package org.alfresco.an2.server.security;

import java.util.Set;
import java.util.regex.Pattern;
import org.alfresco.an2.api.ApiConstants;
import org.alfresco.an2.api.security.NoSuchUserException;
import org.alfresco.an2.api.security.PasswordStrengthException;
import org.alfresco.an2.api.security.UserService;
import org.alfresco.an2.security.SecurityConstants;
import org.alfresco.an2.spi.security.UserServiceSPI;
import org.alfresco.an2.util.security.SecurityUtil;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.lang3.Validate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:WEB-INF/lib/alfresco-an2-server-0.1.0-SNAPSHOT.jar:org/alfresco/an2/server/security/UserServiceImpl.class */
public class UserServiceImpl implements UserService, InitializingBean, SecurityConstants {
    public static final String MSG_BUNDLE_USER_SERVICE = "org.alfresco.an2.messages.UserService";
    public static final String MSG_PASSWORD_STRENGTH = "org.alfresco.an2.messages.UserService.PasswordStrength";
    private static Log logger = LogFactory.getLog(UserServiceImpl.class);
    private final UserServiceSPI userServiceSPI;
    private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    private Pattern passwordPattern;

    public UserServiceImpl(UserServiceSPI userServiceSPI) {
        this.userServiceSPI = userServiceSPI;
    }

    public void setBcryptStrength(int i) {
        Validate.exclusiveBetween(0L, 31L, i, "bcrypt strength must be in range [1,30].");
        this.passwordEncoder = new BCryptPasswordEncoder(i);
    }

    public void setPasswordStrengthRegex(String str) {
        this.passwordPattern = Pattern.compile(str);
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        PropertyCheck.mandatory(this, "userServiceSPI", this.userServiceSPI);
        PropertyCheck.mandatory(this, "passwordStrengthRegex", this.passwordPattern);
    }

    @Override // org.alfresco.an2.api.security.UserService
    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    @Override // org.alfresco.an2.api.security.UserService
    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public void createUser(String str, String str2, Set<String> set) {
        Validate.notBlank(str, "username is blank", new Object[0]);
        Validate.notNull(str2, "password is null", new Object[0]);
        Validate.notNull(set, "roles are null", new Object[0]);
        if (str.equals(ApiConstants.USER_SYSTEM)) {
            throw new IllegalArgumentException(String.format("The %s user is reserved.", ApiConstants.USER_SYSTEM));
        }
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        if (set.contains(ApiConstants.ROLE_SYS_ADMIN) && !ApiConstants.TENANT_SYSTEM.equals(serviceCallContext.getTenant())) {
            throw new IllegalArgumentException("System administrators can only exist in the -system- tenant.");
        }
        if (!this.passwordPattern.matcher(str2).matches()) {
            throw new PasswordStrengthException(MSG_PASSWORD_STRENGTH);
        }
        this.userServiceSPI.createUser(serviceCallContext, str, this.passwordEncoder.encode(str2), set);
        if (logger.isDebugEnabled()) {
            logger.debug("Created user " + SecurityUtil.buildTenantAndUser(serviceCallContext.getTenant(), str));
        }
    }

    @Override // org.alfresco.an2.api.security.UserService
    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public UserService.UserDetails getUser(String str) {
        Validate.notBlank(str);
        UserServiceSPI.UserAuthenticationDetails userAuthenticationDetails = this.userServiceSPI.getUserAuthenticationDetails(ServiceCallContextHolder.get(), str);
        if (userAuthenticationDetails == null) {
            throw new NoSuchUserException(str);
        }
        UserService.UserDetails userDetails = new UserService.UserDetails(userAuthenticationDetails.getId(), userAuthenticationDetails.getTenant(), userAuthenticationDetails.getUsername(), userAuthenticationDetails.getRoles());
        if (logger.isDebugEnabled()) {
            logger.debug("Fetched user: " + userDetails);
        }
        return userDetails;
    }
}
