package org.jboss.seam.security.management;

import java.io.Serializable;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import net.sf.ehcache.config.TimeoutBehaviorConfiguration;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.annotations.security.management.PasswordSalt;
import org.jboss.seam.annotations.security.management.RoleConditional;
import org.jboss.seam.annotations.security.management.RoleGroups;
import org.jboss.seam.annotations.security.management.RoleName;
import org.jboss.seam.annotations.security.management.UserEnabled;
import org.jboss.seam.annotations.security.management.UserFirstName;
import org.jboss.seam.annotations.security.management.UserLastName;
import org.jboss.seam.annotations.security.management.UserPassword;
import org.jboss.seam.annotations.security.management.UserPrincipal;
import org.jboss.seam.annotations.security.management.UserRoles;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.core.Expressions;
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.Role;
import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.crypto.BinTools;
import org.jboss.seam.security.management.IdentityStore;
import org.jboss.seam.util.AnnotatedBeanProperty;
import org.jboss.seam.util.TypedBeanProperty;

@Name("org.jboss.seam.security.identityStore")
@Scope(ScopeType.APPLICATION)
@Install(precedence = 0, value = false)
@BypassInterceptors
/* loaded from: input_file:WEB-INF/lib/jboss-seam-2.3.2-SNAPSHOT.jar:org/jboss/seam/security/management/JpaIdentityStore.class */
public class JpaIdentityStore implements IdentityStore, Serializable {
    private static final long serialVersionUID = -3627993296654916436L;
    public static final String AUTHENTICATED_USER = "org.jboss.seam.security.management.authenticatedUser";
    public static final String EVENT_USER_CREATED = "org.jboss.seam.security.management.userCreated";
    public static final String EVENT_PRE_PERSIST_USER = "org.jboss.seam.security.management.prePersistUser";
    public static final String EVENT_USER_AUTHENTICATED = "org.jboss.seam.security.management.userAuthenticated";
    public static final String EVENT_PRE_PERSIST_USER_ROLE = "org.jboss.seam.security.management.prePersistUserRole";
    private static final LogProvider log = Logging.getLogProvider(JpaIdentityStore.class);
    protected IdentityStore.FeatureSet featureSet;
    private Expressions.ValueExpression<EntityManager> entityManager;
    private Class userClass;
    private Class roleClass;
    private Class xrefClass;
    private TypedBeanProperty xrefUserProperty;
    private TypedBeanProperty xrefRoleProperty;
    private AnnotatedBeanProperty<UserPrincipal> userPrincipalProperty;
    private AnnotatedBeanProperty<UserPassword> userPasswordProperty;
    private AnnotatedBeanProperty<PasswordSalt> passwordSaltProperty;
    private AnnotatedBeanProperty<UserRoles> userRolesProperty;
    private AnnotatedBeanProperty<UserEnabled> userEnabledProperty;
    private AnnotatedBeanProperty<UserFirstName> userFirstNameProperty;
    private AnnotatedBeanProperty<UserLastName> userLastNameProperty;
    private AnnotatedBeanProperty<RoleName> roleNameProperty;
    private AnnotatedBeanProperty<RoleGroups> roleGroupsProperty;
    private AnnotatedBeanProperty<RoleConditional> roleConditionalProperty;

    public Set<IdentityStore.Feature> getFeatures() {
        return this.featureSet.getFeatures();
    }

    public void setFeatures(Set<IdentityStore.Feature> set) {
        this.featureSet = new IdentityStore.FeatureSet(set);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean supportsFeature(IdentityStore.Feature feature) {
        return this.featureSet.supports(feature);
    }

    @Create
    public void init() {
        if (this.featureSet == null) {
            this.featureSet = new IdentityStore.FeatureSet();
            this.featureSet.enableAll();
        }
        if (this.entityManager == null) {
            this.entityManager = Expressions.instance().createValueExpression("#{entityManager}", EntityManager.class);
        }
        if (this.userClass == null) {
            log.error("Error in JpaIdentityStore configuration - userClass must be configured.");
        } else {
            initProperties();
        }
    }

    private void initProperties() {
        this.userPrincipalProperty = new AnnotatedBeanProperty<>(this.userClass, UserPrincipal.class);
        this.userPasswordProperty = new AnnotatedBeanProperty<>(this.userClass, UserPassword.class);
        this.passwordSaltProperty = new AnnotatedBeanProperty<>(this.userClass, PasswordSalt.class);
        this.userRolesProperty = new AnnotatedBeanProperty<>(this.userClass, UserRoles.class);
        this.userEnabledProperty = new AnnotatedBeanProperty<>(this.userClass, UserEnabled.class);
        this.userFirstNameProperty = new AnnotatedBeanProperty<>(this.userClass, UserFirstName.class);
        this.userLastNameProperty = new AnnotatedBeanProperty<>(this.userClass, UserLastName.class);
        if (!this.userPrincipalProperty.isSet()) {
            throw new IdentityManagementException("Invalid userClass " + this.userClass.getName() + " - required annotation @UserPrincipal not found on any Field or Method.");
        }
        if (!this.userRolesProperty.isSet()) {
            throw new IdentityManagementException("Invalid userClass " + this.userClass.getName() + " - required annotation @UserRoles not found on any Field or Method.");
        }
        if (this.roleClass != null) {
            this.roleNameProperty = new AnnotatedBeanProperty<>(this.roleClass, RoleName.class);
            this.roleGroupsProperty = new AnnotatedBeanProperty<>(this.roleClass, RoleGroups.class);
            this.roleConditionalProperty = new AnnotatedBeanProperty<>(this.roleClass, RoleConditional.class);
            if (!this.roleNameProperty.isSet()) {
                throw new IdentityManagementException("Invalid roleClass " + this.roleClass.getName() + " - required annotation @RoleName not found on any Field or Method.");
            }
            Type propertyType = this.userRolesProperty.getPropertyType();
            if ((propertyType instanceof ParameterizedType) && Collection.class.isAssignableFrom((Class) ((ParameterizedType) propertyType).getRawType())) {
                Type[] actualTypeArguments = ((ParameterizedType) propertyType).getActualTypeArguments();
                Type type = 0 < actualTypeArguments.length ? actualTypeArguments[0] : Object.class;
                if (type.equals(this.roleClass)) {
                    return;
                }
                this.xrefClass = (Class) type;
                this.xrefUserProperty = new TypedBeanProperty(this.xrefClass, this.userClass);
                this.xrefRoleProperty = new TypedBeanProperty(this.xrefClass, this.roleClass);
                if (!this.xrefUserProperty.isSet()) {
                    throw new IdentityManagementException("Error configuring JpaIdentityStore - it looks like you're using a cross-reference table, however the user property cannot be determined.");
                }
                if (!this.xrefRoleProperty.isSet()) {
                    throw new IdentityManagementException("Error configuring JpaIdentityStore - it looks like you're using a cross-reference table, however the role property cannot be determined.");
                }
            }
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean createUser(String str, String str2, String str3, String str4) {
        try {
            if (this.userClass == null) {
                throw new IdentityManagementException("Could not create account, userClass not set");
            }
            if (userExists(str)) {
                throw new IdentityManagementException("Could not create account, already exists");
            }
            Object newInstance = this.userClass.newInstance();
            this.userPrincipalProperty.setValue(newInstance, str);
            if (this.userFirstNameProperty.isSet()) {
                this.userFirstNameProperty.setValue(newInstance, str3);
            }
            if (this.userLastNameProperty.isSet()) {
                this.userLastNameProperty.setValue(newInstance, str4);
            }
            if (str2 != null) {
                setUserPassword(newInstance, str2);
                if (this.userEnabledProperty.isSet()) {
                    this.userEnabledProperty.setValue(newInstance, true);
                }
            } else if (this.userEnabledProperty.isSet()) {
                this.userEnabledProperty.setValue(newInstance, false);
            }
            if (Events.exists()) {
                Events.instance().raiseEvent(EVENT_PRE_PERSIST_USER, newInstance);
            }
            persistEntity(newInstance);
            if (!Events.exists()) {
                return true;
            }
            Events.instance().raiseEvent(EVENT_USER_CREATED, newInstance);
            return true;
        } catch (Exception e) {
            if (e instanceof IdentityManagementException) {
                throw ((IdentityManagementException) e);
            }
            throw new IdentityManagementException("Could not create account", e);
        }
    }

    protected void setUserPassword(Object obj, String str) {
        if (!this.passwordSaltProperty.isSet()) {
            this.userPasswordProperty.setValue(obj, generatePasswordHash(str, getUserAccountSalt(obj)));
            return;
        }
        byte[] generateUserSalt = generateUserSalt(obj);
        this.passwordSaltProperty.setValue(obj, BinTools.bin2hex(generateUserSalt));
        this.userPasswordProperty.setValue(obj, generatePasswordHash(str, generateUserSalt));
    }

    @Deprecated
    protected String getUserAccountSalt(Object obj) {
        return this.userPrincipalProperty.getValue(obj).toString();
    }

    public byte[] generateUserSalt(Object obj) {
        return PasswordHash.instance().generateRandomSalt();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean createUser(String str, String str2) {
        return createUser(str, str2, null, null);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean deleteUser(String str) {
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            throw new NoSuchUserException("Could not delete, user '" + str + "' does not exist");
        }
        removeEntity(lookupUser);
        return true;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean grantRole(String str, String str2) {
        Class cls;
        if (this.roleClass == null) {
            return false;
        }
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            if (this.userPasswordProperty.isSet()) {
                throw new NoSuchUserException("Could not grant role, no such user '" + str + "'");
            }
            if (!createUser(str, null)) {
                throw new IdentityManagementException("Could not grant role - user does not exist and an attempt to create the user failed.");
            }
            lookupUser = lookupUser(str);
        }
        Object lookupRole = lookupRole(str2);
        if (lookupRole == null) {
            throw new NoSuchRoleException("Could not grant role, role '" + str2 + "' does not exist");
        }
        Collection collection = (Collection) this.userRolesProperty.getValue(lookupUser);
        if (collection == null) {
            Type propertyType = this.userRolesProperty.getPropertyType();
            if ((propertyType instanceof Class) && Collection.class.isAssignableFrom((Class) propertyType)) {
                cls = (Class) propertyType;
            } else {
                if (!(propertyType instanceof ParameterizedType) || !Collection.class.isAssignableFrom((Class) ((ParameterizedType) propertyType).getRawType())) {
                    throw new IllegalStateException("Could not determine collection type for user roles.");
                }
                cls = (Class) ((ParameterizedType) propertyType).getRawType();
            }
            if (Set.class.isAssignableFrom(cls)) {
                collection = new HashSet();
            } else if (List.class.isAssignableFrom(cls)) {
                collection = new ArrayList();
            }
            this.userRolesProperty.setValue(lookupUser, collection);
        } else if (((Collection) this.userRolesProperty.getValue(lookupUser)).contains(lookupRole)) {
            return false;
        }
        if (this.xrefClass == null) {
            ((Collection) this.userRolesProperty.getValue(lookupUser)).add(lookupRole);
            return true;
        }
        try {
            Object newInstance = this.xrefClass.newInstance();
            this.xrefUserProperty.setValue(newInstance, lookupUser);
            this.xrefRoleProperty.setValue(newInstance, lookupRole);
            Events.instance().raiseEvent(EVENT_PRE_PERSIST_USER_ROLE, newInstance);
            ((Collection) this.userRolesProperty.getValue(lookupUser)).add(mergeEntity(newInstance));
            return true;
        } catch (Exception e) {
            throw new IdentityManagementException("Error creating cross-reference role record.", e);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean revokeRole(String str, String str2) {
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            throw new NoSuchUserException("Could not revoke role, no such user '" + str + "'");
        }
        Object lookupRole = lookupRole(str2);
        if (lookupRole == null) {
            throw new NoSuchRoleException("Could not revoke role, role '" + str2 + "' does not exist");
        }
        boolean z = false;
        if (this.xrefClass != null) {
            Collection collection = (Collection) this.userRolesProperty.getValue(lookupUser);
            Iterator it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (this.xrefRoleProperty.getValue(next).equals(lookupRole)) {
                    z = collection.remove(next);
                    break;
                }
            }
        } else {
            z = ((Collection) this.userRolesProperty.getValue(lookupUser)).remove(lookupRole);
        }
        return z;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean addRoleToGroup(String str, String str2) {
        if (!this.roleGroupsProperty.isSet()) {
            return false;
        }
        Object lookupRole = lookupRole(str);
        if (lookupRole == null) {
            throw new NoSuchUserException("Could not add role to group, no such role '" + str + "'");
        }
        Object lookupRole2 = lookupRole(str2);
        if (lookupRole2 == null) {
            throw new NoSuchRoleException("Could not grant role, group '" + str2 + "' does not exist");
        }
        Collection collection = (Collection) this.roleGroupsProperty.getValue(lookupRole);
        if (collection == null) {
            if (!(this.roleGroupsProperty.getPropertyType() instanceof ParameterizedType)) {
                return false;
            }
            Class cls = (Class) ((ParameterizedType) this.roleGroupsProperty.getPropertyType()).getRawType();
            if (Set.class.isAssignableFrom(cls)) {
                collection = new HashSet();
            } else if (List.class.isAssignableFrom(cls)) {
                collection = new ArrayList();
            }
            this.roleGroupsProperty.setValue(lookupRole, collection);
        } else if (((Collection) this.roleGroupsProperty.getValue(lookupRole)).contains(lookupRole2)) {
            return false;
        }
        ((Collection) this.roleGroupsProperty.getValue(lookupRole)).add(lookupRole2);
        return true;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean removeRoleFromGroup(String str, String str2) {
        if (!this.roleGroupsProperty.isSet()) {
            return false;
        }
        Object lookupRole = lookupRole(str);
        if (str == null) {
            throw new NoSuchUserException("Could not remove role from group, no such role '" + str + "'");
        }
        Object lookupRole2 = lookupRole(str2);
        if (lookupRole2 == null) {
            throw new NoSuchRoleException("Could not remove role from group, no such group '" + str2 + "'");
        }
        return ((Collection) this.roleGroupsProperty.getValue(lookupRole)).remove(lookupRole2);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean createRole(String str) {
        try {
            if (this.roleClass == null) {
                throw new IdentityManagementException("Could not create role, roleClass not set");
            }
            if (roleExists(str)) {
                throw new IdentityManagementException("Could not create role, already exists");
            }
            Object newInstance = this.roleClass.newInstance();
            this.roleNameProperty.setValue(newInstance, str);
            persistEntity(newInstance);
            return true;
        } catch (Exception e) {
            if (e instanceof IdentityManagementException) {
                throw ((IdentityManagementException) e);
            }
            throw new IdentityManagementException("Could not create role", e);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean deleteRole(String str) {
        Object lookupRole = lookupRole(str);
        if (lookupRole == null) {
            throw new NoSuchRoleException("Could not delete role, role '" + str + "' does not exist");
        }
        if (this.xrefClass != null) {
            lookupEntityManager().createQuery("delete " + this.xrefClass.getName() + " where role = :role").setParameter("role", lookupRole).executeUpdate();
        } else {
            Iterator<String> it = listUserMembers(str).iterator();
            while (it.hasNext()) {
                revokeRole(it.next(), str);
            }
        }
        Iterator<String> it2 = listRoleMembers(str).iterator();
        while (it2.hasNext()) {
            removeRoleFromGroup(it2.next(), str);
        }
        removeEntity(lookupRole);
        return true;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean enableUser(String str) {
        if (!this.userEnabledProperty.isSet()) {
            log.debug("Can not enable user, no @UserEnabled property configured in userClass " + this.userClass.getName());
            return false;
        }
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            throw new NoSuchUserException("Could not enable user, user '" + str + "' does not exist");
        }
        if (((Boolean) this.userEnabledProperty.getValue(lookupUser)).booleanValue()) {
            return false;
        }
        this.userEnabledProperty.setValue(lookupUser, true);
        return true;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean disableUser(String str) {
        if (!this.userEnabledProperty.isSet()) {
            log.debug("Can not disable user, no @UserEnabled property configured in userClass " + this.userClass.getName());
            return false;
        }
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            throw new NoSuchUserException("Could not disable user, user '" + str + "' does not exist");
        }
        if (!((Boolean) this.userEnabledProperty.getValue(lookupUser)).booleanValue()) {
            return false;
        }
        this.userEnabledProperty.setValue(lookupUser, false);
        return true;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean changePassword(String str, String str2) {
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            throw new NoSuchUserException("Could not change password, user '" + str + "' does not exist");
        }
        setUserPassword(lookupUser, str2);
        return true;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean userExists(String str) {
        return lookupUser(str) != null;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean roleExists(String str) {
        return lookupRole(str) != null;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean isUserEnabled(String str) {
        Object lookupUser = lookupUser(str);
        return lookupUser != null && (!this.userEnabledProperty.isSet() || ((Boolean) this.userEnabledProperty.getValue(lookupUser)).booleanValue());
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getGrantedRoles(String str) {
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            throw new NoSuchUserException("No such user '" + str + "'");
        }
        ArrayList arrayList = new ArrayList();
        Collection collection = (Collection) this.userRolesProperty.getValue(lookupUser);
        if (collection != null) {
            for (Object obj : collection) {
                if (this.xrefClass == null) {
                    arrayList.add((String) this.roleNameProperty.getValue(obj));
                } else {
                    arrayList.add((String) this.roleNameProperty.getValue(this.xrefRoleProperty.getValue(this.roleNameProperty.getValue(obj))));
                }
            }
        }
        return arrayList;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getRoleGroups(String str) {
        Collection collection;
        Object lookupRole = lookupRole(str);
        if (lookupRole == null) {
            throw new NoSuchUserException("No such role '" + str + "'");
        }
        ArrayList arrayList = new ArrayList();
        if (this.roleGroupsProperty.isSet() && (collection = (Collection) this.roleGroupsProperty.getValue(lookupRole)) != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add((String) this.roleNameProperty.getValue(it.next()));
            }
        }
        return arrayList;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getImpliedRoles(String str) {
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            throw new NoSuchUserException("No such user '" + str + "'");
        }
        HashSet hashSet = new HashSet();
        Collection collection = (Collection) this.userRolesProperty.getValue(lookupUser);
        if (collection != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                addRoleAndMemberships((String) this.roleNameProperty.getValue(it.next()), hashSet);
            }
        }
        return new ArrayList(hashSet);
    }

    private void addRoleAndMemberships(String str, Set<String> set) {
        Collection collection;
        if (set.add(str)) {
            Object lookupRole = lookupRole(str);
            if (!this.roleGroupsProperty.isSet() || (collection = (Collection) this.roleGroupsProperty.getValue(lookupRole)) == null) {
                return;
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                addRoleAndMemberships((String) this.roleNameProperty.getValue(it.next()), set);
            }
        }
    }

    public String generatePasswordHash(String str, byte[] bArr) {
        if (!this.passwordSaltProperty.isSet()) {
            return generatePasswordHash(str, new String(bArr));
        }
        try {
            return PasswordHash.instance().createPasswordKey(str.toCharArray(), bArr, this.userPasswordProperty.getAnnotation().iterations());
        } catch (GeneralSecurityException e) {
            throw new IdentityManagementException("Exception generating password hash", e);
        }
    }

    @Deprecated
    protected String generatePasswordHash(String str, String str2) {
        String hash = this.userPasswordProperty.getAnnotation().hash();
        return (hash == null || TimeoutBehaviorConfiguration.DEFAULT_PROPERTIES.equals(hash)) ? (str2 == null || TimeoutBehaviorConfiguration.DEFAULT_PROPERTIES.equals(str2)) ? PasswordHash.instance().generateHash(str) : PasswordHash.instance().generateSaltedHash(str, str2) : "none".equalsIgnoreCase(hash) ? str : (str2 == null || TimeoutBehaviorConfiguration.DEFAULT_PROPERTIES.equals(str2)) ? PasswordHash.instance().generateHash(str, hash) : PasswordHash.instance().generateSaltedHash(str, str2, hash);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean authenticate(String str, String str2) {
        String generatePasswordHash;
        Object lookupUser = lookupUser(str);
        if (lookupUser == null) {
            return false;
        }
        if (this.userEnabledProperty.isSet() && !((Boolean) this.userEnabledProperty.getValue(lookupUser)).booleanValue()) {
            return false;
        }
        if (this.passwordSaltProperty.isSet()) {
            String str3 = (String) this.passwordSaltProperty.getValue(lookupUser);
            if (str3 == null) {
                throw new IdentityManagementException("A @PasswordSalt property was found on entity " + lookupUser + ", but it contains no value");
            }
            generatePasswordHash = generatePasswordHash(str2, BinTools.hex2bin(str3));
        } else {
            generatePasswordHash = generatePasswordHash(str2, getUserAccountSalt(lookupUser));
        }
        boolean equals = generatePasswordHash.equals(this.userPasswordProperty.getValue(lookupUser));
        if (equals && Events.exists()) {
            if (Contexts.isEventContextActive()) {
                Contexts.getEventContext().set(AUTHENTICATED_USER, lookupUser);
            }
            Events.instance().raiseEvent(EVENT_USER_AUTHENTICATED, lookupUser);
        }
        return equals;
    }

    @Observer({Identity.EVENT_POST_AUTHENTICATE})
    public void setUserAccountForSession() {
        if (Contexts.isEventContextActive() && Contexts.isSessionContextActive()) {
            Contexts.getSessionContext().set(AUTHENTICATED_USER, Contexts.getEventContext().get(AUTHENTICATED_USER));
        }
    }

    public Object lookupUser(String str) {
        try {
            return lookupEntityManager().createQuery("select u from " + this.userClass.getName() + " u where " + this.userPrincipalProperty.getName() + " = :username").setParameter("username", str).getSingleResult();
        } catch (NoResultException e) {
            return null;
        }
    }

    public String getUserName(Object obj) {
        return (String) this.userPrincipalProperty.getValue(obj);
    }

    public String getRoleName(Object obj) {
        return (String) this.roleNameProperty.getValue(obj);
    }

    public boolean isRoleConditional(String str) {
        if (this.roleConditionalProperty.isSet()) {
            return ((Boolean) this.roleConditionalProperty.getValue(lookupRole(str))).booleanValue();
        }
        return false;
    }

    public Object lookupRole(String str) {
        try {
            return lookupEntityManager().createQuery("select r from " + this.roleClass.getName() + " r where " + this.roleNameProperty.getName() + " = :role").setParameter("role", str).getSingleResult();
        } catch (NoResultException e) {
            return null;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listUsers() {
        return lookupEntityManager().createQuery("select u." + this.userPrincipalProperty.getName() + " from " + this.userClass.getName() + " u").getResultList();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listUsers(String str) {
        return lookupEntityManager().createQuery("select u." + this.userPrincipalProperty.getName() + " from " + this.userClass.getName() + " u where lower(" + this.userPrincipalProperty.getName() + ") like :username").setParameter("username", "%" + (str != null ? str.toLowerCase() : TimeoutBehaviorConfiguration.DEFAULT_PROPERTIES) + "%").getResultList();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listRoles() {
        return lookupEntityManager().createQuery("select r." + this.roleNameProperty.getName() + " from " + this.roleClass.getName() + " r").getResultList();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<Principal> listMembers(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = listUserMembers(str).iterator();
        while (it.hasNext()) {
            arrayList.add(new SimplePrincipal(it.next()));
        }
        Iterator<String> it2 = listRoleMembers(str).iterator();
        while (it2.hasNext()) {
            arrayList.add(new Role(it2.next()));
        }
        return arrayList;
    }

    private List<String> listUserMembers(String str) {
        Object lookupRole = lookupRole(str);
        if (this.xrefClass == null) {
            return lookupEntityManager().createQuery("select u." + this.userPrincipalProperty.getName() + " from " + this.userClass.getName() + " u where :role member of u." + this.userRolesProperty.getName()).setParameter("role", lookupRole).getResultList();
        }
        List resultList = lookupEntityManager().createQuery("select x from " + this.xrefClass.getName() + " x where x." + this.xrefRoleProperty.getName() + " = :role").setParameter("role", lookupRole).getResultList();
        ArrayList arrayList = new ArrayList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            arrayList.add(this.userPrincipalProperty.getValue(this.xrefUserProperty.getValue(it.next())).toString());
        }
        return arrayList;
    }

    private List<String> listRoleMembers(String str) {
        if (!this.roleGroupsProperty.isSet()) {
            return new ArrayList();
        }
        return lookupEntityManager().createQuery("select r." + this.roleNameProperty.getName() + " from " + this.roleClass.getName() + " r where :role member of r." + this.roleGroupsProperty.getName()).setParameter("role", lookupRole(str)).getResultList();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listGrantableRoles() {
        StringBuilder sb = new StringBuilder();
        sb.append("select r.");
        sb.append(this.roleNameProperty.getName());
        sb.append(" from ");
        sb.append(this.roleClass.getName());
        sb.append(" r");
        if (this.roleConditionalProperty.isSet()) {
            sb.append(" where r.");
            sb.append(this.roleConditionalProperty.getName());
            sb.append(" = false");
        }
        return lookupEntityManager().createQuery(sb.toString()).getResultList();
    }

    protected void persistEntity(Object obj) {
        lookupEntityManager().persist(obj);
    }

    protected Object mergeEntity(Object obj) {
        return lookupEntityManager().merge(obj);
    }

    protected void removeEntity(Object obj) {
        lookupEntityManager().remove(obj);
    }

    public Class getUserClass() {
        return this.userClass;
    }

    public void setUserClass(Class cls) {
        this.userClass = cls;
    }

    public Class getRoleClass() {
        return this.roleClass;
    }

    public void setRoleClass(Class cls) {
        this.roleClass = cls;
    }

    private EntityManager lookupEntityManager() {
        return this.entityManager.getValue();
    }

    public Expressions.ValueExpression getEntityManager() {
        return this.entityManager;
    }

    public void setEntityManager(Expressions.ValueExpression valueExpression) {
        this.entityManager = valueExpression;
    }
}
