package org.genesys.blocks.security.service.impl;

import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.persistence.EntityNotFoundException;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.genesys.blocks.security.NoUserFoundException;
import org.genesys.blocks.security.NotUniqueUserException;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.security.persistence.AclEntryPersistence;
import org.genesys.blocks.security.service.BasicUserService;
import org.genesys.blocks.security.service.PasswordPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
/* loaded from: input_file:org/genesys/blocks/security/service/impl/BasicUserServiceImpl.class */
public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends BasicUser<R>> implements BasicUserService<R, T>, InitializingBean {
    public static final Logger LOG = LoggerFactory.getLogger(BasicUserServiceImpl.class);
    private static final String THIS_IS_NOT_A_PASSWORD = "THIS-IS-NOT-A-PASSWORD";
    private long accountLockoutTime = 300000;
    private JpaRepository<T, Long> _repository;

    @Autowired
    protected PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    private PasswordPolicy passwordPolicy;

    @Autowired(required = false)
    protected AclEntryPersistence aclEntryRepository;

    @Transactional
    public void afterPropertiesSet() throws Exception {
        this._repository = getUserRepository();
        try {
            loadUserByUsername(BasicUserService.SYSTEM_ADMIN);
        } catch (UsernameNotFoundException e) {
            T createSystemAdministrator = createSystemAdministrator(BasicUserService.SYSTEM_ADMIN);
            if (createSystemAdministrator == null) {
                throw new UserException("Implementation did not return a valid SYSTEM_ADMIN account");
            }
            if (createSystemAdministrator.getAccountType() != BasicUser.AccountType.SYSTEM) {
                throw new UserException("Implementation did not return a SYSTEM_ADMIN account of type SYSTEM");
            }
            LOG.warn("New system admin {} account created with uuid={}", BasicUserService.SYSTEM_ADMIN, createSystemAdministrator.getUuid());
        }
    }

    protected abstract JpaRepository<T, Long> getUserRepository();

    protected abstract T createSystemAdministrator(String str) throws UserException;

    public void setAccountLockoutTime(long j) {
        this.accountLockoutTime = j;
    }

    @Override // org.genesys.blocks.security.service.BasicUserService
    public abstract List<R> getDefaultUserRoles();

    @Override // org.genesys.blocks.security.service.BasicUserService
    public abstract List<R> listAvailableRoles();

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        T userByEmail = getUserByEmail(str);
        if (userByEmail == null) {
            throw new UsernameNotFoundException(str);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(20);
        Set<GrantedAuthority> dynamicAuthorities = getDynamicAuthorities(userByEmail);
        if (CollectionUtils.isNotEmpty(dynamicAuthorities)) {
            linkedHashSet.addAll(dynamicAuthorities);
        }
        linkedHashSet.addAll(userByEmail.getRoles());
        List<R> defaultUserRoles = getDefaultUserRoles();
        if (CollectionUtils.isNotEmpty(defaultUserRoles)) {
            linkedHashSet.removeAll(defaultUserRoles);
            linkedHashSet.addAll(defaultUserRoles);
        }
        userByEmail.setRuntimeAuthorities(new ArrayList(linkedHashSet));
        return userByEmail;
    }

    protected abstract Set<GrantedAuthority> getDynamicAuthorities(T t);

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.genesys.blocks.security.service.BasicUserService
    public T getUser(long j) {
        return (T) deepLoad((BasicUser) this._repository.findById(Long.valueOf(j)).orElse(null));
    }

    public T deepLoad(T t) {
        if (t != null) {
            t.getRoles().size();
        }
        return t;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.genesys.blocks.security.service.BasicUserService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') || principal.id == #user.id")
    public T updateUser(T t, String str, String str2) throws NotUniqueUserException, UserException {
        BasicUser basicUser = (BasicUser) this._repository.findById(t.getId()).orElseThrow(() -> {
            return new EntityNotFoundException("Record not found.");
        });
        if (!StringUtils.equals(str, basicUser.getEmail()) && getUserByEmail(str) != null) {
            throw new NotUniqueUserException("Email address already registered");
        }
        basicUser.setEmail(str);
        basicUser.setFullName(str2);
        return (T) deepLoad((BasicUser) this._repository.save(basicUser));
    }

    @Override // org.genesys.blocks.security.service.BasicUserService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR')")
    public void deleteUser(T t) {
        this._repository.delete(t);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.genesys.blocks.security.service.BasicUserService
    @Transactional
    public T setRoles(T t, Set<R> set) {
        T t2 = (T) this._repository.findById(t.getId()).orElseThrow(() -> {
            return new EntityNotFoundException("Record not found.");
        });
        set.removeAll(getDefaultUserRoles());
        if (set.containsAll(t2.getRoles()) && t2.getRoles().containsAll(set)) {
            LOG.debug("Roles {} match {}. No change.", set, t2.getRoles());
            return t2;
        }
        t2.getRoles().clear();
        t2.getRoles().addAll(set);
        LOG.info("Setting roles for user {} to {}", t2.getEmail(), t2.getRoles());
        return (T) deepLoad((BasicUser) this._repository.save(t2));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.genesys.blocks.security.service.BasicUserService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') || principal.id == #user.id")
    public T changePassword(T t, String str) throws PasswordPolicy.PasswordPolicyException {
        if (t.getAccountType() != BasicUser.AccountType.LOCAL) {
            throw new PasswordPolicy.PasswordPolicyException("Password can be set only for LOCAL account types");
        }
        setPassword(t, str);
        t.setAccountExpires(LocalDateTime.now().plusMonths(12L).toInstant(ZoneOffset.UTC));
        return (T) deepLoad((BasicUser) this._repository.save(t));
    }

    protected final void setPassword(T t, String str) throws PasswordPolicy.PasswordPolicyException {
        if (t.getAccountType() != BasicUser.AccountType.LOCAL) {
            t.setPassword(THIS_IS_NOT_A_PASSWORD);
            t.setPasswordExpires(null);
        } else {
            assureGoodPassword(str);
            t.setPassword(str == null ? null : this.passwordEncoder.encode(str));
            t.setPasswordExpires(null);
        }
    }

    public void assureGoodPassword(String str) throws PasswordPolicy.PasswordPolicyException {
        if (this.passwordPolicy != null) {
            this.passwordPolicy.assureGoodPassword(str);
        }
    }

    @Override // org.genesys.blocks.security.service.BasicUserService
    @Transactional
    public void setAccountLockLocal(long j, boolean z) throws NoUserFoundException {
        T user = getUser(j);
        if (z) {
            user.setLockedUntil(Instant.now().plus(this.accountLockoutTime, (TemporalUnit) ChronoUnit.MILLIS));
            LOG.warn("Locking user account for user=" + user.getEmail() + "  until=" + user.getLockedUntil());
        } else {
            LOG.warn("Unlocking user account for user=" + user.getEmail());
            user.setLockedUntil(null);
        }
        this._repository.save(user);
    }

    @Override // org.genesys.blocks.security.service.BasicUserService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR')")
    public void setAccountLock(long j, boolean z) throws NoUserFoundException {
        setAccountLockLocal(j, z);
    }

    @Override // org.genesys.blocks.security.service.BasicUserService
    @Transactional
    public T setAccountType(T t, BasicUser.AccountType accountType) {
        BasicUser basicUser = (BasicUser) this._repository.findById(t.getId()).orElseThrow(() -> {
            return new EntityNotFoundException("Record not found.");
        });
        basicUser.setAccountType(accountType);
        if (accountType != BasicUser.AccountType.LOCAL) {
            basicUser.setPassword(THIS_IS_NOT_A_PASSWORD);
        }
        return (T) this._repository.save(basicUser);
    }
}
