package de.unigreifswald.botanik.floradb.model;

import de.unigreifswald.botanik.floradb.error.FloradbAuthenticationException;
import de.unigreifswald.botanik.floradb.error.FloradbEnitiyNotFoundException;
import de.unigreifswald.botanik.floradb.error.FloradbError;
import de.unigreifswald.botanik.floradb.error.FloradbException;
import de.unigreifswald.botanik.floradb.security.password.PasswordRuleChecker;
import de.unigreifswald.botanik.floradb.security.usertoken.TokenRepository;
import de.unigreifswald.botanik.floradb.security.usertoken.UserToken;
import de.unigreifswald.botanik.floradb.types.User;
import de.unigreifswald.botanik.floradb.types.UserGroup;
import de.unigreifswald.botanik.floradb.types.UserGroupLdapImpl;
import de.unigreifswald.botanik.floradb.types.UserInfo;
import de.unigreifswald.botanik.floradb.types.UserInfoImpl;
import de.unigreifswald.botanik.floradb.types.UserInfoLdapImpl;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.LdapName;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapNameAware;
import org.springframework.ldap.query.LdapQueryBuilder;
import org.springframework.ldap.support.LdapNameBuilder;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder;

/* loaded from: input_file:WEB-INF/lib/floradb-ldap-1.21.8454.jar:de/unigreifswald/botanik/floradb/model/UserGroupModelImpl.class */
public class UserGroupModelImpl implements UserGroupModel, BaseLdapNameAware {
    private static final String LDAP_OBJECTCLASS = "objectclass";
    private static final Logger LOGGER = LoggerFactory.getLogger(UserGroupModelImpl.class);
    private static final String LDAP_ATTRIBUTE_UNIQUE_MEMBER = "uniqueMember";
    private static final String LDAP_ATTRIBUTE_CN = "cn";
    private static final String LDAP_ATTRIBUTE_MEMBEROF = "memberof";
    private static final String LDAP_ATTRIBUTE_GIVEN_NAME = "givenName";
    private static final String LDAP_ATTRIBUTE_SN = "sn";
    private static final String LDAP_ATTRIBUTE_MAIL = "mail";
    private static final int SALT_LENGTH = 8;
    private LdapShaPasswordEncoder passwordEncoder = new LdapShaPasswordEncoder();
    private Random random = new SecureRandom();
    private LdapName baseLdapName;

    @Autowired
    private LdapTemplate ldapTemplate;

    @Autowired
    private TokenRepository tokenRepository;

    @Autowired
    private PasswordRuleChecker passwordRuleChecker;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/floradb-ldap-1.21.8454.jar:de/unigreifswald/botanik/floradb/model/UserGroupModelImpl$NameContextMapper.class */
    public static class NameContextMapper implements ContextMapper<String> {
        private NameContextMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.ldap.core.ContextMapper
        public String mapFromContext(Object obj) throws NamingException {
            return ((DirContextAdapter) obj).getDn().toString();
        }
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void activateUser(String str) {
        removeUserFromGroup(getUserInfo(str), getUserGroup(UserGroupModel.USER_GROUP_NAME_INACTIVE));
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public UserGroup getOrCreateUserGroup(String str) {
        try {
            return getUserGroup(str);
        } catch (EmptyResultDataAccessException e) {
            LOGGER.info("UserGroup " + str + " not found. Creating it.");
            createUserGroup(str);
            return getUserGroup(str);
        }
    }

    protected void createUserGroup(String str) {
        UserGroupLdapImpl userGroupLdapImpl = new UserGroupLdapImpl();
        userGroupLdapImpl.setName(str);
        userGroupLdapImpl.getMembers().add(LdapNameBuilder.newInstance().build());
        userGroupLdapImpl.setDn(LdapNameBuilder.newInstance().add("ou=groups").add(LDAP_ATTRIBUTE_CN, userGroupLdapImpl.getName()).build());
        this.ldapTemplate.create(userGroupLdapImpl);
    }

    protected UserGroup getUserGroup(String str) {
        return (UserGroup) this.ldapTemplate.findOne(LdapQueryBuilder.query().where(LDAP_ATTRIBUTE_CN).is(str), UserGroupLdapImpl.class);
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void addUserToGroup(UserInfo userInfo, UserGroup userGroup) {
        Name createGroup;
        Name userDn = getUserDn(userInfo);
        try {
            createGroup = getGroupDn(userGroup);
        } catch (FloradbException e) {
            LOGGER.info("UserGroup " + userGroup.getName() + " not found. Creating it.");
            createGroup = createGroup(userGroup);
        }
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext(createGroup);
        lookupContext.addAttributeValue(LDAP_ATTRIBUTE_UNIQUE_MEMBER, LdapNameBuilder.newInstance((Name) this.baseLdapName).add(userDn).build());
        this.ldapTemplate.modifyAttributes(lookupContext);
    }

    protected Name getUserDn(UserInfo userInfo) {
        if (userInfo instanceof UserInfoLdapImpl) {
            return ((UserInfoLdapImpl) userInfo).getDn();
        }
        List search = this.ldapTemplate.search(LdapQueryBuilder.query().where(LDAP_OBJECTCLASS).is("inetOrgPerson").and(LDAP_ATTRIBUTE_MAIL).is(userInfo.getEmail()), new NameContextMapper());
        if (search.isEmpty()) {
            throw new FloradbException(FloradbError.ENTITY_NOT_FOUND, "User not found in LDAP: " + userInfo);
        }
        return LdapNameBuilder.newInstance((String) search.get(0)).build();
    }

    private Name createGroup(UserGroup userGroup) {
        LdapName build = LdapNameBuilder.newInstance().add("ou=groups").add(LDAP_ATTRIBUTE_CN, userGroup.getName()).build();
        DirContextAdapter dirContextAdapter = new DirContextAdapter((Name) build);
        dirContextAdapter.setAttributeValues(LDAP_OBJECTCLASS, new String[]{"top", "groupOfUniqueNames"});
        mapToContext(userGroup, dirContextAdapter);
        this.ldapTemplate.bind(dirContextAdapter);
        return build;
    }

    private void mapToContext(UserGroup userGroup, DirContextAdapter dirContextAdapter) {
        dirContextAdapter.setAttributeValue(LDAP_ATTRIBUTE_CN, userGroup.getName());
        dirContextAdapter.setAttributeValue(LDAP_ATTRIBUTE_UNIQUE_MEMBER, LdapUtils.emptyLdapName());
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void removeUserFromGroup(UserInfo userInfo, UserGroup userGroup) {
        Name groupDn = getGroupDn(userGroup);
        Name userDn = getUserDn(userInfo);
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext(groupDn);
        lookupContext.removeAttributeValue(LDAP_ATTRIBUTE_UNIQUE_MEMBER, LdapNameBuilder.newInstance((Name) this.baseLdapName).add(userDn).build());
        this.ldapTemplate.modifyAttributes(lookupContext);
    }

    protected Name getGroupDn(UserGroup userGroup) {
        return getGroupDn(userGroup.getName());
    }

    protected Name getGroupDn(String str) {
        List search = this.ldapTemplate.search(LdapQueryBuilder.query().where(LDAP_OBJECTCLASS).is("groupOfUniqueNames").and(LDAP_ATTRIBUTE_CN).is(str), new NameContextMapper());
        if (search.isEmpty()) {
            throw new FloradbEnitiyNotFoundException(str, UserGroup.class);
        }
        return LdapNameBuilder.newInstance((String) search.get(0)).build();
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public List<UserInfo> findUsersByUserGroup(UserGroup userGroup) {
        return this.ldapTemplate.search(LdapQueryBuilder.query().attributes(LDAP_ATTRIBUTE_MAIL, LDAP_ATTRIBUTE_SN, LDAP_ATTRIBUTE_GIVEN_NAME).where(LDAP_OBJECTCLASS).is("person").and(LDAP_ATTRIBUTE_MAIL).isPresent().and(LDAP_ATTRIBUTE_SN).isPresent().and(LDAP_ATTRIBUTE_GIVEN_NAME).isPresent().and(LDAP_ATTRIBUTE_MEMBEROF).is(LdapNameBuilder.newInstance((Name) this.baseLdapName).add(getGroupDn(userGroup)).build().toString()), attributes -> {
            return new UserInfoImpl(0, (String) attributes.get(LDAP_ATTRIBUTE_MAIL).get(), (String) attributes.get(LDAP_ATTRIBUTE_GIVEN_NAME).get(), (String) attributes.get(LDAP_ATTRIBUTE_SN).get());
        });
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void delete(UserGroup userGroup) {
        this.ldapTemplate.unbind(getGroupDn(userGroup));
    }

    @Override // org.springframework.ldap.core.support.BaseLdapNameAware
    public void setBaseLdapPath(LdapName ldapName) {
        this.baseLdapName = ldapName;
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public UserInfo getUserInfo(String str) {
        return getUserInfoLdapImpl(str);
    }

    private UserInfoLdapImpl getUserInfoLdapImpl(String str) {
        try {
            return (UserInfoLdapImpl) this.ldapTemplate.findOne(LdapQueryBuilder.query().where(LDAP_ATTRIBUTE_MAIL).is(str), UserInfoLdapImpl.class);
        } catch (EmptyResultDataAccessException e) {
            throw new FloradbEnitiyNotFoundException(str, (Class<?>) User.class, e);
        }
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public List<UserGroup> findUserGroups(UserInfo userInfo) {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.addAll(this.ldapTemplate.find(LdapQueryBuilder.query().where(LDAP_ATTRIBUTE_UNIQUE_MEMBER).is(LdapNameBuilder.newInstance((Name) this.baseLdapName).add((userInfo instanceof UserInfoLdapImpl ? (UserInfoLdapImpl) userInfo : getUserInfoLdapImpl(userInfo.getEmail())).getDn()).build().toString()), UserGroupLdapImpl.class));
        } catch (Exception e) {
            LOGGER.error("Failure loading group", (Throwable) e);
        }
        return arrayList;
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public boolean isAuthentic(String str, String str2) {
        try {
            this.ldapTemplate.authenticate(LdapQueryBuilder.query().where(LDAP_ATTRIBUTE_MAIL).is(str), str2);
            LOGGER.info("Succesfull authtenticated user with email {}", str);
            if (isActive(str)) {
                return true;
            }
            LOGGER.info("User with email {} is not active", str);
            return false;
        } catch (Exception e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Failure authenticating user with eMail " + str, (Throwable) e);
                return false;
            }
            LOGGER.info("Failure authenticating user with eMail " + str);
            return false;
        }
    }

    private boolean isActive(String str) {
        Iterator<UserGroup> it2 = findUserGroups(getUserInfo(str)).iterator();
        while (it2.hasNext()) {
            if (it2.next().getName().equals(UserGroupModel.USER_GROUP_NAME_INACTIVE)) {
                return false;
            }
        }
        return true;
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public UserToken addUser(UserInfo userInfo) {
        if (isEmailUsed(userInfo)) {
            throw new FloradbAuthenticationException(FloradbError.AUTHENTICATION_EMAIL_ALLREADY_USED);
        }
        UserInfoLdapImpl addUserToLdap = addUserToLdap(userInfo);
        UserToken createAndSendActivationToken = createAndSendActivationToken(addUserToLdap);
        addUserToGroupInactive(addUserToLdap);
        return createAndSendActivationToken;
    }

    private void addUserToGroupInactive(UserInfo userInfo) {
        addUserToGroup(getUserInfo(userInfo.getEmail()), getOrCreateUserGroup(UserGroupModel.USER_GROUP_NAME_INACTIVE));
    }

    private UserToken createAndSendActivationToken(UserInfoLdapImpl userInfoLdapImpl) {
        return this.tokenRepository.createAndStore(userInfoLdapImpl.getEmail(), UserToken.Type.ACCOUNT_ACTIVATION);
    }

    private UserInfoLdapImpl addUserToLdap(UserInfo userInfo) {
        UserInfoLdapImpl userInfoLdapImpl = new UserInfoLdapImpl(userInfo);
        userInfoLdapImpl.setDn(LdapNameBuilder.newInstance().add("ou=People").add(LDAP_ATTRIBUTE_CN, userInfoLdapImpl.getEmail()).build());
        this.ldapTemplate.create(userInfoLdapImpl);
        return userInfoLdapImpl;
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void deleteUser(UserInfo userInfo) {
        UserInfoLdapImpl userInfoLdapImpl = new UserInfoLdapImpl(userInfo);
        userInfoLdapImpl.setDn(LdapNameBuilder.newInstance().add("ou=People").add(LDAP_ATTRIBUTE_CN, userInfoLdapImpl.getEmail()).build());
        this.ldapTemplate.delete(userInfoLdapImpl);
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void updateUser(UserInfo userInfo) {
        replaceBlanksWithNulls(userInfo);
        UserInfoLdapImpl userInfoLdapImpl = getUserInfoLdapImpl(userInfo.getEmail());
        userInfoLdapImpl.update(userInfo);
        LOGGER.info("Update userInfo {}", userInfoLdapImpl);
        this.ldapTemplate.update(userInfoLdapImpl);
    }

    private void replaceBlanksWithNulls(UserInfo userInfo) {
        if (StringUtils.isBlank(userInfo.getMobileNumber())) {
            userInfo.setMobileNumber(null);
        }
        if (StringUtils.isBlank(userInfo.getTelephoneNumber())) {
            userInfo.setTelephoneNumber(null);
        }
        if (StringUtils.isBlank(userInfo.getOrganization())) {
            userInfo.setOrganization(null);
        }
    }

    protected boolean isEmailUsed(UserInfo userInfo) {
        try {
            getUserDn(userInfo);
            return true;
        } catch (FloradbException e) {
            return false;
        }
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void changePassword(UserInfo userInfo, String str, String str2) {
        if (isAuthentic(userInfo.getEmail(), str)) {
            setPassword(userInfo, str2);
        } else {
            LOGGER.info("Worng old passowrd for passoword change for user: {}", userInfo);
            throw new FloradbAuthenticationException(FloradbError.AUTHENTICATION_WRONG_PASSWORD);
        }
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void setPassword(UserInfo userInfo, String str) {
        this.passwordRuleChecker.caluclateScore(userInfo.getEmail(), str);
        encodeAndUpdatePassword(userInfo, str);
    }

    protected void encodeAndUpdatePassword(UserInfo userInfo, String str) {
        String encodePassword = encodePassword(str);
        this.ldapTemplate.modifyAttributes(getUserDn(userInfo), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("userPassword", encodePassword))});
    }

    protected String encodePassword(String str) {
        byte[] bArr = new byte[8];
        this.random.nextBytes(bArr);
        return this.passwordEncoder.encodePassword(str, bArr);
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public UserInfo activateByHash(String str) {
        UserInfo userInfo = getUserInfo(this.tokenRepository.get(str).getEmail());
        removeUserFromGroup(userInfo, getOrCreateUserGroup(UserGroupModel.USER_GROUP_NAME_INACTIVE));
        return userInfo;
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public void invalidateHash(String str) {
        this.tokenRepository.getAndDeleteByHash(str);
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public UserToken resetPassword(String str) {
        LOGGER.info("Request password reset for: {}", str);
        try {
            getUserInfo(str);
            return this.tokenRepository.createAndStore(str, UserToken.Type.PASSWORD_RESET);
        } catch (FloradbEnitiyNotFoundException e) {
            LOGGER.info("User " + str + " does not exist.", (Throwable) e);
            return null;
        }
    }

    @Override // de.unigreifswald.botanik.floradb.model.UserGroupModel
    public List<UserInfo> findAllUsers() {
        return this.ldapTemplate.search(LdapQueryBuilder.query().attributes(LDAP_ATTRIBUTE_MAIL, LDAP_ATTRIBUTE_SN, LDAP_ATTRIBUTE_GIVEN_NAME, LDAP_ATTRIBUTE_MEMBEROF).where(LDAP_OBJECTCLASS).is("person").and(LDAP_ATTRIBUTE_MAIL).isPresent().and(LDAP_ATTRIBUTE_SN).isPresent().and(LDAP_ATTRIBUTE_GIVEN_NAME).isPresent(), this::map);
    }

    protected UserInfo map(Attributes attributes) throws NamingException {
        String str = (String) attributes.get(LDAP_ATTRIBUTE_GIVEN_NAME).get();
        String str2 = (String) attributes.get(LDAP_ATTRIBUTE_SN).get();
        String str3 = (String) attributes.get(LDAP_ATTRIBUTE_MAIL).get();
        Attribute attribute = attributes.get(LDAP_ATTRIBUTE_MEMBEROF);
        ArrayList arrayList = new ArrayList();
        if (attribute != null) {
            for (int i = 0; i < attribute.size(); i++) {
                for (String str4 : ((String) attribute.get(i)).split(",")) {
                    if (str4.startsWith("cn=")) {
                        arrayList.add(str4.replace("cn=", ""));
                    }
                }
            }
        }
        UserInfoImpl userInfoImpl = new UserInfoImpl(0, str3, str, str2);
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            userInfoImpl.addUserGroup((String) it2.next());
        }
        return userInfoImpl;
    }
}
