package org.apache.syncope.core.rest.data;

import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.SyncopeClientCompositeException;
import org.apache.syncope.common.SyncopeClientException;
import org.apache.syncope.common.mod.AbstractAttributableMod;
import org.apache.syncope.common.mod.AttributeMod;
import org.apache.syncope.common.mod.MembershipMod;
import org.apache.syncope.common.mod.StatusMod;
import org.apache.syncope.common.mod.UserMod;
import org.apache.syncope.common.to.AbstractAttributableTO;
import org.apache.syncope.common.to.MembershipTO;
import org.apache.syncope.common.to.UserTO;
import org.apache.syncope.common.types.AttributableType;
import org.apache.syncope.common.types.ClientExceptionType;
import org.apache.syncope.common.types.ResourceOperation;
import org.apache.syncope.common.util.BeanUtils;
import org.apache.syncope.core.connid.ConnObjectUtil;
import org.apache.syncope.core.persistence.beans.AbstractAttr;
import org.apache.syncope.core.persistence.beans.AbstractAttributable;
import org.apache.syncope.core.persistence.beans.AbstractDerAttr;
import org.apache.syncope.core.persistence.beans.AbstractVirAttr;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.SecurityQuestion;
import org.apache.syncope.core.persistence.beans.membership.MAttr;
import org.apache.syncope.core.persistence.beans.membership.MDerAttr;
import org.apache.syncope.core.persistence.beans.membership.MVirAttr;
import org.apache.syncope.core.persistence.beans.membership.Membership;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.NotFoundException;
import org.apache.syncope.core.persistence.dao.SecurityQuestionDAO;
import org.apache.syncope.core.propagation.PropagationByResource;
import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
import org.apache.syncope.core.util.AttributableUtil;
import org.apache.syncope.core.util.Encryptor;
import org.apache.syncope.core.util.EntitlementUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Transactional(rollbackFor = {Throwable.class})
@Component
/* loaded from: input_file:org/apache/syncope/core/rest/data/UserDataBinder.class */
public class UserDataBinder extends AbstractAttributableDataBinder {
    private static final String[] IGNORE_USER_PROPERTIES = {"memberships", "attrs", "derAttrs", "virAttrs", "resources", "securityQuestion", "securityAnswer"};

    @Autowired
    private ConnObjectUtil connObjectUtil;

    @Autowired
    private SecurityQuestionDAO securityQuestionDAO;

    @Resource(name = "adminUser")
    private String adminUser;

    @Resource(name = "anonymousUser")
    private String anonymousUser;
    private final Encryptor encryptor = Encryptor.getInstance();

    private void securityChecks(SyncopeUser syncopeUser) {
        if (EntitlementUtil.getAuthenticatedUsername().equals(this.anonymousUser) || EntitlementUtil.getAuthenticatedUsername().equals(syncopeUser.getUsername())) {
            return;
        }
        Set<Long> roleIds = syncopeUser.getRoleIds();
        roleIds.removeAll(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()));
        if (!roleIds.isEmpty()) {
            throw new UnauthorizedRoleException(roleIds);
        }
    }

    @Transactional(readOnly = true)
    public SyncopeUser getUserFromId(Long l) {
        if (l == null) {
            throw new NotFoundException("Null user id");
        }
        SyncopeUser find = this.userDAO.find(l);
        if (find == null) {
            throw new NotFoundException("User " + l);
        }
        securityChecks(find);
        return find;
    }

    @Transactional(readOnly = true)
    public SyncopeUser getUserFromUsername(String str) {
        if (str == null) {
            throw new NotFoundException("Null username");
        }
        SyncopeUser find = this.userDAO.find(str);
        if (find == null) {
            throw new NotFoundException("User " + str);
        }
        securityChecks(find);
        return find;
    }

    @Transactional(readOnly = true)
    public Membership getMembershipFromId(Long l) {
        if (l == null) {
            throw new NotFoundException("Null membership id");
        }
        Membership find = this.membershipDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Membership " + l);
        }
        return find;
    }

    @Transactional(readOnly = true)
    public Set<String> getResourceNamesForUserId(Long l) {
        return getUserFromId(l).getResourceNames();
    }

    @Transactional(readOnly = true)
    public UserTO getAuthenticatedUserTO() {
        UserTO userTO;
        String authenticatedUsername = EntitlementUtil.getAuthenticatedUsername();
        if (this.anonymousUser.equals(authenticatedUsername)) {
            userTO = new UserTO();
            userTO.setId(-2L);
            userTO.setUsername(this.anonymousUser);
        } else if (this.adminUser.equals(authenticatedUsername)) {
            userTO = new UserTO();
            userTO.setId(-1L);
            userTO.setUsername(this.adminUser);
        } else {
            userTO = getUserTO(this.userDAO.find(authenticatedUsername), true);
        }
        return userTO;
    }

    @Transactional(readOnly = true)
    public boolean verifyPassword(String str, String str2) {
        return verifyPassword(getUserFromUsername(str), str2);
    }

    @Transactional(readOnly = true)
    public boolean verifyPassword(SyncopeUser syncopeUser, String str) {
        return this.encryptor.verify(str, syncopeUser.getCipherAlgorithm(), syncopeUser.getPassword());
    }

    private void setPassword(SyncopeUser syncopeUser, String str, SyncopeClientCompositeException syncopeClientCompositeException) {
        try {
            syncopeUser.setPassword(str, Encryptor.getPredefinedCipherAlgoritm());
        } catch (NotFoundException e) {
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.NotFound);
            build.getElements().add(e.getMessage());
            syncopeClientCompositeException.addException(build);
            throw syncopeClientCompositeException;
        }
    }

    public void create(SyncopeUser syncopeUser, UserTO userTO, boolean z) {
        SecurityQuestion find;
        SyncopeClientCompositeException buildComposite = SyncopeClientException.buildComposite();
        for (MembershipTO membershipTO : userTO.getMemberships()) {
            SyncopeRole find2 = this.roleDAO.find(Long.valueOf(membershipTO.getRoleId()));
            if (find2 != null) {
                Membership find3 = syncopeUser.getId() != null ? syncopeUser.getMembership(find2.getId()) == null ? this.membershipDAO.find(syncopeUser, find2) : syncopeUser.getMembership(find2.getId()) : null;
                if (find3 == null) {
                    find3 = new Membership();
                    find3.setSyncopeRole(find2);
                    find3.setSyncopeUser(syncopeUser);
                    syncopeUser.addMembership(find3);
                }
                fill((AbstractAttributable) find3, (AbstractAttributableTO) membershipTO, AttributableUtil.getInstance(AttributableType.MEMBERSHIP), buildComposite);
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Ignoring invalid role " + membershipTO.getRoleName());
            }
        }
        fill((AbstractAttributable) syncopeUser, (AbstractAttributableTO) userTO, AttributableUtil.getInstance(AttributableType.USER), buildComposite);
        if (StringUtils.isBlank(userTO.getPassword()) || !z) {
            LOG.debug("Password was not provided or not required to be stored");
        } else {
            setPassword(syncopeUser, userTO.getPassword(), buildComposite);
        }
        syncopeUser.setUsername(userTO.getUsername());
        if (userTO.getSecurityQuestion() != null && (find = this.securityQuestionDAO.find(userTO.getSecurityQuestion())) != null) {
            syncopeUser.setSecurityQuestion(find);
        }
        syncopeUser.setSecurityAnswer(userTO.getSecurityAnswer());
    }

    public PropagationByResource update(SyncopeUser syncopeUser, UserMod userMod) {
        SecurityQuestion find;
        SyncopeUser save = this.userDAO.save(syncopeUser);
        PropagationByResource propagationByResource = new PropagationByResource();
        SyncopeClientCompositeException buildComposite = SyncopeClientException.buildComposite();
        Set<String> resourceNames = save.getResourceNames();
        Map<String, String> accountIds = getAccountIds(save, AttributableType.USER);
        if (StringUtils.isNotBlank(userMod.getPassword())) {
            if (userMod.getPwdPropRequest() == null || userMod.getPwdPropRequest().isOnSyncope()) {
                setPassword(save, userMod.getPassword(), buildComposite);
                save.setChangePwdDate(new Date());
            }
            if (userMod.getPwdPropRequest() == null) {
                propagationByResource.addAll(ResourceOperation.UPDATE, resourceNames);
            } else {
                propagationByResource.addAll(ResourceOperation.UPDATE, userMod.getPwdPropRequest().getResourceNames());
            }
        }
        if (userMod.getUsername() != null && !userMod.getUsername().equals(save.getUsername())) {
            save.setUsername(userMod.getUsername());
            propagationByResource.addAll(ResourceOperation.UPDATE, resourceNames);
        }
        if (userMod.getSecurityQuestion() == null) {
            save.setSecurityQuestion(null);
            save.setSecurityAnswer(null);
        } else if (userMod.getSecurityQuestion().longValue() > 0 && (find = this.securityQuestionDAO.find(userMod.getSecurityQuestion())) != null) {
            save.setSecurityQuestion(find);
            save.setSecurityAnswer(userMod.getSecurityAnswer());
        }
        propagationByResource.merge(fill((AbstractAttributable) save, (AbstractAttributableMod) userMod, AttributableUtil.getInstance(AttributableType.USER), buildComposite));
        HashSet hashSet = new HashSet();
        Iterator it = userMod.getMembershipsToAdd().iterator();
        while (it.hasNext()) {
            hashSet.add(Long.valueOf(((MembershipMod) it.next()).getRole()));
        }
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (Long l : userMod.getMembershipsToRemove()) {
            LOG.debug("Membership to be removed: {}", l);
            Membership find2 = this.membershipDAO.find(l);
            if (find2 == null) {
                LOG.debug("Invalid membership id specified to be removed: {}", l);
            } else {
                if (!hashSet.contains(find2.getSyncopeRole().getId())) {
                    hashSet2.addAll(find2.getSyncopeRole().getResourceNames());
                }
                Membership membership = save.getMembership(find2.getSyncopeRole().getId());
                if (membership == null || !hashSet.contains(membership.getSyncopeRole().getId())) {
                    save.removeMembership(membership);
                    this.membershipDAO.delete(l);
                } else {
                    HashSet hashSet4 = new HashSet(membership.getAttrs().size());
                    Iterator<? extends AbstractAttr> it2 = membership.getAttrs().iterator();
                    while (it2.hasNext()) {
                        hashSet4.add(it2.next().getId());
                    }
                    Iterator it3 = hashSet4.iterator();
                    while (it3.hasNext()) {
                        this.attrDAO.delete((Long) it3.next(), MAttr.class);
                    }
                    hashSet4.clear();
                    Iterator<? extends AbstractDerAttr> it4 = membership.getDerAttrs().iterator();
                    while (it4.hasNext()) {
                        hashSet4.add(it4.next().getId());
                    }
                    Iterator it5 = hashSet4.iterator();
                    while (it5.hasNext()) {
                        this.derAttrDAO.delete((Long) it5.next(), MDerAttr.class);
                    }
                    hashSet4.clear();
                    Iterator<? extends AbstractVirAttr> it6 = membership.getVirAttrs().iterator();
                    while (it6.hasNext()) {
                        hashSet4.add(it6.next().getId());
                    }
                    Iterator it7 = hashSet4.iterator();
                    while (it7.hasNext()) {
                        this.virAttrDAO.delete((Long) it7.next(), MVirAttr.class);
                    }
                    hashSet4.clear();
                }
            }
        }
        for (AbstractAttributableMod abstractAttributableMod : userMod.getMembershipsToAdd()) {
            LOG.debug("Membership to be added: role({})", Long.valueOf(abstractAttributableMod.getRole()));
            SyncopeRole find3 = this.roleDAO.find(Long.valueOf(abstractAttributableMod.getRole()));
            if (find3 == null) {
                LOG.debug("Ignoring invalid role {}", Long.valueOf(abstractAttributableMod.getRole()));
            } else {
                Membership membership2 = save.getMembership(find3.getId());
                if (membership2 == null) {
                    membership2 = new Membership();
                    membership2.setSyncopeRole(find3);
                    membership2.setSyncopeUser(save);
                    save.addMembership(membership2);
                    hashSet3.addAll(find3.getResourceNames());
                    if (syncopeUser.canDecodePassword()) {
                        for (ExternalResource externalResource : find3.getResources()) {
                            if (externalResource.getUmapping().getPasswordItem() != null) {
                                if (userMod.getPwdPropRequest() == null) {
                                    userMod.setPwdPropRequest(new StatusMod());
                                }
                                userMod.getPwdPropRequest().getResourceNames().add(externalResource.getName());
                            }
                        }
                    }
                }
                propagationByResource.merge(fill(membership2, abstractAttributableMod, AttributableUtil.getInstance(AttributableType.MEMBERSHIP), buildComposite));
            }
        }
        propagationByResource.addAll(ResourceOperation.DELETE, hashSet2);
        propagationByResource.addAll(ResourceOperation.UPDATE, hashSet3);
        if (!hashSet2.isEmpty() || !hashSet3.isEmpty()) {
            resourceNames.removeAll(hashSet2);
            propagationByResource.addAll(ResourceOperation.UPDATE, resourceNames);
        }
        Map<String, String> accountIds2 = getAccountIds(save, AttributableType.USER);
        for (Map.Entry<String, String> entry : accountIds.entrySet()) {
            if (accountIds2.containsKey(entry.getKey()) && !entry.getValue().equals(accountIds2.get(entry.getKey()))) {
                propagationByResource.addOldAccountId(entry.getKey(), entry.getValue());
                propagationByResource.add(ResourceOperation.UPDATE, entry.getKey());
            }
        }
        return propagationByResource;
    }

    @Transactional(readOnly = true)
    public UserTO getUserTO(SyncopeUser syncopeUser, boolean z) {
        UserTO userTO = new UserTO();
        BeanUtils.copyProperties(syncopeUser, userTO, IGNORE_USER_PROPERTIES);
        if (syncopeUser.getSecurityQuestion() != null) {
            userTO.setSecurityQuestion(syncopeUser.getSecurityQuestion().getId());
        }
        if (z) {
            this.connObjectUtil.retrieveVirAttrValues(syncopeUser, AttributableUtil.getInstance(AttributableType.USER));
        }
        fillTO(userTO, syncopeUser.getAttrs(), syncopeUser.getDerAttrs(), syncopeUser.getVirAttrs(), syncopeUser.getResources());
        for (Membership membership : syncopeUser.getMemberships()) {
            MembershipTO membershipTO = new MembershipTO();
            membershipTO.setCreator(membership.getCreator());
            membershipTO.setCreationDate(membership.getCreationDate());
            membershipTO.setLastModifier(membership.getLastModifier());
            membershipTO.setLastChangeDate(membership.getLastChangeDate());
            membershipTO.setId(membership.getId().longValue());
            membershipTO.setRoleId(membership.getSyncopeRole().getId().longValue());
            membershipTO.setRoleName(membership.getSyncopeRole().getName());
            if (z) {
                this.connObjectUtil.retrieveVirAttrValues(membership, AttributableUtil.getInstance(AttributableType.MEMBERSHIP));
            }
            fillTO(membershipTO, membership.getAttrs(), membership.getDerAttrs(), membership.getVirAttrs(), Collections.emptyList());
            userTO.getMemberships().add(membershipTO);
        }
        return userTO;
    }

    @Transactional(readOnly = true)
    public UserTO getUserTO(String str) {
        return getUserTO(getUserFromUsername(str), true);
    }

    @Transactional(readOnly = true)
    public UserTO getUserTO(Long l) {
        return getUserTO(getUserFromId(l), true);
    }

    @Transactional(readOnly = true)
    public UserTO getUserTO(Long l, boolean z) {
        return getUserTO(getUserFromId(l), z);
    }

    public PropagationByResource fillVirtual(Long l, Set<String> set, Set<AttributeMod> set2) {
        return fillVirtual(getUserFromId(l), set, set2, AttributableUtil.getInstance(AttributableType.USER));
    }

    public PropagationByResource fillMembershipVirtual(Long l, Long l2, Long l3, Set<String> set, Set<AttributeMod> set2, boolean z) {
        Membership membership = l3 == null ? getUserFromId(l).getMembership(l2) : getMembershipFromId(l3);
        if (membership == null) {
            return new PropagationByResource();
        }
        if (z) {
            return fillVirtual(membership, membership.getVirAttrs() == null ? Collections.emptySet() : getAttributeNames(membership.getVirAttrs()), set2, AttributableUtil.getInstance(AttributableType.MEMBERSHIP));
        }
        return fillVirtual(membership, set, set2, AttributableUtil.getInstance(AttributableType.MEMBERSHIP));
    }

    private Set<String> getAttributeNames(List<? extends AbstractVirAttr> list) {
        HashSet hashSet = new HashSet();
        Iterator<? extends AbstractVirAttr> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getSchema().getName());
        }
        return hashSet;
    }
}
