package org.apache.directory.fortress.core.rbac;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.ObjectFactory;
import org.apache.directory.fortress.core.PasswordException;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.ValidationException;
import org.apache.directory.fortress.core.rbac.OrgUnit;
import org.apache.directory.fortress.core.util.attr.AttrHelper;
import org.apache.directory.fortress.core.util.attr.VUtil;
import org.apache.directory.fortress.core.util.time.CUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/fortress/core/rbac/UserP.class */
public final class UserP {
    private static final String CLS_NM = UserP.class.getName();
    private static UserDAO uDao = new UserDAO();
    private static final Logger LOG = LoggerFactory.getLogger(CLS_NM);
    private static final PolicyP policyP = new PolicyP();
    private static final AdminRoleP admRoleP = new AdminRoleP();
    private static final OrgUnitP orgUnitP = new OrgUnitP();

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<User> search(User user) throws SecurityException {
        return uDao.findUsers(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<User> search(OrgUnit orgUnit, boolean z) throws SecurityException {
        return uDao.findUsers(orgUnit, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<String> search(User user, int i) throws SecurityException {
        return uDao.findUsers(user, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<User> getAuthorizedUsers(Role role) throws SecurityException {
        return uDao.getAuthorizedUsers(role);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Set<String> getAssignedUsers(Set<String> set, String str) throws SecurityException {
        return uDao.getAssignedUsers(set, str);
    }

    final List<String> getAuthorizedUsers(Role role, int i) throws SecurityException {
        return uDao.getAuthorizedUsers(role, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<User> getAssignedUsers(Role role) throws SecurityException {
        return uDao.getAssignedUsers(role);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<User> getAssignedUsers(AdminRole adminRole) throws SecurityException {
        return uDao.getAssignedUsers(adminRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<String> getAssignedRoles(User user) throws SecurityException {
        return uDao.getRoles(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final User read(User user, boolean z) throws SecurityException {
        return uDao.getUser(user, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final User add(User user) throws SecurityException {
        return add(user, true);
    }

    final User add(User user, boolean z) throws SecurityException {
        if (z) {
            validate(user, false);
        }
        return uDao.create(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final User update(User user) throws SecurityException {
        return update(user, true);
    }

    final User update(User user, boolean z) throws SecurityException {
        if (z) {
            validate(user, true);
        }
        return uDao.update(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String softDelete(User user) throws SecurityException {
        User read = read(user, true);
        if (VUtil.isNotNullOrEmpty(read.isSystem()) && read.isSystem().booleanValue()) {
            throw new SecurityException(GlobalErrIds.USER_PLCY_VIOLATION, "softDelete userId [" + user.getUserId() + "] can't be removed due to policy violation, rc=" + GlobalErrIds.USER_PLCY_VIOLATION);
        }
        user.setDescription("DELETED");
        return uDao.update(user).getDn();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String delete(User user) throws SecurityException {
        User read = read(user, true);
        if (VUtil.isNotNullOrEmpty(read.isSystem()) && read.isSystem().booleanValue()) {
            throw new SecurityException(GlobalErrIds.USER_PLCY_VIOLATION, "delete userId [" + user.getUserId() + "] can't be removed due to policy violation, rc=" + GlobalErrIds.USER_PLCY_VIOLATION);
        }
        return uDao.remove(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void deletePwPolicy(User user) throws SecurityException {
        uDao.deletePwPolicy(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Session authenticate(User user) throws SecurityException {
        Session checkPassword = uDao.checkPassword(user);
        if (checkPassword == null) {
            throw new SecurityException(GlobalErrIds.USER_SESS_CREATE_FAILED, "UserP.authenticate failed - null session detected for userId [" + user.getUserId() + "]");
        }
        if (checkPassword.isAuthenticated()) {
            CUtil.validateConstraints(checkPassword, CUtil.ConstraintType.USER, false);
            return checkPassword;
        }
        throw new PasswordException(checkPassword.getErrorId(), "UserP.authenticate failed  for userId [" + user.getUserId() + "] reason code [" + checkPassword.getErrorId() + "] msg [" + checkPassword.getMsg() + "]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Session createSession(User user, boolean z) throws SecurityException {
        Session createSession;
        if (z) {
            createSession = createSessionTrusted(user);
            CUtil.validateConstraints(createSession, CUtil.ConstraintType.USER, false);
        } else {
            VUtil.assertNotNullOrEmpty(user.getPassword(), GlobalErrIds.USER_PW_NULL, CLS_NM + ".createSession");
            createSession = createSession(user);
        }
        if (VUtil.isNotNullOrEmpty(user.getRoles())) {
            List<UserRole> roles = createSession.getRoles();
            ArrayList arrayList = new ArrayList();
            createSession.setRoles(arrayList);
            Iterator<UserRole> it = user.getRoles().iterator();
            while (it.hasNext()) {
                int indexOf = roles.indexOf(it.next());
                if (indexOf != -1) {
                    arrayList.add(roles.get(indexOf));
                }
            }
        }
        CUtil.validateConstraints(createSession, CUtil.ConstraintType.ROLE, true);
        return createSession;
    }

    private Session createSession(User user) throws SecurityException {
        User read = read(user, true);
        read.setContextId(user.getContextId());
        Session authenticate = authenticate(user);
        authenticate.setUser(read);
        return authenticate;
    }

    private Session createSessionTrusted(User user) throws SecurityException {
        User read = read(user, true);
        read.setContextId(user.getContextId());
        if (read.isLocked()) {
            String str = "createSession failed for userId [" + user.getUserId() + "] reason user is locked";
            LOG.warn(str);
            throw new SecurityException(GlobalErrIds.USER_LOCKED_BY_CONST, str);
        }
        Session createSession = new ObjectFactory().createSession();
        createSession.setUserId(user.getUserId());
        createSession.setAuthenticated(false);
        createSession.setUser(read);
        return createSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void lock(User user) throws SecurityException {
        uDao.lock(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void unlock(User user) throws SecurityException {
        uDao.unlock(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void changePassword(User user, char[] cArr) throws SecurityException {
        String userId = user.getUserId();
        if (uDao.changePassword(user, cArr)) {
            return;
        }
        LOG.warn("changePassword failed for user [{}]", userId);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void resetPassword(User user) throws SecurityException {
        uDao.resetUserPassword(user);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String assign(UserRole userRole) throws SecurityException {
        validate(userRole);
        return uDao.assign(userRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String deassign(UserRole userRole) throws SecurityException {
        validate(userRole);
        return uDao.deassign(userRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String assign(UserAdminRole userAdminRole) throws SecurityException {
        validate(userAdminRole);
        return uDao.assign(userAdminRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String deassign(UserAdminRole userAdminRole) throws SecurityException {
        validate(userAdminRole);
        return uDao.deassign(userAdminRole);
    }

    private void validate(UserRole userRole) throws ValidationException {
        if (!VUtil.isNotNullOrEmpty(userRole.getUserId())) {
            throw new ValidationException(GlobalErrIds.USER_ID_NULL, CLS_NM + ".validate userId is NULL");
        }
        if (!VUtil.isNotNullOrEmpty(userRole.getName())) {
            throw new ValidationException(GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".validate name is NULL");
        }
    }

    private void validate(User user, boolean z) throws SecurityException {
        if (z) {
            if (VUtil.isNotNullOrEmpty(user.getCn())) {
                VUtil.safeText(user.getCn(), 80);
            }
            if (VUtil.isNotNullOrEmpty(user.getSn())) {
                VUtil.safeText(user.getSn(), 80);
            }
            if (VUtil.isNotNullOrEmpty(user.getPassword())) {
                VUtil.password(user.getPassword());
            }
            if (VUtil.isNotNullOrEmpty(user.getOu())) {
                VUtil.orgUnit(user.getOu());
                OrgUnit orgUnit = new OrgUnit(user.getOu(), OrgUnit.Type.USER);
                orgUnit.setContextId(user.getContextId());
                if (!orgUnitP.isValid(orgUnit)) {
                    throw new ValidationException(GlobalErrIds.USER_OU_INVALID, "validate detected invalid orgUnit name [" + user.getOu() + "] updating user wth userId [" + user.getUserId() + "]");
                }
            }
            if (VUtil.isNotNullOrEmpty(user.getDescription())) {
                VUtil.description(user.getDescription());
            }
        } else {
            VUtil.userId(user.getUserId());
            if (VUtil.isNotNullOrEmpty(user.getCn())) {
                VUtil.safeText(user.getCn(), 80);
            }
            if (VUtil.isNotNullOrEmpty(user.getSn())) {
                VUtil.safeText(user.getSn(), 80);
            }
            if (VUtil.isNotNullOrEmpty(user.getPassword())) {
                VUtil.password(user.getPassword());
            }
            if (!VUtil.isNotNullOrEmpty(user.getOu())) {
                throw new ValidationException(GlobalErrIds.ORG_NULL_USER, "OU validation failed, null or empty value");
            }
            VUtil.orgUnit(user.getOu());
            OrgUnit orgUnit2 = new OrgUnit(user.getOu(), OrgUnit.Type.USER);
            orgUnit2.setContextId(user.getContextId());
            if (!orgUnitP.isValid(orgUnit2)) {
                throw new ValidationException(GlobalErrIds.USER_OU_INVALID, "validate detected invalid orgUnit name [" + user.getOu() + "] adding user with userId [" + user.getUserId() + "]");
            }
            if (VUtil.isNotNullOrEmpty(user.getDescription())) {
                VUtil.description(user.getDescription());
            }
        }
        if (VUtil.isNotNullOrEmpty(user.getPwPolicy())) {
            PwPolicy pwPolicy = new PwPolicy(user.getPwPolicy());
            pwPolicy.setContextId(user.getContextId());
            if (!policyP.isValid(pwPolicy)) {
                throw new ValidationException(GlobalErrIds.USER_PW_PLCY_INVALID, "validate detected invalid OpenLDAP policy name [" + user.getPwPolicy() + "] for userId [" + user.getUserId() + "]. Assignment is optional for User but must be valid if specified.");
            }
        }
        CUtil.validate(user);
        if (VUtil.isNotNullOrEmpty(user.getRoles())) {
            RoleP roleP = new RoleP();
            for (UserRole userRole : user.getRoles()) {
                Role role = new Role(userRole.getName());
                role.setContextId(user.getContextId());
                CUtil.validateOrCopy(roleP.read(role), userRole);
            }
        }
        if (VUtil.isNotNullOrEmpty(user.getAdminRoles())) {
            for (UserAdminRole userAdminRole : user.getAdminRoles()) {
                AdminRole adminRole = new AdminRole(userAdminRole.getName());
                adminRole.setContextId(user.getContextId());
                AdminRole read = admRoleP.read(adminRole);
                CUtil.validateOrCopy(read, userAdminRole);
                AttrHelper.copyAdminAttrs(read, userAdminRole);
            }
        }
    }
}
