package org.apache.ranger.biz;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.persistence.Query;
import org.apache.log4j.Logger;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.DateUtil;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConfigUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXGroupPermission;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXPortalUserRole;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUserPermission;
import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XPortalUserService;
import org.apache.ranger.service.XUserPermissionService;
import org.apache.ranger.view.VXGroupPermission;
import org.apache.ranger.view.VXPasswordChange;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXPortalUserList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
import org.apache.ranger.view.VXUserPermission;
import org.apache.velocity.Template;
import org.apache.velocity.app.VelocityEngine;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/ranger/biz/UserMgr.class */
public class UserMgr {

    @Autowired
    RangerDaoManager daoManager;

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    StringUtil stringUtil;

    @Autowired
    SearchUtil searchUtil;

    @Autowired
    RangerBizUtil msBizUtil;

    @Autowired
    SessionMgr sessionMgr;

    @Autowired
    VelocityEngine velocityEngine;
    Template t;

    @Autowired
    DateUtil dateUtil;

    @Autowired
    RangerConfigUtil configUtil;

    @Autowired
    XPortalUserService xPortalUserService;

    @Autowired
    XUserPermissionService xUserPermissionService;

    @Autowired
    XGroupPermissionService xGroupPermissionService;

    @Autowired
    XUserMgr xUserMgr;

    @Autowired
    GUIDUtil guidUtil;
    String[] publicRoles = {RangerConstants.ROLE_USER, RangerConstants.ROLE_OTHER};
    static final Logger logger = Logger.getLogger(UserMgr.class);
    private static final Md5PasswordEncoder md5Encoder = new Md5PasswordEncoder();
    private static final ShaPasswordEncoder sha256Encoder = new ShaPasswordEncoder(256);
    private static final List<String> DEFAULT_ROLE_LIST = new ArrayList(1);
    private static final List<String> VALID_ROLE_LIST = new ArrayList(2);

    public UserMgr() {
        if (logger.isDebugEnabled()) {
            logger.debug("UserMgr()");
        }
    }

    public XXPortalUser createUser(VXPortalUser vXPortalUser, int i, Collection<String> collection) {
        XXPortalUser mapVXPortalUserToXXPortalUser = mapVXPortalUserToXXPortalUser(vXPortalUser);
        checkAdminAccess();
        return createUser(mapVXPortalUserToXXPortalUser, i, collection);
    }

    public XXPortalUser createUser(XXPortalUser xXPortalUser, int i, Collection<String> collection) {
        xXPortalUser.setStatus(i);
        xXPortalUser.setPassword(encrypt(xXPortalUser.getLoginId(), xXPortalUser.getPassword()));
        XXPortalUser create = this.daoManager.getXXPortalUser().create(xXPortalUser);
        ArrayList arrayList = new ArrayList();
        if (collection != null) {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                XXPortalUserRole addUserRole = addUserRole(create.getId(), it.next());
                if (addUserRole != null) {
                    arrayList.add(addUserRole);
                }
            }
        }
        return create;
    }

    public XXPortalUser createUser(VXPortalUser vXPortalUser, int i) {
        ArrayList arrayList = new ArrayList();
        Collection<String> userRoleList = vXPortalUser.getUserRoleList();
        if (userRoleList == null || userRoleList.size() <= 0) {
            arrayList.add(RangerConstants.ROLE_USER);
        } else {
            Iterator<String> it = userRoleList.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        return createUser(vXPortalUser, i, arrayList);
    }

    public XXPortalUser updateUser(VXPortalUser vXPortalUser) {
        boolean z;
        XXPortalUser byId = this.daoManager.getXXPortalUser().getById(vXPortalUser.getId());
        if (byId == null) {
            logger.error("updateUser(). User not found. userProfile=" + vXPortalUser);
            return null;
        }
        checkAccess(byId);
        if (vXPortalUser.getStatus() != byId.getStatus()) {
        }
        String emailAddress = vXPortalUser.getEmailAddress();
        if (this.stringUtil.isEmpty(emailAddress)) {
            vXPortalUser.setEmailAddress(null);
        } else {
            if (!this.stringUtil.validateEmail(emailAddress)) {
                throw this.restErrorUtil.createRESTException("Please provide valid email address.", MessageEnums.INVALID_INPUT_DATA);
            }
            XXPortalUser findByEmailAddress = this.daoManager.getXXPortalUser().findByEmailAddress(emailAddress);
            if (findByEmailAddress != null) {
                String loginId = vXPortalUser.getLoginId();
                if (loginId == null) {
                    throw this.restErrorUtil.createRESTException("Invalid user, please provide valid username.", MessageEnums.INVALID_INPUT_DATA);
                }
                if (!loginId.equals(findByEmailAddress.getLoginId())) {
                    throw this.restErrorUtil.createRESTException("The email address you've provided already exists in system.", MessageEnums.INVALID_INPUT_DATA);
                }
                vXPortalUser.setEmailAddress(emailAddress);
            } else {
                vXPortalUser.setEmailAddress(emailAddress);
            }
        }
        if ("null".equalsIgnoreCase(vXPortalUser.getFirstName())) {
            vXPortalUser.setFirstName("");
        }
        if (!this.stringUtil.isEmpty(vXPortalUser.getFirstName()) && !vXPortalUser.getFirstName().equals(byId.getFirstName())) {
            vXPortalUser.setFirstName(this.stringUtil.toCamelCaseAllWords(vXPortalUser.getFirstName()));
        }
        if ("null".equalsIgnoreCase(vXPortalUser.getLastName())) {
            vXPortalUser.setLastName("");
        }
        if (!this.stringUtil.isEmpty(vXPortalUser.getLastName()) && !vXPortalUser.getLastName().equals(byId.getLastName())) {
            vXPortalUser.setLastName(this.stringUtil.toCamelCaseAllWords(vXPortalUser.getLastName()));
        }
        if (vXPortalUser.getFirstName() == null || vXPortalUser.getLastName() == null || vXPortalUser.getFirstName().trim().isEmpty() || vXPortalUser.getLastName().trim().isEmpty()) {
            vXPortalUser.setPublicScreenName(byId.getLoginId());
            z = true;
        } else {
            vXPortalUser.setPublicScreenName(vXPortalUser.getFirstName() + " " + vXPortalUser.getLastName());
            z = true;
        }
        updateRoles(vXPortalUser.getId(), vXPortalUser.getUserRoleList());
        if (z) {
            List<XXTrxLog> transactionLog = this.xPortalUserService.getTransactionLog(vXPortalUser, byId, "update");
            vXPortalUser.setPassword(byId.getPassword());
            this.xPortalUserService.updateResource(vXPortalUser);
            this.sessionMgr.resetUserSessionForProfiles(ContextUtil.getCurrentUserSession());
            this.msBizUtil.createTrxLog(transactionLog);
        }
        return byId;
    }

    public boolean updateRoles(Long l, Collection<String> collection) {
        boolean z = false;
        if (collection == null || collection.size() == 0) {
            return false;
        }
        List<XXPortalUserRole> findByUserId = this.daoManager.getXXPortalUserRole().findByUserId(l);
        for (XXPortalUserRole xXPortalUserRole : findByUserId) {
            boolean z2 = false;
            Iterator<String> it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (xXPortalUserRole.getUserRole().equalsIgnoreCase(it.next())) {
                    z2 = true;
                    break;
                }
            }
            if (!z2 && deleteUserRole(l, xXPortalUserRole)) {
                z = true;
            }
        }
        for (String str : collection) {
            boolean z3 = false;
            Iterator<XXPortalUserRole> it2 = findByUserId.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (it2.next().getUserRole().equalsIgnoreCase(str)) {
                    z3 = true;
                    break;
                }
            }
            if (!z3 && addUserRole(l, str) != null) {
                z = true;
            }
        }
        return z;
    }

    public void setUserRoles(Long l, List<VXString> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<VXString> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getValue());
        }
        this.xUserMgr.checkAccessRoles(arrayList);
        this.xUserMgr.updateUserRolesPermissions(getUserProfile(l), arrayList);
    }

    public VXResponse changePassword(VXPasswordChange vXPasswordChange) {
        VXResponse vXResponse = new VXResponse();
        checkAccessForUpdate(this.daoManager.getXXPortalUser().findByLoginId(ContextUtil.getCurrentUserLoginId()));
        XXPortalUser findByLoginId = this.daoManager.getXXPortalUser().findByLoginId(vXPasswordChange.getLoginId());
        if (findByLoginId == null) {
            logger.warn("SECURITY:changePassword(). User not found. LoginId=" + vXPasswordChange.getLoginId());
            throw this.restErrorUtil.createRESTException("serverMsg.userMgrInvalidUser", MessageEnums.DATA_NOT_FOUND, null, null, vXPasswordChange.getLoginId());
        }
        if (!this.stringUtil.equals(encrypt(vXPasswordChange.getLoginId(), vXPasswordChange.getOldPassword()), findByLoginId.getPassword())) {
            logger.info("changePassword(). Invalid old password. LoginId=" + vXPasswordChange.getLoginId());
            throw this.restErrorUtil.createRESTException("serverMsg.userMgrOldPassword", MessageEnums.INVALID_INPUT_DATA, null, null, vXPasswordChange.getLoginId());
        }
        if (!this.stringUtil.validatePassword(vXPasswordChange.getUpdPassword(), new String[]{findByLoginId.getFirstName(), findByLoginId.getLastName(), findByLoginId.getLoginId()})) {
            logger.warn("SECURITY:changePassword(). Invalid new password. LoginId=" + vXPasswordChange.getLoginId());
            throw this.restErrorUtil.createRESTException("serverMsg.userMgrNewPassword", MessageEnums.INVALID_PASSWORD, null, null, vXPasswordChange.getLoginId());
        }
        String encrypt = encrypt(vXPasswordChange.getLoginId(), vXPasswordChange.getUpdPassword());
        String password = findByLoginId.getPassword();
        if (encrypt.equals(password)) {
            vXResponse.setMsgDesc("Password update failed");
            vXResponse.setStatusCode(1);
            throw this.restErrorUtil.createRESTException("serverMsg.userMgrNewPassword", MessageEnums.INVALID_INPUT_DATA, findByLoginId.getId(), "password", findByLoginId.toString());
        }
        ArrayList arrayList = new ArrayList();
        XXTrxLog xXTrxLog = new XXTrxLog();
        xXTrxLog.setAttributeName("Password");
        xXTrxLog.setPreviousValue(password);
        xXTrxLog.setNewValue(encrypt);
        xXTrxLog.setAction("password change");
        xXTrxLog.setObjectClassType(7);
        xXTrxLog.setObjectId(vXPasswordChange.getId());
        xXTrxLog.setObjectName(vXPasswordChange.getLoginId());
        arrayList.add(xXTrxLog);
        this.msBizUtil.createTrxLog(arrayList);
        findByLoginId.setPassword(encrypt);
        this.daoManager.getXXPortalUser().update(findByLoginId);
        vXResponse.setMsgDesc("Password successfully updated");
        vXResponse.setStatusCode(0);
        return vXResponse;
    }

    public VXPortalUser changeEmailAddress(XXPortalUser xXPortalUser, VXPasswordChange vXPasswordChange) {
        checkAccessForUpdate(xXPortalUser);
        if (this.stringUtil.isEmpty(vXPasswordChange.getEmailAddress())) {
            throw this.restErrorUtil.createRESTException("serverMsg.userMgrInvalidEmail", MessageEnums.INVALID_INPUT_DATA, vXPasswordChange.getId(), "emailAddress", vXPasswordChange.toString());
        }
        String encrypt = encrypt(xXPortalUser.getLoginId(), vXPasswordChange.getOldPassword());
        if (!this.stringUtil.validateEmail(vXPasswordChange.getEmailAddress())) {
            logger.info("Invalid email address." + vXPasswordChange);
            throw this.restErrorUtil.createRESTException("serverMsg.userMgrInvalidEmail", MessageEnums.INVALID_INPUT_DATA, vXPasswordChange.getId(), "emailAddress", vXPasswordChange.toString());
        }
        if (!this.stringUtil.equals(encrypt, xXPortalUser.getPassword())) {
            logger.info("changeEmailAddress(). Invalid  password. changeEmail=" + vXPasswordChange);
            throw this.restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword", MessageEnums.OPER_NO_PERMISSION, null, null, "" + vXPasswordChange);
        }
        xXPortalUser.setEmailAddress(this.stringUtil.normalizeEmail(vXPasswordChange.getEmailAddress()));
        xXPortalUser.setPassword(encrypt(xXPortalUser.getLoginId(), vXPasswordChange.getOldPassword()));
        this.daoManager.getXXPortalUser().update(xXPortalUser);
        return mapXXPortalUserVXPortalUser(xXPortalUser);
    }

    public VXPortalUser deactivateUser(XXPortalUser xXPortalUser) {
        checkAdminAccess();
        if (xXPortalUser == null || xXPortalUser.getStatus() == 5) {
            return null;
        }
        logger.info("Marking user " + xXPortalUser.getLoginId() + " as deleted");
        xXPortalUser.setStatus(5);
        return mapXXPortalUserVXPortalUser(this.daoManager.getXXPortalUser().update(xXPortalUser));
    }

    public VXPortalUser getUserProfile(Long l) {
        XXPortalUser byId = this.daoManager.getXXPortalUser().getById(l);
        if (byId != null) {
            checkAccess(byId);
            return mapXXPortalUserVXPortalUser(byId);
        }
        if (!logger.isDebugEnabled()) {
            return null;
        }
        logger.debug("User not found. userId=" + l);
        return null;
    }

    public VXPortalUser getUserProfileByLoginId() {
        return getUserProfileByLoginId(ContextUtil.getCurrentUserLoginId());
    }

    public VXPortalUser getUserProfileByLoginId(String str) {
        XXPortalUser findByLoginId = this.daoManager.getXXPortalUser().findByLoginId(str);
        if (findByLoginId != null) {
            return mapXXPortalUserVXPortalUser(findByLoginId);
        }
        if (!logger.isDebugEnabled()) {
            return null;
        }
        logger.debug("User not found. loginId=" + str);
        return null;
    }

    public XXPortalUser mapVXPortalUserToXXPortalUser(VXPortalUser vXPortalUser) {
        XXPortalUser xXPortalUser = new XXPortalUser();
        xXPortalUser.setEmailAddress(vXPortalUser.getEmailAddress());
        if ("null".equalsIgnoreCase(vXPortalUser.getFirstName())) {
            vXPortalUser.setFirstName("");
        }
        xXPortalUser.setFirstName(vXPortalUser.getFirstName());
        if ("null".equalsIgnoreCase(vXPortalUser.getLastName())) {
            vXPortalUser.setLastName("");
        }
        xXPortalUser.setLastName(vXPortalUser.getLastName());
        if (vXPortalUser.getLoginId() == null || vXPortalUser.getLoginId().trim().isEmpty() || "null".equalsIgnoreCase(vXPortalUser.getLoginId())) {
            throw this.restErrorUtil.createRESTException("LoginId should not be null or blank, It is", MessageEnums.INVALID_INPUT_DATA);
        }
        xXPortalUser.setLoginId(vXPortalUser.getLoginId());
        xXPortalUser.setPassword(vXPortalUser.getPassword());
        xXPortalUser.setUserSource(vXPortalUser.getUserSource());
        xXPortalUser.setPublicScreenName(vXPortalUser.getPublicScreenName());
        if (vXPortalUser.getFirstName() == null || vXPortalUser.getLastName() == null || vXPortalUser.getFirstName().trim().isEmpty() || vXPortalUser.getLastName().trim().isEmpty()) {
            xXPortalUser.setPublicScreenName(vXPortalUser.getLoginId());
        } else {
            xXPortalUser.setPublicScreenName(vXPortalUser.getFirstName() + " " + vXPortalUser.getLastName());
        }
        return xXPortalUser;
    }

    public VXPortalUser mapXXPortalUserToVXPortalUser(XXPortalUser xXPortalUser, Collection<String> collection) {
        UserSessionBase currentUserSession;
        if (xXPortalUser == null || (currentUserSession = ContextUtil.getCurrentUserSession()) == null) {
            return null;
        }
        VXPortalUser vXPortalUser = new VXPortalUser();
        gjUserToUserProfile(xXPortalUser, vXPortalUser);
        if (currentUserSession.isUserAdmin() || currentUserSession.isKeyAdmin() || currentUserSession.getXXPortalUser().getId().equals(xXPortalUser.getId())) {
            if (collection == null) {
                collection = new ArrayList();
                Iterator<XXPortalUserRole> it = this.daoManager.getXXPortalUserRole().findByParentId(xXPortalUser.getId()).iterator();
                while (it.hasNext()) {
                    collection.add(it.next().getUserRole());
                }
            }
            vXPortalUser.setUserRoleList(collection);
        }
        vXPortalUser.setUserSource(xXPortalUser.getUserSource());
        return vXPortalUser;
    }

    private void gjUserToUserProfile(XXPortalUser xXPortalUser, VXPortalUser vXPortalUser) {
        UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
        if (currentUserSession == null) {
            return;
        }
        if (currentUserSession.isUserAdmin() || currentUserSession.isKeyAdmin() || currentUserSession.getXXPortalUser().getId().equals(xXPortalUser.getId())) {
            vXPortalUser.setLoginId(xXPortalUser.getLoginId());
            vXPortalUser.setStatus(xXPortalUser.getStatus());
            vXPortalUser.setUserRoleList(new ArrayList());
            String emailAddress = xXPortalUser.getEmailAddress();
            if (emailAddress != null && this.stringUtil.validateEmail(emailAddress)) {
                vXPortalUser.setEmailAddress(xXPortalUser.getEmailAddress());
            }
            if (currentUserSession != null) {
                vXPortalUser.setUserSource(currentUserSession.getAuthProvider());
            }
            Iterator<XXPortalUserRole> it = this.daoManager.getXXPortalUserRole().findByParentId(xXPortalUser.getId()).iterator();
            while (it.hasNext()) {
                vXPortalUser.getUserRoleList().add(it.next().getUserRole());
            }
        }
        if (currentUserSession.isUserAdmin() || currentUserSession.isKeyAdmin() || currentUserSession.getXXPortalUser().getId().equals(xXPortalUser.getId())) {
            vXPortalUser.setId(xXPortalUser.getId());
            List<XXUserPermission> findByUserPermissionIdAndIsAllowed = this.daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(vXPortalUser.getId());
            List<XXGroupPermission> findbyVXPortalUserId = this.daoManager.getXXGroupPermission().findbyVXPortalUserId(vXPortalUser.getId());
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            Iterator<XXGroupPermission> it2 = findbyVXPortalUserId.iterator();
            while (it2.hasNext()) {
                VXGroupPermission populateViewBean = this.xGroupPermissionService.populateViewBean(it2.next());
                populateViewBean.setModuleName(this.daoManager.getXXModuleDef().findByModuleId(populateViewBean.getModuleId()).getModule());
                arrayList.add(populateViewBean);
            }
            Iterator<XXUserPermission> it3 = findByUserPermissionIdAndIsAllowed.iterator();
            while (it3.hasNext()) {
                VXUserPermission populateViewBean2 = this.xUserPermissionService.populateViewBean(it3.next());
                populateViewBean2.setModuleName(this.daoManager.getXXModuleDef().findByModuleId(populateViewBean2.getModuleId()).getModule());
                arrayList2.add(populateViewBean2);
            }
            vXPortalUser.setGroupPermissions(arrayList);
            vXPortalUser.setUserPermList(arrayList2);
            vXPortalUser.setFirstName(xXPortalUser.getFirstName());
            vXPortalUser.setLastName(xXPortalUser.getLastName());
            vXPortalUser.setPublicScreenName(xXPortalUser.getPublicScreenName());
        }
    }

    public VXPortalUser mapXXPortalUserVXPortalUser(XXPortalUser xXPortalUser) {
        return mapXXPortalUserToVXPortalUser(xXPortalUser, null);
    }

    public XXPortalUser findByEmailAddress(String str) {
        return this.daoManager.getXXPortalUser().findByEmailAddress(str);
    }

    public XXPortalUser findByLoginId(String str) {
        return this.daoManager.getXXPortalUser().findByLoginId(str);
    }

    @Transactional(readOnly = true, propagation = Propagation.REQUIRED)
    public Collection<String> getRolesForUser(XXPortalUser xXPortalUser) {
        ArrayList arrayList = new ArrayList();
        Iterator<XXPortalUserRole> it = this.daoManager.getXXPortalUserRole().findByUserId(xXPortalUser.getId()).iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getUserRole());
        }
        return arrayList;
    }

    public VXPortalUserList searchUsers(SearchCriteria searchCriteria) {
        String str;
        VXPortalUserList vXPortalUserList = new VXPortalUserList();
        ArrayList arrayList = new ArrayList();
        Long l = (Long) createUserSearchQuery("SELECT COUNT(u) FROM XXPortalUser u ", null, searchCriteria).getSingleResult();
        int intValue = l != null ? l.intValue() : 0;
        if (intValue == 0) {
            return vXPortalUserList;
        }
        String sortBy = searchCriteria.getSortBy();
        String str2 = "u.loginId";
        if (this.stringUtil.isEmpty(sortBy)) {
            str = "loginId";
        } else {
            str = sortBy.trim();
            if (str.equalsIgnoreCase("userId")) {
                str2 = "u.id";
            } else if (str.equalsIgnoreCase("loginId")) {
                str2 = "ua.loginId";
            } else if (str.equalsIgnoreCase("emailAddress")) {
                str2 = "u.emailAddress";
            } else if (str.equalsIgnoreCase("firstName")) {
                str2 = "u.firstName";
            } else if (str.equalsIgnoreCase("lastName")) {
                str2 = "u.lastName";
            } else {
                str = "loginId";
                logger.error("Invalid sortBy provided. sortBy=" + str);
            }
        }
        String str3 = " order by " + str2 + " ";
        String sortType = searchCriteria.getSortType();
        String str4 = "asc";
        if (sortType != null) {
            if (sortType.equalsIgnoreCase("asc") || sortType.equalsIgnoreCase("desc")) {
                str4 = sortType;
            } else {
                logger.error("Invalid sortType. sortType=" + sortType);
            }
        }
        Query createUserSearchQuery = createUserSearchQuery("SELECT u FROM  XXPortalUser u ", str3 + str4, searchCriteria);
        createUserSearchQuery.setFirstResult(searchCriteria.getStartIndex());
        this.searchUtil.updateQueryPageSize(createUserSearchQuery, searchCriteria);
        for (XXPortalUser xXPortalUser : createUserSearchQuery.getResultList()) {
            VXPortalUser vXPortalUser = new VXPortalUser();
            gjUserToUserProfile(xXPortalUser, vXPortalUser);
            arrayList.add(vXPortalUser);
        }
        vXPortalUserList.setResultSize(intValue);
        vXPortalUserList.setPageSize(createUserSearchQuery.getMaxResults());
        vXPortalUserList.setSortBy(str);
        vXPortalUserList.setSortType(str4);
        vXPortalUserList.setStartIndex(createUserSearchQuery.getFirstResult());
        vXPortalUserList.setTotalCount(l.longValue());
        vXPortalUserList.setVXPortalUsers(arrayList);
        return vXPortalUserList;
    }

    private Query createUserSearchQuery(String str, String str2, SearchCriteria searchCriteria) {
        HashMap<String, Object> paramList = searchCriteria.getParamList();
        String str3 = "WHERE 1 = 1 ";
        List list = (List) paramList.get("roleList");
        if (list != null && list.size() > 0) {
            str3 = list.size() == 1 ? ", XXPortalUserRole ur WHERE u.id = ur.userId and ur.userRole = :role" : ", XXPortalUserRole ur WHERE u.id = ur.userId and ur.userRole in (:roleList)";
        }
        Long l = (Long) paramList.get("userId");
        if (l != null) {
            str3 = str3 + " and u.id = :userId ";
        }
        String str4 = (String) paramList.get("loginId");
        if (str4 != null) {
            str3 = str3 + " and LOWER(u.loginId) = :loginId ";
        }
        String str5 = (String) paramList.get("emailAddress");
        if (str5 != null) {
            str3 = str3 + " and LOWER(u.emailAddress) = :emailAddress ";
        }
        String str6 = (String) paramList.get("firstName");
        if (str6 != null) {
            str3 = str3 + " and LOWER(u.firstName) = :firstName ";
        }
        String str7 = (String) paramList.get("lastName");
        if (str7 != null) {
            str3 = str3 + " and LOWER(u.lastName) = :lastName ";
        }
        Integer num = null;
        List list2 = (List) paramList.get("statusList");
        if (list2 != null && list2.size() == 1) {
            str3 = str3 + " and u.status = :status";
            num = (Integer) list2.get(0);
        } else if (list2 != null && list2.size() > 1) {
            str3 = str3 + " and u.status in (:statusList) ";
        }
        String str8 = (String) paramList.get("publicScreenName");
        if (str8 != null) {
            str3 = str3 + " and LOWER(u.publicScreenName) = :publicScreenName ";
        }
        String str9 = (String) paramList.get("familyScreenName");
        if (str9 != null) {
            str3 = str3 + " and LOWER(u.familyScreenName) = :familyScreenName ";
        }
        if (str2 != null) {
            str3 = str3 + str2;
        }
        Query createQuery = this.daoManager.getEntityManager().createQuery(str + str3);
        if (list != null && list.size() > 0) {
            if (list.size() == 1) {
                createQuery.setParameter("role", list.get(0));
            } else {
                createQuery.setParameter("roleList", list);
            }
        }
        if (num != null) {
            createQuery.setParameter("status", num);
        }
        if (list2 != null && list2.size() > 1) {
            createQuery.setParameter("statusList", list2);
        }
        if (str5 != null) {
            createQuery.setParameter("emailAddress", str5.toLowerCase());
        }
        if (l != null) {
            createQuery.setParameter("userId", l);
        }
        if (str6 != null) {
            createQuery.setParameter("firstName", str6.toLowerCase());
        }
        if (str7 != null) {
            createQuery.setParameter("lastName", str7.toLowerCase());
        }
        if (str4 != null) {
            createQuery.setParameter("loginId", str4.toLowerCase());
        }
        if (str8 != null) {
            createQuery.setParameter("publicScreenName", str8.toLowerCase());
        }
        if (str9 != null) {
            createQuery.setParameter("familyScreenName", str9.toLowerCase());
        }
        return createQuery;
    }

    public boolean deleteUserRole(Long l, String str) {
        for (XXPortalUserRole xXPortalUserRole : this.daoManager.getXXPortalUserRole().findByUserId(l)) {
            if (xXPortalUserRole.getUserRole().equalsIgnoreCase(str)) {
                return deleteUserRole(l, xXPortalUserRole);
            }
        }
        return false;
    }

    public boolean deleteUserRole(Long l, XXPortalUserRole xXPortalUserRole) {
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= this.publicRoles.length) {
                break;
            }
            if (this.publicRoles[i].equalsIgnoreCase(xXPortalUserRole.getUserRole())) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
            if (currentUserSession == null) {
                return false;
            }
            if (!currentUserSession.isUserAdmin() && !currentUserSession.isKeyAdmin()) {
                return false;
            }
        }
        this.daoManager.getXXPortalUserRole().remove(xXPortalUserRole.getId());
        return true;
    }

    public XXPortalUserRole addUserRole(Long l, String str) {
        List<XXPortalUserRole> findByUserId = this.daoManager.getXXPortalUserRole().findByUserId(l);
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= this.publicRoles.length) {
                break;
            }
            if (this.publicRoles[i].equalsIgnoreCase(str)) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
            if (currentUserSession == null) {
                return null;
            }
            if (!currentUserSession.isUserAdmin() && !currentUserSession.isKeyAdmin()) {
                logger.error("SECURITY WARNING: User trying to add non public role. userId=" + l + ", role=" + str + ", session=" + currentUserSession.toString(), new Throwable());
                return null;
            }
        }
        for (XXPortalUserRole xXPortalUserRole : findByUserId) {
            if (str.equalsIgnoreCase(xXPortalUserRole.getUserRole())) {
                return xXPortalUserRole;
            }
        }
        XXPortalUserRole xXPortalUserRole2 = new XXPortalUserRole();
        xXPortalUserRole2.setUserRole(str.toUpperCase());
        xXPortalUserRole2.setUserId(l);
        xXPortalUserRole2.setStatus(1);
        this.daoManager.getXXPortalUserRole().create(xXPortalUserRole2);
        if (!RangerConstants.ROLE_OTHER.equalsIgnoreCase(str)) {
            deleteUserRole(l, RangerConstants.ROLE_OTHER);
        }
        this.sessionMgr.resetUserSessionForProfiles(ContextUtil.getCurrentUserSession());
        return null;
    }

    public void checkAccess(Long l) {
        XXPortalUser byId = this.daoManager.getXXPortalUser().getById(l);
        if (byId == null) {
            throw this.restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser" + l);
        }
        checkAccess(byId);
    }

    public void checkAccess(XXPortalUser xXPortalUser) {
        if (xXPortalUser == null) {
            throw this.restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser");
        }
        UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
        if (currentUserSession == null || !((currentUserSession != null && currentUserSession.isUserAdmin()) || currentUserSession.isKeyAdmin() || currentUserSession.getXXPortalUser().getId().equals(xXPortalUser.getId()))) {
            throw this.restErrorUtil.create403RESTException("User  access denied. loggedInUser=" + (currentUserSession != null ? currentUserSession.getXXPortalUser().getId() : "Not Logged In") + ", accessing user=" + xXPortalUser.getId());
        }
    }

    public void checkAccessForUpdate(XXPortalUser xXPortalUser) {
        if (xXPortalUser == null) {
            throw this.restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser");
        }
        UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
        if (currentUserSession == null || ((currentUserSession == null || !currentUserSession.isUserAdmin()) && !currentUserSession.getXXPortalUser().getId().equals(xXPortalUser.getId()))) {
            VXResponse vXResponse = new VXResponse();
            vXResponse.setStatusCode(403);
            vXResponse.setMsgDesc("User  access denied. loggedInUser=" + (currentUserSession != null ? currentUserSession.getXXPortalUser().getId() : "Not Logged In") + ", accessing user=" + xXPortalUser.getId());
            throw this.restErrorUtil.createRESTException(vXResponse);
        }
    }

    public String encrypt(String str, String str2) {
        return "false".equalsIgnoreCase(PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false")) ? sha256Encoder.encodePassword(str2, str) : md5Encoder.encodePassword(str2, str);
    }

    public VXPortalUser createUser(VXPortalUser vXPortalUser) {
        checkAdminAccess();
        return mapXXPortalUserVXPortalUser(createUser(vXPortalUser, 1));
    }

    public VXPortalUser createDefaultAccountUser(VXPortalUser vXPortalUser) {
        if (vXPortalUser.getPassword() == null || vXPortalUser.getPassword().trim().isEmpty()) {
            vXPortalUser.setUserSource(1);
        }
        checkAdminAccess();
        logger.info("create:" + vXPortalUser.getLoginId());
        XXPortalUser xXPortalUser = null;
        String loginId = vXPortalUser.getLoginId();
        String emailAddress = vXPortalUser.getEmailAddress();
        if (loginId != null && !loginId.isEmpty()) {
            xXPortalUser = findByLoginId(loginId);
            if (xXPortalUser == null) {
                if (this.stringUtil.isEmpty(emailAddress)) {
                    vXPortalUser.setEmailAddress(null);
                    xXPortalUser = createUser(vXPortalUser, 1);
                } else {
                    if (findByEmailAddress(emailAddress) != null) {
                        throw this.restErrorUtil.createRESTException("The email address " + emailAddress + " you've provided already exists. Please try again with different email address.", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
                    }
                    xXPortalUser = createUser(vXPortalUser, 1);
                }
            }
        }
        if (xXPortalUser != null) {
            return mapXXPortalUserToVXPortalUserForDefaultAccount(xXPortalUser);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public VXPortalUser mapXXPortalUserToVXPortalUserForDefaultAccount(XXPortalUser xXPortalUser) {
        VXPortalUser vXPortalUser = new VXPortalUser();
        vXPortalUser.setLoginId(xXPortalUser.getLoginId());
        vXPortalUser.setEmailAddress(xXPortalUser.getEmailAddress());
        vXPortalUser.setStatus(xXPortalUser.getStatus());
        vXPortalUser.setUserRoleList(new ArrayList());
        vXPortalUser.setId(xXPortalUser.getId());
        vXPortalUser.setFirstName(xXPortalUser.getFirstName());
        vXPortalUser.setLastName(xXPortalUser.getLastName());
        vXPortalUser.setPublicScreenName(xXPortalUser.getPublicScreenName());
        vXPortalUser.setEmailAddress(xXPortalUser.getEmailAddress());
        Iterator<XXPortalUserRole> it = this.daoManager.getXXPortalUserRole().findByParentId(xXPortalUser.getId()).iterator();
        while (it.hasNext()) {
            vXPortalUser.getUserRoleList().add(it.next().getUserRole());
        }
        return vXPortalUser;
    }

    public boolean isUserInRole(Long l, String str) {
        XXPortalUserRole findByRoleUserId = this.daoManager.getXXPortalUserRole().findByRoleUserId(l, str);
        return findByRoleUserId != null && findByRoleUserId.getUserRole().equalsIgnoreCase(str);
    }

    public XXPortalUser updateUserWithPass(VXPortalUser vXPortalUser) {
        String password = vXPortalUser.getPassword();
        XXPortalUser updateUser = updateUser(vXPortalUser);
        if (updateUser == null) {
            return null;
        }
        if (password != null && !password.isEmpty()) {
            if (!this.stringUtil.validatePassword(password, new String[]{updateUser.getFirstName(), updateUser.getLastName(), updateUser.getLoginId()})) {
                logger.warn("SECURITY:changePassword(). Invalid new password. userId=" + updateUser.getId());
                throw this.restErrorUtil.createRESTException("serverMsg.userMgrNewPassword", MessageEnums.INVALID_PASSWORD, null, null, "" + updateUser.getId());
            }
            updateUser.setPassword(encrypt(updateUser.getLoginId(), password));
            updateUser = this.daoManager.getXXPortalUser().update(updateUser);
        }
        return updateUser;
    }

    @Transactional(readOnly = false, propagation = Propagation.REQUIRED)
    public XXPortalUser updatePasswordInSHA256(String str, String str2) {
        XXPortalUser findByLoginId;
        if (str == null || str2 == null || str.trim().isEmpty() || str2.trim().isEmpty() || (findByLoginId = findByLoginId(str)) == null) {
            return null;
        }
        findByLoginId.setPassword(encrypt(findByLoginId.getLoginId(), str2));
        return this.daoManager.getXXPortalUser().update(findByLoginId);
    }

    public void checkAdminAccess() {
        UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
        if (currentUserSession == null || !currentUserSession.isUserAdmin()) {
            throw this.restErrorUtil.create403RESTException("Operation not allowed. loggedInUser=" + (currentUserSession != null ? currentUserSession.getXXPortalUser().getId() : "Not Logged In"));
        }
    }

    public Collection<String> getRolesByLoginId(String str) {
        List<XXPortalUserRole> findByUserId;
        if (str == null || str.trim().isEmpty()) {
            return DEFAULT_ROLE_LIST;
        }
        XXPortalUser findByLoginId = this.daoManager.getXXPortalUser().findByLoginId(str);
        if (findByLoginId != null && (findByUserId = this.daoManager.getXXPortalUserRole().findByUserId(findByLoginId.getId())) != null) {
            ArrayList arrayList = new ArrayList();
            for (XXPortalUserRole xXPortalUserRole : findByUserId) {
                if (xXPortalUserRole != null && VALID_ROLE_LIST.contains(xXPortalUserRole.getUserRole()) && !arrayList.contains(xXPortalUserRole.getUserRole())) {
                    arrayList.add(xXPortalUserRole.getUserRole());
                }
            }
            return (arrayList == null || arrayList.size() == 0) ? DEFAULT_ROLE_LIST : arrayList;
        }
        return DEFAULT_ROLE_LIST;
    }

    static {
        DEFAULT_ROLE_LIST.add(RangerConstants.ROLE_USER);
        VALID_ROLE_LIST.add(RangerConstants.ROLE_SYS_ADMIN);
        VALID_ROLE_LIST.add(RangerConstants.ROLE_USER);
        VALID_ROLE_LIST.add(RangerConstants.ROLE_KEY_ADMIN);
    }
}
