package org.cloudfoundry.identity.uaa.scim.jdbc;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;
import java.util.UUID;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.resources.ResourceMonitor;
import org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable;
import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory;
import org.cloudfoundry.identity.uaa.scim.ScimMeta;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceAlreadyExistsException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceConstraintFailedException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.hsqldb.Tokens;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.dao.OptimisticLockingFailureException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.PreparedStatementSetter;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.class */
public class JdbcScimUserProvisioning extends AbstractQueryable<ScimUser> implements ScimUserProvisioning, ResourceMonitor<ScimUser>, SystemDeletable {
    private final Log logger;
    public static final String USER_FIELDS = "id,version,created,lastModified,username,email,givenName,familyName,active,phoneNumber,verified,origin,external_id,identity_zone_id,salt,passwd_lastmodified ";
    public static final String CREATE_USER_SQL = "insert into users (id,version,created,lastModified,username,email,givenName,familyName,active,phoneNumber,verified,origin,external_id,identity_zone_id,salt,passwd_lastmodified ,password) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
    public static final String UPDATE_USER_SQL = "update users set version=?, lastModified=?, userName=?, email=?, givenName=?, familyName=?, active=?, phoneNumber=?, verified=?, origin=?, external_id=?, salt=? where id=? and version=? and identity_zone_id=?";
    public static final String DEACTIVATE_USER_SQL = "update users set active=? where id=? and identity_zone_id=?";
    public static final String VERIFY_USER_SQL = "update users set verified=? where id=? and identity_zone_id=?";
    public static final String DELETE_USER_SQL = "delete from users where id=? and identity_zone_id=?";
    public static final String CHANGE_PASSWORD_SQL = "update users set lastModified=?, password=?, passwd_lastmodified=? where id=? and identity_zone_id=?";
    public static final String READ_PASSWORD_SQL = "select password from users where id=? and identity_zone_id=?";
    public static final String USER_BY_ID_QUERY = "select id,version,created,lastModified,username,email,givenName,familyName,active,phoneNumber,verified,origin,external_id,identity_zone_id,salt,passwd_lastmodified  from users where id=? and identity_zone_id=?";
    public static final String ALL_USERS = "select id,version,created,lastModified,username,email,givenName,familyName,active,phoneNumber,verified,origin,external_id,identity_zone_id,salt,passwd_lastmodified  from users";
    public static final String HARD_DELETE_OF_GROUP_MEMBERS_BY_ZONE = "delete from group_membership where member_type='USER' and member_id in (select id from users where identity_zone_id = ?)";
    public static final String HARD_DELETE_OF_GROUP_MEMBERS_BY_PROVIDER = "delete from group_membership where member_type='USER' and member_id in (select id from users where identity_zone_id = ? and origin = ?)";
    public static final String HARD_DELETE_OF_USER_APPROVALS_BY_ZONE = "delete from authz_approvals where user_id in (select id from users where identity_zone_id = ?)";
    public static final String HARD_DELETE_OF_USER_APPROVALS_BY_PROVIDER = "delete from authz_approvals where user_id in (select id from users where identity_zone_id = ? and origin = ?)";
    public static final String HARD_DELETE_BY_ZONE = "delete from users where identity_zone_id = ?";
    public static final String HARD_DELETE_BY_PROVIDER = "delete from users where identity_zone_id = ? and origin = ?";
    protected final JdbcTemplate jdbcTemplate;
    private PasswordEncoder passwordEncoder;
    private boolean deactivateOnDelete;
    private static final RowMapper<ScimUser> mapper = new ScimUserRowMapper();
    private Pattern usernamePattern;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning$ScimUserRowMapper.class */
    private static final class ScimUserRowMapper implements RowMapper<ScimUser> {
        private ScimUserRowMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.jdbc.core.RowMapper
        public ScimUser mapRow(ResultSet resultSet, int i) throws SQLException {
            String string = resultSet.getString(1);
            int i2 = resultSet.getInt(2);
            Timestamp timestamp = resultSet.getTimestamp(3);
            Timestamp timestamp2 = resultSet.getTimestamp(4);
            String string2 = resultSet.getString(5);
            String string3 = resultSet.getString(6);
            String string4 = resultSet.getString(7);
            String string5 = resultSet.getString(8);
            boolean z = resultSet.getBoolean(9);
            String string6 = resultSet.getString(10);
            boolean z2 = resultSet.getBoolean(11);
            String string7 = resultSet.getString(12);
            String string8 = resultSet.getString(13);
            String string9 = resultSet.getString(14);
            String string10 = resultSet.getString(15);
            Timestamp timestamp3 = resultSet.getTimestamp(16);
            ScimUser scimUser = new ScimUser();
            scimUser.setId(string);
            ScimMeta scimMeta = new ScimMeta();
            scimMeta.setVersion(i2);
            scimMeta.setCreated(timestamp);
            scimMeta.setLastModified(timestamp2);
            scimUser.setMeta(scimMeta);
            scimUser.setUserName(string2);
            if (StringUtils.hasText(string3)) {
                scimUser.addEmail(string3);
            }
            if (string6 != null) {
                scimUser.addPhoneNumber(string6);
            }
            ScimUser.Name name = new ScimUser.Name();
            name.setGivenName(string4);
            name.setFamilyName(string5);
            scimUser.setName(name);
            scimUser.setActive(z);
            scimUser.setVerified(z2);
            scimUser.setOrigin(string7);
            scimUser.setExternalId(string8);
            scimUser.setZoneId(string9);
            scimUser.setSalt(string10);
            scimUser.setPasswordLastModified(timestamp3);
            return scimUser;
        }
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public Log getLogger() {
        return this.logger;
    }

    public JdbcScimUserProvisioning(JdbcTemplate jdbcTemplate, JdbcPagingListFactory jdbcPagingListFactory) {
        super(jdbcTemplate, jdbcPagingListFactory, mapper);
        this.logger = LogFactory.getLog(getClass());
        this.passwordEncoder = new BCryptPasswordEncoder();
        this.deactivateOnDelete = true;
        this.usernamePattern = Pattern.compile("[\\p{L}+0-9+\\-_.@'!]+");
        Assert.notNull(jdbcTemplate);
        this.jdbcTemplate = jdbcTemplate;
        setQueryConverter(new ScimSearchQueryConverter());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public ScimUser retrieve(String str) {
        try {
            return (ScimUser) this.jdbcTemplate.queryForObject(USER_BY_ID_QUERY, mapper, str, IdentityZoneHolder.get().getId());
        } catch (EmptyResultDataAccessException e) {
            throw new ScimResourceNotFoundException("User " + str + " does not exist");
        }
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable
    protected String getBaseSqlQuery() {
        return ALL_USERS;
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable
    protected String getTableName() {
        return "users";
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public List<ScimUser> retrieveAll() {
        return query("id pr", "created", true);
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable, org.cloudfoundry.identity.uaa.resources.Queryable
    public List<ScimUser> query(String str, String str2, boolean z) {
        getQueryConverter().convert(str, str2, z);
        if (StringUtils.hasText(str)) {
            str = Tokens.T_OPENBRACKET + str + ") and";
        }
        return super.query(str + " identity_zone_id eq \"" + IdentityZoneHolder.get().getId() + "\"", str2, z);
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public ScimUser create(final ScimUser scimUser) {
        validate(scimUser);
        this.logger.debug("Creating new user: " + scimUser.getUserName());
        final String uuid = UUID.randomUUID().toString();
        final String id = IdentityZoneHolder.get().getId();
        final String origin = StringUtils.hasText(scimUser.getOrigin()) ? scimUser.getOrigin() : OriginKeys.UAA;
        try {
            this.jdbcTemplate.update(CREATE_USER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning.1
                @Override // org.springframework.jdbc.core.PreparedStatementSetter
                public void setValues(PreparedStatement preparedStatement) throws SQLException {
                    Timestamp timestamp = new Timestamp(new Date().getTime());
                    preparedStatement.setString(1, uuid);
                    preparedStatement.setInt(2, scimUser.getVersion());
                    preparedStatement.setTimestamp(3, timestamp);
                    preparedStatement.setTimestamp(4, timestamp);
                    preparedStatement.setString(5, scimUser.getUserName());
                    preparedStatement.setString(6, scimUser.getPrimaryEmail());
                    if (scimUser.getName() == null) {
                        preparedStatement.setString(7, null);
                        preparedStatement.setString(8, null);
                    } else {
                        preparedStatement.setString(7, scimUser.getName().getGivenName());
                        preparedStatement.setString(8, scimUser.getName().getFamilyName());
                    }
                    preparedStatement.setBoolean(9, scimUser.isActive());
                    preparedStatement.setString(10, JdbcScimUserProvisioning.this.extractPhoneNumber(scimUser));
                    preparedStatement.setBoolean(11, scimUser.isVerified());
                    preparedStatement.setString(12, origin);
                    preparedStatement.setString(13, StringUtils.hasText(scimUser.getExternalId()) ? scimUser.getExternalId() : null);
                    preparedStatement.setString(14, id);
                    preparedStatement.setString(15, scimUser.getSalt());
                    preparedStatement.setTimestamp(16, JdbcScimUserProvisioning.this.getPasswordLastModifiedTimestamp(timestamp));
                    preparedStatement.setString(17, scimUser.getPassword());
                }
            });
            return retrieve(uuid);
        } catch (DuplicateKeyException e) {
            ScimUser scimUser2 = query("userName eq \"" + scimUser.getUserName() + "\" and origin eq \"" + (StringUtils.hasText(scimUser.getOrigin()) ? scimUser.getOrigin() : OriginKeys.UAA) + "\"").get(0);
            HashMap hashMap = new HashMap();
            hashMap.put("active", Boolean.valueOf(scimUser2.isActive()));
            hashMap.put("verified", Boolean.valueOf(scimUser2.isVerified()));
            hashMap.put("user_id", scimUser2.getId());
            throw new ScimResourceAlreadyExistsException("Username already in use: " + scimUser2.getUserName(), hashMap);
        }
    }

    protected Timestamp getPasswordLastModifiedTimestamp(Timestamp timestamp) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.set(14, 0);
        return new Timestamp(gregorianCalendar.getTimeInMillis());
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning
    public ScimUser createUser(ScimUser scimUser, String str) throws InvalidPasswordException, InvalidScimResourceException {
        scimUser.setPassword(this.passwordEncoder.encode(str));
        return create(scimUser);
    }

    protected void validate(ScimUser scimUser) throws InvalidScimResourceException {
        if (!StringUtils.hasText(scimUser.getUserName())) {
            throw new InvalidScimResourceException("A username must be provided.");
        }
        if (!this.usernamePattern.matcher(scimUser.getUserName()).matches()) {
            throw new InvalidScimResourceException("Username must match pattern: " + this.usernamePattern.pattern());
        }
        if (scimUser.getEmails() == null || scimUser.getEmails().size() != 1) {
            throw new InvalidScimResourceException("Exactly one email must be provided.");
        }
        for (ScimUser.Email email : scimUser.getEmails()) {
            if (email == null || email.getValue() == null || email.getValue().isEmpty()) {
                throw new InvalidScimResourceException("An email must be provided.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String extractPhoneNumber(ScimUser scimUser) {
        String str = null;
        if (scimUser.getPhoneNumbers() != null && !scimUser.getPhoneNumbers().isEmpty()) {
            str = scimUser.getPhoneNumbers().get(0).getValue();
        }
        return str;
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public ScimUser update(final String str, final ScimUser scimUser) throws InvalidScimResourceException {
        validate(scimUser);
        this.logger.debug("Updating user " + scimUser.getUserName());
        final String origin = StringUtils.hasText(scimUser.getOrigin()) ? scimUser.getOrigin() : OriginKeys.UAA;
        final String id = IdentityZoneHolder.get().getId();
        int update = this.jdbcTemplate.update(UPDATE_USER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning.2
            @Override // org.springframework.jdbc.core.PreparedStatementSetter
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                Timestamp timestamp = new Timestamp(new Date().getTime());
                int i = 1 + 1;
                preparedStatement.setInt(1, scimUser.getVersion() + 1);
                int i2 = i + 1;
                preparedStatement.setTimestamp(i, timestamp);
                int i3 = i2 + 1;
                preparedStatement.setString(i2, scimUser.getUserName());
                int i4 = i3 + 1;
                preparedStatement.setString(i3, scimUser.getPrimaryEmail());
                int i5 = i4 + 1;
                preparedStatement.setString(i4, scimUser.getName().getGivenName());
                int i6 = i5 + 1;
                preparedStatement.setString(i5, scimUser.getName().getFamilyName());
                int i7 = i6 + 1;
                preparedStatement.setBoolean(i6, scimUser.isActive());
                int i8 = i7 + 1;
                preparedStatement.setString(i7, JdbcScimUserProvisioning.this.extractPhoneNumber(scimUser));
                int i9 = i8 + 1;
                preparedStatement.setBoolean(i8, scimUser.isVerified());
                int i10 = i9 + 1;
                preparedStatement.setString(i9, origin);
                int i11 = i10 + 1;
                preparedStatement.setString(i10, StringUtils.hasText(scimUser.getExternalId()) ? scimUser.getExternalId() : null);
                int i12 = i11 + 1;
                preparedStatement.setString(i11, scimUser.getSalt());
                int i13 = i12 + 1;
                preparedStatement.setString(i12, str);
                int i14 = i13 + 1;
                preparedStatement.setInt(i13, scimUser.getVersion());
                int i15 = i14 + 1;
                preparedStatement.setString(i14, id);
            }
        });
        ScimUser retrieve = retrieve(str);
        if (update == 0) {
            throw new OptimisticLockingFailureException(String.format("Attempt to update a user (%s) with wrong version: expected=%d but found=%d", str, Integer.valueOf(retrieve.getVersion()), Integer.valueOf(scimUser.getVersion())));
        }
        if (update > 1) {
            throw new IncorrectResultSizeDataAccessException(1);
        }
        return retrieve;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning
    public void changePassword(final String str, String str2, String str3) throws ScimResourceNotFoundException {
        if (str2 != null && !checkPasswordMatches(str, str2)) {
            throw new BadCredentialsException("Old password is incorrect");
        }
        if (checkPasswordMatches(str, str3)) {
            return;
        }
        final String encode = this.passwordEncoder.encode(str3);
        final String id = IdentityZoneHolder.get().getId();
        int update = this.jdbcTemplate.update(CHANGE_PASSWORD_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning.3
            @Override // org.springframework.jdbc.core.PreparedStatementSetter
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                Timestamp timestamp = new Timestamp(System.currentTimeMillis());
                preparedStatement.setTimestamp(1, timestamp);
                preparedStatement.setString(2, encode);
                preparedStatement.setTimestamp(3, JdbcScimUserProvisioning.this.getPasswordLastModifiedTimestamp(timestamp));
                preparedStatement.setString(4, str);
                preparedStatement.setString(5, id);
            }
        });
        if (update == 0) {
            throw new ScimResourceNotFoundException("User " + str + " does not exist");
        }
        if (update != 1) {
            throw new ScimResourceConstraintFailedException("User " + str + " duplicated");
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning
    public boolean checkPasswordMatches(String str, String str2) {
        try {
            return this.passwordEncoder.matches(str2, (String) this.jdbcTemplate.queryForObject(READ_PASSWORD_SQL, new Object[]{str, IdentityZoneHolder.get().getId()}, new int[]{12, 12}, String.class));
        } catch (IncorrectResultSizeDataAccessException e) {
            throw new ScimResourceNotFoundException("User " + str + " does not exist");
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public ScimUser delete(String str, int i) {
        ScimUser retrieve = retrieve(str);
        return this.deactivateOnDelete ? deactivateUser(retrieve, i) : deleteUser(retrieve, i);
    }

    private ScimUser deactivateUser(ScimUser scimUser, int i) {
        this.logger.debug("Deactivating user: " + scimUser.getId());
        int update = i < 0 ? this.jdbcTemplate.update(DEACTIVATE_USER_SQL, false, scimUser.getId(), IdentityZoneHolder.get().getId()) : this.jdbcTemplate.update("update users set active=? where id=? and identity_zone_id=? and version=?", false, scimUser.getId(), IdentityZoneHolder.get().getId(), Integer.valueOf(i));
        if (update == 0) {
            throw new OptimisticLockingFailureException(String.format("Attempt to update a user (%s) with wrong version: expected=%d but found=%d", scimUser.getId(), Integer.valueOf(scimUser.getVersion()), Integer.valueOf(i)));
        }
        if (update > 1) {
            throw new IncorrectResultSizeDataAccessException(1);
        }
        scimUser.setActive(false);
        return scimUser;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning
    public ScimUser verifyUser(String str, int i) throws ScimResourceNotFoundException, InvalidScimResourceException {
        this.logger.debug("Verifying user: " + str);
        int update = i < 0 ? this.jdbcTemplate.update(VERIFY_USER_SQL, true, str, IdentityZoneHolder.get().getId()) : this.jdbcTemplate.update("update users set verified=? where id=? and identity_zone_id=? and version=?", true, str, IdentityZoneHolder.get().getId(), Integer.valueOf(i));
        ScimUser retrieve = retrieve(str);
        if (update == 0) {
            throw new OptimisticLockingFailureException(String.format("Attempt to update a user (%s) with wrong version: expected=%d but found=%d", retrieve.getId(), Integer.valueOf(retrieve.getVersion()), Integer.valueOf(i)));
        }
        if (update > 1) {
            throw new IncorrectResultSizeDataAccessException(1);
        }
        return retrieve;
    }

    private ScimUser deleteUser(ScimUser scimUser, int i) {
        this.logger.debug("Deleting user: " + scimUser.getId());
        if ((i < 0 ? this.jdbcTemplate.update(DELETE_USER_SQL, scimUser.getId(), IdentityZoneHolder.get().getId()) : this.jdbcTemplate.update("delete from users where id=? and identity_zone_id=? and version=?", scimUser.getId(), IdentityZoneHolder.get().getId(), Integer.valueOf(i))) == 0) {
            throw new OptimisticLockingFailureException(String.format("Attempt to update a user (%s) with wrong version: expected=%d but found=%d", scimUser.getId(), Integer.valueOf(scimUser.getVersion()), Integer.valueOf(i)));
        }
        return scimUser;
    }

    public void setDeactivateOnDelete(boolean z) {
        this.deactivateOnDelete = z;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder cannot be null");
        this.passwordEncoder = passwordEncoder;
    }

    public void setUsernamePattern(String str) {
        Assert.hasText(str, "Username pattern must not be empty");
        this.usernamePattern = Pattern.compile(str);
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByIdentityZone(String str) {
        this.jdbcTemplate.update(HARD_DELETE_OF_GROUP_MEMBERS_BY_ZONE, str);
        this.jdbcTemplate.update(HARD_DELETE_OF_USER_APPROVALS_BY_ZONE, str);
        return this.jdbcTemplate.update(HARD_DELETE_BY_ZONE, str);
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByOrigin(String str, String str2) {
        this.jdbcTemplate.update(HARD_DELETE_OF_GROUP_MEMBERS_BY_PROVIDER, str2, str);
        this.jdbcTemplate.update(HARD_DELETE_OF_USER_APPROVALS_BY_PROVIDER, str2, str);
        return this.jdbcTemplate.update(HARD_DELETE_BY_PROVIDER, str2, str);
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceMonitor
    public int getTotalCount() {
        Integer num = (Integer) this.jdbcTemplate.queryForObject("select count(*) from users", Integer.class);
        if (num == null) {
            return 0;
        }
        return num.intValue();
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable
    protected void validateOrderBy(String str) throws IllegalArgumentException {
        super.validateOrderBy(str, USER_FIELDS);
    }
}
