package org.sonar.server.user;

import com.google.common.base.Joiner;
import com.google.common.base.Predicate;
import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.apache.commons.codec.digest.DigestUtils;
import org.sonar.api.config.Settings;
import org.sonar.api.platform.NewUserHandler;
import org.sonar.api.server.ServerSide;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserGroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.Message;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.ServerException;
import org.sonar.server.issue.IssueUpdater;
import org.sonar.server.user.index.UserIndexer;
import org.sonar.server.util.Validation;

@ServerSide
/* loaded from: input_file:org/sonar/server/user/UserUpdater.class */
public class UserUpdater {
    public static final String SQ_AUTHORITY = "sonarqube";
    private static final String LOGIN_PARAM = "Login";
    private static final String PASSWORD_PARAM = "Password";
    private static final String NAME_PARAM = "Name";
    private static final String EMAIL_PARAM = "Email";
    private static final int LOGIN_MIN_LENGTH = 3;
    private static final int LOGIN_MAX_LENGTH = 255;
    private static final int EMAIL_MAX_LENGTH = 100;
    private static final int NAME_MAX_LENGTH = 200;
    private final NewUserNotifier newUserNotifier;
    private final Settings settings;
    private final DbClient dbClient;
    private final UserIndexer userIndexer;
    private final System2 system2;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/server/user/UserUpdater$GroupDtoMatchKey.class */
    public static class GroupDtoMatchKey implements Predicate<GroupDto> {
        private final String key;

        public GroupDtoMatchKey(String str) {
            this.key = str;
        }

        public boolean apply(@Nullable GroupDto groupDto) {
            return groupDto != null && groupDto.getKey().equals(this.key);
        }
    }

    public UserUpdater(NewUserNotifier newUserNotifier, Settings settings, DbClient dbClient, UserIndexer userIndexer, System2 system2) {
        this.newUserNotifier = newUserNotifier;
        this.settings = settings;
        this.dbClient = dbClient;
        this.userIndexer = userIndexer;
        this.system2 = system2;
    }

    public boolean create(NewUser newUser) {
        DbSession openSession = this.dbClient.openSession(false);
        try {
            boolean create = create(openSession, newUser);
            this.dbClient.closeSession(openSession);
            return create;
        } catch (Throwable th) {
            this.dbClient.closeSession(openSession);
            throw th;
        }
    }

    public boolean create(DbSession dbSession, NewUser newUser) {
        boolean z = false;
        UserDto createNewUserDto = createNewUserDto(dbSession, newUser);
        String login = createNewUserDto.getLogin();
        UserDto selectByLogin = this.dbClient.userDao().selectByLogin(dbSession, createNewUserDto.getLogin());
        if (selectByLogin == null) {
            saveUser(dbSession, createNewUserDto);
            addDefaultGroup(dbSession, createNewUserDto);
        } else {
            z = reactivateUser(dbSession, selectByLogin, login, newUser);
        }
        dbSession.commit();
        notifyNewUser(createNewUserDto.getLogin(), createNewUserDto.getName(), newUser.email());
        this.userIndexer.index();
        return z;
    }

    private boolean reactivateUser(DbSession dbSession, UserDto userDto, String str, NewUser newUser) {
        if (userDto.isActive()) {
            throw new IllegalArgumentException(String.format("An active user with login '%s' already exists", str));
        }
        UpdateUser scmAccounts = UpdateUser.create(str).setName(newUser.name()).setEmail(newUser.email()).setScmAccounts(newUser.scmAccounts());
        if (newUser.password() != null) {
            scmAccounts.setPassword(newUser.password());
        }
        if (newUser.externalIdentity() != null) {
            scmAccounts.setExternalIdentity(newUser.externalIdentity());
        }
        userDto.setLocal(true);
        updateUserDto(dbSession, scmAccounts, userDto);
        updateUser(dbSession, userDto);
        addDefaultGroup(dbSession, userDto);
        return true;
    }

    public void update(UpdateUser updateUser) {
        DbSession openSession = this.dbClient.openSession(false);
        try {
            update(openSession, updateUser);
        } finally {
            this.dbClient.closeSession(openSession);
        }
    }

    public void update(DbSession dbSession, UpdateUser updateUser) {
        UserDto selectByLogin = this.dbClient.userDao().selectByLogin(dbSession, updateUser.login());
        if (selectByLogin == null) {
            throw new NotFoundException(String.format("User with login '%s' has not been found", updateUser.login()));
        }
        updateUserDto(dbSession, updateUser, selectByLogin);
        updateUser(dbSession, selectByLogin);
        dbSession.commit();
        notifyNewUser(selectByLogin.getLogin(), selectByLogin.getName(), selectByLogin.getEmail());
        this.userIndexer.index();
    }

    public void deactivateUserByLogin(String str) {
        DbSession openSession = this.dbClient.openSession(false);
        try {
            this.dbClient.userTokenDao().deleteByLogin(openSession, str);
            this.dbClient.userDao().deactivateUserByLogin(openSession, str);
            this.userIndexer.index();
        } finally {
            this.dbClient.closeSession(openSession);
        }
    }

    public void checkCurrentPassword(String str, String str2) {
        DbSession openSession = this.dbClient.openSession(false);
        try {
            UserDto selectOrFailByLogin = this.dbClient.userDao().selectOrFailByLogin(openSession, str);
            if (UserDto.encryptPassword(str2, selectOrFailByLogin.getSalt()).equals(selectOrFailByLogin.getCryptedPassword())) {
            } else {
                throw new IllegalArgumentException("Incorrect password");
            }
        } finally {
            openSession.close();
        }
    }

    private UserDto createNewUserDto(DbSession dbSession, NewUser newUser) {
        UserDto userDto = new UserDto();
        ArrayList newArrayList = Lists.newArrayList();
        String login = newUser.login();
        if (validateLoginFormat(login, newArrayList)) {
            userDto.setLogin(login);
        }
        String name = newUser.name();
        if (validateNameFormat(name, newArrayList)) {
            userDto.setName(name);
        }
        String email = newUser.email();
        if (email != null && validateEmailFormat(email, newArrayList)) {
            userDto.setEmail(email);
        }
        String password = newUser.password();
        if (password != null && validatePasswords(password, newArrayList)) {
            setEncryptedPassWord(password, userDto);
        }
        List<String> sanitizeScmAccounts = sanitizeScmAccounts(newUser.scmAccounts());
        if (sanitizeScmAccounts != null && !sanitizeScmAccounts.isEmpty()) {
            validateScmAccounts(dbSession, sanitizeScmAccounts, login, email, null, newArrayList);
            userDto.setScmAccounts(sanitizeScmAccounts);
        }
        setExternalIdentity(userDto, newUser.externalIdentity());
        if (newArrayList.isEmpty()) {
            return userDto;
        }
        throw new BadRequestException(newArrayList);
    }

    private void updateUserDto(DbSession dbSession, UpdateUser updateUser, UserDto userDto) {
        ArrayList newArrayList = Lists.newArrayList();
        String name = updateUser.name();
        if (updateUser.isNameChanged() && validateNameFormat(name, newArrayList)) {
            userDto.setName(name);
        }
        String email = updateUser.email();
        if (updateUser.isEmailChanged() && validateEmailFormat(email, newArrayList)) {
            userDto.setEmail(email);
        }
        if (updateUser.isExternalIdentityChanged()) {
            setExternalIdentity(userDto, updateUser.externalIdentity());
            userDto.setSalt((String) null);
            userDto.setCryptedPassword((String) null);
        } else {
            String password = updateUser.password();
            if (updateUser.isPasswordChanged() && validatePasswords(password, newArrayList) && checkPasswordChangeAllowed(userDto, newArrayList)) {
                setEncryptedPassWord(password, userDto);
            }
        }
        if (updateUser.isScmAccountsChanged()) {
            List<String> sanitizeScmAccounts = sanitizeScmAccounts(updateUser.scmAccounts());
            if (sanitizeScmAccounts == null || sanitizeScmAccounts.isEmpty()) {
                userDto.setScmAccounts((String) null);
            } else {
                if (validateScmAccounts(dbSession, sanitizeScmAccounts, userDto.getLogin(), email != null ? email : userDto.getEmail(), userDto, newArrayList)) {
                    userDto.setScmAccounts(sanitizeScmAccounts);
                }
            }
        }
        if (!newArrayList.isEmpty()) {
            throw new BadRequestException(newArrayList);
        }
    }

    private static void setExternalIdentity(UserDto userDto, @Nullable ExternalIdentity externalIdentity) {
        if (externalIdentity == null) {
            userDto.setExternalIdentity(userDto.getLogin());
            userDto.setExternalIdentityProvider(SQ_AUTHORITY);
            userDto.setLocal(true);
        } else {
            userDto.setExternalIdentity(externalIdentity.getId());
            userDto.setExternalIdentityProvider(externalIdentity.getProvider());
            userDto.setLocal(false);
        }
    }

    private static boolean checkNotEmptyParam(@Nullable String str, String str2, List<Message> list) {
        if (!Strings.isNullOrEmpty(str)) {
            return true;
        }
        list.add(Message.of(Validation.CANT_BE_EMPTY_MESSAGE, str2));
        return false;
    }

    private static boolean validateLoginFormat(@Nullable String str, List<Message> list) {
        boolean checkNotEmptyParam = checkNotEmptyParam(str, LOGIN_PARAM, list);
        if (!Strings.isNullOrEmpty(str)) {
            if (str.length() < 3) {
                list.add(Message.of(Validation.IS_TOO_SHORT_MESSAGE, LOGIN_PARAM, 3));
                return false;
            }
            if (str.length() > LOGIN_MAX_LENGTH) {
                list.add(Message.of(Validation.IS_TOO_LONG_MESSAGE, LOGIN_PARAM, Integer.valueOf(LOGIN_MAX_LENGTH)));
                return false;
            }
            if (!str.matches("\\A\\w[\\w\\.\\-_@]+\\z")) {
                list.add(Message.of("user.bad_login", new Object[0]));
                return false;
            }
        }
        return checkNotEmptyParam;
    }

    private static boolean validateNameFormat(@Nullable String str, List<Message> list) {
        boolean checkNotEmptyParam = checkNotEmptyParam(str, NAME_PARAM, list);
        if (str == null || str.length() <= NAME_MAX_LENGTH) {
            return checkNotEmptyParam;
        }
        list.add(Message.of(Validation.IS_TOO_LONG_MESSAGE, NAME_PARAM, Integer.valueOf(NAME_MAX_LENGTH)));
        return false;
    }

    private static boolean validateEmailFormat(@Nullable String str, List<Message> list) {
        if (str == null || str.length() <= 100) {
            return true;
        }
        list.add(Message.of(Validation.IS_TOO_LONG_MESSAGE, EMAIL_PARAM, 100));
        return false;
    }

    private static boolean checkPasswordChangeAllowed(UserDto userDto, List<Message> list) {
        if (userDto.isLocal()) {
            return true;
        }
        list.add(Message.of("user.password_cant_be_changed_on_external_auth", new Object[0]));
        return false;
    }

    private static boolean validatePasswords(@Nullable String str, List<Message> list) {
        if (str != null && str.length() != 0) {
            return true;
        }
        list.add(Message.of(Validation.CANT_BE_EMPTY_MESSAGE, PASSWORD_PARAM));
        return false;
    }

    private boolean validateScmAccounts(DbSession dbSession, List<String> list, @Nullable String str, @Nullable String str2, @Nullable UserDto userDto, List<Message> list2) {
        boolean z = true;
        for (String str3 : list) {
            if (str3.equals(str) || str3.equals(str2)) {
                list2.add(Message.of("user.login_or_email_used_as_scm_account", new Object[0]));
                z = false;
            } else {
                List<UserDto> selectByScmAccountOrLoginOrEmail = this.dbClient.userDao().selectByScmAccountOrLoginOrEmail(dbSession, str3);
                ArrayList newArrayList = Lists.newArrayList();
                for (UserDto userDto2 : selectByScmAccountOrLoginOrEmail) {
                    if (userDto == null || !userDto2.getId().equals(userDto.getId())) {
                        newArrayList.add(userDto2.getName() + " (" + userDto2.getLogin() + ")");
                    }
                }
                if (!newArrayList.isEmpty()) {
                    list2.add(Message.of("user.scm_account_already_used", str3, Joiner.on(", ").join(newArrayList)));
                    z = false;
                }
            }
        }
        return z;
    }

    @CheckForNull
    private static List<String> sanitizeScmAccounts(@Nullable List<String> list) {
        if (list != null) {
            list.removeAll(Arrays.asList(null, IssueUpdater.UNUSED));
        }
        return list;
    }

    private void saveUser(DbSession dbSession, UserDto userDto) {
        long now = this.system2.now();
        userDto.setActive(true).setCreatedAt(Long.valueOf(now)).setUpdatedAt(Long.valueOf(now));
        this.dbClient.userDao().insert(dbSession, userDto);
        addDefaultGroup(dbSession, userDto);
    }

    private void updateUser(DbSession dbSession, UserDto userDto) {
        userDto.setActive(true).setUpdatedAt(Long.valueOf(this.system2.now()));
        this.dbClient.userDao().update(dbSession, userDto);
    }

    private static void setEncryptedPassWord(String str, UserDto userDto) {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        String sha1Hex = DigestUtils.sha1Hex(bArr);
        userDto.setSalt(sha1Hex);
        userDto.setCryptedPassword(UserDto.encryptPassword(str, sha1Hex));
    }

    private void notifyNewUser(String str, String str2, String str3) {
        this.newUserNotifier.onNewUser(NewUserHandler.Context.builder().setLogin(str).setName(str2).setEmail(str3).build());
    }

    private void addDefaultGroup(DbSession dbSession, UserDto userDto) {
        String string = this.settings.getString("sonar.defaultGroup");
        if (string == null) {
            throw new ServerException(500, String.format("The default group property '%s' is null", "sonar.defaultGroup"));
        }
        if (Iterables.any(this.dbClient.groupDao().selectByUserLogin(dbSession, userDto.getLogin()), new GroupDtoMatchKey(string))) {
            return;
        }
        GroupDto selectByName = this.dbClient.groupDao().selectByName(dbSession, string);
        if (selectByName == null) {
            throw new ServerException(500, String.format("The default group '%s' for new users does not exist. Please update the general security settings to fix this issue.", string));
        }
        this.dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setUserId(userDto.getId()).setGroupId(selectByName.getId()));
    }

    public void index() {
        this.userIndexer.index();
    }
}
