package org.alfresco.an2.server.security;

import java.util.Set;
import java.util.regex.Pattern;
import org.alfresco.an2.api.VersionCheckException;
import org.alfresco.an2.api.security.NoSuchUserException;
import org.alfresco.an2.api.security.PasswordStrengthException;
import org.alfresco.an2.api.security.UserExistsException;
import org.alfresco.an2.api.security.UserService;
import org.alfresco.an2.api.security.UsernameFormatException;
import org.alfresco.an2.events.ServiceEvent;
import org.alfresco.an2.events.ServiceEventSender;
import org.alfresco.an2.events.TransactionConstants;
import org.alfresco.an2.events.security.UsernameChangedEvent;
import org.alfresco.an2.log.ServiceLogger;
import org.alfresco.an2.security.SecurityConstants;
import org.alfresco.an2.spi.security.UserServiceSPI;
import org.alfresco.util.PropertyCheck;
import org.apache.camel.ExchangePattern;
import org.apache.camel.ProducerTemplate;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.jackson.JacksonDataFormat;
import org.apache.commons.lang3.Validate;
import org.apache.commons.logging.Log;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.interceptor.TransactionAspectSupport;

@Transactional(readOnly = false, propagation = Propagation.REQUIRED)
/* loaded from: input_file:org/alfresco/an2/server/security/UserServiceImpl.class */
public class UserServiceImpl implements UserService, InitializingBean, SecurityConstants, TransactionConstants {
    public static final String MSG_BUNDLE_USER_SERVICE = "org.alfresco.an2.messages.UserService";
    public static final String MSG_PASSWORD_STRENGTH = "org.alfresco.an2.messages.UserService.PasswordStrength";
    private static Log loggerWrite = ServiceLogger.getWriteLogger(UserServiceImpl.class);
    private static Log loggerRead = ServiceLogger.getReadLogger(UserServiceImpl.class);
    private final ServiceEventSender sender;
    private final UserServiceSPI userServiceSPI;
    private Pattern passwordPattern;
    static final String ENDPOINT_DIRECT = "direct:UserService";
    private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    private final Pattern usernamePattern = Pattern.compile(".[a-zA-Z0-9\\@\\.\\-]{1,256}$");

    /* loaded from: input_file:org/alfresco/an2/server/security/UserServiceImpl$UserServiceRouteBuilder.class */
    public static class UserServiceRouteBuilder extends RouteBuilder {
        public void configure() throws Exception {
            JacksonDataFormat jacksonDataFormat = new JacksonDataFormat();
            jacksonDataFormat.setPrettyPrint(true);
            from(UserServiceImpl.ENDPOINT_DIRECT).routeId(getClass().getSimpleName()).transacted(TransactionConstants.PROPAGATION_REQUIRED).setExchangePattern(ExchangePattern.InOnly).marshal(jacksonDataFormat).multicast().to(new String[]{"jms:topic:org.alfresco.an2.UserService", UserServiceSPI.QUEUE}).end();
        }
    }

    public UserServiceImpl(ProducerTemplate producerTemplate, UserServiceSPI userServiceSPI) {
        this.sender = new ServiceEventSender(producerTemplate, ENDPOINT_DIRECT);
        this.userServiceSPI = userServiceSPI;
    }

    public void setBcryptStrength(int i) {
        Validate.exclusiveBetween(0L, 31L, i, "bcrypt strength must be in range [1,30].");
        this.passwordEncoder = new BCryptPasswordEncoder(i);
    }

    public void setPasswordStrengthRegex(String str) {
        this.passwordPattern = Pattern.compile(str);
    }

    public void afterPropertiesSet() throws Exception {
        PropertyCheck.mandatory(this, "userServiceSPI", this.userServiceSPI);
        PropertyCheck.mandatory(this, "passwordStrengthRegex", this.passwordPattern);
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public void createUser(String str, String str2, Set<String> set) {
        Validate.notBlank(str, "username is blank", new Object[0]);
        Validate.notNull(str2, "password is null", new Object[0]);
        Validate.notNull(set, "roles are null", new Object[0]);
        if (str.equals("system")) {
            throw new IllegalArgumentException(String.format("The %s user is reserved.", "system"));
        }
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        if (set.contains("ROLE_SYS_ADMIN") && !"-system-".equals(serviceCallContext.getTenant())) {
            throw new IllegalArgumentException("System administrators can only exist in the -system- tenant.");
        }
        if (!this.usernamePattern.matcher(str).matches()) {
            throw new UsernameFormatException(str, this.usernamePattern.toString());
        }
        if (!this.passwordPattern.matcher(str2).matches()) {
            throw new PasswordStrengthException(MSG_PASSWORD_STRENGTH);
        }
        this.userServiceSPI.createUser(serviceCallContext, str, this.passwordEncoder.encode(str2), set);
        if (loggerWrite.isDebugEnabled()) {
            ServiceLogger.log(loggerWrite, "Created user %s in tenant %s", str, serviceCallContext.getTenant());
        }
    }

    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public UserService.UserDetails getUser(String str) {
        Validate.notBlank(str);
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        String userId = this.userServiceSPI.getUserId(serviceCallContext, str);
        UserServiceSPI.UserAuthenticationDetails userAuthenticationDetails = userId == null ? null : this.userServiceSPI.getUserAuthenticationDetails(serviceCallContext, userId);
        if (userAuthenticationDetails == null) {
            throw new NoSuchUserException(serviceCallContext.getTenant(), str);
        }
        UserService.UserDetails userDetails = new UserService.UserDetails(userAuthenticationDetails.getId(), userAuthenticationDetails.getVersion(), userAuthenticationDetails.getTenant(), userAuthenticationDetails.getUsername(), userAuthenticationDetails.getRoles());
        if (loggerRead.isDebugEnabled()) {
            ServiceLogger.log(loggerRead, "Fetched user: %s", userDetails);
        }
        return userDetails;
    }

    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public void updateUser(String str, String str2, String str3) {
        Validate.notBlank(str);
        Validate.notBlank(str2);
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        String tenant = serviceCallContext.getTenant();
        boolean z = false;
        boolean z2 = false;
        if (str3 != null) {
            z = true;
            z2 = true;
            if (!this.usernamePattern.matcher(str3).matches()) {
                throw new UsernameFormatException(str3, this.usernamePattern.toString());
            }
            String userId = this.userServiceSPI.getUserId(serviceCallContext, str3);
            UserServiceSPI.UserAuthenticationDetails userAuthenticationDetails = userId == null ? null : this.userServiceSPI.getUserAuthenticationDetails(serviceCallContext, userId);
            if (userId != null || userAuthenticationDetails != null) {
                throw new UserExistsException(tenant, str3);
            }
        }
        if (!z) {
            throw new IllegalArgumentException("No updated data specified.");
        }
        String userId2 = this.userServiceSPI.getUserId(serviceCallContext, str);
        if (userId2 == null) {
            throw new NoSuchUserException(tenant, str);
        }
        if (!this.userServiceSPI.updateUser(serviceCallContext, userId2, str2, z2, str3)) {
            throw new VersionCheckException("user", str, str2);
        }
        if (z2) {
            ServiceEvent usernameChangedEventV1 = new UsernameChangedEvent.UsernameChangedEventV1();
            usernameChangedEventV1.setUsername(str);
            usernameChangedEventV1.setUserId(userId2);
            usernameChangedEventV1.setNewUsername(str3);
            this.sender.send(serviceCallContext, usernameChangedEventV1);
        }
        loggerRead.warn("Transaction status is: " + TransactionAspectSupport.currentTransactionStatus());
        if (loggerWrite.isDebugEnabled()) {
            ServiceLogger.log(loggerWrite, "Updated user %s", str);
        }
    }
}
