package org.openremote.manager.security;

import java.sql.PreparedStatement;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.logging.Logger;
import org.hibernate.Session;
import org.openremote.container.security.AuthContext;
import org.openremote.container.security.basic.BasicIdentityProvider;
import org.openremote.container.security.basic.PasswordStorage;
import org.openremote.model.Container;
import org.openremote.model.event.shared.RealmFilter;
import org.openremote.model.query.UserQuery;
import org.openremote.model.security.ClientRole;
import org.openremote.model.security.Credential;
import org.openremote.model.security.Realm;
import org.openremote.model.security.Role;
import org.openremote.model.security.User;
import org.openremote.model.util.TextUtil;

/* loaded from: input_file:org/openremote/manager/security/ManagerBasicIdentityProvider.class */
public class ManagerBasicIdentityProvider extends BasicIdentityProvider implements ManagerIdentityProvider {
    private static final Logger LOG = Logger.getLogger(ManagerBasicIdentityProvider.class.getName());
    protected ManagerIdentityService identityService;
    protected String adminPassword;

    public void init(Container container) {
        super.init(container);
        this.identityService = container.getService(ManagerIdentityService.class);
        this.adminPassword = (String) container.getConfig().getOrDefault("OR_ADMIN_PASSWORD", "secret");
    }

    public void start(Container container) {
        super.start(container);
        if (realmExists("master")) {
            return;
        }
        LOG.info("Creating master realm and admin user");
        this.persistenceService.doTransaction(entityManager -> {
            ((Session) entityManager.unwrap(Session.class)).doWork(connection -> {
                PreparedStatement prepareStatement = connection.prepareStatement("insert into PUBLIC.REALM(ID, NAME, ENABLED) values ('master', 'master', true)");
                prepareStatement.executeUpdate();
                prepareStatement.close();
                PreparedStatement prepareStatement2 = connection.prepareStatement("insert into PUBLIC.REALM_ATTRIBUTE(REALM_ID, NAME, VALUE) values ('master', 'displayName', 'Master')");
                prepareStatement2.executeUpdate();
                prepareStatement2.close();
            });
        });
        User user = new User();
        user.setUsername("admin");
        createUpdateUser("master", user, this.adminPassword, true);
    }

    protected Set<String> getDefaultRoles() {
        return ClientRole.ALL_ROLES;
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public User[] queryUsers(UserQuery userQuery) {
        return ManagerIdentityProvider.getUsersFromDb(this.persistenceService, userQuery);
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public User getUser(String str) {
        return ManagerIdentityProvider.getUserByIdFromDb(this.persistenceService, str);
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public User getUserByUsername(String str, String str2) {
        return ManagerIdentityProvider.getUserByUsernameFromDb(this.persistenceService, str, str2);
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public User createUpdateUser(String str, User user, String str2, boolean z) {
        if (!str.equals("master")) {
            throw new UnsupportedOperationException("This provider does not support realms other than master");
        }
        if (TextUtil.isNullOrEmpty(str2)) {
            throw new IllegalStateException("Password must be specified for basic identity provider");
        }
        LOG.info("Creating user: " + user);
        user.setId(UUID.randomUUID().toString());
        this.persistenceService.doTransaction(entityManager -> {
            ((Session) entityManager.unwrap(Session.class)).doWork(connection -> {
                String str3;
                str3 = "insert into PUBLIC.USER_ENTITY(ID, REALM_ID, USERNAME, PASSWORD, FIRST_NAME, LAST_NAME, EMAIL, ENABLED) values (?, ?, ?, ?, ?, ?, ?, ?)";
                PreparedStatement prepareStatement = connection.prepareStatement((z ? str3 + " ON CONFLICT (ID, USERNAME) DO UPDATE" : "insert into PUBLIC.USER_ENTITY(ID, REALM_ID, USERNAME, PASSWORD, FIRST_NAME, LAST_NAME, EMAIL, ENABLED) values (?, ?, ?, ?, ?, ?, ?, ?)") + " SET username = excluded.username, password = excluded.password, first_name = excluded.first_name, last_name = excluded.last_name, email = excluded.email, enabled = excluded.enabled");
                try {
                    prepareStatement.setString(1, UUID.randomUUID().toString());
                    prepareStatement.setString(2, "master");
                    prepareStatement.setString(3, user.getUsername());
                    prepareStatement.setString(4, PasswordStorage.createHash(str2));
                    prepareStatement.setString(5, user.getFirstName());
                    prepareStatement.setString(6, user.getLastName());
                    prepareStatement.setString(7, user.getEmail());
                    prepareStatement.setBoolean(8, user.getEnabled() != null ? user.getEnabled().booleanValue() : true);
                    prepareStatement.executeUpdate();
                    if (prepareStatement != null) {
                        prepareStatement.close();
                    }
                } catch (Throwable th) {
                    if (prepareStatement != null) {
                        try {
                            prepareStatement.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            });
        });
        return user;
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public void deleteUser(String str, String str2) {
        LOG.info("Deleting user: " + str2);
        this.persistenceService.doTransaction(entityManager -> {
            User user = (User) entityManager.find(User.class, str2);
            if (user != null) {
                entityManager.remove(user);
            } else {
                LOG.info("Cannot delete user as ID not found: " + str2);
            }
        });
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public void resetPassword(String str, String str2, Credential credential) {
        throw new UnsupportedOperationException("This provider does not support password reset");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public String resetSecret(String str, String str2, String str3) {
        throw new UnsupportedOperationException("This provider does not support secret reset");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public Role[] getRoles(String str, String str2) {
        if (str2 == null || "master".equals(str2)) {
            return (Role[]) ClientRole.ALL_ROLES.stream().map(str3 -> {
                return new Role(UUID.randomUUID().toString(), str3, false, true, (String[]) null);
            }).toArray(i -> {
                return new Role[i];
            });
        }
        throw new IllegalStateException("This provider only has a single master realm");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public void updateClientRoles(String str, String str2, Role[] roleArr) {
        throw new UnsupportedOperationException("This provider does not support updating roles");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public Role[] getUserRoles(String str, String str2, String str3) {
        return (Role[]) ClientRole.ALL_ROLES.stream().map(str4 -> {
            return new Role(UUID.randomUUID().toString(), str4, false, true, (String[]) null);
        }).toArray(i -> {
            return new Role[i];
        });
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public Role[] getUserRealmRoles(String str, String str2) {
        throw new UnsupportedOperationException("This provider does not support user realm roles");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public void updateUserRoles(String str, String str2, String str3, String... strArr) {
        throw new UnsupportedOperationException("This provider does not support updating user roles");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public void updateUserRealmRoles(String str, String str2, String... strArr) {
        throw new UnsupportedOperationException("This provider does not support updating user realm roles");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public boolean isMasterRealmAdmin(String str) {
        return true;
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public boolean isRestrictedUser(AuthContext authContext) {
        return false;
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public boolean isUserInRealm(String str, String str2) {
        return ManagerIdentityProvider.userInRealmFromDb(this.persistenceService, str, str2);
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public Realm[] getRealms() {
        return ManagerIdentityProvider.getRealmsFromDb(this.persistenceService);
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public Realm getRealm(String str) {
        return ManagerIdentityProvider.getRealmFromDb(this.persistenceService, str);
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public void updateRealm(Realm realm) {
        throw new UnsupportedOperationException("This provider does not support modifying realms");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public Realm createRealm(Realm realm) {
        throw new UnsupportedOperationException("This provider does not support multiple realms");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public void deleteRealm(String str) {
        throw new UnsupportedOperationException("This provider does not support multiple realms");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public boolean isRealmActiveAndAccessible(AuthContext authContext, Realm realm) {
        return Objects.equals(realm.getId(), "master");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public boolean isRealmActiveAndAccessible(AuthContext authContext, String str) {
        return Objects.equals(str, "master");
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public boolean realmExists(String str) {
        return ManagerIdentityProvider.realmExistsFromDb(this.persistenceService, str);
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public boolean canSubscribeWith(AuthContext authContext, RealmFilter<?> realmFilter, ClientRole... clientRoleArr) {
        return authContext.isSuperUser();
    }

    @Override // org.openremote.manager.security.ManagerIdentityProvider
    public String getFrontendURI() {
        return null;
    }

    public String toString() {
        return getClass().getSimpleName() + "{}";
    }
}
