package org.eclipse.kura.internal.rest.identity.provider;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.configuration.ConfigurationService;
import org.eclipse.kura.crypto.CryptoService;
import org.eclipse.kura.internal.rest.identity.provider.dto.UserDTO;
import org.eclipse.kura.util.useradmin.UserAdminHelper;
import org.eclipse.kura.util.validation.PasswordStrengthValidators;
import org.eclipse.kura.util.validation.Validator;
import org.eclipse.kura.util.validation.ValidatorOptions;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
import org.osgi.service.useradmin.UserAdmin;

/* loaded from: input_file:org/eclipse/kura/internal/rest/identity/provider/IdentityService.class */
public class IdentityService {
    private static final String IDENTITY = "Identity ";
    private static final String KURA_WEB_CONSOLE_SERVICE_PID = "org.eclipse.kura.web.Console";
    private static final String PERMISSION_ROLE_NAME_PREFIX = "kura.permission.";
    private static final String USER_ROLE_NAME_PREFIX = "kura.user.";
    private static final String KURA_NEED_PASSWORD_CHANGE_PROPERTY = "kura.need.password.change";
    private static final String PASSWORD_PROPERTY = "kura.password";
    private final UserAdminHelper userAdminHelper;
    private final ConfigurationService configurationService;
    private final CryptoService cryptoService;

    public IdentityService(CryptoService cryptoService, UserAdmin userAdmin, ConfigurationService configurationService) {
        this.configurationService = configurationService;
        this.cryptoService = cryptoService;
        this.userAdminHelper = new UserAdminHelper(userAdmin, cryptoService);
    }

    public void createUser(UserDTO userDTO) throws KuraException {
        if (this.userAdminHelper.getUser(userDTO.getUserName()).isPresent()) {
            throw new KuraException(KuraErrorCode.BAD_REQUEST, new Object[]{IDENTITY + userDTO.getUserName() + " already exists"});
        }
        String password = userDTO.getPassword();
        if (password != null) {
            validateUserPassword(password);
        }
        this.userAdminHelper.createUser(userDTO.getUserName());
        updateUser(userDTO);
    }

    public void deleteUser(String str) {
        this.userAdminHelper.deleteUser(str);
    }

    public UserDTO getUser(String str) throws KuraException {
        Optional user = this.userAdminHelper.getUser(str);
        if (!user.isPresent()) {
            throw new KuraException(KuraErrorCode.NOT_FOUND, new Object[]{IDENTITY + str + " not found"});
        }
        UserDTO initUserConfig = initUserConfig((User) user.get());
        fillPermissions(Collections.singletonMap(((User) user.get()).getName(), initUserConfig));
        return initUserConfig;
    }

    public Set<String> getDefinedPermissions() {
        return this.userAdminHelper.getDefinedPermissions();
    }

    public Set<UserDTO> getUserConfig() {
        HashMap hashMap = new HashMap();
        this.userAdminHelper.foreachUser((str, user) -> {
            hashMap.put(user.getName(), initUserConfig(user));
        });
        fillPermissions(hashMap);
        return new HashSet(hashMap.values());
    }

    private UserDTO initUserConfig(User user) {
        return new UserDTO(getBaseName(user), new HashSet(), user.getCredentials().get(PASSWORD_PROPERTY) instanceof String, Objects.equals("true", user.getProperties().get(KURA_NEED_PASSWORD_CHANGE_PROPERTY)));
    }

    private static boolean isKuraUser(Role role) {
        return role.getName().startsWith(USER_ROLE_NAME_PREFIX);
    }

    private static boolean isKuraPermission(Role role) {
        return role.getName().startsWith(PERMISSION_ROLE_NAME_PREFIX);
    }

    private static String getBaseName(Role role) {
        String name = role.getName();
        if (isKuraUser(role)) {
            return name.substring(USER_ROLE_NAME_PREFIX.length());
        }
        if (isKuraPermission(role)) {
            return name.substring(PERMISSION_ROLE_NAME_PREFIX.length());
        }
        throw new IllegalArgumentException("not a Kura role");
    }

    private void fillPermissions(Map<String, ? extends UserDTO> map) {
        this.userAdminHelper.foreachPermission((str, group) -> {
            forEach(group.getMembers(), role -> {
                UserDTO userDTO = (UserDTO) map.get(role.getName());
                if (userDTO != null) {
                    userDTO.getPermissions().add(str);
                }
            });
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T, E extends Exception> void forEach(T[] tArr, UserAdminHelper.FallibleConsumer<T, E> fallibleConsumer) throws Exception {
        if (tArr != null) {
            for (T t : tArr) {
                fallibleConsumer.accept(t);
            }
        }
    }

    public void updateUser(UserDTO userDTO) throws KuraException {
        Optional user = this.userAdminHelper.getUser(userDTO.getUserName());
        if (!user.isPresent()) {
            throw new KuraException(KuraErrorCode.NOT_FOUND, new Object[]{IDENTITY + userDTO.getUserName() + " not found"});
        }
        Set<String> permissions = userDTO.getPermissions();
        if (permissions != null) {
            this.userAdminHelper.foreachPermission((str, group) -> {
                if (permissions.contains(str)) {
                    group.addMember((Role) user.get());
                } else {
                    group.removeMember((Role) user.get());
                }
            });
        }
        updatePasswordOptions(userDTO, ((User) user.get()).getCredentials(), ((User) user.get()).getProperties());
    }

    private void updatePasswordOptions(UserDTO userDTO, Dictionary<String, Object> dictionary, Dictionary<String, Object> dictionary2) throws KuraException {
        Optional<Boolean> isPasswordAuthEnabled = userDTO.isPasswordAuthEnabled();
        if (isPasswordAuthEnabled.isPresent()) {
            if (Boolean.TRUE.equals(isPasswordAuthEnabled.get())) {
                String password = userDTO.getPassword();
                if (password != null) {
                    validateUserPassword(password);
                    try {
                        dictionary.put(PASSWORD_PROPERTY, this.cryptoService.sha256Hash(password));
                    } catch (Exception e) {
                        throw new KuraException(KuraErrorCode.SERVICE_UNAVAILABLE, e, new Object[0]);
                    }
                }
            } else {
                dictionary.remove(PASSWORD_PROPERTY);
            }
        }
        Optional<Boolean> isPasswordChangeNeeded = userDTO.isPasswordChangeNeeded();
        if (isPasswordChangeNeeded.isPresent()) {
            if (Boolean.TRUE.equals(isPasswordChangeNeeded.get())) {
                dictionary2.put(KURA_NEED_PASSWORD_CHANGE_PROPERTY, "true");
            } else {
                dictionary2.remove(KURA_NEED_PASSWORD_CHANGE_PROPERTY);
            }
        }
    }

    public void validateUserPassword(String str) throws KuraException {
        List<Validator> fromConfig = PasswordStrengthValidators.fromConfig(getValidatorOptions());
        ArrayList arrayList = new ArrayList();
        for (Validator validator : fromConfig) {
            arrayList.getClass();
            validator.validate(str, (v1) -> {
                r2.add(v1);
            });
        }
        if (!arrayList.isEmpty()) {
            throw new KuraException(KuraErrorCode.BAD_REQUEST, new Object[]{"password strenght requirements not satisfied", arrayList});
        }
    }

    public ValidatorOptions getValidatorOptions() throws KuraException {
        return new ValidatorOptions(this.configurationService.getComponentConfiguration(KURA_WEB_CONSOLE_SERVICE_PID).getConfigurationProperties());
    }
}
