auth.user.UserDatabase
    public synchronized void save(UserProfile userProfile) throws WikiSecurityException {
        if (this.c_dom == null) {
            log.fatal("Could not save profile " + userProfile + " database does not exist");
            throw new IllegalStateException("FATAL: database does not exist");
        }
        checkForRefresh();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
        String loginName = userProfile.getLoginName();
        NodeList elementsByTagName = this.c_dom.getElementsByTagName("user");
        Element element = null;
        int i = 0;
        while (true) {
            if (i >= elementsByTagName.getLength()) {
                break;
            }
            Element element2 = (Element) elementsByTagName.item(i);
            if (element2.getAttribute("loginName").equals(loginName)) {
                element = element2;
                break;
            }
            i++;
        }
        boolean z = false;
        Date date = new Date(System.currentTimeMillis());
        if (element == null) {
            userProfile.setCreated(date);
            log.info("Creating new user " + loginName);
            element = this.c_dom.createElement("user");
            this.c_dom.getDocumentElement().appendChild(element);
            setAttribute(element, "created", simpleDateFormat.format(userProfile.getCreated()));
            z = true;
        } else {
            NodeList elementsByTagName2 = element.getElementsByTagName("attributes");
            for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                element.removeChild(elementsByTagName2.item(i2));
            }
        }
        setAttribute(element, "uid", userProfile.getUid());
        setAttribute(element, LAST_MODIFIED, simpleDateFormat.format(date));
        setAttribute(element, "loginName", userProfile.getLoginName());
        setAttribute(element, "fullName", userProfile.getFullname());
        setAttribute(element, "wikiName", userProfile.getWikiName());
        setAttribute(element, "email", userProfile.getEmail());
        Date lockExpiry = userProfile.getLockExpiry();
        setAttribute(element, LOCK_EXPIRY, lockExpiry == null ? "" : simpleDateFormat.format(lockExpiry));
        String password = userProfile.getPassword();
        if (password != null && !password.equals("") && !element.getAttribute("password").equals(password)) {
            setAttribute(element, "password", getHash(password));
        }
        if (userProfile.getAttributes().size() > 0) {
            try {
                String serializeToBase64 = Serializer.serializeToBase64(userProfile.getAttributes());
                Element createElement = this.c_dom.createElement("attributes");
                element.appendChild(createElement);
                createElement.appendChild(this.c_dom.createTextNode(serializeToBase64));
            } catch (IOException e) {
                throw new WikiSecurityException("Could not save user profile attribute. Reason: " + e.getMessage(), e);
            }
        }
        if (z) {
            userProfile.setCreated(date);
        }
        userProfile.setLastModified(date);
        saveDOM();
    }

    private UserProfile findByAttribute(String str, String str2) {
        if (this.c_dom == null) {
            throw new IllegalStateException("FATAL: database does not exist");
        }
        checkForRefresh();
        NodeList elementsByTagName = this.c_dom.getElementsByTagName("user");
        if (elementsByTagName == null) {
            return null;
        }
        boolean z = str.equals("email") ? false : true;
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element = (Element) elementsByTagName.item(i);
            String attribute = element.getAttribute(str);
            if (!z) {
                attribute = StringUtils.lowerCase(attribute);
                str2 = StringUtils.lowerCase(str2);
            }
            if (attribute.equals(str2)) {
                UserProfile newProfile = newProfile();
                newProfile.setUid(element.getAttribute("uid"));
                if (newProfile.getUid() == null || newProfile.getUid().length() == 0) {
                    newProfile.setUid(generateUid(this));
                }
                newProfile.setLoginName(element.getAttribute("loginName"));
                newProfile.setFullname(element.getAttribute("fullName"));
                newProfile.setPassword(element.getAttribute("password"));
                newProfile.setEmail(element.getAttribute("email"));
                String attribute2 = element.getAttribute("created");
                String attribute3 = element.getAttribute(LAST_MODIFIED);
                newProfile.setCreated(parseDate(newProfile, attribute2));
                newProfile.setLastModified(parseDate(newProfile, attribute3));
                String attribute4 = element.getAttribute(LOCK_EXPIRY);
                if (attribute4 == null || attribute4.length() == 0) {
                    newProfile.setLockExpiry(null);
                } else {
                    newProfile.setLockExpiry(new Date(Long.parseLong(attribute4)));
                }
                NodeList elementsByTagName2 = element.getElementsByTagName("attributes");
                for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                    try {
                        newProfile.getAttributes().putAll(Serializer.deserializeFromBase64(extractText((Element) elementsByTagName2.item(i2))));
                    } catch (IOException e) {
                        log.error("Could not parse user profile attributes!", e);
                    }
                }
                return newProfile;
            }
        }
        return null;
    }

    private String extractText(Element element) {
        String str = "";
        if (element.getChildNodes().getLength() > 0) {
            NodeList childNodes = element.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 3) {
                    str = str + ((Text) item).getData();
                }
            }
        }
        return str;
    }

    private Date parseDate(UserProfile userProfile, String str) {
        try {
            return new SimpleDateFormat(DATE_FORMAT).parse(str);
        } catch (ParseException e) {
            try {
                return DateFormat.getDateTimeInstance().parse(str);
            } catch (ParseException e2) {
                log.warn("Could not parse 'created' or 'lastModified' attribute for  profile '" + userProfile.getLoginName() + "'. It may have been tampered with.");
                return null;
            }
        }
    }

    private void sanitizeDOM() {
        if (this.c_dom == null) {
            throw new IllegalStateException("FATAL: database does not exist");
        }
        NodeList elementsByTagName = this.c_dom.getElementsByTagName("user");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element = (Element) elementsByTagName.item(i);
            String trim = element.getAttribute("uid").trim();
            if (trim == null || trim.length() == 0 || "-1".equals(trim)) {
                element.setAttribute("uid", String.valueOf(generateUid(this)));
            }
            String attribute = element.getAttribute("loginName");
            String attribute2 = element.getAttribute("created");
            String attribute3 = element.getAttribute(LAST_MODIFIED);
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
            try {
                attribute2 = simpleDateFormat.format(simpleDateFormat.parse(attribute2));
                attribute3 = simpleDateFormat.format(simpleDateFormat.parse(attribute3));
                element.setAttribute("created", attribute2);
                element.setAttribute(LAST_MODIFIED, attribute3);
            } catch (ParseException e) {
                try {
                    String format = simpleDateFormat.format(DateFormat.getDateTimeInstance().parse(attribute2));
                    String format2 = simpleDateFormat.format(DateFormat.getDateTimeInstance().parse(attribute3));
                    element.setAttribute("created", format);
                    element.setAttribute(LAST_MODIFIED, format2);
                } catch (ParseException e2) {
                    log.warn("Could not parse 'created' or 'lastModified' attribute for profile '" + attribute + "'. It may have been tampered with.");
                }
            }
        }
    }

    private void setAttribute(Element element, String str, String str2) {
        if (str2 != null) {
            element.setAttribute(str, str2);
        }
    }
}
