package org.apache.jetspeed.services.security.turbine;

import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.mail.internet.MimeUtility;
import javax.servlet.ServletConfig;
import org.apache.jetspeed.om.profile.Profile;
import org.apache.jetspeed.om.security.BaseJetspeedUser;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.UserIdPrincipal;
import org.apache.jetspeed.om.security.UserNamePrincipal;
import org.apache.jetspeed.om.security.turbine.BaseTurbineUserPeer;
import org.apache.jetspeed.om.security.turbine.TurbineUser;
import org.apache.jetspeed.om.security.turbine.TurbineUserPeer;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.Profiler;
import org.apache.jetspeed.services.PsmlManager;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
import org.apache.jetspeed.services.security.CredentialsManagement;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
import org.apache.jetspeed.services.security.JetspeedSecurityService;
import org.apache.jetspeed.services.security.NotUniqueUserException;
import org.apache.jetspeed.services.security.UnknownUserException;
import org.apache.jetspeed.services.security.UserException;
import org.apache.jetspeed.services.security.UserManagement;
import org.apache.torque.om.NumberKey;
import org.apache.torque.util.Criteria;
import org.apache.turbine.services.InitializationException;
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.localization.Localization;
import org.apache.turbine.services.resources.ResourceService;
import org.apache.turbine.services.rundata.RunDataService;
import org.apache.turbine.util.Log;
import org.exolab.castor.dsml.XML;

/* loaded from: input_file:WEB-INF/lib/jetspeed-1.4-b4.jar:org/apache/jetspeed/services/security/turbine/TurbineUserManagement.class */
public class TurbineUserManagement extends TurbineBaseService implements UserManagement, CredentialsManagement {
    private static final String CONFIG_SECURE_PASSWORDS_KEY = "secure.passwords";
    private static final String CONFIG_SECURE_PASSWORDS_ALGORITHM = "secure.passwords.algorithm";
    private static final String CONFIG_NEWUSER_ROLES = "newuser.roles";
    private static final String[] DEFAULT_CONFIG_NEWUSER_ROLES = {"user"};
    boolean securePasswords = false;
    String passwordsAlgorithm = "SHA";
    String[] roles = null;
    private JetspeedRunDataService runDataService = null;

    @Override // org.apache.jetspeed.services.security.UserManagement
    public JetspeedUser getUser(Principal principal) throws JetspeedSecurityException {
        Criteria criteria = new Criteria();
        if (principal instanceof UserNamePrincipal) {
            criteria.add(BaseTurbineUserPeer.LOGIN_NAME, principal.getName());
        } else {
            if (!(principal instanceof UserIdPrincipal)) {
                throw new UserException(new StringBuffer().append("Invalid Principal Type in getUser: ").append(principal.getClass().getName()).toString());
            }
            criteria.add(BaseTurbineUserPeer.USER_ID, principal.getName());
        }
        try {
            List doSelectUsers = TurbineUserPeer.doSelectUsers(criteria);
            if (doSelectUsers.size() > 1) {
                throw new UserException(new StringBuffer().append("Multiple Users with same username '").append(principal.getName()).append("'").toString());
            }
            if (doSelectUsers.size() == 1) {
                return (JetspeedUser) doSelectUsers.get(0);
            }
            throw new UnknownUserException(new StringBuffer().append("Unknown user '").append(principal.getName()).append("'").toString());
        } catch (Exception e) {
            throw new UserException(new StringBuffer().append("Failed to retrieve user '").append(principal.getName()).append("'").toString(), e);
        }
    }

    @Override // org.apache.jetspeed.services.security.UserManagement
    public Iterator getUsers() throws JetspeedSecurityException {
        try {
            return TurbineUserPeer.doSelectUsers(new Criteria()).iterator();
        } catch (Exception e) {
            throw new UserException("Failed to retrieve users ", e);
        }
    }

    @Override // org.apache.jetspeed.services.security.UserManagement
    public Iterator getUsers(String str) throws JetspeedSecurityException {
        try {
            return TurbineUserPeer.doSelectUsers(new Criteria()).iterator();
        } catch (Exception e) {
            throw new UserException("Failed to retrieve users ", e);
        }
    }

    @Override // org.apache.jetspeed.services.security.UserManagement
    public void saveUser(JetspeedUser jetspeedUser) throws JetspeedSecurityException {
        if (!accountExists(jetspeedUser, true)) {
            throw new UnknownUserException(new StringBuffer().append("Cannot save user '").append(jetspeedUser.getUserName()).append("', User doesn't exist").toString());
        }
        try {
            BaseTurbineUserPeer.doUpdate(TurbineUserPeer.buildCriteria(jetspeedUser));
        } catch (Exception e) {
            throw new UserException("Failed to save user object ", e);
        }
    }

    @Override // org.apache.jetspeed.services.security.UserManagement
    public void addUser(JetspeedUser jetspeedUser) throws JetspeedSecurityException {
        if (accountExists(jetspeedUser)) {
            throw new NotUniqueUserException(new StringBuffer().append("The account '").append(jetspeedUser.getUserName()).append("' already exists").toString());
        }
        jetspeedUser.setPassword(JetspeedSecurity.encryptPassword(jetspeedUser.getPassword()));
        try {
            ((BaseJetspeedUser) jetspeedUser).setUserId(((NumberKey) BaseTurbineUserPeer.doInsert(TurbineUserPeer.buildCriteria(jetspeedUser))).toString());
            addDefaultPSML(jetspeedUser);
        } catch (Exception e) {
            throw new UserException(new StringBuffer().append("Failed to create account '").append(jetspeedUser.getUserName()).append("'").toString(), e);
        }
    }

    protected void addDefaultPSML(JetspeedUser jetspeedUser) throws JetspeedSecurityException {
        for (int i = 0; i < this.roles.length; i++) {
            try {
                JetspeedSecurity.grantRole(jetspeedUser.getUserName(), JetspeedSecurity.getRole(this.roles[i]).getName());
            } catch (Exception e) {
                Log.error(new StringBuffer().append("Could not grant role: ").append(this.roles[i]).append(" to user ").append(jetspeedUser.getUserName()).toString(), e);
            }
        }
        try {
            if (getRunData() != null && !Profiler.useRoleProfileMerging()) {
                Profile createProfile = Profiler.createProfile();
                createProfile.setUser(jetspeedUser);
                createProfile.setMediaType("html");
                Profiler.createProfile(getRunData(), createProfile);
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            removeUser(new UserNamePrincipal(jetspeedUser.getUserName()));
            throw new UserException("Failed to create profile for new user ", e2);
        }
    }

    @Override // org.apache.jetspeed.services.security.UserManagement
    public void removeUser(Principal principal) throws JetspeedSecurityException {
        JetspeedUser user = getUser(principal);
        Criteria criteria = new Criteria();
        if (principal instanceof UserNamePrincipal) {
            criteria.add(BaseTurbineUserPeer.LOGIN_NAME, principal.getName());
        } else {
            if (!(principal instanceof UserIdPrincipal)) {
                throw new UserException(new StringBuffer().append("Invalid Principal Type in removeUser: ").append(principal.getClass().getName()).toString());
            }
            criteria.add(BaseTurbineUserPeer.USER_ID, principal.getName());
        }
        try {
            BaseTurbineUserPeer.doDelete(criteria);
            PsmlManager.removeUserDocuments(user);
        } catch (Exception e) {
            throw new UserException(new StringBuffer().append("Failed to remove account '").append(user.getUserName()).append("'").toString(), e);
        }
    }

    @Override // org.apache.jetspeed.services.security.CredentialsManagement
    public void changePassword(JetspeedUser jetspeedUser, String str, String str2) throws JetspeedSecurityException {
        String convertPassword = JetspeedSecurity.convertPassword(str);
        String convertPassword2 = JetspeedSecurity.convertPassword(str2);
        String encryptPassword = JetspeedSecurity.encryptPassword(convertPassword);
        if (!accountExists(jetspeedUser)) {
            throw new UnknownUserException(Localization.getString("UPDATEACCOUNT_NOUSER"));
        }
        if (!jetspeedUser.getPassword().equals(encryptPassword)) {
            throw new UserException(Localization.getString("UPDATEACCOUNT_BADOLDPASSWORD"));
        }
        jetspeedUser.setPassword(JetspeedSecurity.encryptPassword(convertPassword2));
        jetspeedUser.setPasswordChanged(new Date());
        saveUser(jetspeedUser);
    }

    @Override // org.apache.jetspeed.services.security.CredentialsManagement
    public void forcePassword(JetspeedUser jetspeedUser, String str) throws JetspeedSecurityException {
        if (!accountExists(jetspeedUser)) {
            throw new UnknownUserException(new StringBuffer().append("The account '").append(jetspeedUser.getUserName()).append("' does not exist").toString());
        }
        jetspeedUser.setPassword(JetspeedSecurity.encryptPassword(str));
        saveUser(jetspeedUser);
    }

    @Override // org.apache.jetspeed.services.security.CredentialsManagement
    public String encryptPassword(String str) throws JetspeedSecurityException {
        if (!this.securePasswords) {
            return str;
        }
        if (str == null) {
            return null;
        }
        try {
            byte[] digest = MessageDigest.getInstance(this.passwordsAlgorithm).digest(str.getBytes("UTF-8"));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(digest.length + (digest.length / 3) + 1);
            MimeUtility.encode(byteArrayOutputStream, XML.Entries.Attributes.Encodings.Base64).write(digest);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            Log.error(new StringBuffer().append("Unable to encrypt password.").append(e.getMessage()).toString());
            Log.error(e);
            return null;
        }
    }

    @Override // org.apache.turbine.services.TurbineBaseService
    public synchronized void init(ServletConfig servletConfig) throws InitializationException {
        if (getInit()) {
            return;
        }
        super.init(servletConfig);
        ResourceService resources = ((TurbineServices) TurbineServices.getInstance()).getResources(JetspeedSecurityService.SERVICE_NAME);
        this.securePasswords = resources.getBoolean("secure.passwords", this.securePasswords);
        this.passwordsAlgorithm = resources.getString("secure.passwords.algorithm", this.passwordsAlgorithm);
        try {
            this.roles = resources.getStringArray(CONFIG_NEWUSER_ROLES);
        } catch (Exception e) {
        }
        if (null == this.roles || this.roles.length == 0) {
            this.roles = DEFAULT_CONFIG_NEWUSER_ROLES;
        }
        this.runDataService = (JetspeedRunDataService) TurbineServices.getInstance().getService(RunDataService.SERVICE_NAME);
        setInit(true);
    }

    protected boolean accountExists(JetspeedUser jetspeedUser) throws UserException {
        return accountExists(jetspeedUser, false);
    }

    protected boolean accountExists(JetspeedUser jetspeedUser, boolean z) throws UserException {
        String userId = jetspeedUser.getUserId();
        Criteria criteria = new Criteria();
        criteria.add(BaseTurbineUserPeer.LOGIN_NAME, jetspeedUser.getUserName());
        try {
            List doSelect = BaseTurbineUserPeer.doSelect(criteria);
            if (doSelect.size() < 1) {
                return false;
            }
            String valueOf = String.valueOf(((TurbineUser) doSelect.get(0)).getUserId());
            if (!z || valueOf.equals(userId)) {
                return true;
            }
            throw new UserException("User exists but under a different unique ID");
        } catch (Exception e) {
            throw new UserException("Failed to check account's presence", e);
        }
    }

    protected JetspeedRunData getRunData() {
        JetspeedRunData jetspeedRunData = null;
        if (this.runDataService != null) {
            jetspeedRunData = this.runDataService.getCurrentRunData();
        }
        return jetspeedRunData;
    }
}
