package com.capitalone.dashboard.service;

import com.capitalone.dashboard.auth.AuthProperties;
import com.capitalone.dashboard.auth.exceptions.DeleteLastAdminException;
import com.capitalone.dashboard.auth.exceptions.UserNotFoundException;
import com.capitalone.dashboard.model.AuthType;
import com.capitalone.dashboard.model.UserInfo;
import com.capitalone.dashboard.model.UserRole;
import com.capitalone.dashboard.repository.UserInfoRepository;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashSet;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/capitalone/dashboard/service/UserInfoServiceImpl.class */
public class UserInfoServiceImpl implements UserInfoService {
    private static final Logger LOGGER = Logger.getLogger(UserInfoServiceImpl.class);
    private UserInfoRepository userInfoRepository;

    @Autowired
    private AuthProperties authProperties;

    @Autowired
    public UserInfoServiceImpl(UserInfoRepository userInfoRepository) {
        this.userInfoRepository = userInfoRepository;
    }

    @Override // com.capitalone.dashboard.service.UserInfoService
    public Collection<? extends GrantedAuthority> getAuthorities(String str, String str2, String str3, String str4, String str5, String str6, AuthType authType) {
        return createAuthorities(getUserInfo(str, str2, str3, str4, str5, str6, authType).getAuthorities());
    }

    @Override // com.capitalone.dashboard.service.UserInfoService
    public UserInfo getUserInfo(String str, String str2, String str3, String str4, String str5, String str6, AuthType authType) {
        UserInfo findByUsernameAndAuthType = this.userInfoRepository.findByUsernameAndAuthType(str, authType);
        if (findByUsernameAndAuthType == null) {
            findByUsernameAndAuthType = createUserInfo(str, str2, str3, str4, str5, str6, authType);
            this.userInfoRepository.save((UserInfoRepository) findByUsernameAndAuthType);
        }
        addAdminRoleToStandardAdminUser(findByUsernameAndAuthType);
        return findByUsernameAndAuthType;
    }

    @Override // com.capitalone.dashboard.service.UserInfoService
    public Collection<UserInfo> getUsers() {
        return Sets.newHashSet(this.userInfoRepository.findAll());
    }

    @Override // com.capitalone.dashboard.service.UserInfoService
    public UserInfo promoteToAdmin(String str, AuthType authType) {
        UserInfo findByUsernameAndAuthType = this.userInfoRepository.findByUsernameAndAuthType(str, authType);
        if (findByUsernameAndAuthType == null) {
            throw new UserNotFoundException(str, authType);
        }
        findByUsernameAndAuthType.getAuthorities().add(UserRole.ROLE_ADMIN);
        return (UserInfo) this.userInfoRepository.save((UserInfoRepository) findByUsernameAndAuthType);
    }

    @Override // com.capitalone.dashboard.service.UserInfoService
    public UserInfo demoteFromAdmin(String str, AuthType authType) {
        if (this.userInfoRepository.findByAuthoritiesIn(UserRole.ROLE_ADMIN).size() <= 1) {
            throw new DeleteLastAdminException();
        }
        UserInfo findByUsernameAndAuthType = this.userInfoRepository.findByUsernameAndAuthType(str, authType);
        if (findByUsernameAndAuthType == null) {
            throw new UserNotFoundException(str, authType);
        }
        findByUsernameAndAuthType.getAuthorities().remove(UserRole.ROLE_ADMIN);
        return (UserInfo) this.userInfoRepository.save((UserInfoRepository) findByUsernameAndAuthType);
    }

    private UserInfo createUserInfo(String str, String str2, String str3, String str4, String str5, String str6, AuthType authType) {
        UserInfo userInfo = new UserInfo();
        userInfo.setUsername(str);
        userInfo.setFirstName(str2);
        userInfo.setMiddleName(str3);
        userInfo.setLastName(str4);
        userInfo.setDisplayName(str5);
        userInfo.setEmailAddress(str6);
        userInfo.setAuthType(authType);
        userInfo.setAuthorities(Sets.newHashSet(UserRole.ROLE_USER));
        return userInfo;
    }

    private void addAdminRoleToStandardAdminUser(UserInfo userInfo) {
        if ("admin".equals(userInfo.getUsername()) && AuthType.STANDARD == userInfo.getAuthType()) {
            userInfo.getAuthorities().add(UserRole.ROLE_ADMIN);
        }
    }

    private Collection<? extends GrantedAuthority> createAuthorities(Collection<UserRole> collection) {
        HashSet hashSet = new HashSet();
        collection.forEach(userRole -> {
            hashSet.add(new SimpleGrantedAuthority(userRole.name()));
        });
        return hashSet;
    }

    @Override // com.capitalone.dashboard.service.UserInfoService
    public boolean isUserValid(String str, AuthType authType) {
        if (this.userInfoRepository.findByUsernameAndAuthType(str, authType) != null) {
            return true;
        }
        if (authType != AuthType.LDAP) {
            return false;
        }
        try {
            return searchLdapUser(str);
        } catch (NamingException e) {
            LOGGER.error("Failed to query ldap for " + str, e);
            return false;
        }
    }

    private boolean searchLdapUser(String str) throws NamingException {
        String substring;
        String str2;
        boolean z = false;
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.security.protocol", "ssl");
        properties.put("java.naming.security.authentication", BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
        try {
            if (StringUtils.isBlank(this.authProperties.getAdUrl())) {
                properties.put("java.naming.provider.url", this.authProperties.getLdapServerUrl());
                properties.put("java.naming.security.principal", StringUtils.replace(this.authProperties.getLdapUserDnPattern(), "{0}", this.authProperties.getLdapBindUser()));
            } else {
                properties.put("java.naming.provider.url", this.authProperties.getAdUrl());
                properties.put("java.naming.security.principal", this.authProperties.getLdapBindUser() + "@" + this.authProperties.getAdDomain());
            }
            properties.put("java.naming.security.credentials", this.authProperties.getLdapBindPass());
            InitialDirContext initialDirContext = new InitialDirContext(properties);
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                if (StringUtils.isBlank(this.authProperties.getAdUrl())) {
                    substring = this.authProperties.getLdapUserDnPattern().substring(this.authProperties.getLdapUserDnPattern().indexOf(44) + 1, this.authProperties.getLdapUserDnPattern().length());
                    str2 = "(&(objectClass=user)(sAMAccountName=" + str + "))";
                } else {
                    substring = this.authProperties.getAdRootDn();
                    str2 = "(&(objectClass=user)(userPrincipalName=" + str + "@" + this.authProperties.getAdDomain() + "))";
                }
                NamingEnumeration search = initialDirContext.search(substring, str2, searchControls);
                if (!search.hasMore()) {
                    return false;
                }
                if (((SearchResult) search.next()).getAttributes().get("memberOf") != null) {
                    z = true;
                }
                initialDirContext.close();
                return z;
            } finally {
                initialDirContext.close();
            }
        } catch (Exception e) {
            LOGGER.error("Failed to retrieve properties for InitialDirContext", e);
            return false;
        }
    }
}
