package org.eclipse.kura.util.useradmin;

import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.eclipse.kura.crypto.CryptoService;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
import org.osgi.service.useradmin.UserAdmin;

/* loaded from: input_file:org/eclipse/kura/util/useradmin/UserAdminHelper.class */
public class UserAdminHelper {
    private static final String PERMISSION_ROLE_NAME_PREFIX = "kura.permission.";
    private static final String USER_ROLE_NAME_PREFIX = "kura.user.";
    private static final String PASSWORD_PROPERTY = "kura.password";
    private static final String KURA_NEED_PASSWORD_CHANGE = "kura.need.password.change";
    private final UserAdmin userAdmin;
    private final CryptoService cryptoService;

    /* loaded from: input_file:org/eclipse/kura/util/useradmin/UserAdminHelper$AuthenticationException.class */
    public static class AuthenticationException extends Exception {
        private static final long serialVersionUID = -8534499595655286448L;
        private final Reason reason;

        /* loaded from: input_file:org/eclipse/kura/util/useradmin/UserAdminHelper$AuthenticationException$Reason.class */
        public enum Reason {
            USER_NOT_FOUND,
            INCORRECT_PASSWORD,
            USER_NOT_IN_ROLE,
            PASSWORD_CHANGE_WITH_SAME_PASSWORD,
            ENCRYPTION_ERROR;

            /* renamed from: values, reason: to resolve conflict with enum method */
            public static Reason[] valuesCustom() {
                Reason[] valuesCustom = values();
                int length = valuesCustom.length;
                Reason[] reasonArr = new Reason[length];
                System.arraycopy(valuesCustom, 0, reasonArr, 0, length);
                return reasonArr;
            }
        }

        public AuthenticationException(Reason reason) {
            this.reason = reason;
        }

        public Reason getReason() {
            return this.reason;
        }
    }

    /* loaded from: input_file:org/eclipse/kura/util/useradmin/UserAdminHelper$FallibleConsumer.class */
    public interface FallibleConsumer<T, E extends Exception> {
        void accept(T t) throws Exception;
    }

    /* loaded from: input_file:org/eclipse/kura/util/useradmin/UserAdminHelper$PermissionConsumer.class */
    public interface PermissionConsumer<E extends Exception> {
        void accept(String str, Group group) throws Exception;
    }

    /* loaded from: input_file:org/eclipse/kura/util/useradmin/UserAdminHelper$UserConsumer.class */
    public interface UserConsumer<E extends Exception> {
        void accept(String str, User user) throws Exception;
    }

    public UserAdminHelper(UserAdmin userAdmin, CryptoService cryptoService) {
        this.userAdmin = userAdmin;
        this.cryptoService = cryptoService;
    }

    public void verifyUsernamePassword(String str, String str2) throws AuthenticationException {
        try {
            if (Objects.equals(this.cryptoService.sha256Hash(str2), getUser(str).orElseThrow(() -> {
                return new AuthenticationException(AuthenticationException.Reason.USER_NOT_FOUND);
            }).getCredentials().get(PASSWORD_PROPERTY))) {
            } else {
                throw new AuthenticationException(AuthenticationException.Reason.INCORRECT_PASSWORD);
            }
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException unused) {
            throw new AuthenticationException(AuthenticationException.Reason.ENCRYPTION_ERROR);
        }
    }

    public void requirePermissions(String str, String... strArr) throws AuthenticationException {
        String userRoleName = getUserRoleName(str);
        Role role = this.userAdmin.getRole(userRoleName);
        if (!(role instanceof User)) {
            throw new AuthenticationException(AuthenticationException.Reason.USER_NOT_FOUND);
        }
        Group orCreatePermission = getOrCreatePermission("kura.admin");
        if (orCreatePermission.getMembers() != null) {
            Stream stream = Arrays.stream(orCreatePermission.getMembers());
            role.getClass();
            if (stream.anyMatch((v1) -> {
                return r1.equals(v1);
            })) {
                return;
            }
        }
        for (String str2 : strArr) {
            Group role2 = this.userAdmin.getRole(getPermissionRoleName(str2));
            if (!(role2 instanceof Group)) {
                throw new AuthenticationException(AuthenticationException.Reason.USER_NOT_IN_ROLE);
            }
            Role[] members = role2.getMembers();
            if (members == null || Arrays.stream(members).noneMatch(role3 -> {
                return role3.getName().equals(userRoleName);
            })) {
                throw new AuthenticationException(AuthenticationException.Reason.USER_NOT_IN_ROLE);
            }
        }
    }

    public Set<String> getIdentityPermissions(String str) {
        String userRoleName = getUserRoleName(str);
        if (!(this.userAdmin.getRole(userRoleName) instanceof User)) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        foreachPermission((str2, group) -> {
            Role[] members = group.getMembers();
            if (members == null || !Arrays.stream(members).anyMatch(role -> {
                return role.getName().equals(userRoleName);
            })) {
                return;
            }
            hashSet.add(getBaseName(group));
        });
        return hashSet;
    }

    public void changeUserPassword(String str, String str2) throws AuthenticationException {
        User orElseThrow = getUser(str).orElseThrow(() -> {
            return new AuthenticationException(AuthenticationException.Reason.USER_NOT_FOUND);
        });
        try {
            String sha256Hash = this.cryptoService.sha256Hash(str2);
            if (Objects.equals(orElseThrow.getCredentials().get(PASSWORD_PROPERTY), sha256Hash)) {
                throw new AuthenticationException(AuthenticationException.Reason.PASSWORD_CHANGE_WITH_SAME_PASSWORD);
            }
            orElseThrow.getCredentials().put(PASSWORD_PROPERTY, sha256Hash);
            orElseThrow.getProperties().remove(KURA_NEED_PASSWORD_CHANGE);
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException unused) {
            throw new AuthenticationException(AuthenticationException.Reason.ENCRYPTION_ERROR);
        }
    }

    public boolean isPasswordChangeRequired(String str) {
        User role = this.userAdmin.getRole(getUserRoleName(str));
        if (role instanceof User) {
            return "true".equals(role.getProperties().get(KURA_NEED_PASSWORD_CHANGE));
        }
        return false;
    }

    public void createUser(String str) {
        Objects.requireNonNull(getOrCreateUser(str), "Could not create user " + str);
    }

    public void deleteUser(String str) {
        Optional<User> user = getUser(str);
        if (user.isPresent()) {
            foreachPermission((str2, group) -> {
                group.removeMember((Role) user.get());
            });
            this.userAdmin.removeRole(user.get().getName());
        }
    }

    public Optional<Integer> getCredentialsHash(String str) {
        Dictionary credentials;
        Optional<User> user = getUser(str);
        if (user.isPresent() && (credentials = user.get().getCredentials()) != null) {
            return Optional.of(Integer.valueOf(credentials.hashCode()));
        }
        return Optional.empty();
    }

    public Set<String> getDefinedPermissions() {
        HashSet hashSet = new HashSet();
        foreachPermission((str, group) -> {
            hashSet.add(str);
        });
        return hashSet;
    }

    public Optional<User> getUser(String str) {
        User role = this.userAdmin.getRole(getUserRoleName(str));
        if ((role instanceof User) && getBaseName(role).equals(str)) {
            return Optional.of(role);
        }
        return Optional.empty();
    }

    private static String getUserRoleName(String str) {
        return USER_ROLE_NAME_PREFIX + str;
    }

    private static String getPermissionRoleName(String str) {
        return PERMISSION_ROLE_NAME_PREFIX + str;
    }

    private static boolean isKuraUser(Role role) {
        return role.getName().startsWith(USER_ROLE_NAME_PREFIX);
    }

    private static boolean isKuraPermission(Role role) {
        return role.getName().startsWith(PERMISSION_ROLE_NAME_PREFIX);
    }

    private static String getBaseName(Role role) {
        String name = role.getName();
        if (isKuraUser(role)) {
            return name.substring(USER_ROLE_NAME_PREFIX.length());
        }
        if (isKuraPermission(role)) {
            return name.substring(PERMISSION_ROLE_NAME_PREFIX.length());
        }
        throw new IllegalArgumentException("not a Kura role");
    }

    public Optional<Group> getPermission(String str) {
        Group role = this.userAdmin.getRole(getPermissionRoleName(str));
        return !(role instanceof Group) ? Optional.empty() : Optional.of(role);
    }

    public Group getOrCreatePermission(String str) {
        return getOrCreateRole(Group.class, getPermissionRoleName(str));
    }

    public void deletePremission(String str) {
        Role role = this.userAdmin.getRole(getPermissionRoleName(str));
        if (role instanceof Group) {
            this.userAdmin.removeRole(role.getName());
        }
    }

    public User getOrCreateUser(String str) {
        return getOrCreateRole(User.class, getUserRoleName(str));
    }

    private <T extends Role> T getOrCreateRole(Class<T> cls, String str) {
        int i;
        if (cls == Role.class) {
            i = 0;
        } else if (cls == User.class) {
            i = 1;
        } else {
            if (cls != Group.class) {
                throw new IllegalArgumentException("unknown role type");
            }
            i = 2;
        }
        T t = (T) this.userAdmin.getRole(str);
        if (t != null && t.getType() == i) {
            return t;
        }
        if (t == null) {
            return (T) this.userAdmin.createRole(str, i);
        }
        throw new IllegalArgumentException("role exists but has different type");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <R extends Role, E extends Exception> void foreachRole(Class<R> cls, FallibleConsumer<R, E> fallibleConsumer) throws Exception {
        try {
            Role[] roles = this.userAdmin.getRoles((String) null);
            if (roles != null) {
                for (Role role : roles) {
                    if (cls.isInstance(role)) {
                        fallibleConsumer.accept(role);
                    }
                }
            }
        } catch (InvalidSyntaxException unused) {
        }
    }

    public <E extends Exception> void foreachUser(UserConsumer<E> userConsumer) throws Exception {
        foreachRole(User.class, user -> {
            String name = user.getName();
            if (name.startsWith(USER_ROLE_NAME_PREFIX)) {
                userConsumer.accept(name.substring(USER_ROLE_NAME_PREFIX.length()), user);
            }
        });
    }

    public <E extends Exception> void foreachPermission(PermissionConsumer<E> permissionConsumer) throws Exception {
        foreachRole(Group.class, group -> {
            String name = group.getName();
            if (name.startsWith(PERMISSION_ROLE_NAME_PREFIX)) {
                permissionConsumer.accept(name.substring(PERMISSION_ROLE_NAME_PREFIX.length()), group);
            }
        });
    }
}
