package org.apache.marmotta.platform.user.services;

import com.google.common.base.Preconditions;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import net.sf.ehcache.Ehcache;
import net.sf.ehcache.Element;
import org.apache.commons.lang.StringUtils;
import org.apache.marmotta.kiwi.model.rdf.KiWiUriResource;
import org.apache.marmotta.platform.core.api.config.ConfigurationService;
import org.apache.marmotta.platform.core.api.user.UserService;
import org.apache.marmotta.platform.core.events.ConfigurationChangedEvent;
import org.apache.marmotta.platform.core.events.SystemStartupEvent;
import org.apache.marmotta.platform.core.exception.UserExistsException;
import org.apache.marmotta.platform.core.model.user.MarmottaUser;
import org.apache.marmotta.platform.core.qualifiers.cache.MarmottaCache;
import org.apache.marmotta.platform.user.api.AccountService;
import org.apache.marmotta.platform.user.model.UserAccount;
import org.openrdf.model.Resource;
import org.openrdf.model.URI;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/apache/marmotta/platform/user/services/AccountServiceImpl.class */
public class AccountServiceImpl implements AccountService {

    @Inject
    private Logger log;

    @Inject
    private ConfigurationService configurationService;

    @Inject
    private UserService userService;

    @Inject
    @MarmottaCache("user-cache")
    private Ehcache userCache;
    private UserAccount.PasswordHash hashAlgo = UserAccount.PasswordHash.SHA1;

    @PostConstruct
    public void initialize() {
        String upperCase = this.configurationService.getStringConfiguration("security.password.hash", "SHA1").toUpperCase();
        try {
            this.hashAlgo = UserAccount.PasswordHash.valueOf(upperCase);
        } catch (Exception e) {
            this.hashAlgo = UserAccount.PasswordHash.SHA1;
            this.log.warn("Invalid/unknown password hash algorithm: {}, falling back to {}", upperCase, this.hashAlgo);
        }
    }

    public void systemStartup(@Observes SystemStartupEvent systemStartupEvent) {
        this.log.info("creating default system accounts ...");
        createDefaultAccounts();
    }

    public void onConfigurationChange(@Observes ConfigurationChangedEvent configurationChangedEvent) {
        if (configurationChangedEvent.containsChangedKey("security.password.hash")) {
            initialize();
        }
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public void createDefaultAccounts() {
        if (getAccount("admin") == null) {
            HashSet hashSet = new HashSet(this.configurationService.getListConfiguration("user.admin.roles"));
            UserAccount createAccount = createAccount("admin");
            createAccount.setRoles(hashSet);
            createAccount.setPasswd(this.hashAlgo, this.configurationService.getStringConfiguration("user.admin.password"));
            save(createAccount);
        }
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public List<UserAccount> listAccounts() {
        HashSet hashSet = new HashSet();
        Iterator it = this.configurationService.listConfigurationKeys("user").iterator();
        while (it.hasNext()) {
            String[] split = ((String) it.next()).split("\\.");
            if (split.length > 2 && "webid".equals(split[2])) {
                hashSet.add(split[1]);
            }
        }
        ArrayList<UserAccount> arrayList = new ArrayList();
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            arrayList.add(getAccount((String) it2.next()));
        }
        for (UserAccount userAccount : arrayList) {
            this.userCache.put(new Element(userAccount.getLogin(), userAccount));
            this.userCache.put(new Element(userAccount.getWebId(), userAccount));
        }
        return arrayList;
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public List<UserAccount> listAccounts(String str) {
        ArrayList arrayList = new ArrayList();
        for (UserAccount userAccount : listAccounts()) {
            if (userAccount.getRoles().contains(str)) {
                arrayList.add(userAccount);
            }
        }
        return arrayList;
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public UserAccount createAccount(String str) {
        return createAccount(str, null, null);
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public UserAccount createAccount(String str, String str2, String str3) {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "blank/empty login not allowed");
        URI user = this.userService.getUser(str);
        if (user == null) {
            try {
                user = this.userService.createUser(str, str2, str3);
            } catch (UserExistsException e) {
                this.log.warn("User {} exists. This should not happen as it was checked 3 lines before!", str);
                user = this.userService.getUser(str);
            }
        }
        if (!(user instanceof KiWiUriResource)) {
            this.log.error("could not create user account, the backend is not KiWi");
            return null;
        }
        UserAccount userAccount = new UserAccount(str, user.stringValue());
        save(userAccount);
        return userAccount;
    }

    private void save(UserAccount userAccount) {
        this.configurationService.setConfiguration("user." + userAccount.getLogin() + ".pwhash", userAccount.getPasswdHash());
        this.configurationService.setConfiguration("user." + userAccount.getLogin() + ".webid", userAccount.getWebId());
        this.configurationService.setListConfiguration("user." + userAccount.getLogin() + ".roles", new ArrayList(userAccount.getRoles()));
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public void deleteAccount(UserAccount userAccount) {
        Iterator it = this.configurationService.listConfigurationKeys("user." + userAccount.getLogin()).iterator();
        while (it.hasNext()) {
            this.configurationService.removeConfiguration((String) it.next());
        }
        this.userCache.remove(userAccount.getLogin());
        this.userCache.remove(userAccount.getWebId());
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public UserAccount getAccount(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        UserAccount userAccount = null;
        if (this.userCache != null && this.userCache.get(str) != null) {
            userAccount = (UserAccount) this.userCache.get(str).getObjectValue();
        } else if (this.configurationService.isConfigurationSet("user." + str + ".webid")) {
            userAccount = new UserAccount();
            userAccount.setLogin(str);
            userAccount.setPasswdHash(this.configurationService.getStringConfiguration("user." + str + ".pwhash"));
            userAccount.setRoles(new HashSet(this.configurationService.getListConfiguration("user." + str + ".roles")));
            userAccount.setWebId(this.configurationService.getStringConfiguration("user." + str + ".webid"));
            this.userCache.put(new Element(userAccount.getLogin(), userAccount));
            this.userCache.put(new Element(userAccount.getWebId(), userAccount));
        } else {
            this.log.info("UserAccount {} not found", str);
        }
        return userAccount;
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public UserAccount getAccount(URI uri) {
        Preconditions.checkArgument(uri != null);
        UserAccount userAccount = null;
        if (this.userCache == null || this.userCache.get(uri) == null) {
            Iterator<UserAccount> it = listAccounts().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserAccount next = it.next();
                if (next.getWebId().equals(uri.stringValue())) {
                    userAccount = next;
                    break;
                }
            }
            if (userAccount != null) {
                this.userCache.put(new Element(userAccount.getLogin(), userAccount));
                this.userCache.put(new Element(userAccount.getWebId(), userAccount));
            } else {
                this.log.warn("UserAccount {} not found", uri);
            }
        } else {
            userAccount = (UserAccount) this.userCache.get(uri).getObjectValue();
        }
        return userAccount;
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public UserAccount getAccount(MarmottaUser marmottaUser) {
        Resource delegate = marmottaUser.getDelegate();
        if (delegate instanceof URI) {
            return getAccount((URI) delegate);
        }
        return null;
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public UserAccount setPassword(UserAccount userAccount, String str) {
        userAccount.setPasswd(this.hashAlgo, str);
        save(userAccount);
        return userAccount;
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public boolean checkPassword(UserAccount userAccount, String str) {
        return userAccount != null && userAccount.checkPasswd(str);
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public boolean checkPassword(String str, String str2) {
        return getAccount(str) != null && getAccount(str).checkPasswd(str2);
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public void setRoles(UserAccount userAccount, Set<String> set) {
        userAccount.setRoles(new HashSet(set));
        save(userAccount);
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public Set<String> getRoles(UserAccount userAccount) {
        return userAccount.getRoles();
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public void addRole(UserAccount userAccount, String str) {
        userAccount.addRole(str);
        save(userAccount);
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public void removeRole(UserAccount userAccount, String str) {
        Set<String> roles = userAccount.getRoles();
        roles.remove(str);
        userAccount.setRoles(roles);
        save(userAccount);
    }

    @Override // org.apache.marmotta.platform.user.api.AccountService
    public boolean hasRole(UserAccount userAccount, String str) {
        return userAccount.getRoles().contains(str);
    }
}
