package org.opendaylight.controller.usermanager.internal;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Dictionary;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.osgi.framework.console.CommandInterpreter;
import org.eclipse.osgi.framework.console.CommandProvider;
import org.opendaylight.controller.clustering.services.CacheConfigException;
import org.opendaylight.controller.clustering.services.CacheExistException;
import org.opendaylight.controller.clustering.services.IClusterGlobalServices;
import org.opendaylight.controller.clustering.services.IClusterServices;
import org.opendaylight.controller.configuration.IConfigurationAware;
import org.opendaylight.controller.containermanager.IContainerAuthorization;
import org.opendaylight.controller.sal.authorization.AuthResultEnum;
import org.opendaylight.controller.sal.authorization.IResourceAuthorization;
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.IObjectReader;
import org.opendaylight.controller.sal.utils.ObjectReader;
import org.opendaylight.controller.sal.utils.ObjectWriter;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.usermanager.AuthResponse;
import org.opendaylight.controller.usermanager.AuthenticatedUser;
import org.opendaylight.controller.usermanager.AuthorizationConfig;
import org.opendaylight.controller.usermanager.IAAAProvider;
import org.opendaylight.controller.usermanager.ISessionManager;
import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.usermanager.ServerConfig;
import org.opendaylight.controller.usermanager.UserConfig;
import org.opendaylight.controller.usermanager.security.SessionManager;
import org.opendaylight.controller.usermanager.security.UserSecurityContextRepository;
import org.osgi.framework.FrameworkUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.context.SecurityContextRepository;

/* loaded from: input_file:org/opendaylight/controller/usermanager/internal/UserManager.class */
public class UserManager implements IUserManager, IObjectReader, IConfigurationAware, CommandProvider, AuthenticationProvider {
    private static final String DEFAULT_ADMIN = "admin";
    private static final String DEFAULT_ADMIN_PASSWORD = "admin";
    private ConcurrentMap<String, UserConfig> localUserConfigList;
    private ConcurrentMap<String, ServerConfig> remoteServerConfigList;
    private ConcurrentMap<String, AuthorizationConfig> authorizationConfList;
    private ConcurrentMap<String, AuthenticatedUser> activeUsers;
    private ConcurrentMap<String, IAAAProvider> authProviders;
    private IContainerAuthorization containerAuthorizationClient;
    private Set<IResourceAuthorization> applicationAuthorizationClients;
    private static final Logger logger = LoggerFactory.getLogger(UserManager.class);
    private static final String DEFAULT_ADMIN_ROLE = UserLevel.NETWORKADMIN.toString();
    private static final String ROOT = GlobalConstants.STARTUPHOME.toString();
    private static final String USERS_FILE_NAME = ROOT + "users.conf";
    private static final String SERVERS_FILE_NAME = ROOT + "servers.conf";
    private static final String AUTH_FILE_NAME = ROOT + "authorization.conf";
    private static final String RECOVERY_FILE = ROOT + "NETWORK_ADMIN_PASSWORD_RECOVERY";
    private IClusterGlobalServices clusterGlobalService = null;
    private SecurityContextRepository securityContextRepo = new UserSecurityContextRepository();
    private ISessionManager sessionMgr = new SessionManager();

    public boolean addAAAProvider(IAAAProvider iAAAProvider) {
        if (iAAAProvider == null || iAAAProvider.getName() == null || iAAAProvider.getName().trim().isEmpty() || this.authProviders.get(iAAAProvider.getName()) != null) {
            return false;
        }
        this.authProviders.put(iAAAProvider.getName(), iAAAProvider);
        return true;
    }

    public void removeAAAProvider(IAAAProvider iAAAProvider) {
        this.authProviders.remove(iAAAProvider.getName());
    }

    public IAAAProvider getAAAProvider(String str) {
        return this.authProviders.get(str);
    }

    public Set<String> getAAAProviderNames() {
        return this.authProviders.keySet();
    }

    private void allocateCaches() {
        this.applicationAuthorizationClients = Collections.synchronizedSet(new HashSet());
        if (this.clusterGlobalService == null) {
            logger.error("un-initialized clusterGlobalService, can't create cache");
            return;
        }
        try {
            this.clusterGlobalService.createCache("usermanager.localUserConfigList", EnumSet.of(IClusterServices.cacheMode.TRANSACTIONAL));
            this.clusterGlobalService.createCache("usermanager.remoteServerConfigList", EnumSet.of(IClusterServices.cacheMode.TRANSACTIONAL));
            this.clusterGlobalService.createCache("usermanager.authorizationConfList", EnumSet.of(IClusterServices.cacheMode.TRANSACTIONAL));
            this.clusterGlobalService.createCache("usermanager.activeUsers", EnumSet.of(IClusterServices.cacheMode.TRANSACTIONAL));
        } catch (CacheExistException e) {
            logger.debug("Skipping cache creation as already present");
        } catch (CacheConfigException e2) {
            logger.error("Cache configuration invalid - check cache mode");
        }
    }

    private void retrieveCaches() {
        if (this.clusterGlobalService == null) {
            logger.error("un-initialized clusterService, can't retrieve cache");
            return;
        }
        this.activeUsers = this.clusterGlobalService.getCache("usermanager.activeUsers");
        if (this.activeUsers == null) {
            logger.error("Failed to get cache for activeUsers");
        }
        this.localUserConfigList = this.clusterGlobalService.getCache("usermanager.localUserConfigList");
        if (this.localUserConfigList == null) {
            logger.error("Failed to get cache for localUserConfigList");
        }
        this.remoteServerConfigList = this.clusterGlobalService.getCache("usermanager.remoteServerConfigList");
        if (this.remoteServerConfigList == null) {
            logger.error("Failed to get cache for remoteServerConfigList");
        }
        this.authorizationConfList = this.clusterGlobalService.getCache("usermanager.authorizationConfList");
        if (this.authorizationConfList == null) {
            logger.error("Failed to get cache for authorizationConfList");
        }
    }

    private void loadConfigurations() {
        loadSecurityKeys();
        if (this.localUserConfigList.isEmpty()) {
            loadUserConfig();
        }
        if (this.remoteServerConfigList.isEmpty()) {
            loadServerConfig();
        }
        if (this.authorizationConfList.isEmpty()) {
            loadAuthConfig();
        }
    }

    private void loadSecurityKeys() {
    }

    private void checkDefaultNetworkAdmin() {
        if (this.localUserConfigList.containsKey("admin")) {
            return;
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(DEFAULT_ADMIN_ROLE);
        this.localUserConfigList.put("admin", UserConfig.getUncheckedUserConfig("admin", "admin", arrayList));
    }

    private void checkPasswordRecovery() {
        try {
            FileInputStream fileInputStream = new FileInputStream(RECOVERY_FILE);
            this.localUserConfigList.remove("admin");
            logger.info("Default Network Administrator password has been reset to factory default.");
            logger.info("Please change the default Network Administrator password as soon as possible");
            if (new File(RECOVERY_FILE).delete()) {
                logger.trace("{} deleted", "Default Network Administrator password recovery file");
            } else {
                logger.warn("Failed to delete {}", "Default Network Administrator password recovery file");
            }
            fileInputStream.close();
        } catch (FileNotFoundException e) {
            logger.trace("{} not present", "Default Network Administrator password recovery file");
        } catch (IOException e2) {
            logger.warn("Failed to close file stream for {}", "Default Network Administrator password recovery file");
        }
    }

    public AuthResultEnum authenticate(String str, String str2) {
        AuthResponse authResponse = null;
        boolean z = false;
        boolean z2 = false;
        Iterator<ServerConfig> it = this.remoteServerConfigList.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ServerConfig next = it.next();
            IAAAProvider aAAProvider = getAAAProvider(next.getProtocol());
            if (aAAProvider != null) {
                authResponse = aAAProvider.authService(str, str2, next.getAddress(), next.getSecret());
                if (authResponse.getStatus() == AuthResultEnum.AUTH_ACCEPT) {
                    logger.info("Remote Authentication Succeeded for User: \"{}\", by Server: {}", str, next.getAddress());
                    z = true;
                    break;
                }
                if (authResponse.getStatus() == AuthResultEnum.AUTH_REJECT) {
                    logger.info("Remote Authentication Rejected User: \"{}\", from Server: {}, Reason:{}", new Object[]{str, next.getAddress(), authResponse.getStatus().toString()});
                } else {
                    logger.info("Remote Authentication Failed for User: \"{}\", from Server: {}, Reason:{}", new Object[]{str, next.getAddress(), authResponse.getStatus().toString()});
                }
            }
        }
        if (!z) {
            UserConfig userConfig = this.localUserConfigList.get(str);
            if (userConfig == null) {
                logger.info("Local Authentication Failed for User:\"{}\", Reason: user not found in Local Database", str);
                return AuthResultEnum.AUTH_INVALID_LOC_USER;
            }
            authResponse = userConfig.authenticate(str2);
            if (authResponse.getStatus() != AuthResultEnum.AUTH_ACCEPT_LOC) {
                logger.info("Local Authentication Failed for User: \"{}\", Reason: {}", str, authResponse.getStatus().toString());
                return authResponse.getStatus();
            }
            logger.info("Local Authentication Succeeded for User: \"{}\"", str);
        }
        AuthenticatedUser authenticatedUser = new AuthenticatedUser(str);
        String str3 = (authResponse.getData() == null || authResponse.getData().isEmpty()) ? null : (String) authResponse.getData().get(0);
        boolean checkAuthorizationInfo = checkAuthorizationInfo(str3);
        if (z && !checkAuthorizationInfo) {
            logger.info("No Remote Authorization Info provided by Server for User: \"{}\"", str);
            logger.info("Looking for Local Authorization Info for User: \"{}\"", str);
            AuthorizationConfig authorizationConfig = this.authorizationConfList.get(str);
            if (authorizationConfig != null) {
                logger.info("Found Local Authorization Info for User: \"{}\"", str);
                str3 = authorizationConfig.getRolesString();
            }
            checkAuthorizationInfo = checkAuthorizationInfo(str3);
        }
        if (checkAuthorizationInfo) {
            authenticatedUser.setRoleList(str3.split(" "));
            z2 = true;
        } else {
            logger.info("Not able to find Authorization Info for User: \"{}\"", str);
        }
        putUserInActiveList(str, authenticatedUser);
        if (z2) {
            logger.info("User \"{}\" authorized for the following role(s): {}", str, authenticatedUser.getUserRoles());
        } else {
            logger.info("User \"{}\" Not Authorized for any role ", str);
        }
        return authResponse.getStatus();
    }

    private boolean checkAuthorizationInfo(String str) {
        return (str == null || str.isEmpty()) ? false : true;
    }

    private void putUserInActiveList(String str, AuthenticatedUser authenticatedUser) {
        this.activeUsers.put(str, authenticatedUser);
    }

    private void removeUserFromActiveList(String str) {
        if (this.activeUsers.containsKey(str)) {
            this.activeUsers.remove(str);
        }
    }

    public Status saveLocalUserList() {
        return saveLocalUserListInternal();
    }

    private Status saveLocalUserListInternal() {
        return new ObjectWriter().write(new ConcurrentHashMap(this.localUserConfigList), USERS_FILE_NAME);
    }

    public Status saveAAAServerList() {
        return saveAAAServerListInternal();
    }

    private Status saveAAAServerListInternal() {
        return new ObjectWriter().write(new ConcurrentHashMap(this.remoteServerConfigList), SERVERS_FILE_NAME);
    }

    public Status saveAuthorizationList() {
        return saveAuthorizationListInternal();
    }

    private Status saveAuthorizationListInternal() {
        return new ObjectWriter().write(new ConcurrentHashMap(this.authorizationConfList), AUTH_FILE_NAME);
    }

    public Object readObject(ObjectInputStream objectInputStream) throws FileNotFoundException, IOException, ClassNotFoundException {
        return objectInputStream.readObject();
    }

    private void loadUserConfig() {
        ConcurrentMap concurrentMap = (ConcurrentMap) new ObjectReader().read(this, USERS_FILE_NAME);
        if (concurrentMap == null) {
            return;
        }
        Iterator it = concurrentMap.values().iterator();
        while (it.hasNext()) {
            addRemoveLocalUserInternal((UserConfig) it.next(), false);
        }
    }

    private void loadServerConfig() {
        ConcurrentMap concurrentMap = (ConcurrentMap) new ObjectReader().read(this, SERVERS_FILE_NAME);
        if (concurrentMap == null) {
            return;
        }
        Iterator it = concurrentMap.values().iterator();
        while (it.hasNext()) {
            addAAAServer((ServerConfig) it.next());
        }
    }

    private void loadAuthConfig() {
        ConcurrentMap concurrentMap = (ConcurrentMap) new ObjectReader().read(this, AUTH_FILE_NAME);
        if (concurrentMap == null) {
            return;
        }
        Iterator it = concurrentMap.values().iterator();
        while (it.hasNext()) {
            addAuthInfo((AuthorizationConfig) it.next());
        }
    }

    private Status addRemoveLocalUser(UserConfig userConfig, boolean z) {
        Status validate = userConfig.validate();
        if (!validate.isSuccess()) {
            return validate;
        }
        String user = userConfig.getUser();
        if (user.equals("admin")) {
            String str = "Invalid Request: Default Network Admin  User cannot be " + (z ? "removed" : "added");
            logger.debug(str);
            return new Status(StatusCode.NOTALLOWED, str);
        }
        StatusCode statusCode = null;
        Object obj = null;
        if (z && !this.localUserConfigList.containsKey(user)) {
            obj = "not found";
            statusCode = StatusCode.NOTFOUND;
        } else if (!z && this.localUserConfigList.containsKey(user)) {
            obj = "already present";
            statusCode = StatusCode.CONFLICT;
        }
        if (statusCode == null) {
            return addRemoveLocalUserInternal(userConfig, z);
        }
        String format = String.format("User %s %s in configuration database", user, obj);
        logger.debug(format);
        return new Status(statusCode, format);
    }

    private Status addRemoveLocalUserInternal(UserConfig userConfig, boolean z) {
        if (z) {
            this.localUserConfigList.remove(userConfig.getUser());
            removeUserFromActiveList(userConfig.getUser());
        } else {
            this.localUserConfigList.put(userConfig.getUser(), userConfig);
        }
        return new Status(StatusCode.SUCCESS);
    }

    private Status addRemoveAAAServer(ServerConfig serverConfig, boolean z) {
        if (!serverConfig.isValid()) {
            logger.warn("Invalid Server configuration");
            return new Status(StatusCode.BADREQUEST, "Invalid Server configuration");
        }
        if (z) {
            this.remoteServerConfigList.remove(serverConfig.getAddress());
        } else {
            this.remoteServerConfigList.put(serverConfig.getAddress(), serverConfig);
        }
        return new Status(StatusCode.SUCCESS);
    }

    private Status addRemoveAuthInfo(AuthorizationConfig authorizationConfig, boolean z) {
        Status validate = authorizationConfig.validate();
        if (!validate.isSuccess()) {
            String str = "Invalid Authorization configuration: " + validate.getDescription();
            logger.warn(str);
            return new Status(StatusCode.BADREQUEST, str);
        }
        if (z) {
            this.authorizationConfList.remove(authorizationConfig.getUser());
        } else {
            this.authorizationConfList.put(authorizationConfig.getUser(), authorizationConfig);
        }
        return new Status(StatusCode.SUCCESS);
    }

    public Status addLocalUser(UserConfig userConfig) {
        return addRemoveLocalUser(userConfig, false);
    }

    public Status removeLocalUser(UserConfig userConfig) {
        return addRemoveLocalUser(userConfig, true);
    }

    public Status removeLocalUser(String str) {
        return (str == null || str.trim().isEmpty()) ? new Status(StatusCode.BADREQUEST, "Invalid user name") : !this.localUserConfigList.containsKey(str) ? new Status(StatusCode.NOTFOUND, "User does not exist") : addRemoveLocalUser(this.localUserConfigList.get(str), true);
    }

    public Status addAAAServer(ServerConfig serverConfig) {
        return addRemoveAAAServer(serverConfig, false);
    }

    public Status removeAAAServer(ServerConfig serverConfig) {
        return addRemoveAAAServer(serverConfig, true);
    }

    public Status addAuthInfo(AuthorizationConfig authorizationConfig) {
        return addRemoveAuthInfo(authorizationConfig, false);
    }

    public Status removeAuthInfo(AuthorizationConfig authorizationConfig) {
        return addRemoveAuthInfo(authorizationConfig, true);
    }

    public List<UserConfig> getLocalUserList() {
        return new ArrayList(this.localUserConfigList.values());
    }

    public List<ServerConfig> getAAAServerList() {
        return new ArrayList(this.remoteServerConfigList.values());
    }

    public List<AuthorizationConfig> getAuthorizationList() {
        return new ArrayList(this.authorizationConfList.values());
    }

    public Status changeLocalUserPassword(String str, String str2, String str3) {
        UserConfig userConfig = this.localUserConfigList.get(str);
        if (userConfig == null) {
            return new Status(StatusCode.NOTFOUND, "User not found");
        }
        Status update = userConfig.update(str2, str3, (List) null);
        if (!update.isSuccess()) {
            return update;
        }
        this.localUserConfigList.put(str, userConfig);
        logger.info("Password changed for User \"{}\"", str);
        return update;
    }

    public void userLogout(String str) {
        removeUserFromActiveList(str);
        logger.info("User \"{}\" logged out", str);
    }

    public void userTimedOut(String str) {
        removeUserFromActiveList(str);
        logger.info("User \"{}\" timed out", str);
    }

    public String getAccessDate(String str) {
        return this.activeUsers.get(str).getAccessDate();
    }

    public synchronized Map<String, List<String>> getUserLoggedIn() {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, AuthenticatedUser> entry : this.activeUsers.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue().getUserRoles());
        }
        return hashMap;
    }

    public void _umAddUser(CommandInterpreter commandInterpreter) {
        String nextArgument = commandInterpreter.nextArgument();
        String nextArgument2 = commandInterpreter.nextArgument();
        String nextArgument3 = commandInterpreter.nextArgument();
        ArrayList arrayList = new ArrayList();
        while (nextArgument3 != null) {
            if (!nextArgument3.trim().isEmpty()) {
                arrayList.add(nextArgument3);
            }
            nextArgument3 = commandInterpreter.nextArgument();
        }
        if (nextArgument != null && !nextArgument.trim().isEmpty() && nextArgument2 != null && !nextArgument2.trim().isEmpty() && !arrayList.isEmpty()) {
            commandInterpreter.print(addLocalUser(new UserConfig(nextArgument, nextArgument2, arrayList)));
        } else {
            commandInterpreter.println("Invalid Arguments");
            commandInterpreter.println("umAddUser <user_name> <password> <user_role>");
        }
    }

    public void _umRemUser(CommandInterpreter commandInterpreter) {
        String nextArgument = commandInterpreter.nextArgument();
        if (nextArgument == null || nextArgument.trim().isEmpty()) {
            commandInterpreter.println("Invalid Arguments");
            commandInterpreter.println("umRemUser <user_name>");
            return;
        }
        UserConfig userConfig = this.localUserConfigList.get(nextArgument);
        if (userConfig == null) {
            commandInterpreter.println("User not found");
        } else {
            commandInterpreter.println(removeLocalUser(userConfig));
        }
    }

    public void _umGetUsers(CommandInterpreter commandInterpreter) {
        for (UserConfig userConfig : getLocalUserList()) {
            commandInterpreter.println(userConfig.getUser() + " " + userConfig.getRoles());
        }
    }

    public void _addAAAServer(CommandInterpreter commandInterpreter) {
        String nextArgument = commandInterpreter.nextArgument();
        String nextArgument2 = commandInterpreter.nextArgument();
        String nextArgument3 = commandInterpreter.nextArgument();
        if (nextArgument == null || nextArgument2 == null || nextArgument3 == null) {
            commandInterpreter.println("Usage : addAAAServer <server> <secret> <protocol>");
        } else {
            addAAAServer(new ServerConfig(nextArgument, nextArgument2, nextArgument3));
        }
    }

    public void _removeAAAServer(CommandInterpreter commandInterpreter) {
        String nextArgument = commandInterpreter.nextArgument();
        String nextArgument2 = commandInterpreter.nextArgument();
        String nextArgument3 = commandInterpreter.nextArgument();
        if (nextArgument == null || nextArgument2 == null || nextArgument3 == null) {
            commandInterpreter.println("Usage : addAAAServer <server> <secret> <protocol>");
        } else {
            removeAAAServer(new ServerConfig(nextArgument, nextArgument2, nextArgument3));
        }
    }

    public void _printAAAServers(CommandInterpreter commandInterpreter) {
        for (ServerConfig serverConfig : this.remoteServerConfigList.values()) {
            commandInterpreter.println(serverConfig.getAddress() + "-" + serverConfig.getProtocol());
        }
    }

    public String getHelp() {
        return new StringBuffer().toString();
    }

    void setClusterGlobalService(IClusterGlobalServices iClusterGlobalServices) {
        logger.debug("Cluster Service Global set");
        this.clusterGlobalService = iClusterGlobalServices;
    }

    void unsetClusterGlobalService(IClusterGlobalServices iClusterGlobalServices) {
        if (this.clusterGlobalService == iClusterGlobalServices) {
            logger.debug("Cluster Service Global removed!");
            this.clusterGlobalService = null;
        }
    }

    void unsetContainerAuthClient(IContainerAuthorization iContainerAuthorization) {
        if (this.containerAuthorizationClient == iContainerAuthorization) {
            this.containerAuthorizationClient = null;
        }
    }

    void setContainerAuthClient(IContainerAuthorization iContainerAuthorization) {
        this.containerAuthorizationClient = iContainerAuthorization;
    }

    void setAppAuthClient(IResourceAuthorization iResourceAuthorization) {
        this.applicationAuthorizationClients.add(iResourceAuthorization);
    }

    void unsetAppAuthClient(IResourceAuthorization iResourceAuthorization) {
        this.applicationAuthorizationClients.remove(iResourceAuthorization);
    }

    void init() {
    }

    void destroy() {
    }

    void start() {
        this.authProviders = new ConcurrentHashMap();
        allocateCaches();
        retrieveCaches();
        loadConfigurations();
        checkPasswordRecovery();
        checkDefaultNetworkAdmin();
        FrameworkUtil.getBundle(getClass()).getBundleContext().registerService(CommandProvider.class.getName(), this, (Dictionary) null);
    }

    void stop() {
    }

    public List<String> getUserRoles(String str) {
        List<String> list = null;
        if (str != null) {
            if (this.activeUsers.containsKey(str)) {
                list = this.activeUsers.get(str).getUserRoles();
            } else if (this.localUserConfigList.containsKey(str)) {
                list = this.localUserConfigList.get(str).getRoles();
            } else if (this.authorizationConfList.containsKey(str)) {
                list = this.authorizationConfList.get(str).getRoles();
            }
        }
        return list == null ? new ArrayList(0) : list;
    }

    public UserLevel getUserLevel(String str) {
        List<String> userRoles = getUserRoles(str);
        if (userRoles.isEmpty()) {
            return UserLevel.NOUSER;
        }
        if (userRoles.contains(UserLevel.SYSTEMADMIN.toString())) {
            return UserLevel.SYSTEMADMIN;
        }
        if (userRoles.contains(UserLevel.NETWORKADMIN.toString())) {
            return UserLevel.NETWORKADMIN;
        }
        if (userRoles.contains(UserLevel.NETWORKOPERATOR.toString())) {
            return UserLevel.NETWORKOPERATOR;
        }
        if (this.containerAuthorizationClient != null) {
            Iterator<String> it = userRoles.iterator();
            while (it.hasNext()) {
                if (this.containerAuthorizationClient.isApplicationRole(it.next())) {
                    return UserLevel.CONTAINERUSER;
                }
            }
        }
        if (this.applicationAuthorizationClients != null) {
            for (String str2 : userRoles) {
                Iterator<IResourceAuthorization> it2 = this.applicationAuthorizationClients.iterator();
                while (it2.hasNext()) {
                    if (it2.next().isApplicationRole(str2)) {
                        return UserLevel.APPUSER;
                    }
                }
            }
        }
        return UserLevel.NOUSER;
    }

    public List<UserLevel> getUserLevels(String str) {
        List<String> userRoles = getUserRoles(str);
        ArrayList arrayList = new ArrayList();
        if (userRoles.isEmpty()) {
            return arrayList;
        }
        if (userRoles.contains(UserLevel.SYSTEMADMIN.toString())) {
            arrayList.add(UserLevel.SYSTEMADMIN);
        }
        if (userRoles.contains(UserLevel.NETWORKADMIN.toString())) {
            arrayList.add(UserLevel.NETWORKADMIN);
        }
        if (userRoles.contains(UserLevel.NETWORKOPERATOR.toString())) {
            arrayList.add(UserLevel.NETWORKOPERATOR);
        }
        if (this.containerAuthorizationClient != null) {
            Iterator<String> it = userRoles.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (this.containerAuthorizationClient.isApplicationRole(it.next())) {
                    arrayList.add(UserLevel.CONTAINERUSER);
                    break;
                }
            }
        }
        if (this.applicationAuthorizationClients != null) {
            for (String str2 : userRoles) {
                Iterator<IResourceAuthorization> it2 = this.applicationAuthorizationClients.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (it2.next().isApplicationRole(str2)) {
                        arrayList.add(UserLevel.APPUSER);
                        break;
                    }
                }
            }
        }
        return arrayList;
    }

    public Status saveConfiguration() {
        boolean z = true;
        if (!saveLocalUserList().isSuccess()) {
            z = false;
        }
        if (!saveAAAServerList().isSuccess()) {
            z = false;
        }
        if (!saveAuthorizationList().isSuccess()) {
            z = false;
        }
        return z ? new Status(StatusCode.SUCCESS) : new Status(StatusCode.INTERNALERROR, "Failed to save user configurations");
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        AuthenticatedUser authenticatedUser = this.activeUsers.get(str);
        if (authenticatedUser != null) {
            return new User(str, this.localUserConfigList.get(str).getPassword(), true, true, true, true, authenticatedUser.getGrantedAuthorities(getUserLevel(str)));
        }
        throw new UsernameNotFoundException("User not found " + str);
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    public SecurityContextRepository getSecurityContextRepo() {
        return this.securityContextRepo;
    }

    public void setSecurityContextRepo(SecurityContextRepository securityContextRepository) {
        this.securityContextRepo = securityContextRepository;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (StringUtils.isBlank((String) authentication.getCredentials()) || StringUtils.isBlank((String) authentication.getPrincipal())) {
            throw new BadCredentialsException("Username or credentials did not match");
        }
        AuthResultEnum authenticate = authenticate((String) authentication.getPrincipal(), (String) authentication.getCredentials());
        if (!authenticate.equals(AuthResultEnum.AUTHOR_PASS) && !authenticate.equals(AuthResultEnum.AUTH_ACCEPT_LOC) && !authenticate.equals(AuthResultEnum.AUTH_ACCEPT)) {
            throw new BadCredentialsException("Username or credentials did not match");
        }
        AuthenticatedUser authenticatedUser = this.activeUsers.get(authentication.getPrincipal().toString());
        if (authenticatedUser == null) {
            throw new AuthenticationServiceException("Authentication Failure");
        }
        return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authenticatedUser.getGrantedAuthorities(getUserLevel(authentication.getName())));
    }

    void setLocalUserConfigList(ConcurrentMap<String, UserConfig> concurrentMap) {
        if (concurrentMap != null) {
            this.localUserConfigList = concurrentMap;
        }
    }

    void setRemoteServerConfigList(ConcurrentMap<String, ServerConfig> concurrentMap) {
        if (concurrentMap != null) {
            this.remoteServerConfigList = concurrentMap;
        }
    }

    void setAuthorizationConfList(ConcurrentMap<String, AuthorizationConfig> concurrentMap) {
        if (concurrentMap != null) {
            this.authorizationConfList = concurrentMap;
        }
    }

    void setActiveUsers(ConcurrentMap<String, AuthenticatedUser> concurrentMap) {
        if (concurrentMap != null) {
            this.activeUsers = concurrentMap;
        }
    }

    void setAuthProviders(ConcurrentMap<String, IAAAProvider> concurrentMap) {
        if (concurrentMap != null) {
            this.authProviders = concurrentMap;
        }
    }

    public ISessionManager getSessionManager() {
        return this.sessionMgr;
    }

    public void setSessionMgr(ISessionManager iSessionManager) {
        this.sessionMgr = iSessionManager;
    }

    public String getPassword(String str) {
        return this.localUserConfigList.get(str).getPassword();
    }

    public boolean isRoleInUse(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        if (str.equals(UserLevel.SYSTEMADMIN.toString()) || str.equals(UserLevel.NETWORKADMIN.toString()) || str.equals(UserLevel.NETWORKOPERATOR.toString())) {
            return true;
        }
        if (this.containerAuthorizationClient != null && this.containerAuthorizationClient.isApplicationRole(str)) {
            return true;
        }
        if (this.applicationAuthorizationClients == null) {
            return false;
        }
        Iterator<IResourceAuthorization> it = this.applicationAuthorizationClients.iterator();
        while (it.hasNext()) {
            if (it.next().isApplicationRole(str)) {
                return true;
            }
        }
        return false;
    }
}
