package org.apache.syncope.core.rest.data;

import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javassist.NotFoundException;
import org.apache.commons.lang.StringUtils;
import org.apache.syncope.client.mod.MembershipMod;
import org.apache.syncope.client.mod.UserMod;
import org.apache.syncope.client.to.MembershipTO;
import org.apache.syncope.client.to.UserTO;
import org.apache.syncope.client.validation.SyncopeClientCompositeErrorException;
import org.apache.syncope.client.validation.SyncopeClientException;
import org.apache.syncope.core.persistence.beans.AbstractAttr;
import org.apache.syncope.core.persistence.beans.AbstractDerAttr;
import org.apache.syncope.core.persistence.beans.AbstractVirAttr;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.SchemaMapping;
import org.apache.syncope.core.persistence.beans.membership.MAttr;
import org.apache.syncope.core.persistence.beans.membership.MDerAttr;
import org.apache.syncope.core.persistence.beans.membership.MVirAttr;
import org.apache.syncope.core.persistence.beans.membership.Membership;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.propagation.PropagationByResource;
import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
import org.apache.syncope.core.util.AttributableUtil;
import org.apache.syncope.core.util.ConnObjectUtil;
import org.apache.syncope.core.util.EntitlementUtil;
import org.apache.syncope.core.util.SchemaMappingUtil;
import org.apache.syncope.types.AttributableType;
import org.apache.syncope.types.CipherAlgorithm;
import org.apache.syncope.types.IntMappingType;
import org.apache.syncope.types.PasswordPolicySpec;
import org.apache.syncope.types.PropagationOperation;
import org.apache.syncope.types.SyncopeClientExceptionType;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Transactional(rollbackFor = {Throwable.class})
@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/rest/data/UserDataBinder.class */
public class UserDataBinder extends AbstractAttributableDataBinder {
    private static final String[] IGNORE_USER_PROPERTIES = {"memberships", "attributes", "derivedAttributes", "virtualAttributes", "resources"};

    @Autowired
    private ConnObjectUtil connObjectUtil;

    @Transactional(readOnly = true)
    public SyncopeUser getUserFromId(Long l) throws NotFoundException, UnauthorizedRoleException {
        if (l == null) {
            throw new NotFoundException("Null user id");
        }
        SyncopeUser find = this.userDAO.find(l);
        if (find == null) {
            throw new NotFoundException("User " + l);
        }
        if (!find.getUsername().equals(EntitlementUtil.getAuthenticatedUsername())) {
            Set<Long> roleIds = find.getRoleIds();
            roleIds.removeAll(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()));
            if (!roleIds.isEmpty()) {
                throw new UnauthorizedRoleException(roleIds);
            }
        }
        return find;
    }

    @Transactional(readOnly = true)
    public UserTO getAuthenticatedUserTO() throws NotFoundException {
        return getUserTO(this.userDAO.find(SecurityContextHolder.getContext().getAuthentication().getName()));
    }

    @Transactional(readOnly = true)
    public boolean verifyPassword(String str, String str2) throws NotFoundException, UnauthorizedRoleException {
        SyncopeUser userFromUsername = getUserFromUsername(str);
        SyncopeUser syncopeUser = new SyncopeUser();
        syncopeUser.setPassword(str2, userFromUsername.getCipherAlgoritm(), 0);
        return userFromUsername.getPassword().equalsIgnoreCase(syncopeUser.getPassword());
    }

    @Transactional(readOnly = true)
    public boolean verifyPassword(SyncopeUser syncopeUser, String str) throws NotFoundException, UnauthorizedRoleException {
        SyncopeUser syncopeUser2 = new SyncopeUser();
        syncopeUser2.setPassword(str, syncopeUser.getCipherAlgoritm(), 0);
        return syncopeUser.getPassword().equalsIgnoreCase(syncopeUser2.getPassword());
    }

    @Transactional(readOnly = true)
    public SyncopeUser getUserFromUsername(String str) throws NotFoundException, UnauthorizedRoleException {
        if (str == null) {
            throw new NotFoundException("Null username");
        }
        SyncopeUser find = this.userDAO.find(str);
        if (find == null) {
            throw new NotFoundException("User " + str);
        }
        Set<Long> roleIds = find.getRoleIds();
        roleIds.removeAll(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()));
        if (roleIds.isEmpty()) {
            return find;
        }
        throw new UnauthorizedRoleException(roleIds);
    }

    private CipherAlgorithm getCipherAlgoritm() {
        return CipherAlgorithm.valueOf(this.confDAO.find("password.cipher.algorithm", "AES").getValue());
    }

    public void create(SyncopeUser syncopeUser, UserTO userTO) throws SyncopeClientCompositeErrorException {
        SyncopeClientCompositeErrorException syncopeClientCompositeErrorException = new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);
        for (MembershipTO membershipTO : userTO.getMemberships()) {
            SyncopeRole find = this.roleDAO.find(Long.valueOf(membershipTO.getRoleId()));
            if (find != null) {
                Membership find2 = syncopeUser.getId() != null ? syncopeUser.getMembership(find.getId()) == null ? this.membershipDAO.find(syncopeUser, find) : syncopeUser.getMembership(find.getId()) : null;
                if (find2 == null) {
                    find2 = new Membership();
                    find2.setSyncopeRole(find);
                    find2.setSyncopeUser(syncopeUser);
                    syncopeUser.addMembership(find2);
                }
                fill(find2, membershipTO, AttributableUtil.getInstance(AttributableType.MEMBERSHIP), syncopeClientCompositeErrorException);
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Ignoring invalid role " + membershipTO.getRoleName());
            }
        }
        fill(syncopeUser, userTO, AttributableUtil.getInstance(AttributableType.USER), syncopeClientCompositeErrorException);
        int i = 0;
        try {
            i = ((PasswordPolicySpec) this.policyDAO.getGlobalPasswordPolicy().getSpecification()).getHistoryLength();
        } catch (Exception e) {
        }
        if (userTO.getPassword() == null || userTO.getPassword().isEmpty()) {
            LOG.error("No password provided");
        } else {
            syncopeUser.setPassword(userTO.getPassword(), getCipherAlgoritm(), i);
        }
        syncopeUser.setUsername(userTO.getUsername());
        syncopeUser.setCreationDate(new Date());
    }

    public PropagationByResource update(SyncopeUser syncopeUser, UserMod userMod) throws SyncopeClientCompositeErrorException {
        PropagationByResource propagationByResource = new PropagationByResource();
        SyncopeClientCompositeErrorException syncopeClientCompositeErrorException = new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);
        Set<String> resourceNames = syncopeUser.getResourceNames();
        if (userMod.getPassword() != null) {
            int i = 0;
            try {
                i = ((PasswordPolicySpec) this.policyDAO.getGlobalPasswordPolicy().getSpecification()).getHistoryLength();
            } catch (Exception e) {
            }
            syncopeUser.setPassword(userMod.getPassword(), getCipherAlgoritm(), i);
            syncopeUser.setChangePwdDate(new Date());
            propagationByResource.addAll(PropagationOperation.UPDATE, resourceNames);
        }
        if (userMod.getUsername() != null && !userMod.getUsername().equals(syncopeUser.getUsername())) {
            String username = syncopeUser.getUsername();
            syncopeUser.setUsername(userMod.getUsername());
            propagationByResource.addAll(PropagationOperation.UPDATE, resourceNames);
            for (ExternalResource externalResource : syncopeUser.getResources()) {
                for (SchemaMapping schemaMapping : externalResource.getMappings()) {
                    if (schemaMapping.isAccountid() && schemaMapping.getIntMappingType() == IntMappingType.Username) {
                        propagationByResource.addOldAccountId(externalResource.getName(), username);
                    }
                }
            }
        }
        propagationByResource.merge(fill(syncopeUser, userMod, AttributableUtil.getInstance(AttributableType.USER), syncopeClientCompositeErrorException));
        HashSet hashSet = new HashSet();
        Iterator<MembershipMod> it = userMod.getMembershipsToBeAdded().iterator();
        while (it.hasNext()) {
            hashSet.add(Long.valueOf(it.next().getRole()));
        }
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (Long l : userMod.getMembershipsToBeRemoved()) {
            LOG.debug("Membership to be removed: {}", l);
            Membership find = this.membershipDAO.find(l);
            if (find == null) {
                LOG.debug("Invalid membership id specified to be removed: {}", l);
            } else {
                if (!hashSet.contains(find.getSyncopeRole().getId())) {
                    hashSet2.addAll(find.getSyncopeRole().getResourceNames());
                }
                Membership membership = syncopeUser.getMembership(find.getSyncopeRole().getId());
                if (hashSet.contains(membership.getSyncopeRole().getId())) {
                    HashSet hashSet4 = new HashSet(membership.getAttributes().size());
                    Iterator<? extends AbstractAttr> it2 = membership.getAttributes().iterator();
                    while (it2.hasNext()) {
                        hashSet4.add(it2.next().getId());
                    }
                    Iterator it3 = hashSet4.iterator();
                    while (it3.hasNext()) {
                        this.attributeDAO.delete((Long) it3.next(), MAttr.class);
                    }
                    hashSet4.clear();
                    Iterator<? extends AbstractDerAttr> it4 = membership.getDerivedAttributes().iterator();
                    while (it4.hasNext()) {
                        hashSet4.add(it4.next().getId());
                    }
                    Iterator it5 = hashSet4.iterator();
                    while (it5.hasNext()) {
                        this.derAttrDAO.delete((Long) it5.next(), MDerAttr.class);
                    }
                    hashSet4.clear();
                    Iterator<? extends AbstractVirAttr> it6 = membership.getVirtualAttributes().iterator();
                    while (it6.hasNext()) {
                        hashSet4.add(it6.next().getId());
                    }
                    Iterator it7 = hashSet4.iterator();
                    while (it7.hasNext()) {
                        this.virAttrDAO.delete((Long) it7.next(), MVirAttr.class);
                    }
                    hashSet4.clear();
                } else {
                    syncopeUser.removeMembership(membership);
                    this.membershipDAO.delete(l);
                }
            }
        }
        for (MembershipMod membershipMod : userMod.getMembershipsToBeAdded()) {
            LOG.debug("Membership to be added: role({})", Long.valueOf(membershipMod.getRole()));
            SyncopeRole find2 = this.roleDAO.find(Long.valueOf(membershipMod.getRole()));
            if (find2 == null) {
                LOG.debug("Ignoring invalid role {}", Long.valueOf(membershipMod.getRole()));
            } else {
                Membership membership2 = syncopeUser.getMembership(find2.getId());
                if (membership2 == null) {
                    membership2 = new Membership();
                    membership2.setSyncopeRole(find2);
                    membership2.setSyncopeUser(syncopeUser);
                    syncopeUser.addMembership(membership2);
                    hashSet3.addAll(find2.getResourceNames());
                }
                propagationByResource.merge(fill(membership2, membershipMod, AttributableUtil.getInstance(AttributableType.MEMBERSHIP), syncopeClientCompositeErrorException));
            }
        }
        if (StringUtils.isBlank(userMod.getPassword())) {
            Set<String> resourceNames2 = syncopeUser.getResourceNames();
            resourceNames2.removeAll(resourceNames);
            Iterator<String> it8 = resourceNames2.iterator();
            while (it8.hasNext()) {
                ExternalResource find3 = this.resourceDAO.find(it8.next());
                if (find3 != null && !SchemaMappingUtil.getMappings(find3.getMappings(), "password", IntMappingType.Password).isEmpty()) {
                    SyncopeClientException syncopeClientException = new SyncopeClientException(SyncopeClientExceptionType.RequiredValuesMissing);
                    syncopeClientException.addElement("password cannot be empty when subscribing to new resources");
                    syncopeClientCompositeErrorException.addException(syncopeClientException);
                    throw syncopeClientCompositeErrorException;
                }
            }
        }
        propagationByResource.addAll(PropagationOperation.DELETE, hashSet2);
        propagationByResource.addAll(PropagationOperation.UPDATE, hashSet3);
        if (!hashSet2.isEmpty() || !hashSet3.isEmpty()) {
            resourceNames.removeAll(hashSet2);
            propagationByResource.addAll(PropagationOperation.UPDATE, resourceNames);
        }
        return propagationByResource;
    }

    @Transactional(readOnly = true)
    public UserTO getUserTO(SyncopeUser syncopeUser) {
        UserTO userTO = new UserTO();
        BeanUtils.copyProperties(syncopeUser, userTO, IGNORE_USER_PROPERTIES);
        this.connObjectUtil.retrieveVirAttrValues(syncopeUser);
        fillTO(userTO, syncopeUser.getAttributes(), syncopeUser.getDerivedAttributes(), syncopeUser.getVirtualAttributes(), syncopeUser.getResources());
        for (Membership membership : syncopeUser.getMemberships()) {
            MembershipTO membershipTO = new MembershipTO();
            membershipTO.setId(membership.getId().longValue());
            membershipTO.setRoleId(membership.getSyncopeRole().getId().longValue());
            membershipTO.setRoleName(membership.getSyncopeRole().getName());
            fillTO(membershipTO, membership.getAttributes(), membership.getDerivedAttributes(), membership.getVirtualAttributes(), membership.getResources());
            userTO.addMembership(membershipTO);
        }
        return userTO;
    }

    @Transactional(readOnly = true)
    public UserTO getUserTO(String str) throws NotFoundException, UnauthorizedRoleException {
        return getUserTO(getUserFromUsername(str));
    }

    @Transactional(readOnly = true)
    public UserTO getUserTO(Long l) throws NotFoundException, UnauthorizedRoleException {
        return getUserTO(getUserFromId(l));
    }
}
