package org.duracloud.account.db.util.impl;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import org.duracloud.account.config.AmaEndpoint;
import org.duracloud.account.db.model.AccountInfo;
import org.duracloud.account.db.model.AccountRights;
import org.duracloud.account.db.model.DuracloudGroup;
import org.duracloud.account.db.model.DuracloudUser;
import org.duracloud.account.db.model.Role;
import org.duracloud.account.db.model.UserInvitation;
import org.duracloud.account.db.model.util.InitUserCredential;
import org.duracloud.account.db.repo.DuracloudGroupRepo;
import org.duracloud.account.db.repo.DuracloudRepoMgr;
import org.duracloud.account.db.repo.DuracloudRightsRepo;
import org.duracloud.account.db.repo.DuracloudUserInvitationRepo;
import org.duracloud.account.db.repo.DuracloudUserRepo;
import org.duracloud.account.db.util.DuracloudUserService;
import org.duracloud.account.db.util.error.DBNotFoundException;
import org.duracloud.account.db.util.error.InvalidPasswordException;
import org.duracloud.account.db.util.error.InvalidRedemptionCodeException;
import org.duracloud.account.db.util.error.InvalidUsernameException;
import org.duracloud.account.db.util.error.ReservedPrefixException;
import org.duracloud.account.db.util.error.ReservedUsernameException;
import org.duracloud.account.db.util.error.UnsentEmailException;
import org.duracloud.account.db.util.error.UserAlreadyExistsException;
import org.duracloud.account.db.util.notification.NotificationMgr;
import org.duracloud.account.db.util.notification.Notifier;
import org.duracloud.account.db.util.usermgmt.UserDetailsPropagator;
import org.duracloud.common.util.ChecksumUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/duracloud/account/db/util/impl/DuracloudUserServiceImpl.class */
public class DuracloudUserServiceImpl implements DuracloudUserService, UserDetailsService {
    private Logger log = LoggerFactory.getLogger(DuracloudUserServiceImpl.class);
    private DuracloudRepoMgr repoMgr;
    private UserDetailsPropagator propagator;
    private NotificationMgr notificationMgr;
    private Notifier notifier;
    private AmaEndpoint amaEndpoint;

    public DuracloudUserServiceImpl(DuracloudRepoMgr duracloudRepoMgr, NotificationMgr notificationMgr, UserDetailsPropagator userDetailsPropagator, AmaEndpoint amaEndpoint) {
        this.repoMgr = duracloudRepoMgr;
        this.notificationMgr = notificationMgr;
        this.propagator = userDetailsPropagator;
        this.amaEndpoint = amaEndpoint;
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public void checkUsername(String str) throws InvalidUsernameException, UserAlreadyExistsException {
        if (!isValidUsername(str)) {
            throw new InvalidUsernameException(str);
        }
        if (isReservedPrefix(str)) {
            throw new ReservedPrefixException(str);
        }
        if (isReservedName(str)) {
            throw new ReservedUsernameException(str);
        }
        if (this.repoMgr.getUserRepo().findByUsername(str) != null) {
            throw new UserAlreadyExistsException(str);
        }
    }

    private boolean isValidUsername(String str) {
        if (str == null) {
            return false;
        }
        return str.matches("\\A(?![_.@\\-])[a-z0-9_.@\\-]+(?<![_.@\\-])\\Z");
    }

    private boolean isReservedName(String str) {
        return "root".equalsIgnoreCase(str) || new InitUserCredential().getUsername().equalsIgnoreCase(str);
    }

    private boolean isReservedPrefix(String str) {
        return str.startsWith("group-");
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public DuracloudUser createNewUser(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws UserAlreadyExistsException, InvalidUsernameException {
        checkUsername(str);
        ChecksumUtil checksumUtil = new ChecksumUtil(ChecksumUtil.Algorithm.SHA_256);
        DuracloudUser duracloudUser = new DuracloudUser();
        duracloudUser.setUsername(str);
        duracloudUser.setPassword(checksumUtil.generateChecksum(str2));
        duracloudUser.setFirstName(str3);
        duracloudUser.setLastName(str4);
        duracloudUser.setEmail(str5);
        duracloudUser.setSecurityQuestion(str6);
        duracloudUser.setSecurityAnswer(str7);
        this.repoMgr.getUserRepo().save(duracloudUser);
        this.log.info("New user created with username {}", str);
        getNotifier().sendNotificationCreateNewUser(duracloudUser);
        return duracloudUser;
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public boolean setUserRights(Long l, Long l2, Role... roleArr) {
        return setUserRightsInternal(l, l2, roleArr);
    }

    private boolean setUserRightsInternal(Long l, Long l2, Role... roleArr) {
        HashSet hashSet = new HashSet();
        for (Role role : roleArr) {
            hashSet.add(role);
        }
        this.log.info("Updating user rights for user {} on account {} to roles " + asString(hashSet), l2, l);
        boolean doSetUserRights = doSetUserRights(l, l2, hashSet);
        if (doSetUserRights) {
            this.propagator.propagateRights(l, l2, hashSet);
        }
        return doSetUserRights;
    }

    private boolean doSetUserRights(Long l, Long l2, Set<Role> set) {
        if (null == set) {
            throw new IllegalArgumentException("Role may not be null");
        }
        Set set2 = null;
        HashSet hashSet = new HashSet();
        Iterator<Role> it = set.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getRoleHierarchy());
        }
        AccountRights findByAccountIdAndUserId = this.repoMgr.getRightsRepo().findByAccountIdAndUserId(l, l2);
        if (findByAccountIdAndUserId != null) {
            set2 = findByAccountIdAndUserId.getRoles();
        } else {
            this.log.info("New rights will be added for user {} on account {}", l2, l);
        }
        boolean z = !hashSet.equals(set2);
        if (z) {
            saveRights(l, l2, hashSet, findByAccountIdAndUserId);
        }
        return z;
    }

    private String asString(Set<Role> set) {
        StringBuilder sb = new StringBuilder();
        Iterator<Role> it = set.iterator();
        while (it.hasNext()) {
            sb.append(it.next().name());
            sb.append(",");
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }

    private void saveRights(Long l, Long l2, Set<Role> set, AccountRights accountRights) {
        if (null == accountRights) {
            AccountInfo accountInfo = (AccountInfo) this.repoMgr.getAccountRepo().findOne(l);
            DuracloudUser duracloudUser = (DuracloudUser) this.repoMgr.getUserRepo().findOne(l2);
            accountRights = new AccountRights();
            accountRights.setAccount(accountInfo);
            accountRights.setUser(duracloudUser);
            accountRights.setRoles(set);
        } else {
            accountRights.setRoles(set);
        }
        this.repoMgr.getRightsRepo().save(accountRights);
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public void revokeUserRights(Long l, Long l2) {
        this.log.info("Revoking rights for user {} on account {}", l2, l);
        doRevokeUserRights(l, l2);
        removeUserFromAccountGroups(l, l2);
        this.propagator.propagateRevocation(l, l2);
    }

    private void doRevokeUserRights(Long l, Long l2) {
        DuracloudRightsRepo rightsRepo = this.repoMgr.getRightsRepo();
        AccountRights findByAccountIdAndUserId = rightsRepo.findByAccountIdAndUserId(l, l2);
        if (findByAccountIdAndUserId != null) {
            DuracloudUserRepo userRepo = this.repoMgr.getUserRepo();
            DuracloudUser duracloudUser = (DuracloudUser) userRepo.findOne(l2);
            duracloudUser.getAccountRights().remove(findByAccountIdAndUserId);
            userRepo.saveAndFlush(duracloudUser);
            rightsRepo.delete(findByAccountIdAndUserId.getId());
        }
    }

    private void removeUserFromAccountGroups(Long l, Long l2) {
        DuracloudUser duracloudUser = (DuracloudUser) this.repoMgr.getUserRepo().findOne(l2);
        DuracloudGroupRepo groupRepo = this.repoMgr.getGroupRepo();
        for (DuracloudGroup duracloudGroup : groupRepo.findByAccountId(l)) {
            Set users = duracloudGroup.getUsers();
            if (users.contains(duracloudUser)) {
                users.remove(duracloudUser);
                groupRepo.save(duracloudGroup);
            }
        }
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public void changePassword(Long l, String str, boolean z, String str2) throws DBNotFoundException, InvalidPasswordException {
        if (null == str2 || str2.equals(str)) {
            return;
        }
        this.log.info("Changing password for user with ID {}", l);
        ChecksumUtil checksumUtil = new ChecksumUtil(ChecksumUtil.Algorithm.SHA_256);
        DuracloudUser duracloudUser = (DuracloudUser) this.repoMgr.getUserRepo().findOne(l);
        if (duracloudUser == null) {
            throw new DBNotFoundException("User with ID: " + l + " does not exist.");
        }
        if (!z) {
            str = checksumUtil.generateChecksum(str);
        }
        if (!duracloudUser.getPassword().equals(str)) {
            throw new InvalidPasswordException(l);
        }
        duracloudUser.setPassword(checksumUtil.generateChecksum(str2));
        this.repoMgr.getUserRepo().save(duracloudUser);
        propagateUserUpdate(l);
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public void changePasswordInternal(Long l, String str, boolean z, String str2) throws DBNotFoundException, InvalidPasswordException {
        changePassword(l, str, z, str2);
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public void redeemPasswordChangeRequest(Long l, String str) throws InvalidRedemptionCodeException {
        this.log.info("Redeeming change request for user with ID {}", l);
        DuracloudUserInvitationRepo userInvitationRepo = this.repoMgr.getUserInvitationRepo();
        UserInvitation findByRedemptionCode = userInvitationRepo.findByRedemptionCode(str);
        if (findByRedemptionCode == null) {
            throw new InvalidRedemptionCodeException(str);
        }
        userInvitationRepo.delete(findByRedemptionCode.getId());
    }

    private void propagateUserUpdate(Long l) {
        if (((DuracloudUser) this.repoMgr.getUserRepo().findOne(l)).isRoot()) {
            return;
        }
        Iterator it = this.repoMgr.getRightsRepo().findByUserId(l).iterator();
        while (it.hasNext()) {
            this.propagator.propagateUserUpdate(((AccountRights) it.next()).getAccount().getId(), l);
        }
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public void forgotPassword(String str, String str2, String str3) throws DBNotFoundException, InvalidPasswordException, UnsentEmailException {
        this.log.info("Resolving forgotten password for user {}", str);
        DuracloudUser loadDuracloudUserByUsernameInternal = loadDuracloudUserByUsernameInternal(str);
        if (!loadDuracloudUserByUsernameInternal.getSecurityQuestion().equalsIgnoreCase(str2) || !loadDuracloudUserByUsernameInternal.getSecurityAnswer().equalsIgnoreCase(str3)) {
            throw new InvalidPasswordException(loadDuracloudUserByUsernameInternal.getId());
        }
        String generateChecksum = new ChecksumUtil(ChecksumUtil.Algorithm.MD5).generateChecksum(str + System.currentTimeMillis());
        UserInvitation userInvitation = new UserInvitation((Long) null, (AccountInfo) null, "n/a", "n/a", "n/a", "n/a", str, loadDuracloudUserByUsernameInternal.getEmail(), 14, generateChecksum);
        this.repoMgr.getUserInvitationRepo().save(userInvitation);
        getNotifier().sendNotificationPasswordReset(loadDuracloudUserByUsernameInternal, generateChecksum, userInvitation.getExpirationDate());
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public UserInvitation retrievePassordChangeInvitation(String str) throws DBNotFoundException {
        UserInvitation findByRedemptionCode = this.repoMgr.getUserInvitationRepo().findByRedemptionCode(str);
        if (findByRedemptionCode == null) {
            throw new DBNotFoundException("Change password invitation with redemption code: " + str + " does not exist");
        }
        if (findByRedemptionCode.getExpirationDate().getTime() >= System.currentTimeMillis()) {
            return findByRedemptionCode;
        }
        this.log.info("invitation {} has expired. Deleting from repo...", findByRedemptionCode);
        this.repoMgr.getUserInvitationRepo().delete(findByRedemptionCode.getId());
        throw new DBNotFoundException("Invitation has expired: " + findByRedemptionCode);
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        try {
            return loadDuracloudUserByUsername(str);
        } catch (DBNotFoundException e) {
            throw new UsernameNotFoundException(e.getMessage());
        }
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public DuracloudUser loadDuracloudUserByUsername(String str) throws DBNotFoundException {
        return loadDuracloudUserByUsernameInternal(str);
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public DuracloudUser loadDuracloudUserByUsernameInternal(String str) throws DBNotFoundException {
        DuracloudUser findByUsername = this.repoMgr.getUserRepo().findByUsername(str);
        if (findByUsername == null) {
            throw new DBNotFoundException("User with username: " + str + " does not exist");
        }
        return findByUsername;
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public DuracloudUser loadDuracloudUserByIdInternal(Long l) throws DBNotFoundException {
        DuracloudUser duracloudUser = (DuracloudUser) this.repoMgr.getUserRepo().findOne(l);
        if (duracloudUser == null) {
            throw new DBNotFoundException("User with ID: " + l + " does not exist");
        }
        return duracloudUser;
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public Long redeemAccountInvitation(Long l, String str) throws InvalidRedemptionCodeException {
        this.log.info("Redeeming account invitation for user with ID {}", l);
        DuracloudUserInvitationRepo userInvitationRepo = this.repoMgr.getUserInvitationRepo();
        UserInvitation findByRedemptionCode = userInvitationRepo.findByRedemptionCode(str);
        if (findByRedemptionCode == null) {
            throw new InvalidRedemptionCodeException(str);
        }
        if (!userHasAccountRights(l, findByRedemptionCode.getAccount().getId())) {
            setUserRights(findByRedemptionCode.getAccount().getId(), l, Role.ROLE_USER);
        }
        userInvitationRepo.delete(findByRedemptionCode.getId());
        DuracloudUser duracloudUser = (DuracloudUser) this.repoMgr.getUserRepo().findOne(l);
        DuracloudUser findByUsername = this.repoMgr.getUserRepo().findByUsername(findByRedemptionCode.getAdminUsername());
        if (findByUsername == null) {
            throw new UnsentEmailException("Exception encountered attempting to send admin user " + findByRedemptionCode.getAdminUsername() + " notice that user with id " + l + " accepted their account invitation", new DBNotFoundException("Admin user with username: " + findByRedemptionCode.getAdminUsername() + "does not exist"));
        }
        getNotifier().sendNotificationRedeemedInvitation(duracloudUser, findByUsername.getEmail());
        return findByRedemptionCode.getAccount().getId();
    }

    private boolean userHasAccountRights(Long l, Long l2) {
        return this.repoMgr.getRightsRepo().findByAccountIdAndUserId(l2, l) != null;
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public void storeUserDetails(Long l, String str, String str2, String str3, String str4, String str5, String str6) throws DBNotFoundException {
        this.log.info("Updating user details for user with ID {}", l);
        DuracloudUser duracloudUser = (DuracloudUser) this.repoMgr.getUserRepo().findOne(l);
        if (duracloudUser == null) {
            throw new DBNotFoundException("User with ID: " + l + " does not exist");
        }
        boolean z = !duracloudUser.getEmail().equals(str3);
        boolean z2 = !Objects.equals(duracloudUser.getAllowableIPAddressRange(), str6);
        duracloudUser.setFirstName(str);
        duracloudUser.setLastName(str2);
        duracloudUser.setEmail(str3);
        duracloudUser.setSecurityQuestion(str4);
        duracloudUser.setSecurityAnswer(str5);
        duracloudUser.setAllowableIPAddressRange(str6);
        this.repoMgr.getUserRepo().save(duracloudUser);
        if (z || z2) {
            propagateUserUpdate(l);
        }
    }

    private Notifier getNotifier() {
        if (null == this.notifier) {
            this.notifier = new Notifier(this.notificationMgr.getEmailer(), this.amaEndpoint);
        }
        return this.notifier;
    }

    @Override // org.duracloud.account.db.util.DuracloudUserService
    public boolean addUserToAccount(Long l, Long l2) throws DBNotFoundException {
        boolean userRightsInternal = setUserRightsInternal(l, l2, Role.ROLE_USER);
        if (userRightsInternal) {
            DuracloudUser loadDuracloudUserByIdInternal = loadDuracloudUserByIdInternal(l2);
            AccountInfo accountInfo = (AccountInfo) this.repoMgr.getAccountRepo().findOne(l);
            if (accountInfo == null) {
                throw new DBNotFoundException("Account with ID: " + l + " does not exist");
            }
            getNotifier().sendNotificationUserAddedToAccount(loadDuracloudUserByIdInternal, accountInfo);
        }
        return userRightsInternal;
    }
}
