package org.imixs.marty.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RunAs;
import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.imixs.marty.profile.ProfilePlugin;
import org.imixs.workflow.ItemCollection;
import org.imixs.workflow.WorkflowKernel;
import org.imixs.workflow.engine.DocumentService;
import org.imixs.workflow.engine.scheduler.Scheduler;
import org.imixs.workflow.exceptions.AccessDeniedException;

@RunAs(DocumentService.ACCESSLEVEL_MANAGERACCESS)
@LocalBean
@DeclareRoles({DocumentService.ACCESSLEVEL_MANAGERACCESS})
@Stateless
/* loaded from: input_file:WEB-INF/lib/imixs-marty-4.2.2.jar:org/imixs/marty/security/UserGroupService.class */
public class UserGroupService {

    @PersistenceContext(unitName = "org.imixs.workflow.jpa")
    private EntityManager manager;

    @Resource
    SessionContext ctx;

    @EJB
    DocumentService documentService;

    @Inject
    @ConfigProperty(name = "security.userid.input.mode", defaultValue = ProfilePlugin.DEFAULT_USER_INPUT_MODE)
    String userInputMode;
    public static String ACCESSLEVEL_NOACCESS = DocumentService.ACCESSLEVEL_NOACCESS;
    public static String DEFAULT_ACCOUNT = "admin";
    public static String DEFAULT_PASSWORD = "adminadmin";
    public static final String[] CORE_GROUPS = {DocumentService.ACCESSLEVEL_MANAGERACCESS, DocumentService.ACCESSLEVEL_EDITORACCESS, DocumentService.ACCESSLEVEL_AUTHORACCESS, DocumentService.ACCESSLEVEL_READERACCESS};
    public static final String[] DEPRECATED_CORE_GROUPS = {"IMIXS-WORKFLOW-Manager", "IMIXS-WORKFLOW-Editor", "IMIXS-WORKFLOW-Author", "IMIXS-WORKFLOW-Reader"};
    private static Logger logger = Logger.getLogger(UserGroupService.class.getName());

    public void updateUser(ItemCollection itemCollection) {
        boolean isLoggable = logger.isLoggable(Level.FINE);
        if ("profile".equals(itemCollection.getItemValueString("Type"))) {
            String itemValueString = itemCollection.getItemValueString("txtName");
            String itemValueString2 = itemCollection.getItemValueString("txtPassword");
            List<String> itemValue = itemCollection.getItemValue("txtGroups");
            UserId userId = (UserId) this.manager.find(UserId.class, itemValueString);
            if (userId == null) {
                userId = new UserId(itemValueString);
                this.manager.persist(userId);
            }
            if (itemValueString2 != null && !"".equals(itemValueString2)) {
                String crypt = Crypter.crypt(itemValueString2);
                userId.setPassword(crypt);
                itemCollection.removeItem("txtPassword");
                logger.info("password change for userid '" + itemValueString + "' by '" + this.ctx.getCallerPrincipal().getName() + "'");
                itemCollection.replaceItemValue("txtpasswordhash", crypt);
            }
            if (userId.getPassword() == null || userId.getPassword().isEmpty()) {
                userId.setPassword(Crypter.crypt(WorkflowKernel.generateUniqueID()));
            }
            HashSet hashSet = new HashSet();
            for (String str : itemValue) {
                if (str != null && !str.isEmpty()) {
                    UserGroup userGroup = (UserGroup) this.manager.find(UserGroup.class, str);
                    if (userGroup == null) {
                        userGroup = new UserGroup(str);
                        this.manager.persist(userGroup);
                    }
                    hashSet.add(userGroup);
                }
            }
            if (hashSet.size() == 0) {
                UserGroup userGroup2 = (UserGroup) this.manager.find(UserGroup.class, ACCESSLEVEL_NOACCESS);
                if (userGroup2 == null) {
                    userGroup2 = new UserGroup(ACCESSLEVEL_NOACCESS);
                    this.manager.persist(userGroup2);
                }
                hashSet.add(userGroup2);
            }
            userId.setUserGroups(hashSet);
            if (isLoggable) {
                logger.fine("...update '" + itemValueString + "'  Groups: ");
                itemValue.forEach(str2 -> {
                    logger.fine("...       '" + str2 + "'");
                });
            }
        }
    }

    public void changeUserId(String str, String str2) {
        if (((UserId) this.manager.find(UserId.class, str2)) != null) {
            logger.warning("changeUser - new userId '" + str2 + "'is still in Use!");
            return;
        }
        UserId userId = (UserId) this.manager.find(UserId.class, str);
        if (userId == null) {
            logger.warning("changeUser - UserID '" + str + "' not found!");
            return;
        }
        UserId userId2 = new UserId(str2);
        userId2.setPassword(userId.getPassword());
        userId2.setUserGroups(userId.getUserGroups());
        this.manager.persist(userId2);
        this.manager.remove(userId);
        logger.info("changeUserId '" + str + "' to '" + str2 + "' by '" + this.ctx.getCallerPrincipal().getName());
    }

    public void removeUserId(String str) {
        UserId userId = (UserId) this.manager.find(UserId.class, str);
        if (userId == null) {
            logger.warning("removeUserId - userId '" + str + "' did not exist!");
        } else {
            this.manager.remove(userId);
            logger.info("removeUserId '" + str + "' by '" + this.ctx.getCallerPrincipal().getName());
        }
    }

    public void initUserIDs() {
        logger.finest("......init UserIDs...");
        verifyExistingProfileData();
        migrateDeprecatedUserRoles();
        String str = DEFAULT_ACCOUNT;
        if ("uppercase".equalsIgnoreCase(this.userInputMode)) {
            str = str.toUpperCase();
        }
        Query createQuery = this.manager.createQuery("SELECT user FROM UserId AS user WHERE user.id='" + str + "'");
        createQuery.setFirstResult(0);
        createQuery.setMaxResults(1);
        List resultList = createQuery.getResultList();
        if (resultList == null || resultList.size() == 0) {
            logger.info("Create default admin account...");
            ItemCollection itemCollection = new ItemCollection();
            itemCollection.replaceItemValue(WorkflowKernel.TYPE, "profile");
            itemCollection.replaceItemValue("txtName", str);
            itemCollection.replaceItemValue("txtPassword", DEFAULT_PASSWORD);
            itemCollection.replaceItemValue("$WorkflowGroup", "Profile");
            itemCollection.replaceItemValue("txtGroups", "IMIXS-WORKFLOW-Manager");
            itemCollection.appendItemValue("txtGroups", DocumentService.ACCESSLEVEL_MANAGERACCESS);
            itemCollection.replaceItemValue(WorkflowKernel.MODELVERSION, "system-de-0.0.1");
            itemCollection.replaceItemValue(WorkflowKernel.WORKFLOWGROUP, "Profil");
            itemCollection.replaceItemValue(WorkflowKernel.PROCESSID, 210);
            try {
                updateUser(itemCollection);
                this.documentService.save(itemCollection);
            } catch (AccessDeniedException e) {
                logger.warning("UserGroupService - unable to initialize default admin account");
                logger.severe(e.getMessage());
            }
        }
    }

    public void migrateDeprecatedUserRoles() {
        boolean z = false;
        String[] strArr = CORE_GROUPS;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (((UserGroup) this.manager.find(UserGroup.class, strArr[i])) == null) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            logger.info("...Imixs core userGroups OK...");
            return;
        }
        logger.info("*************************************************");
        logger.info("...System contains deprecated userGroups!");
        logger.info("...migration to new Imixs core user groups starting....");
        logger.info("*************************************************");
        for (String str : CORE_GROUPS) {
            if (((UserGroup) this.manager.find(UserGroup.class, str)) == null) {
                this.manager.persist(new UserGroup(str));
            }
        }
        migrateExistingProfileData();
        logger.info("*************************************************");
        logger.info("...migration to new Imixs core user groups finished successful.");
        logger.info("*************************************************");
    }

    private void verifyExistingProfileData() {
        logger.info("...verify existing profile data...");
        for (ItemCollection itemCollection : this.documentService.getDocumentsByType("profile")) {
            String itemValueString = itemCollection.getItemValueString(Scheduler.ITEM_SCHEDULER_NAME);
            if (((UserId) this.manager.find(UserId.class, itemValueString)) == null) {
                String itemValueString2 = itemCollection.getItemValueString("txtpasswordhash");
                if (!itemValueString2.isEmpty()) {
                    logger.info("...restore userid '" + itemValueString + "' from existing profile data...");
                    UserId userId = new UserId(itemValueString);
                    userId.setPassword(itemValueString2);
                    this.manager.persist(userId);
                    List<String> itemValue = itemCollection.getItemValue("txtGroups");
                    HashSet hashSet = new HashSet();
                    for (String str : itemValue) {
                        if (str != null && !str.isEmpty()) {
                            UserGroup userGroup = (UserGroup) this.manager.find(UserGroup.class, str);
                            if (userGroup == null) {
                                userGroup = new UserGroup(str);
                                this.manager.persist(userGroup);
                            }
                            hashSet.add(userGroup);
                        }
                    }
                    if (hashSet.size() == 0) {
                        UserGroup userGroup2 = (UserGroup) this.manager.find(UserGroup.class, ACCESSLEVEL_NOACCESS);
                        if (userGroup2 == null) {
                            userGroup2 = new UserGroup(ACCESSLEVEL_NOACCESS);
                            this.manager.persist(userGroup2);
                        }
                        hashSet.add(userGroup2);
                    }
                    userId.setUserGroups(hashSet);
                }
            }
        }
    }

    private void migrateExistingProfileData() {
        int i = 0;
        List asList = Arrays.asList(DEPRECATED_CORE_GROUPS);
        logger.info("migrate deprecated profile data...");
        for (ItemCollection itemCollection : this.documentService.getDocumentsByType("profile")) {
            String itemValueString = itemCollection.getItemValueString(Scheduler.ITEM_SCHEDULER_NAME);
            UserId userId = (UserId) this.manager.find(UserId.class, itemValueString);
            if (userId != null) {
                logger.info("...migate deprecated userroles for '" + itemValueString + "' ...");
                List<String> itemValue = itemCollection.getItemValue("txtGroups");
                ArrayList<String> arrayList = new ArrayList();
                arrayList.addAll(itemValue);
                for (String str : itemValue) {
                    if (asList.contains(str) && !itemValue.contains(getCoreGroupName(str))) {
                        String coreGroupName = getCoreGroupName(str);
                        logger.info("..." + itemValueString + " contains depreacted userrole " + str);
                        logger.info("... Group will be automatically migrated to " + coreGroupName);
                        arrayList.add(coreGroupName);
                    }
                }
                logger.info("...Updating UserGroup objects....");
                HashSet hashSet = new HashSet();
                for (String str2 : arrayList) {
                    if (str2 != null && !str2.isEmpty()) {
                        UserGroup userGroup = (UserGroup) this.manager.find(UserGroup.class, str2);
                        if (userGroup == null) {
                            userGroup = new UserGroup(str2);
                            this.manager.persist(userGroup);
                        }
                        hashSet.add(userGroup);
                    }
                }
                userId.setUserGroups(hashSet);
                if (userId.getPassword() == null || userId.getPassword().isEmpty()) {
                    logger.info("..." + itemValueString + " contains empty password - set random password...");
                    userId.setPassword(Crypter.crypt(WorkflowKernel.generateUniqueID()));
                }
                if (arrayList.size() != itemValue.size()) {
                    itemCollection.setItemValue("txtGroups", arrayList);
                    this.documentService.save(itemCollection);
                    i++;
                }
            }
        }
        logger.info("... " + i + " user profiles updated....");
    }

    public String getDeprecatedGroupName(String str) {
        int indexOf = Arrays.asList(CORE_GROUPS).indexOf(str);
        if (indexOf >= 0) {
            return DEPRECATED_CORE_GROUPS[indexOf];
        }
        return null;
    }

    public String getCoreGroupName(String str) {
        int indexOf = Arrays.asList(DEPRECATED_CORE_GROUPS).indexOf(str);
        if (indexOf >= 0) {
            return CORE_GROUPS[indexOf];
        }
        return null;
    }
}
