package org.craftercms.studio.impl.v1.service.security;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.commons.validation.annotations.param.ValidateParams;
import org.craftercms.commons.validation.annotations.param.ValidateSecurePathParam;
import org.craftercms.commons.validation.annotations.param.ValidateStringParam;
import org.craftercms.engine.servlet.filter.SiteAwareCORSFilter;
import org.craftercms.studio.api.v1.constant.SecurityConstants;
import org.craftercms.studio.api.v1.constant.StudioConstants;
import org.craftercms.studio.api.v1.constant.StudioXmlConstants;
import org.craftercms.studio.api.v1.dal.SiteFeed;
import org.craftercms.studio.api.v1.ebus.RepositoryEventContext;
import org.craftercms.studio.api.v1.exception.ServiceLayerException;
import org.craftercms.studio.api.v1.exception.SiteNotFoundException;
import org.craftercms.studio.api.v1.exception.security.PasswordDoesNotMatchException;
import org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException;
import org.craftercms.studio.api.v1.exception.security.UserNotFoundException;
import org.craftercms.studio.api.v1.job.CronJobContext;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.GeneralLockService;
import org.craftercms.studio.api.v1.service.content.ContentService;
import org.craftercms.studio.api.v1.service.content.ContentTypeService;
import org.craftercms.studio.api.v1.service.security.SecurityService;
import org.craftercms.studio.api.v1.service.security.UserDetailsManager;
import org.craftercms.studio.api.v1.service.site.SiteService;
import org.craftercms.studio.api.v1.to.PermissionsConfigTO;
import org.craftercms.studio.api.v1.util.StudioConfiguration;
import org.craftercms.studio.api.v2.dal.AuditLog;
import org.craftercms.studio.api.v2.dal.AuditLogConstants;
import org.craftercms.studio.api.v2.dal.Group;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal;
import org.craftercms.studio.api.v2.service.config.ConfigurationService;
import org.craftercms.studio.api.v2.service.security.AuthenticationChain;
import org.craftercms.studio.api.v2.service.security.GroupService;
import org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal;
import org.craftercms.studio.impl.v1.util.SessionTokenUtils;
import org.craftercms.studio.impl.v2.service.security.Authentication;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.Node;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.web.servlet.view.freemarker.FreeMarkerConfig;

/* loaded from: input_file:org/craftercms/studio/impl/v1/service/security/SecurityServiceImpl.class */
public class SecurityServiceImpl implements SecurityService {
    private static final Logger logger = LoggerFactory.getLogger(SecurityServiceImpl.class);
    protected ContentTypeService contentTypeService;
    protected ContentService contentService;
    protected GeneralLockService generalLockService;
    protected StudioConfiguration studioConfiguration;
    protected JavaMailSender emailService;
    protected JavaMailSender emailServiceNoAuth;
    protected UserDetailsManager userDetailsManager;
    protected ObjectFactory<FreeMarkerConfig> freeMarkerConfig;
    protected GroupService groupService;
    protected UserServiceInternal userServiceInternal;
    protected AuthenticationChain authenticationChain;
    protected ConfigurationService configurationService;
    protected AuditServiceInternal auditServiceInternal;
    protected SiteService siteService;

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public String authenticate(@ValidateStringParam(name = "username") String str, @ValidateStringParam(name = "password") String str2) throws Exception {
        RequestContext current = RequestContext.getCurrent();
        this.authenticationChain.doAuthenticate(current.getRequest(), current.getResponse(), str, str2);
        return getCurrentToken();
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public boolean validateTicket(@ValidateStringParam(name = "ticket") String str) {
        if (str == null) {
            str = getCurrentToken();
        }
        boolean z = false;
        if (StringUtils.isNotEmpty(str)) {
            z = true;
        }
        return z;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    public String getCurrentUser() {
        String str = null;
        RequestContext current = RequestContext.getCurrent();
        if (current != null) {
            Authentication authentication = (Authentication) current.getRequest().getSession().getAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION);
            if (authentication != null) {
                str = authentication.getUsername();
            }
        } else {
            CronJobContext current2 = CronJobContext.getCurrent();
            if (current2 != null) {
                str = current2.getCurrentUser();
            } else {
                RepositoryEventContext current3 = RepositoryEventContext.getCurrent();
                if (current3 != null) {
                    str = current3.getCurrentUser();
                }
            }
        }
        return str;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    public String getCurrentToken() {
        String str = null;
        RequestContext current = RequestContext.getCurrent();
        if (current != null) {
            Authentication authentication = (Authentication) current.getRequest().getSession().getAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION);
            if (authentication != null) {
                str = authentication.getToken();
            }
        } else {
            str = getJobOrEventTicket();
        }
        if (str == null) {
            str = "NOTICKET";
        }
        return str;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public Map<String, Object> getUserProfile(@ValidateStringParam(name = "user") String str) throws ServiceLayerException, UserNotFoundException {
        HashMap hashMap = new HashMap();
        User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, str);
        if (userByIdOrUsername != null) {
            hashMap.put("username", str);
            hashMap.put(SecurityConstants.KEY_FIRSTNAME, userByIdOrUsername.getFirstName());
            hashMap.put(SecurityConstants.KEY_LASTNAME, userByIdOrUsername.getLastName());
            hashMap.put("email", userByIdOrUsername.getEmail());
            hashMap.put(SecurityConstants.KEY_EXTERNALLY_MANAGED, Boolean.valueOf(userByIdOrUsername.isExternallyManaged()));
            hashMap.put(StudioConstants.SECURITY_AUTHENTICATION_TYPE, this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_TYPE));
        }
        return hashMap;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public Set<String> getUserPermissions(@ValidateStringParam(name = "site") String str, @ValidateSecurePathParam(name = "path") String str2, @ValidateStringParam(name = "user") String str3, List<String> list) {
        Set<String> hashSet = new HashSet();
        if (StringUtils.isNotEmpty(str)) {
            PermissionsConfigTO loadConfiguration = loadConfiguration(str, getRoleMappingsFileName());
            PermissionsConfigTO loadConfiguration2 = loadConfiguration(str, getPermissionsFileName());
            HashSet hashSet2 = new HashSet();
            addUserRoles(hashSet2, str, str3);
            addGroupRoles(hashSet2, str, list, loadConfiguration);
            hashSet = populateUserPermissions(str, str2, hashSet2, loadConfiguration2);
            if (str2.indexOf(StudioConstants.DESCRIPTOR_ROOT_PATH) == 0) {
                try {
                    if (!this.contentTypeService.isUserAllowed(hashSet2, this.contentTypeService.getContentTypeForContent(str, str2))) {
                        logger.debug("The user is not allowed to access " + str + ":" + str2 + ". adding permission: " + StudioConstants.PERMISSION_VALUE_NOT_ALLOWED, new Object[0]);
                        hashSet.add(StudioConstants.PERMISSION_VALUE_NOT_ALLOWED);
                        return hashSet;
                    }
                } catch (ServiceLayerException e) {
                    logger.debug("Error while getting the content type of " + str2 + ". skipping user role checking on the content.", new Object[0]);
                }
            }
        }
        PermissionsConfigTO loadGlobalRolesConfiguration = loadGlobalRolesConfiguration();
        PermissionsConfigTO loadGlobalPermissionsConfiguration = loadGlobalPermissionsConfiguration();
        HashSet hashSet3 = new HashSet();
        addGlobalUserRoles(str3, hashSet3, loadGlobalRolesConfiguration);
        addGlobalGroupRoles(hashSet3, list, loadGlobalRolesConfiguration);
        hashSet.addAll(populateUserGlobalPermissions(str2, hashSet3, loadGlobalPermissionsConfiguration));
        return hashSet;
    }

    protected void addGlobalUserRoles(String str, Set<String> set, PermissionsConfigTO permissionsConfigTO) {
        try {
            List<Group> userGroups = this.userServiceInternal.getUserGroups(-1L, str);
            if (permissionsConfigTO != null && userGroups != null) {
                Map<String, List<String>> roles = permissionsConfigTO.getRoles();
                Iterator<Group> it = userGroups.iterator();
                while (it.hasNext()) {
                    List<String> list = roles.get(it.next().getGroupName());
                    if (set != null && list != null) {
                        set.addAll(list);
                    }
                }
            }
        } catch (ServiceLayerException | UserNotFoundException e) {
            logger.error("Unable to retrieve user groups for user {0}", str);
        }
    }

    protected void addGlobalGroupRoles(Set<String> set, List<String> list, PermissionsConfigTO permissionsConfigTO) {
        if (list != null) {
            Map<String, List<String>> roles = permissionsConfigTO.getRoles();
            for (String str : list) {
                List<String> list2 = roles.get(str);
                if (list2 != null) {
                    logger.debug("Adding roles by group " + str + ": " + set, new Object[0]);
                    set.addAll(list2);
                }
            }
        }
    }

    protected Set<String> populateUserGlobalPermissions(String str, Set<String> set, PermissionsConfigTO permissionsConfigTO) {
        HashSet hashSet = new HashSet();
        if (set == null || set.isEmpty()) {
            logger.debug("No user or group matching found. adding default permission: read", new Object[0]);
            hashSet.add(StudioConstants.PERMISSION_VALUE_READ);
        } else {
            for (String str2 : set) {
                Map<String, Map<String, List<Node>>> permissions = permissionsConfigTO.getPermissions();
                Map<String, List<Node>> map = permissions.get("###GLOBAL###");
                if (map == null || map.isEmpty()) {
                    map = permissions.get(SiteAwareCORSFilter.ALLOW_ORIGIN_DEFAULT);
                }
                if (map == null || map.isEmpty()) {
                    logger.debug("No default site is set. adding default permission: read", new Object[0]);
                    hashSet.add(StudioConstants.PERMISSION_VALUE_READ);
                } else {
                    List<Node> list = map.get(str2);
                    if (list == null || list.isEmpty()) {
                        list = map.get(SiteAwareCORSFilter.ALLOW_ORIGIN_DEFAULT);
                    }
                    if (list == null || list.isEmpty()) {
                        logger.debug("No default role is set. adding default permission: read", new Object[0]);
                        hashSet.add(StudioConstants.PERMISSION_VALUE_READ);
                    } else {
                        for (Node node : list) {
                            String valueOf = node.valueOf(StudioXmlConstants.DOCUMENT_ATTR_REGEX);
                            if (str.matches(valueOf)) {
                                logger.debug("Global permissions found by matching " + valueOf + " for " + str2, new Object[0]);
                                Iterator it = node.selectNodes(StudioXmlConstants.DOCUMENT_ELM_ALLOWED_PERMISSIONS).iterator();
                                while (it.hasNext()) {
                                    String lowerCase = ((Node) it.next()).getText().toLowerCase();
                                    logger.debug("adding global permissions " + lowerCase + " to " + str + " for " + str2, new Object[0]);
                                    hashSet.add(lowerCase);
                                }
                            }
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    protected String getPermissionsKey(String str, String str2) {
        return new StringBuffer(str).append(":").append(str2).toString();
    }

    protected void addUserRoles(Set<String> set, String str, String str2) {
        if (StringUtils.isEmpty(str2)) {
            return;
        }
        Set<String> userRoles = getUserRoles(str, str2);
        logger.debug("Adding roles by user: " + userRoles, new Object[0]);
        set.addAll(userRoles);
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public Set<String> getUserRoles(@ValidateStringParam(name = "site") String str, @ValidateStringParam(name = "user") String str2) {
        List<Group> userGroups;
        try {
            userGroups = this.userServiceInternal.getUserGroups(-1L, str2);
        } catch (ServiceLayerException | UserNotFoundException e) {
            logger.error("Error while getting groups for user {0}", e, new Object[0]);
        }
        if (userGroups == null || userGroups.size() <= 0) {
            logger.debug("No groups found for " + str2 + " in " + str, new Object[0]);
            return new HashSet(0);
        }
        logger.debug("Groups for " + str2 + " in " + str + ": " + userGroups, new Object[0]);
        PermissionsConfigTO loadConfiguration = loadConfiguration(str, getRoleMappingsFileName());
        HashSet hashSet = new HashSet();
        if (loadConfiguration != null) {
            Map<String, List<String>> roles = loadConfiguration.getRoles();
            Iterator<Group> it = userGroups.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String groupName = it.next().getGroupName();
                if (StringUtils.equals(groupName, StudioConstants.SYSTEM_ADMIN_GROUP)) {
                    roles.values().forEach(list -> {
                        hashSet.addAll(list);
                    });
                    break;
                }
                List<String> list2 = roles.get(groupName);
                if (list2 != null) {
                    hashSet.addAll(list2);
                }
            }
        }
        return hashSet;
    }

    protected void addGroupRoles(Set<String> set, String str, List<String> list, PermissionsConfigTO permissionsConfigTO) {
        if (list != null) {
            Map<String, List<String>> roles = permissionsConfigTO.getRoles();
            for (String str2 : list) {
                List<String> list2 = roles.get(str2);
                if (list2 != null) {
                    logger.debug("Adding roles by group " + str2 + ": " + set, new Object[0]);
                    set.addAll(list2);
                }
            }
        }
    }

    protected Set<String> populateUserPermissions(String str, String str2, Set<String> set, PermissionsConfigTO permissionsConfigTO) {
        HashSet hashSet = new HashSet();
        if (set == null || set.isEmpty()) {
            logger.debug("No user or group matching found. adding default permission: read", new Object[0]);
            hashSet.add(StudioConstants.PERMISSION_VALUE_READ);
        } else {
            for (String str3 : set) {
                Map<String, Map<String, List<Node>>> permissions = permissionsConfigTO.getPermissions();
                Map<String, List<Node>> map = permissions.get(str);
                if (map == null || map.isEmpty()) {
                    map = permissions.get(SiteAwareCORSFilter.ALLOW_ORIGIN_DEFAULT);
                }
                if (map == null || map.isEmpty()) {
                    logger.debug("No default site is set. adding default permission: read", new Object[0]);
                    hashSet.add(StudioConstants.PERMISSION_VALUE_READ);
                } else {
                    List<Node> list = map.get(str3);
                    if (list == null || list.isEmpty()) {
                        list = map.get(SiteAwareCORSFilter.ALLOW_ORIGIN_DEFAULT);
                    }
                    if (list == null || list.isEmpty()) {
                        logger.debug("No default role is set. adding default permission: read", new Object[0]);
                        hashSet.add(StudioConstants.PERMISSION_VALUE_READ);
                    } else {
                        for (Node node : list) {
                            String valueOf = node.valueOf(StudioXmlConstants.DOCUMENT_ATTR_REGEX);
                            if (str2.matches(valueOf)) {
                                logger.debug("Permissions found by matching " + valueOf + " for " + str3 + " in " + str, new Object[0]);
                                Iterator it = node.selectNodes(StudioXmlConstants.DOCUMENT_ELM_ALLOWED_PERMISSIONS).iterator();
                                while (it.hasNext()) {
                                    String lowerCase = ((Node) it.next()).getText().toLowerCase();
                                    logger.debug("adding permissions " + lowerCase + " to " + str2 + " for " + str3 + " in " + str, new Object[0]);
                                    hashSet.add(lowerCase);
                                }
                            }
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    protected PermissionsConfigTO loadConfiguration(String str, String str2) {
        Document document = null;
        PermissionsConfigTO permissionsConfigTO = null;
        try {
            document = this.configurationService.getConfigurationAsDocument(str, StudioConstants.MODULE_STUDIO, str2, this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_ENVIRONMENT_ACTIVE));
        } catch (DocumentException | IOException e) {
            logger.error("Permission mapping not found for " + str + ":" + str2, new Object[0]);
        }
        if (document != null) {
            permissionsConfigTO = new PermissionsConfigTO();
            permissionsConfigTO.setMapping(document);
            Element rootElement = document.getRootElement();
            loadRoles(rootElement, permissionsConfigTO);
            loadPermissions(str, rootElement, permissionsConfigTO);
            permissionsConfigTO.setKey(str + ":" + str2);
            permissionsConfigTO.setLastUpdated(ZonedDateTime.now(ZoneOffset.UTC));
        } else {
            logger.error("Permission mapping not found for " + str + ":" + str2, new Object[0]);
        }
        return permissionsConfigTO;
    }

    protected void loadRoles(Element element, PermissionsConfigTO permissionsConfigTO) {
        if (element.getName().equals(StudioXmlConstants.DOCUMENT_ROLE_MAPPINGS)) {
            permissionsConfigTO.setRoles(getRoles(element.selectNodes(StudioXmlConstants.DOCUMENT_ELM_GROUPS_NODE), getRoles(element.selectNodes(StudioXmlConstants.DOCUMENT_ELM_USER_NODE), new HashMap())));
        }
    }

    protected Map<String, List<String>> getRoles(List<Node> list, Map<String, List<String>> map) {
        for (Node node : list) {
            String valueOf = node.valueOf(StudioXmlConstants.DOCUMENT_ATTR_PERMISSIONS_NAME);
            if (!StringUtils.isEmpty(valueOf)) {
                List selectNodes = node.selectNodes("role");
                ArrayList arrayList = new ArrayList();
                Iterator it = selectNodes.iterator();
                while (it.hasNext()) {
                    arrayList.add(((Node) it.next()).getText());
                }
                map.put(valueOf, arrayList);
            }
        }
        return map;
    }

    protected void loadPermissions(String str, Element element, PermissionsConfigTO permissionsConfigTO) {
        if (element.getName().equals(StudioXmlConstants.DOCUMENT_PERMISSIONS)) {
            HashMap hashMap = new HashMap();
            Element element2 = element;
            Element element3 = (Element) element2.selectSingleNode("site");
            if (element3 != null) {
                element2 = element3;
            }
            List<Node> selectNodes = element2.selectNodes("role");
            HashMap hashMap2 = new HashMap();
            for (Node node : selectNodes) {
                hashMap2.put(node.valueOf(StudioXmlConstants.DOCUMENT_ATTR_PERMISSIONS_NAME), node.selectNodes(StudioXmlConstants.DOCUMENT_ELM_PERMISSION_RULE));
            }
            hashMap.put(str, hashMap2);
            permissionsConfigTO.setPermissions(hashMap);
        }
    }

    protected PermissionsConfigTO loadGlobalPermissionsConfiguration() {
        String str = getGlobalConfigPath() + "/" + getGlobalPermissionsFileName();
        Document document = null;
        PermissionsConfigTO permissionsConfigTO = null;
        try {
            document = this.contentService.getContentAsDocument("", str);
        } catch (DocumentException e) {
            logger.error("Global permission mapping not found (path: {0})", str);
        }
        if (document != null) {
            permissionsConfigTO = new PermissionsConfigTO();
            permissionsConfigTO.setMapping(document);
            loadPermissions("###GLOBAL###", document.getRootElement(), permissionsConfigTO);
            permissionsConfigTO.setKey("###GLOBAL###:" + getGlobalPermissionsFileName());
            permissionsConfigTO.setLastUpdated(ZonedDateTime.now(ZoneOffset.UTC));
        } else {
            logger.error("Global permission mapping not found (path: {0})", str);
        }
        return permissionsConfigTO;
    }

    protected PermissionsConfigTO loadGlobalRolesConfiguration() {
        String str = getGlobalConfigPath() + "/" + getGlobalRoleMappingsFileName();
        Document document = null;
        PermissionsConfigTO permissionsConfigTO = null;
        try {
            document = this.contentService.getContentAsDocument("", str);
        } catch (DocumentException e) {
            logger.error("Global roles mapping not found (path: {0})", str);
        }
        if (document != null) {
            permissionsConfigTO = new PermissionsConfigTO();
            permissionsConfigTO.setMapping(document);
            loadRoles(document.getRootElement(), permissionsConfigTO);
            permissionsConfigTO.setKey("###GLOBAL###:" + getGlobalRoleMappingsFileName());
            permissionsConfigTO.setLastUpdated(ZonedDateTime.now(ZoneOffset.UTC));
        } else {
            logger.error("Global roles mapping not found (path: {0})", str);
        }
        return permissionsConfigTO;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public void reloadConfiguration(@ValidateStringParam(name = "site") String str) {
        loadConfiguration(str, getPermissionsFileName());
        loadConfiguration(str, getRoleMappingsFileName());
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    public void reloadGlobalConfiguration() {
        loadGlobalPermissionsConfiguration();
        loadGlobalRolesConfiguration();
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    public boolean logout() throws SiteNotFoundException {
        String currentUser = getCurrentUser();
        deleteAuthentication();
        RequestContext current = RequestContext.getCurrent();
        if (current == null) {
            return true;
        }
        HttpServletRequest request = current.getRequest();
        String remoteAddr = request.getRemoteAddr();
        HttpSession session = request.getSession();
        session.removeAttribute(SecurityService.STUDIO_SESSION_TOKEN_ATRIBUTE);
        session.invalidate();
        SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
        createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_LOGOUT);
        createAuditLogEntry.setActorId(currentUser);
        createAuditLogEntry.setSiteId(site.getId());
        createAuditLogEntry.setPrimaryTargetId(currentUser);
        createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
        createAuditLogEntry.setPrimaryTargetValue(currentUser);
        this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
        logger.info("User " + currentUser + " logged out from IP: " + remoteAddr, new Object[0]);
        return true;
    }

    protected void deleteAuthentication() {
        RequestContext current = RequestContext.getCurrent();
        if (current != null) {
            current.getRequest().getSession().removeAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION);
        }
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    public int getAllUsersTotal() throws ServiceLayerException {
        return this.userServiceInternal.getAllUsersTotal();
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public boolean validateToken(@ValidateStringParam(name = "token") String str) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        boolean z = false;
        String decryptToken = decryptToken(str);
        if (StringUtils.isNotEmpty(decryptToken)) {
            StringTokenizer stringTokenizer = new StringTokenizer(decryptToken, "|");
            if (stringTokenizer.countTokens() == 3) {
                String nextToken = stringTokenizer.nextToken();
                User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, nextToken);
                if (userByIdOrUsername == null) {
                    logger.info("User profile not found for " + nextToken, new Object[0]);
                    throw new UserNotFoundException();
                }
                if (userByIdOrUsername.isExternallyManaged()) {
                    throw new UserExternallyManagedException();
                }
                z = Long.parseLong(stringTokenizer.nextToken()) >= System.currentTimeMillis();
            }
        }
        return z;
    }

    private String decryptToken(String str) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_KEY).getBytes(), this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_TYPE));
            Cipher cipher = Cipher.getInstance(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_ALGORITHM));
            byte[] decode = Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8));
            cipher.init(2, secretKeySpec, new IvParameterSpec(secretKeySpec.getEncoded()));
            return new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
        } catch (IllegalArgumentException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            logger.error("Error while decrypting forgot password token", e, new Object[0]);
            return null;
        }
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public boolean changePassword(@ValidateStringParam(name = "username") String str, @ValidateStringParam(name = "current") String str2, @ValidateStringParam(name = "newPassword") String str3) throws PasswordDoesNotMatchException, UserExternallyManagedException, ServiceLayerException {
        return this.userServiceInternal.changePassword(str, str2, str3);
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public Map<String, Object> setUserPassword(@ValidateStringParam(name = "token") String str, @ValidateStringParam(name = "newPassword") String str2) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        HashMap hashMap = new HashMap();
        hashMap.put("username", "");
        hashMap.put("success", false);
        if (validateToken(str)) {
            String usernameFromToken = getUsernameFromToken(str);
            if (!StringUtils.isNotEmpty(usernameFromToken)) {
                throw new UserNotFoundException("User not found");
            }
            hashMap.put("username", usernameFromToken);
            User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, usernameFromToken);
            if (userByIdOrUsername == null) {
                throw new UserNotFoundException("User not found");
            }
            if (userByIdOrUsername.isEnabled()) {
                hashMap.put("success", Boolean.valueOf(this.userServiceInternal.setUserPassword(usernameFromToken, str2)));
            }
        }
        return hashMap;
    }

    private String getUsernameFromToken(String str) {
        String str2 = "";
        String decryptToken = decryptToken(str);
        if (StringUtils.isNotEmpty(decryptToken)) {
            StringTokenizer stringTokenizer = new StringTokenizer(decryptToken, "|");
            if (stringTokenizer.countTokens() == 3) {
                str2 = stringTokenizer.nextToken();
            }
        }
        return str2;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public boolean resetPassword(@ValidateStringParam(name = "username") String str, @ValidateStringParam(name = "newPassword") String str2) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        if (isAdmin(getCurrentUser())) {
            return this.userServiceInternal.setUserPassword(str, str2);
        }
        return false;
    }

    private boolean isAdmin(String str) throws ServiceLayerException, UserNotFoundException {
        List<Group> userGroups = this.userServiceInternal.getUserGroups(-1L, str);
        boolean z = false;
        if (CollectionUtils.isNotEmpty(userGroups)) {
            Iterator<Group> it = userGroups.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (StringUtils.equalsIgnoreCase(it.next().getGroupName(), StudioConstants.SYSTEM_ADMIN_GROUP)) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public boolean isSiteAdmin(@ValidateStringParam(name = "username") String str, String str2) {
        boolean z = false;
        try {
        } catch (ServiceLayerException | UserNotFoundException e) {
            logger.warn("Error getting user memberships", e);
        }
        if (this.userServiceInternal.isUserMemberOfGroup(str, StudioConstants.SYSTEM_ADMIN_GROUP)) {
            return true;
        }
        List<Group> userGroups = this.userServiceInternal.getUserGroups(-1L, str);
        if (CollectionUtils.isNotEmpty(userGroups)) {
            Map<String, List<String>> geRoleMappings = this.configurationService.geRoleMappings(str2);
            if (MapUtils.isNotEmpty(geRoleMappings)) {
                Iterator<Group> it = userGroups.iterator();
                while (it.hasNext()) {
                    if (geRoleMappings.get(it.next().getGroupName()).contains(StudioConstants.ADMIN_ROLE)) {
                        z = true;
                    }
                }
            }
        }
        return z;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    @ValidateParams
    public boolean userExists(@ValidateStringParam(name = "username") String str) throws ServiceLayerException {
        return this.userServiceInternal.userExists(-1L, str);
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    public boolean validateSession(HttpServletRequest httpServletRequest) throws ServiceLayerException {
        HttpSession session = httpServletRequest.getSession();
        String currentToken = getCurrentToken();
        String currentUser = getCurrentUser();
        if (currentUser != null && SessionTokenUtils.validateToken(currentToken, this.userDetailsManager.loadUserByUsername(currentUser).getUsername())) {
            return true;
        }
        session.removeAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION);
        session.invalidate();
        return false;
    }

    @Override // org.craftercms.studio.api.v1.service.security.SecurityService
    public Authentication getAuthentication() {
        Authentication authentication = null;
        RequestContext current = RequestContext.getCurrent();
        if (current != null) {
            authentication = (Authentication) current.getRequest().getSession().getAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION);
        }
        return authentication;
    }

    protected String getJobOrEventTicket() {
        String str = null;
        CronJobContext current = CronJobContext.getCurrent();
        if (current != null) {
            str = current.getAuthenticationToken();
        } else {
            RepositoryEventContext current2 = RepositoryEventContext.getCurrent();
            if (current2 != null) {
                str = current2.getAuthenticationToken();
            }
        }
        return str;
    }

    public String getRoleMappingsFileName() {
        return this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_SITE_ROLE_MAPPINGS_FILE_NAME);
    }

    public String getPermissionsFileName() {
        return this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_SITE_PERMISSION_MAPPINGS_FILE_NAME);
    }

    public String getGlobalConfigPath() {
        return this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_CONFIG_BASE_PATH);
    }

    public String getGlobalRoleMappingsFileName() {
        return this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_ROLE_MAPPINGS_FILE_NAME);
    }

    public String getGlobalPermissionsFileName() {
        return this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_PERMISSION_MAPPINGS_FILE_NAME);
    }

    public int getSessionTimeout() {
        return Integer.parseInt(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_SESSION_TIMEOUT));
    }

    public boolean isAuthenticatedSMTP() {
        return Boolean.parseBoolean(this.studioConfiguration.getProperty(StudioConfiguration.MAIL_SMTP_AUTH));
    }

    public String getDefaultFromAddress() {
        return this.studioConfiguration.getProperty(StudioConfiguration.MAIL_FROM_DEFAULT);
    }

    public String getSystemSite() {
        return this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE);
    }

    public ContentTypeService getContentTypeService() {
        return this.contentTypeService;
    }

    public void setContentTypeService(ContentTypeService contentTypeService) {
        this.contentTypeService = contentTypeService;
    }

    public ContentService getContentService() {
        return this.contentService;
    }

    public void setContentService(ContentService contentService) {
        this.contentService = contentService;
    }

    public GeneralLockService getGeneralLockService() {
        return this.generalLockService;
    }

    public void setGeneralLockService(GeneralLockService generalLockService) {
        this.generalLockService = generalLockService;
    }

    public StudioConfiguration getStudioConfiguration() {
        return this.studioConfiguration;
    }

    public void setStudioConfiguration(StudioConfiguration studioConfiguration) {
        this.studioConfiguration = studioConfiguration;
    }

    public JavaMailSender getEmailService() {
        return this.emailService;
    }

    public void setEmailService(JavaMailSender javaMailSender) {
        this.emailService = javaMailSender;
    }

    public JavaMailSender getEmailServiceNoAuth() {
        return this.emailServiceNoAuth;
    }

    public void setEmailServiceNoAuth(JavaMailSender javaMailSender) {
        this.emailServiceNoAuth = javaMailSender;
    }

    public UserDetailsManager getUserDetailsManager() {
        return this.userDetailsManager;
    }

    public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
        this.userDetailsManager = userDetailsManager;
    }

    public ObjectFactory<FreeMarkerConfig> getFreeMarkerConfig() {
        return this.freeMarkerConfig;
    }

    public void setFreeMarkerConfig(ObjectFactory<FreeMarkerConfig> objectFactory) {
        this.freeMarkerConfig = objectFactory;
    }

    public GroupService getGroupService() {
        return this.groupService;
    }

    public void setGroupService(GroupService groupService) {
        this.groupService = groupService;
    }

    public UserServiceInternal getUserServiceInternal() {
        return this.userServiceInternal;
    }

    public void setUserServiceInternal(UserServiceInternal userServiceInternal) {
        this.userServiceInternal = userServiceInternal;
    }

    public AuthenticationChain getAuthenticationChain() {
        return this.authenticationChain;
    }

    public void setAuthenticationChain(AuthenticationChain authenticationChain) {
        this.authenticationChain = authenticationChain;
    }

    public ConfigurationService getConfigurationService() {
        return this.configurationService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    public AuditServiceInternal getAuditServiceInternal() {
        return this.auditServiceInternal;
    }

    public void setAuditServiceInternal(AuditServiceInternal auditServiceInternal) {
        this.auditServiceInternal = auditServiceInternal;
    }

    public SiteService getSiteService() {
        return this.siteService;
    }

    public void setSiteService(SiteService siteService) {
        this.siteService = siteService;
    }
}
