package org.uberfire.ext.security.management.wildfly.filesystem;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.jboss.errai.security.shared.api.identity.User;
import org.keycloak.broker.provider.ConfigConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.backend.server.security.JAASAuthenticationService;
import org.uberfire.commons.config.ConfigProperties;
import org.uberfire.ext.security.management.api.AbstractEntityManager;
import org.uberfire.ext.security.management.api.Capability;
import org.uberfire.ext.security.management.api.CapabilityStatus;
import org.uberfire.ext.security.management.api.ContextualManager;
import org.uberfire.ext.security.management.api.UserManager;
import org.uberfire.ext.security.management.api.UserManagerSettings;
import org.uberfire.ext.security.management.api.UserSystemManager;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
import org.uberfire.ext.security.management.api.exception.UserNotFoundException;
import org.uberfire.ext.security.management.impl.UserManagerSettingsImpl;
import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.search.UsersIdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.util.SecurityManagementUtils;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.ModifiableRealmIdentity;
import org.wildfly.security.auth.server.ModifiableRealmIdentityIterator;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.spec.DigestPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.DigestPasswordSpec;
import org.wildfly.security.password.spec.EncryptablePasswordSpec;

/* loaded from: input_file:WEB-INF/lib/uberfire-security-management-wildfly-7.74.0-SNAPSHOT.jar:org/uberfire/ext/security/management/wildfly/filesystem/WildflyUserFileSystemManager.class */
public class WildflyUserFileSystemManager implements ContextualManager, UserManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) WildflyUserFileSystemManager.class);
    private static final Provider ELYTRON_PROVIDER = new WildFlyElytronPasswordProvider();
    protected final IdentifierRuntimeSearchEngine<User> usersSearchEngine;
    private final RealmProvider realmProvider;
    private UserSystemManager userSystemManager;

    public WildflyUserFileSystemManager() {
        this(new ConfigProperties(System.getProperties()));
    }

    public WildflyUserFileSystemManager(Map<String, String> map) {
        this(new ConfigProperties(map));
    }

    public WildflyUserFileSystemManager(ConfigProperties configProperties) {
        this.usersSearchEngine = new UsersIdentifierRuntimeSearchEngine();
        this.realmProvider = new RealmProvider(configProperties);
    }

    @Override // org.uberfire.ext.security.management.api.ContextualManager
    public void initialize(UserSystemManager userSystemManager) {
        this.userSystemManager = userSystemManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized WildflyGroupFileSystemManager getGroupsFileSystemManager() {
        try {
            return (WildflyGroupFileSystemManager) this.userSystemManager.groups();
        } catch (ClassCastException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // org.uberfire.ext.security.management.api.ContextualManager
    public void destroy() throws Exception {
    }

    @Override // org.uberfire.ext.security.management.api.AbstractEntityManager
    public AbstractEntityManager.SearchResponse<User> search(AbstractEntityManager.SearchRequest searchRequest) throws SecurityManagementException {
        ArrayList arrayList = new ArrayList();
        try {
            ModifiableRealmIdentityIterator realmIdentityIterator = this.realmProvider.getRealm().getRealmIdentityIterator();
            while (realmIdentityIterator.hasNext()) {
                arrayList.add(realmIdentityIterator.next().getRealmIdentityPrincipal().getName());
            }
            return this.usersSearchEngine.searchByIdentifiers(arrayList, searchRequest);
        } catch (RealmUnavailableException e) {
            throw new SecurityManagementException(e);
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.uberfire.ext.security.management.api.AbstractEntityManager
    public User get(String str) throws SecurityManagementException {
        try {
            Optional<User> user = getUser(this.realmProvider.getRealm().getRealmIdentityForUpdate(new NamePrincipal(str)));
            if (user.isPresent()) {
                return user.get();
            }
            throw new UserNotFoundException(str);
        } catch (RealmUnavailableException e) {
            throw new UserNotFoundException(str);
        }
    }

    @Override // org.uberfire.ext.security.management.api.AbstractEntityManager
    public List<User> getAll() throws SecurityManagementException {
        ArrayList arrayList = new ArrayList();
        try {
            ModifiableRealmIdentityIterator realmIdentityIterator = this.realmProvider.getRealm().getRealmIdentityIterator();
            while (realmIdentityIterator.hasNext()) {
                Optional<User> user = getUser(realmIdentityIterator.next());
                if (user.isPresent()) {
                    arrayList.add(user.get());
                }
            }
            return arrayList;
        } catch (RealmUnavailableException e) {
            throw new SecurityManagementException(e);
        }
    }

    private Optional<User> getUser(ModifiableRealmIdentity modifiableRealmIdentity) throws RealmUnavailableException {
        Set<String> allGroups;
        String name = modifiableRealmIdentity.getRealmIdentityPrincipal().getName();
        Attributes.Entry entry = modifiableRealmIdentity.getAttributes().get(ConfigConstants.ROLE);
        HashSet<String> hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator<String> it = entry.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        Set<String> registeredRoleNames = SecurityManagementUtils.getRegisteredRoleNames();
        if (hashSet2 == null || (allGroups = getGroupsFileSystemManager().getAllGroups()) == null) {
            return Optional.empty();
        }
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        for (String str : hashSet) {
            if (!allGroups.contains(str)) {
                String str2 = "Error getting groups for user. User's group '" + str + "' does not exist.";
                LOG.error(str2);
                throw new SecurityManagementException(str2);
            }
            SecurityManagementUtils.populateGroupOrRoles(str, registeredRoleNames, hashSet3, hashSet4);
        }
        return Optional.of(SecurityManagementUtils.createUser(name, hashSet3, hashSet4));
    }

    @Override // org.uberfire.ext.security.management.api.AbstractEntityManager
    public User create(User user) throws SecurityManagementException {
        Preconditions.checkNotNull("entity", user);
        String identifier = user.getIdentifier();
        if (null == identifier || 0 == identifier.trim().length()) {
            throw new IllegalArgumentException("No username specified.");
        }
        try {
            ModifiableRealmIdentity realmIdentityForUpdate = this.realmProvider.getRealm().getRealmIdentityForUpdate(new NamePrincipal(identifier));
            if (!realmIdentityForUpdate.exists()) {
                realmIdentityForUpdate.create();
            }
            return user;
        } catch (RealmUnavailableException e) {
            LOG.error("Error creating user " + identifier, (Throwable) e);
            throw new SecurityManagementException(e);
        }
    }

    @Override // org.uberfire.ext.security.management.api.AbstractEntityManager
    public User update(User user) throws SecurityManagementException {
        Preconditions.checkNotNull("entity", user);
        return user;
    }

    @Override // org.uberfire.ext.security.management.api.AbstractEntityManager
    public void delete(String... strArr) throws SecurityManagementException {
        Preconditions.checkNotNull("usernames", strArr);
        for (String str : strArr) {
            ModifiableRealmIdentity realmIdentityForUpdate = this.realmProvider.getRealm().getRealmIdentityForUpdate(new NamePrincipal(str));
            try {
                if (realmIdentityForUpdate.exists()) {
                    realmIdentityForUpdate.delete();
                }
            } catch (RealmUnavailableException e) {
                throw new SecurityManagementException(e);
            }
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.uberfire.ext.security.management.api.AbstractEntityManager
    public UserManagerSettings getSettings() {
        HashMap hashMap = new HashMap(8);
        for (Capability capability : SecurityManagementUtils.USERS_CAPABILITIES) {
            hashMap.put(capability, getCapabilityStatus(capability));
        }
        return new UserManagerSettingsImpl(hashMap, null);
    }

    protected CapabilityStatus getCapabilityStatus(Capability capability) {
        if (capability != null) {
            switch (capability) {
                case CAN_SEARCH_USERS:
                case CAN_ADD_USER:
                case CAN_UPDATE_USER:
                case CAN_DELETE_USER:
                case CAN_READ_USER:
                case CAN_ASSIGN_GROUPS:
                case CAN_ASSIGN_ROLES:
                case CAN_CHANGE_PASSWORD:
                    return CapabilityStatus.ENABLED;
            }
        }
        return CapabilityStatus.UNSUPPORTED;
    }

    @Override // org.uberfire.ext.security.management.api.UserManager
    public void assignGroups(String str, Collection<String> collection) throws SecurityManagementException {
        try {
            ModifiableRealmIdentity realmIdentityForUpdate = this.realmProvider.getRealm().getRealmIdentityForUpdate(new NamePrincipal(str));
            Attributes mapAttributes = new MapAttributes();
            Set<String> rolesToString = SecurityManagementUtils.rolesToString(SecurityManagementUtils.getRoles(this.userSystemManager, str));
            rolesToString.addAll(collection);
            mapAttributes.addAll(ConfigConstants.ROLE, rolesToString);
            realmIdentityForUpdate.setAttributes(mapAttributes);
            realmIdentityForUpdate.dispose();
        } catch (RealmUnavailableException e) {
            throw new SecurityManagementException(e);
        }
    }

    @Override // org.uberfire.ext.security.management.api.UserManager
    public void assignRoles(String str, Collection<String> collection) throws SecurityManagementException {
        try {
            ModifiableRealmIdentity realmIdentityForUpdate = this.realmProvider.getRealm().getRealmIdentityForUpdate(new NamePrincipal(str));
            Attributes mapAttributes = new MapAttributes();
            Set<String> groupsToString = SecurityManagementUtils.groupsToString(SecurityManagementUtils.getGroups(this.userSystemManager, str));
            groupsToString.addAll(collection);
            mapAttributes.addAll(ConfigConstants.ROLE, groupsToString);
            realmIdentityForUpdate.setAttributes(mapAttributes);
            realmIdentityForUpdate.dispose();
        } catch (RealmUnavailableException e) {
            throw new SecurityManagementException(e);
        }
    }

    @Override // org.uberfire.ext.security.management.api.UserManager
    public void changePassword(String str, String str2) throws SecurityManagementException {
        Preconditions.checkNotNull("username", str);
        if (0 == str.trim().length()) {
            throw new IllegalArgumentException("No username specified for updating password.");
        }
        try {
            ModifiableRealmIdentity realmIdentityForUpdate = this.realmProvider.getRealm().getRealmIdentityForUpdate(new NamePrincipal(str));
            PasswordFactory passwordFactory = PasswordFactory.getInstance(DigestPassword.ALGORITHM_DIGEST_MD5, ELYTRON_PROVIDER);
            realmIdentityForUpdate.setCredentials(Collections.singleton(new PasswordCredential((DigestPassword) passwordFactory.generatePassword(new DigestPasswordSpec(str, JAASAuthenticationService.DEFAULT_DOMAIN, ((DigestPassword) passwordFactory.generatePassword(new EncryptablePasswordSpec(str2.toCharArray(), new DigestPasswordAlgorithmSpec(str, JAASAuthenticationService.DEFAULT_DOMAIN)))).getDigest())))));
            realmIdentityForUpdate.dispose();
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.error("Error changing user's password", e);
            throw new SecurityManagementException(e);
        }
    }
}
