package org.alfresco.repo.security.authentication;

import java.io.Serializable;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.admin.patch.impl.SiteLoadPatch;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.cache.TransactionalCache;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.Behaviour;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.tenant.MultiTAdminServiceImpl;
import org.alfresco.repo.tenant.TenantDisabledException;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.repo.tenant.TenantUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.InvalidStoreRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.GUID;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.class */
public class RepositoryAuthenticationDao implements MutableAuthenticationDao, InitializingBean, NodeServicePolicies.OnUpdatePropertiesPolicy, NodeServicePolicies.BeforeDeleteNodePolicy {
    private static final StoreRef STOREREF_USERS = new StoreRef("user", MultiTAdminServiceImpl.STORE_BASE_ID_USER);
    private static Log logger = LogFactory.getLog(RepositoryAuthenticationDao.class);
    protected AuthorityService authorityService;
    protected NodeService nodeService;
    protected TenantService tenantService;
    protected NamespacePrefixResolver namespacePrefixResolver;
    protected PolicyComponent policyComponent;
    private TransactionService transactionService;
    protected CompositePasswordEncoder compositePasswordEncoder;
    private SimpleCache<String, NodeRef> singletonCache;
    private final String KEY_USERFOLDER_NODEREF = "key.userfolder.noderef";
    private SimpleCache<String, CacheEntry> authenticationCache;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/alfresco/repo/security/authentication/RepositoryAuthenticationDao$CacheEntry.class */
    public static class CacheEntry implements Serializable {
        private static final long serialVersionUID = 1;
        public NodeRef nodeRef;
        public UserDetails userDetails;
        public Date credentialExpiryDate;

        public CacheEntry(NodeRef nodeRef, UserDetails userDetails, Date date) {
            this.nodeRef = nodeRef;
            this.userDetails = userDetails;
            this.credentialExpiryDate = date;
        }

        public String toString() {
            return "CacheEntry [nodeRef=" + this.nodeRef + ", userDetails=" + this.userDetails + "]";
        }
    }

    public void setNamespaceService(NamespacePrefixResolver namespacePrefixResolver) {
        this.namespacePrefixResolver = namespacePrefixResolver;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setSingletonCache(SimpleCache<String, NodeRef> simpleCache) {
        this.singletonCache = simpleCache;
    }

    public void setPolicyComponent(PolicyComponent policyComponent) {
        this.policyComponent = policyComponent;
    }

    public void setAuthenticationCache(SimpleCache<String, CacheEntry> simpleCache) {
        this.authenticationCache = simpleCache;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public void setCompositePasswordEncoder(CompositePasswordEncoder compositePasswordEncoder) {
        this.compositePasswordEncoder = compositePasswordEncoder;
    }

    public void afterPropertiesSet() throws Exception {
        this.policyComponent.bindClassBehaviour(NodeServicePolicies.OnUpdatePropertiesPolicy.QNAME, ContentModel.TYPE_PERSON, (Behaviour) new JavaBehaviour(this, "onUpdateProperties"));
        this.policyComponent.bindClassBehaviour(NodeServicePolicies.BeforeDeleteNodePolicy.QNAME, ContentModel.TYPE_USER, (Behaviour) new JavaBehaviour(this, "beforeDeleteNode"));
        this.policyComponent.bindClassBehaviour(NodeServicePolicies.OnUpdatePropertiesPolicy.QNAME, ContentModel.TYPE_USER, (Behaviour) new JavaBehaviour(this, "onUpdateUserProperties"));
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        CacheEntry userEntryOrNull = getUserEntryOrNull(str);
        if (userEntryOrNull == null) {
            throw new UsernameNotFoundException("Could not find user by userName: " + str);
        }
        RepositoryAuthenticatedUser repositoryAuthenticatedUser = userEntryOrNull.userDetails;
        if (userEntryOrNull.credentialExpiryDate == null || userEntryOrNull.credentialExpiryDate.getTime() >= System.currentTimeMillis()) {
            return repositoryAuthenticatedUser;
        }
        if (!(repositoryAuthenticatedUser instanceof RepositoryAuthenticatedUser)) {
            throw new AlfrescoRuntimeException("Unable to retrieve a compatible UserDetails object (requires RepositoryAuthenticatedUser)");
        }
        RepositoryAuthenticatedUser repositoryAuthenticatedUser2 = repositoryAuthenticatedUser;
        return new RepositoryAuthenticatedUser(repositoryAuthenticatedUser.getUsername(), repositoryAuthenticatedUser.getPassword(), repositoryAuthenticatedUser.isEnabled(), repositoryAuthenticatedUser.isAccountNonExpired(), false, repositoryAuthenticatedUser.isAccountNonLocked(), repositoryAuthenticatedUser.getAuthorities(), repositoryAuthenticatedUser2.getHashIndicator(), repositoryAuthenticatedUser2.getSalt());
    }

    public NodeRef getUserOrNull(String str) {
        CacheEntry userEntryOrNull = getUserEntryOrNull(str);
        if (userEntryOrNull == null) {
            return null;
        }
        return userEntryOrNull.nodeRef;
    }

    private CacheEntry getUserEntryOrNull(String str) {
        try {
            return getUserEntryOrNullImpl(str);
        } catch (InvalidStoreRefException unused) {
            return null;
        }
    }

    private CacheEntry getUserEntryOrNullImpl(final String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        return (CacheEntry) this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<CacheEntry>() { // from class: org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.1SearchUserNameCallback
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            public CacheEntry execute() throws Throwable {
                CacheEntry cacheEntry = (CacheEntry) RepositoryAuthenticationDao.this.authenticationCache.get(str);
                if (cacheEntry != null && !RepositoryAuthenticationDao.this.nodeService.exists(cacheEntry.nodeRef)) {
                    RepositoryAuthenticationDao.logger.warn("Detected state cache entry for '" + str + "'. Node does not exist: " + cacheEntry);
                    RepositoryAuthenticationDao.this.removeAuthenticationFromCache(str);
                    cacheEntry = null;
                }
                if (cacheEntry != null) {
                    return cacheEntry;
                }
                List childAssocs = RepositoryAuthenticationDao.this.nodeService.getChildAssocs(RepositoryAuthenticationDao.this.getUserFolderLocation(str), ContentModel.ASSOC_CHILDREN, QName.createQName("http://www.alfresco.org/model/user/1.0", str));
                if (!childAssocs.isEmpty()) {
                    NodeRef name = RepositoryAuthenticationDao.this.tenantService.getName(((ChildAssociationRef) childAssocs.get(0)).getChildRef());
                    Map<QName, Serializable> properties = RepositoryAuthenticationDao.this.nodeService.getProperties(name);
                    Pair<List<String>, String> determinePasswordHash = RepositoryAuthenticationDao.determinePasswordHash(properties);
                    String str2 = (String) DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USER_USERNAME));
                    Serializable serializable = properties.get(ContentModel.PROP_SALT);
                    GrantedAuthority[] grantedAuthorityArr = {new GrantedAuthorityImpl("ROLE_AUTHENTICATED")};
                    boolean isAdminAuthority = RepositoryAuthenticationDao.this.authorityService.isAdminAuthority(str2);
                    Date credentialsExpiryDate = RepositoryAuthenticationDao.this.getCredentialsExpiryDate(str2, properties, Boolean.valueOf(isAdminAuthority));
                    cacheEntry = new CacheEntry(name, new RepositoryAuthenticatedUser(str2, (String) determinePasswordHash.getSecond(), RepositoryAuthenticationDao.this.getEnabled(str2, properties, Boolean.valueOf(isAdminAuthority)), !RepositoryAuthenticationDao.this.getHasExpired(str2, properties, Boolean.valueOf(isAdminAuthority)), credentialsExpiryDate == null || credentialsExpiryDate.getTime() >= System.currentTimeMillis(), !RepositoryAuthenticationDao.this.getLocked(str2, properties, Boolean.valueOf(isAdminAuthority)), grantedAuthorityArr, (List) determinePasswordHash.getFirst(), serializable), credentialsExpiryDate);
                    RepositoryAuthenticationDao.this.authenticationCache.put(str, cacheEntry);
                }
                return cacheEntry;
            }
        }, true);
    }

    public static Pair<List<String>, String> determinePasswordHash(Map<QName, Serializable> map) {
        List list = (List) map.get(ContentModel.PROP_HASH_INDICATOR);
        if (list != null && list.size() > 0) {
            return new Pair<>(list, (String) DefaultTypeConverter.INSTANCE.convert(String.class, map.get(ContentModel.PROP_PASSWORD_HASH)));
        }
        String str = (String) DefaultTypeConverter.INSTANCE.convert(String.class, map.get(ContentModel.PROP_PASSWORD_SHA256));
        if (str != null) {
            return new Pair<>(CompositePasswordEncoder.SHA256, str);
        }
        String str2 = (String) DefaultTypeConverter.INSTANCE.convert(String.class, map.get(ContentModel.PROP_PASSWORD));
        if (str2 != null) {
            return new Pair<>(CompositePasswordEncoder.MD4, str2);
        }
        throw new AlfrescoRuntimeException("Unable to find a password for user '" + map.get(ContentModel.PROP_USER_USERNAME) + "', please check your repository authentication settings.");
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void createUser(String str, char[] cArr) throws AuthenticationException {
        createUser(str, null, cArr);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void createUser(String str, String str2, char[] cArr) throws AuthenticationException {
        this.tenantService.checkDomainUser(str);
        if (getUserOrNull(str) != null) {
            throw new AuthenticationException("User already exists: " + str);
        }
        NodeRef userFolderLocation = getUserFolderLocation(str);
        HashMap hashMap = new HashMap();
        hashMap.put(ContentModel.PROP_USER_USERNAME, str);
        String generate = GUID.generate();
        hashMap.put(ContentModel.PROP_SALT, generate);
        if (str2 == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Hashing raw password to " + this.compositePasswordEncoder.getPreferredEncoding() + " for " + str);
            }
            str2 = this.compositePasswordEncoder.encodePreferred(new String(cArr), generate);
        } else if (logger.isDebugEnabled()) {
            logger.debug("Using hashed password for  " + str);
        }
        hashMap.put(ContentModel.PROP_PASSWORD_HASH, str2);
        hashMap.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList(this.compositePasswordEncoder.getPreferredEncoding()));
        hashMap.put(ContentModel.PROP_ACCOUNT_EXPIRES, false);
        hashMap.put(ContentModel.PROP_CREDENTIALS_EXPIRE, false);
        hashMap.put(ContentModel.PROP_ENABLED, true);
        hashMap.put(ContentModel.PROP_ACCOUNT_LOCKED, false);
        this.nodeService.createNode(userFolderLocation, ContentModel.ASSOC_CHILDREN, QName.createQName("http://www.alfresco.org/model/user/1.0", str), ContentModel.TYPE_USER, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public NodeRef getUserFolderLocation(String str) {
        String str2 = null;
        try {
            str2 = this.tenantService.getUserDomain(str);
        } catch (TenantDisabledException unused) {
        }
        if (str2 == null) {
            str2 = "";
        }
        NodeRef nodeRef = (NodeRef) this.singletonCache.get(String.valueOf(str2) + "key.userfolder.noderef");
        if (nodeRef == null) {
            QName createQName = QName.createQName("sys", "system", this.namespacePrefixResolver);
            QName createQName2 = QName.createQName("sys", SiteLoadPatch.PROPERTIES_PEOPLE, this.namespacePrefixResolver);
            List childAssocs = this.nodeService.getChildAssocs(this.nodeService.getRootNode(TenantUtil.isCurrentDomainDefault() ? this.tenantService.getName(str, new StoreRef(STOREREF_USERS.getProtocol(), STOREREF_USERS.getIdentifier())) : new StoreRef(STOREREF_USERS.getProtocol(), STOREREF_USERS.getIdentifier())), RegexQNamePattern.MATCH_ALL, createQName);
            if (childAssocs.size() == 0) {
                throw new AlfrescoRuntimeException("Required authority system folder path not found: " + createQName);
            }
            List childAssocs2 = this.nodeService.getChildAssocs(((ChildAssociationRef) childAssocs.get(0)).getChildRef(), RegexQNamePattern.MATCH_ALL, createQName2);
            if (childAssocs2.size() == 0) {
                throw new AlfrescoRuntimeException("Required user folder path not found: " + createQName2);
            }
            nodeRef = this.tenantService.getName(((ChildAssociationRef) childAssocs2.get(0)).getChildRef());
            this.singletonCache.put(String.valueOf(this.tenantService.getUserDomain(str)) + "key.userfolder.noderef", nodeRef);
        }
        return nodeRef;
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void updateUser(String str, char[] cArr) throws AuthenticationException {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            throw new AuthenticationException("User name does not exist: " + str);
        }
        Map properties = this.nodeService.getProperties(userOrNull);
        String generate = GUID.generate();
        properties.remove(ContentModel.PROP_SALT);
        properties.put(ContentModel.PROP_SALT, generate);
        properties.put(ContentModel.PROP_PASSWORD_HASH, this.compositePasswordEncoder.encodePreferred(new String(cArr), generate));
        properties.put(ContentModel.PROP_HASH_INDICATOR, this.compositePasswordEncoder.getPreferredEncoding());
        properties.remove(ContentModel.PROP_PASSWORD);
        properties.remove(ContentModel.PROP_PASSWORD_SHA256);
        this.nodeService.setProperties(userOrNull, properties);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void deleteUser(String str) throws AuthenticationException {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            throw new AuthenticationException("User name does not exist: " + str);
        }
        this.nodeService.deleteNode(userOrNull);
    }

    public Object getSalt(UserDetails userDetails) {
        return null;
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean userExists(String str) {
        return getUserOrNull(str) != null;
    }

    protected Map<QName, Serializable> getUserProperties(String str) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            return null;
        }
        return this.nodeService.getProperties(userOrNull);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean getAccountExpires(String str) {
        NodeRef userOrNull;
        Serializable property;
        if (this.authorityService.isAdminAuthority(str) || (userOrNull = getUserOrNull(str)) == null || (property = this.nodeService.getProperty(userOrNull, ContentModel.PROP_ACCOUNT_EXPIRES)) == null) {
            return false;
        }
        return DefaultTypeConverter.INSTANCE.booleanValue(property);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public Date getAccountExpiryDate(String str) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull != null && DefaultTypeConverter.INSTANCE.booleanValue(this.nodeService.getProperty(userOrNull, ContentModel.PROP_ACCOUNT_EXPIRES))) {
            return (Date) DefaultTypeConverter.INSTANCE.convert(Date.class, this.nodeService.getProperty(userOrNull, ContentModel.PROP_ACCOUNT_EXPIRY_DATE));
        }
        return null;
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean getAccountHasExpired(String str) {
        return getHasExpired(str, null, null);
    }

    protected boolean getHasExpired(String str, Map<QName, Serializable> map, Boolean bool) {
        Date date;
        if (bool == null) {
            bool = Boolean.valueOf(this.authorityService.isAdminAuthority(str));
        }
        if (bool.booleanValue()) {
            return false;
        }
        if (map == null) {
            map = getUserProperties(str);
        }
        return map != null && DefaultTypeConverter.INSTANCE.booleanValue(map.get(ContentModel.PROP_ACCOUNT_EXPIRES)) && (date = (Date) DefaultTypeConverter.INSTANCE.convert(Date.class, map.get(ContentModel.PROP_ACCOUNT_EXPIRY_DATE))) != null && date.getTime() < System.currentTimeMillis();
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean getLocked(String str) {
        return getLocked(str, null, null);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean getAccountlocked(String str) {
        return getLocked(str, null, null);
    }

    protected boolean getLocked(String str, Map<QName, Serializable> map, Boolean bool) {
        Serializable serializable;
        if (bool == null) {
            bool = Boolean.valueOf(this.authorityService.isAdminAuthority(str));
        }
        if (bool.booleanValue()) {
            return false;
        }
        if (map == null) {
            map = getUserProperties(str);
        }
        if (map == null || (serializable = map.get(ContentModel.PROP_ACCOUNT_LOCKED)) == null) {
            return false;
        }
        return DefaultTypeConverter.INSTANCE.booleanValue(serializable);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean getCredentialsExpire(String str) {
        return getCredentialsExpire(str, null);
    }

    protected boolean getCredentialsExpire(String str, Map<QName, Serializable> map) {
        Serializable serializable;
        if (this.authorityService.isAdminAuthority(str)) {
            return false;
        }
        if (map == null) {
            map = getUserProperties(str);
        }
        if (map == null || (serializable = map.get(ContentModel.PROP_CREDENTIALS_EXPIRE)) == null) {
            return false;
        }
        return DefaultTypeConverter.INSTANCE.booleanValue(serializable);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public Date getCredentialsExpiryDate(String str) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull != null && DefaultTypeConverter.INSTANCE.booleanValue(this.nodeService.getProperty(userOrNull, ContentModel.PROP_CREDENTIALS_EXPIRE))) {
            return (Date) DefaultTypeConverter.INSTANCE.convert(Date.class, this.nodeService.getProperty(userOrNull, ContentModel.PROP_CREDENTIALS_EXPIRY_DATE));
        }
        return null;
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean getCredentialsHaveExpired(String str) {
        return !loadUserByUsername(str).isCredentialsNonExpired();
    }

    protected boolean getCredentialsHaveExpired(String str, Map<QName, Serializable> map, Boolean bool) {
        Date credentialsExpiryDate = getCredentialsExpiryDate(str, map, bool);
        return !(credentialsExpiryDate == null || (credentialsExpiryDate.getTime() > System.currentTimeMillis() ? 1 : (credentialsExpiryDate.getTime() == System.currentTimeMillis() ? 0 : -1)) >= 0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Date getCredentialsExpiryDate(String str, Map<QName, Serializable> map, Boolean bool) {
        if (bool == null) {
            bool = Boolean.valueOf(this.authorityService.isAdminAuthority(str));
        }
        if (bool.booleanValue()) {
            return null;
        }
        if (map == null) {
            map = getUserProperties(str);
        }
        if (DefaultTypeConverter.INSTANCE.booleanValue(map.get(ContentModel.PROP_CREDENTIALS_EXPIRE))) {
            return (Date) DefaultTypeConverter.INSTANCE.convert(Date.class, map.get(ContentModel.PROP_CREDENTIALS_EXPIRY_DATE));
        }
        return null;
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public boolean getEnabled(String str) {
        return getEnabled(str, null, null);
    }

    protected boolean getEnabled(String str, Map<QName, Serializable> map, Boolean bool) {
        if (bool == null) {
            bool = Boolean.valueOf(this.authorityService.isAdminAuthority(str));
        }
        if (bool.booleanValue()) {
            return true;
        }
        if (map == null) {
            map = getUserProperties(str);
        }
        if (map == null) {
            return false;
        }
        Serializable serializable = map.get(ContentModel.PROP_ENABLED);
        if (serializable == null) {
            return true;
        }
        return DefaultTypeConverter.INSTANCE.booleanValue(serializable);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void setAccountExpires(String str, boolean z) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            throw new AuthenticationException("User not found: " + str);
        }
        this.nodeService.setProperty(userOrNull, ContentModel.PROP_ACCOUNT_EXPIRES, Boolean.valueOf(z));
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void setAccountExpiryDate(String str, Date date) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            throw new AuthenticationException("User not found: " + str);
        }
        this.nodeService.setProperty(userOrNull, ContentModel.PROP_ACCOUNT_EXPIRY_DATE, date);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void setCredentialsExpire(String str, boolean z) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            throw new AuthenticationException("User not found: " + str);
        }
        this.nodeService.setProperty(userOrNull, ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(z));
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void setCredentialsExpiryDate(String str, Date date) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            throw new AuthenticationException("User not found: " + str);
        }
        this.nodeService.setProperty(userOrNull, ContentModel.PROP_CREDENTIALS_EXPIRY_DATE, date);
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void setEnabled(String str, boolean z) {
        if (z || !this.authorityService.isAdminAuthority(str)) {
            NodeRef userOrNull = getUserOrNull(str);
            if (userOrNull == null) {
                throw new AuthenticationException("User not found: " + str);
            }
            this.nodeService.setProperty(userOrNull, ContentModel.PROP_ENABLED, Boolean.valueOf(z));
        }
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public void setLocked(String str, boolean z) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            throw new AuthenticationException("User not found: " + str);
        }
        this.nodeService.setProperty(userOrNull, ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(z));
    }

    @Override // org.alfresco.repo.security.authentication.MutableAuthenticationDao
    public String getMD4HashedPassword(String str) {
        NodeRef userOrNull = getUserOrNull(str);
        if (userOrNull == null) {
            return null;
        }
        Map properties = this.nodeService.getProperties(userOrNull);
        List list = (List) properties.get(ContentModel.PROP_HASH_INDICATOR);
        if (list != null && list.size() == 1 && CompositePasswordEncoder.MD4.equals(list)) {
            return (String) DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_PASSWORD_HASH));
        }
        String str2 = (String) DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_PASSWORD));
        if (str2 != null) {
            return str2;
        }
        logger.error("Request made of MD4 hash for " + str + " but the unable to find it.");
        return null;
    }

    @Override // org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy
    public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> map, Map<QName, Serializable> map2) {
        NodeRef userOrNull;
        String str = (String) DefaultTypeConverter.INSTANCE.convert(String.class, map.get(ContentModel.PROP_USERNAME));
        String str2 = (String) DefaultTypeConverter.INSTANCE.convert(String.class, map2.get(ContentModel.PROP_USERNAME));
        if (str != null && !EqualsHelper.nullSafeEquals(str, str2) && (userOrNull = getUserOrNull(str)) != null) {
            this.nodeService.setProperty(userOrNull, ContentModel.PROP_USER_USERNAME, str2);
            this.nodeService.moveNode(userOrNull, this.nodeService.getPrimaryParent(userOrNull).getParentRef(), ContentModel.ASSOC_CHILDREN, QName.createQName("http://www.alfresco.org/model/user/1.0", str2));
            removeAuthenticationFromCache(str);
        }
        removeAuthenticationFromCache(str2);
    }

    public void onUpdateUserProperties(NodeRef nodeRef, Map<QName, Serializable> map, Map<QName, Serializable> map2) {
        String str = (String) DefaultTypeConverter.INSTANCE.convert(String.class, map.get(ContentModel.PROP_USER_USERNAME));
        if (str != null) {
            removeAuthenticationFromCache(str);
        }
    }

    @Override // org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy
    public void beforeDeleteNode(NodeRef nodeRef) {
        String str = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USER_USERNAME);
        if (str != null) {
            removeAuthenticationFromCache(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeAuthenticationFromCache(String str) {
        this.authenticationCache.remove(str);
        if (this.authenticationCache instanceof TransactionalCache) {
            this.authenticationCache.lockValue(str);
        }
    }
}
