package net.yadaframework.security.components;

import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import net.yadaframework.components.YadaWebUtil;
import net.yadaframework.security.persistence.entity.YadaRegistrationRequest;
import net.yadaframework.security.persistence.entity.YadaUserCredentials;
import net.yadaframework.security.persistence.repository.YadaRegistrationRequestDao;
import net.yadaframework.security.persistence.repository.YadaUserCredentialsDao;
import net.yadaframework.web.form.YadaFormPasswordChange;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.stereotype.Component;
import org.springframework.ui.Model;
import org.springframework.util.CollectionUtils;

@Component
/* loaded from: input_file:net/yadaframework/security/components/YadaSecurityUtil.class */
public class YadaSecurityUtil {
    private static final int MAX_AGE_DAY = 20;
    private static final long MILLIS_IN_DAY = 86400000;
    private static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST";

    @Autowired
    private HttpSession httpSession;

    @Autowired
    private YadaTokenHandler yadaTokenHandler;

    @Autowired
    private YadaRegistrationRequestDao yadaRegistrationRequestDao;

    @Autowired
    private YadaUserDetailsService yadaUserDetailsService;

    @Autowired
    private YadaUserCredentialsDao yadaUserCredentialsDao;

    @Autowired
    private YadaWebUtil yadaWebUtil;
    private final transient Logger log = LoggerFactory.getLogger(getClass());
    private Date lastOldCleanup = null;
    private Object lastOldCleanupMonitor = new Object();
    private SecureRandom secureRandom = new SecureRandom();

    public void copyLoginErrorParams(HttpServletRequest httpServletRequest, Model model) {
        List<String> loginErrorParams = YadaAuthenticationFailureHandler.getLoginErrorParams(httpServletRequest);
        int i = 0;
        while (i < loginErrorParams.size()) {
            String str = loginErrorParams.get(i);
            int i2 = i + 1;
            model.addAttribute(str, loginErrorParams.get(i2));
            i = i2 + 1;
        }
    }

    public String addLoginErrorParams(String str) {
        List<String> loginErrorParams = YadaAuthenticationFailureHandler.getLoginErrorParams(this.yadaWebUtil.getCurrentRequest());
        return this.yadaWebUtil.enhanceUrl(str, (Locale) null, (String[]) loginErrorParams.toArray(new String[loginErrorParams.size()]));
    }

    public String generateClearPassword() {
        return generateClearPassword(32);
    }

    public String generateClearPassword(int i) {
        return RandomStringUtils.random(i, 0, 0, true, true, (char[]) null, this.secureRandom);
    }

    public boolean performPasswordChange(YadaFormPasswordChange yadaFormPasswordChange) {
        YadaRegistrationRequest yadaRegistrationRequest;
        long[] parseLink = this.yadaTokenHandler.parseLink(yadaFormPasswordChange.getToken());
        if (parseLink == null) {
            return false;
        }
        try {
            if (parseLink.length != 2 || (yadaRegistrationRequest = this.yadaRegistrationRequestDao.findByIdAndTokenOrderByTimestampDesc(parseLink[0], parseLink[1]).get(0)) == null) {
                return false;
            }
            String email = yadaRegistrationRequest.getEmail();
            YadaUserCredentials findFirstByUsername = this.yadaUserCredentialsDao.findFirstByUsername(StringUtils.trimToEmpty(email).toLowerCase());
            if (findFirstByUsername == null) {
                return false;
            }
            YadaUserCredentials changePassword = this.yadaUserCredentialsDao.changePassword(findFirstByUsername, yadaFormPasswordChange.getPassword());
            this.yadaRegistrationRequestDao.delete(yadaRegistrationRequest);
            if (changePassword.isEnabled()) {
                this.yadaUserDetailsService.authenticateAs(changePassword);
            }
            this.log.info("PASSWORD CHANGE for user='{}'", email);
            return true;
        } catch (Exception e) {
            this.log.info("Password change failed", e);
            return false;
        }
    }

    public String getUsername() {
        String str = null;
        try {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication != null && authentication.isAuthenticated()) {
                Object principal = authentication.getPrincipal();
                if (principal instanceof UserDetails) {
                    str = ((UserDetails) principal).getUsername();
                } else if (principal instanceof String) {
                    str = principal.toString();
                    if ("anonymousUser".equals(str)) {
                        str = null;
                    }
                } else {
                    this.log.debug("principal class = " + principal.getClass().getName());
                }
            }
        } catch (Exception e) {
            this.log.error("Can't get username", e);
        }
        return str;
    }

    @Deprecated
    public boolean loggedIn() {
        return isLoggedIn();
    }

    public boolean isLoggedIn() {
        try {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication == null || !authentication.isAuthenticated()) {
                return false;
            }
            return authentication.getPrincipal() instanceof UserDetails;
        } catch (Exception e) {
            this.log.error("Can't get Authentication object", e);
            return false;
        }
    }

    public boolean loggedIn(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRemoteUser() != null;
    }

    public void clearAnySavedRequest() {
        this.httpSession.removeAttribute(SAVED_REQUEST);
    }

    public String getSavedRequestUrl() {
        SavedRequest savedRequest = (SavedRequest) this.httpSession.getAttribute(SAVED_REQUEST);
        if (savedRequest != null) {
            return savedRequest.getRedirectUrl();
        }
        this.log.debug("No saved request found in session");
        return null;
    }

    public String caseAnonAuth(String str, String str2) {
        boolean z = false;
        try {
            z = SecurityContextHolder.getContext().getAuthentication().getPrincipal() instanceof UserDetails;
        } catch (Exception e) {
            this.log.error("Can't get user principal (ignored)");
        }
        return z ? str2 : str;
    }

    public void registrationRequestCleanup(YadaRegistrationRequest yadaRegistrationRequest) {
        Date date = new Date();
        synchronized (this.lastOldCleanupMonitor) {
            if (this.lastOldCleanup == null || date.getTime() - this.lastOldCleanup.getTime() > MILLIS_IN_DAY) {
                this.lastOldCleanup = date;
                List<YadaRegistrationRequest> findByTimestampBefore = this.yadaRegistrationRequestDao.findByTimestampBefore(new Date(date.getTime() - 1728000000));
                if (findByTimestampBefore.isEmpty()) {
                    this.log.info("No old RegistrationRequest to delete");
                } else {
                    for (YadaRegistrationRequest yadaRegistrationRequest2 : findByTimestampBefore) {
                        this.yadaRegistrationRequestDao.delete(yadaRegistrationRequest2);
                        this.log.info("Expired RegistrationRequest ({}) deleted", yadaRegistrationRequest2);
                    }
                }
            }
            for (YadaRegistrationRequest yadaRegistrationRequest3 : this.yadaRegistrationRequestDao.findByEmailAndRegistrationType(yadaRegistrationRequest.getEmail(), yadaRegistrationRequest.getRegistrationType())) {
                if (yadaRegistrationRequest3.getId() != yadaRegistrationRequest.getId()) {
                    this.yadaRegistrationRequestDao.delete(yadaRegistrationRequest3);
                    this.log.info("Previous RegistrationRequest ({}) deleted", yadaRegistrationRequest3);
                }
            }
        }
    }

    public Set<String> getCurrentRoles() {
        HashSet hashSet = new HashSet();
        try {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication != null && authentication.isAuthenticated()) {
                Object principal = authentication.getPrincipal();
                if (principal instanceof UserDetails) {
                    Iterator it = ((UserDetails) principal).getAuthorities().iterator();
                    while (it.hasNext()) {
                        hashSet.add(((GrantedAuthority) it.next()).getAuthority());
                    }
                }
            }
        } catch (Exception e) {
            this.log.error("Can't get roles", e);
        }
        return hashSet;
    }

    public boolean hasCurrentRole(String str) {
        return getCurrentRoles().contains(str);
    }

    public boolean hasCurrentRole(String[] strArr) {
        return CollectionUtils.containsAny(getCurrentRoles(), new HashSet(Arrays.asList(strArr)));
    }
}
