package org.codehaus.plexus.security.ui.web.action.admin;

import com.opensymphony.xwork.Action;
import org.codehaus.plexus.rbac.profile.RoleProfileException;
import org.codehaus.plexus.rbac.profile.RoleProfileManager;
import org.codehaus.plexus.security.policy.UserSecurityPolicy;
import org.codehaus.plexus.security.rbac.RBACManager;
import org.codehaus.plexus.security.rbac.RbacManagerException;
import org.codehaus.plexus.security.rbac.UserAssignment;
import org.codehaus.plexus.security.ui.web.action.AbstractUserCredentialsAction;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import org.codehaus.plexus.security.ui.web.model.EditUserCredentials;
import org.codehaus.plexus.security.ui.web.role.profile.RoleConstants;
import org.codehaus.plexus.security.user.User;
import org.codehaus.plexus.security.user.UserManager;

/* loaded from: input_file:WEB-INF/lib/plexus-security-ui-web-integration-1.0-alpha-5.jar:org/codehaus/plexus/security/ui/web/action/admin/AddAdminUserAction.class */
public class AddAdminUserAction extends AbstractUserCredentialsAction {
    private RoleProfileManager roleManager;
    private RBACManager rbacManager;
    private UserManager userManager;
    private UserSecurityPolicy userSecurityPolicy;
    private EditUserCredentials user;

    public String show() {
        if (this.user != null) {
            return Action.INPUT;
        }
        this.user = new EditUserCredentials(RoleConstants.ADMINISTRATOR_ACCOUNT_NAME);
        return Action.INPUT;
    }

    public String submit() {
        if (this.user == null) {
            this.user = new EditUserCredentials(RoleConstants.ADMINISTRATOR_ACCOUNT_NAME);
            addActionError("Invalid admin credentials, try again.");
            return Action.ERROR;
        }
        getLogger().info(new StringBuffer().append("user = ").append(this.user).toString());
        this.manager = this.userManager;
        this.securityPolicy = this.userSecurityPolicy;
        this.internalUser = this.user;
        validateCredentialsStrict();
        if (this.userManager.userExists(RoleConstants.ADMINISTRATOR_ACCOUNT_NAME)) {
            addActionError("Admin User exists in database (someone else probably created the user before you).");
            return Action.ERROR;
        }
        if (hasActionErrors() || hasFieldErrors()) {
            return Action.ERROR;
        }
        User createUser = this.userManager.createUser(RoleConstants.ADMINISTRATOR_ACCOUNT_NAME, this.user.getFullName(), this.user.getEmail());
        if (createUser == null) {
            addActionError("Unable to operate on null user.");
            return Action.ERROR;
        }
        createUser.setPassword(this.user.getPassword());
        createUser.setLocked(false);
        createUser.setPasswordChangeRequired(false);
        this.userManager.addUser(createUser);
        try {
            UserAssignment createUserAssignment = this.rbacManager.createUserAssignment(createUser.getPrincipal().toString());
            createUserAssignment.addRoleName(this.roleManager.getRole("system-administrator"));
            this.rbacManager.saveUserAssignment(createUserAssignment);
            return "security-admin-user-created";
        } catch (RoleProfileException e) {
            addActionError("Unable to assign system administrator role");
            return Action.ERROR;
        } catch (RbacManagerException e2) {
            addActionError("Unable to assign system administrator role");
            getLogger().error("System error:", e2);
            return Action.ERROR;
        }
    }

    public EditUserCredentials getUser() {
        return this.user;
    }

    public void setUser(EditUserCredentials editUserCredentials) {
        this.user = editUserCredentials;
    }

    @Override // org.codehaus.plexus.security.ui.web.action.AbstractSecurityAction
    public SecureActionBundle initSecureActionBundle() throws SecureActionException {
        return SecureActionBundle.OPEN;
    }
}
