package org.apache.syncope.core.logic;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Transformer;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.patch.AnyPatch;
import org.apache.syncope.common.lib.patch.BooleanReplacePatchItem;
import org.apache.syncope.common.lib.patch.PasswordPatch;
import org.apache.syncope.common.lib.patch.StatusPatch;
import org.apache.syncope.common.lib.patch.StringPatchItem;
import org.apache.syncope.common.lib.patch.UserPatch;
import org.apache.syncope.common.lib.to.AnyTO;
import org.apache.syncope.common.lib.to.PropagationStatus;
import org.apache.syncope.common.lib.to.ProvisioningResult;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.PatchOperation;
import org.apache.syncope.common.lib.types.StatusPatchType;
import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
import org.apache.syncope.core.persistence.api.dao.AnySearchDAO;
import org.apache.syncope.core.persistence.api.dao.ConfDAO;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
import org.apache.syncope.core.persistence.api.entity.group.Group;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.LogicActions;
import org.apache.syncope.core.provisioning.api.UserProvisioningManager;
import org.apache.syncope.core.provisioning.api.data.UserDataBinder;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
import org.apache.syncope.core.provisioning.api.utils.RealmUtils;
import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:org/apache/syncope/core/logic/UserLogic.class */
public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> {

    @Autowired
    protected AnySearchDAO searchDAO;

    @Autowired
    protected ConfDAO confDAO;

    @Autowired
    protected AccessTokenDAO accessTokenDAO;

    @Autowired
    protected UserDataBinder binder;

    @Autowired
    protected UserProvisioningManager provisioningManager;

    @Autowired
    protected SyncopeLogic syncopeLogic;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.syncope.core.logic.UserLogic$7, reason: invalid class name */
    /* loaded from: input_file:org/apache/syncope/core/logic/UserLogic$7.class */
    public static /* synthetic */ class AnonymousClass7 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$syncope$common$lib$types$StatusPatchType = new int[StatusPatchType.values().length];

        static {
            try {
                $SwitchMap$org$apache$syncope$common$lib$types$StatusPatchType[StatusPatchType.SUSPEND.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$syncope$common$lib$types$StatusPatchType[StatusPatchType.REACTIVATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$syncope$common$lib$types$StatusPatchType[StatusPatchType.ACTIVATE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Transactional(readOnly = true)
    @PreAuthorize("isAuthenticated()")
    public Pair<String, UserTO> selfRead() {
        return ImmutablePair.of(POJOHelper.serialize(AuthContextUtils.getAuthorizations()), this.binder.returnUserTO(this.binder.getAuthenticatedUserTO()));
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public UserTO read(String str) {
        return this.binder.returnUserTO(this.binder.getUserTO(str));
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_SEARCH')")
    public Pair<Integer, List<UserTO>> search(SearchCond searchCond, int i, int i2, List<OrderByClause> list, String str, final boolean z) {
        return Pair.of(Integer.valueOf(this.searchDAO.count(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_SEARCH"), str), searchCond == null ? this.userDAO.getAllMatchingCond() : searchCond, AnyTypeKind.USER)), (List) CollectionUtils.collect(this.searchDAO.search(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_SEARCH"), str), searchCond == null ? this.userDAO.getAllMatchingCond() : searchCond, i, i2, list, AnyTypeKind.USER), new Transformer<User, UserTO>() { // from class: org.apache.syncope.core.logic.UserLogic.1
            @Transactional(readOnly = true)
            public UserTO transform(User user) {
                return UserLogic.this.binder.returnUserTO(UserLogic.this.binder.getUserTO(user, z));
            }
        }, new ArrayList()));
    }

    @PreAuthorize("isAnonymous() or hasRole('ANONYMOUS')")
    public ProvisioningResult<UserTO> selfCreate(UserTO userTO, boolean z, boolean z2) {
        return doCreate(userTO, z, true, z2);
    }

    @PreAuthorize("hasRole('USER_CREATE')")
    public ProvisioningResult<UserTO> create(UserTO userTO, boolean z, boolean z2) {
        return doCreate(userTO, z, false, z2);
    }

    protected ProvisioningResult<UserTO> doCreate(UserTO userTO, boolean z, boolean z2, boolean z3) {
        Pair<UserTO, List<LogicActions>> beforeCreate = beforeCreate(userTO);
        if (((UserTO) beforeCreate.getLeft()).getRealm() == null) {
            throw SyncopeClientException.build(ClientExceptionType.InvalidRealm);
        }
        if (!z2) {
            securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_CREATE"), ((UserTO) beforeCreate.getLeft()).getRealm()), ((UserTO) beforeCreate.getLeft()).getRealm(), null);
        }
        Pair create = this.provisioningManager.create((UserTO) beforeCreate.getLeft(), z, z3);
        return afterCreate(this.binder.returnUserTO(this.binder.getUserTO((String) create.getKey())), (List) create.getRight(), (List) beforeCreate.getRight());
    }

    @PreAuthorize("isAuthenticated() and not(hasRole('ANONYMOUS'))")
    public ProvisioningResult<UserTO> selfUpdate(UserPatch userPatch, boolean z) {
        String key;
        userPatch.setKey(this.binder.getAuthenticatedUserTO().getKey());
        ProvisioningResult<UserTO> doUpdate = doUpdate(userPatch, true, z);
        if (!this.confDAO.getValuesAsStrings("authentication.statuses").contains(doUpdate.getEntity().getStatus()) && (key = this.accessTokenDAO.findByOwner(doUpdate.getEntity().getUsername()).getKey()) != null) {
            this.accessTokenDAO.delete(key);
        }
        return doUpdate;
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @PreAuthorize("hasRole('USER_UPDATE')")
    public ProvisioningResult<UserTO> update(UserPatch userPatch, boolean z) {
        return doUpdate(userPatch, false, z);
    }

    protected ProvisioningResult<UserTO> doUpdate(UserPatch userPatch, boolean z, boolean z2) {
        UserTO userTO = this.binder.getUserTO(userPatch.getKey());
        HashSet hashSet = new HashSet(userTO.getDynRealms());
        Pair<UserPatch, List<LogicActions>> beforeUpdate = beforeUpdate(userPatch, userTO.getRealm());
        boolean z3 = false;
        if (!z && ((UserPatch) beforeUpdate.getLeft()).getRealm() != null && StringUtils.isNotBlank((CharSequence) ((UserPatch) beforeUpdate.getLeft()).getRealm().getValue())) {
            z3 = securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), (String) ((UserPatch) beforeUpdate.getLeft()).getRealm().getValue()), (String) ((UserPatch) beforeUpdate.getLeft()).getRealm().getValue(), ((UserPatch) beforeUpdate.getLeft()).getKey());
        }
        Pair update = this.provisioningManager.update((AnyPatch) beforeUpdate.getLeft(), z2);
        return afterUpdate(this.binder.returnUserTO(this.binder.getUserTO(((UserPatch) update.getLeft()).getKey())), (List) update.getRight(), (List) beforeUpdate.getRight(), z3, hashSet);
    }

    protected Pair<String, List<PropagationStatus>> setStatusOnWfAdapter(StatusPatch statusPatch, boolean z) {
        Pair<String, List<PropagationStatus>> activate;
        switch (AnonymousClass7.$SwitchMap$org$apache$syncope$common$lib$types$StatusPatchType[statusPatch.getType().ordinal()]) {
            case 1:
                activate = this.provisioningManager.suspend(statusPatch, z);
                break;
            case 2:
                activate = this.provisioningManager.reactivate(statusPatch, z);
                break;
            case 3:
            default:
                activate = this.provisioningManager.activate(statusPatch, z);
                break;
        }
        return activate;
    }

    @PreAuthorize("hasRole('USER_UPDATE')")
    public ProvisioningResult<UserTO> status(StatusPatch statusPatch, boolean z) {
        UserTO userTO = this.binder.getUserTO(statusPatch.getKey());
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), userTO.getRealm()), userTO.getRealm(), userTO.getKey());
        statusPatch.setKey(userTO.getKey());
        Pair<String, List<PropagationStatus>> statusOnWfAdapter = setStatusOnWfAdapter(statusPatch, z);
        return afterUpdate(this.binder.returnUserTO(this.binder.getUserTO((String) statusOnWfAdapter.getKey())), (List) statusOnWfAdapter.getRight(), Collections.emptyList(), false, Collections.emptySet());
    }

    @PreAuthorize("isAuthenticated()")
    public ProvisioningResult<UserTO> selfStatus(StatusPatch statusPatch, boolean z) {
        statusPatch.setKey(this.userDAO.findKey(AuthContextUtils.getUsername()));
        Pair<String, List<PropagationStatus>> statusOnWfAdapter = setStatusOnWfAdapter(statusPatch, z);
        return afterUpdate(this.binder.returnUserTO(this.binder.getUserTO((String) statusOnWfAdapter.getKey())), (List) statusOnWfAdapter.getRight(), Collections.emptyList(), false, Collections.emptySet());
    }

    @PreAuthorize("hasRole('MUST_CHANGE_PASSWORD')")
    public ProvisioningResult<UserTO> mustChangePassword(String str, boolean z) {
        UserPatch userPatch = new UserPatch();
        userPatch.setPassword(new PasswordPatch.Builder().value(str).build());
        userPatch.setMustChangePassword(new BooleanReplacePatchItem.Builder().value(false).build());
        return selfUpdate(userPatch, z);
    }

    @Transactional
    @PreAuthorize("isAnonymous() or hasRole('ANONYMOUS')")
    public void requestPasswordReset(String str, String str2) {
        if (str == null) {
            throw new NotFoundException("Null username");
        }
        User findByUsername = this.userDAO.findByUsername(str);
        if (findByUsername == null) {
            throw new NotFoundException("User " + str);
        }
        if (this.syncopeLogic.isPwdResetRequiringSecurityQuestions() && (str2 == null || !str2.equals(findByUsername.getSecurityAnswer()))) {
            throw SyncopeClientException.build(ClientExceptionType.InvalidSecurityAnswer);
        }
        this.provisioningManager.requestPasswordReset(findByUsername.getKey());
    }

    @Transactional
    @PreAuthorize("isAnonymous() or hasRole('ANONYMOUS')")
    public void confirmPasswordReset(String str, String str2) {
        User findByToken = this.userDAO.findByToken(str);
        if (findByToken == null) {
            throw new NotFoundException("User with token " + str);
        }
        this.provisioningManager.confirmPasswordReset(findByToken.getKey(), str, str2);
    }

    @PreAuthorize("isAuthenticated() and not(hasRole('ANONYMOUS'))")
    public ProvisioningResult<UserTO> selfDelete(boolean z) {
        return doDelete(this.binder.getAuthenticatedUserTO(), true, z);
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @PreAuthorize("hasRole('USER_DELETE')")
    public ProvisioningResult<UserTO> delete(String str, boolean z) {
        return doDelete(this.binder.getUserTO(str), false, z);
    }

    protected ProvisioningResult<UserTO> doDelete(UserTO userTO, boolean z, boolean z2) {
        UserTO userTO2;
        Pair<UserTO, List<LogicActions>> beforeDelete = beforeDelete(userTO);
        if (!z) {
            securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_DELETE"), ((UserTO) beforeDelete.getLeft()).getRealm()), ((UserTO) beforeDelete.getLeft()).getRealm(), ((UserTO) beforeDelete.getLeft()).getKey());
        }
        List findOwnedByUser = this.groupDAO.findOwnedByUser(((UserTO) beforeDelete.getLeft()).getKey());
        if (!findOwnedByUser.isEmpty()) {
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.GroupOwnership);
            build.getElements().addAll(CollectionUtils.collect(findOwnedByUser, new Transformer<Group, String>() { // from class: org.apache.syncope.core.logic.UserLogic.2
                public String transform(Group group) {
                    return group.getKey() + " " + group.getName();
                }
            }, new ArrayList()));
            throw build;
        }
        List<PropagationStatus> delete = this.provisioningManager.delete(((UserTO) beforeDelete.getLeft()).getKey(), z2);
        if (this.userDAO.find(((UserTO) beforeDelete.getLeft()).getKey()) == null) {
            userTO2 = new UserTO();
            userTO2.setKey(((UserTO) beforeDelete.getLeft()).getKey());
        } else {
            userTO2 = this.binder.getUserTO(((UserTO) beforeDelete.getLeft()).getKey());
        }
        return afterDelete(this.binder.returnUserTO(userTO2), delete, (List) beforeDelete.getRight());
    }

    @PreAuthorize("hasRole('USER_UPDATE')")
    public UserTO unlink(String str, Collection<String> collection) {
        UserTO userTO = this.binder.getUserTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), userTO.getRealm()), userTO.getRealm(), userTO.getKey());
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(str);
        userPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.UserLogic.3
            public StringPatchItem transform(String str2) {
                return new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(str2).build();
            }
        }));
        return this.binder.returnUserTO(this.binder.getUserTO(this.provisioningManager.unlink(userPatch)));
    }

    @PreAuthorize("hasRole('USER_UPDATE')")
    public UserTO link(String str, Collection<String> collection) {
        UserTO userTO = this.binder.getUserTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), userTO.getRealm()), userTO.getRealm(), userTO.getKey());
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(str);
        userPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.UserLogic.4
            public StringPatchItem transform(String str2) {
                return new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(str2).build();
            }
        }));
        return this.binder.returnUserTO(this.binder.getUserTO(this.provisioningManager.link(userPatch)));
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('USER_UPDATE')")
    public ProvisioningResult<UserTO> unassign(String str, Collection<String> collection, boolean z) {
        UserTO userTO = this.binder.getUserTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), userTO.getRealm()), userTO.getRealm(), userTO.getKey());
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(str);
        userPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.UserLogic.5
            public StringPatchItem transform(String str2) {
                return new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(str2).build();
            }
        }));
        return update(userPatch, z);
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('USER_UPDATE')")
    public ProvisioningResult<UserTO> assign(String str, Collection<String> collection, boolean z, String str2, boolean z2) {
        UserTO userTO = this.binder.getUserTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), userTO.getRealm()), userTO.getRealm(), userTO.getKey());
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(str);
        userPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.UserLogic.6
            public StringPatchItem transform(String str3) {
                return new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(str3).build();
            }
        }));
        if (z) {
            userPatch.setPassword(new PasswordPatch.Builder().value(str2).onSyncope(false).resources(collection).build());
        }
        return update(userPatch, z2);
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('USER_UPDATE')")
    public ProvisioningResult<UserTO> deprovision(String str, Collection<String> collection, boolean z) {
        UserTO userTO = this.binder.getUserTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), userTO.getRealm()), userTO.getRealm(), userTO.getKey());
        List deprovision = this.provisioningManager.deprovision(str, collection, z);
        ProvisioningResult<UserTO> provisioningResult = new ProvisioningResult<>();
        provisioningResult.setEntity(this.binder.returnUserTO(this.binder.getUserTO(str)));
        provisioningResult.getPropagationStatuses().addAll(deprovision);
        return provisioningResult;
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('USER_UPDATE')")
    public ProvisioningResult<UserTO> provision(String str, Collection<String> collection, boolean z, String str2, boolean z2) {
        UserTO userTO = this.binder.getUserTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("USER_UPDATE"), userTO.getRealm()), userTO.getRealm(), userTO.getKey());
        List provision = this.provisioningManager.provision(str, z, str2, collection, z2);
        ProvisioningResult<UserTO> provisioningResult = new ProvisioningResult<>();
        provisioningResult.setEntity(this.binder.returnUserTO(this.binder.getUserTO(str)));
        provisioningResult.getPropagationStatuses().addAll(provision);
        return provisioningResult;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.syncope.core.logic.AbstractLogic
    /* renamed from: resolveReference, reason: merged with bridge method [inline-methods] */
    public UserTO mo3resolveReference(Method method, Object... objArr) throws UnresolvedReferenceException {
        String str = null;
        if ("requestPasswordReset".equals(method.getName())) {
            str = this.userDAO.findKey((String) objArr[0]);
        } else if (!"confirmPasswordReset".equals(method.getName()) && ArrayUtils.isNotEmpty(objArr)) {
            for (int i = 0; str == null && i < objArr.length; i++) {
                if (objArr[i] instanceof String) {
                    str = (String) objArr[i];
                } else if (objArr[i] instanceof UserTO) {
                    str = ((UserTO) objArr[i]).getKey();
                } else if (objArr[i] instanceof UserPatch) {
                    str = ((UserPatch) objArr[i]).getKey();
                } else if (objArr[i] instanceof StatusPatch) {
                    str = ((StatusPatch) objArr[i]).getKey();
                }
            }
        }
        if (str == null) {
            throw new UnresolvedReferenceException();
        }
        try {
            return this.binder.getUserTO(str);
        } catch (Throwable th) {
            LOG.debug("Unresolved reference", th);
            throw new UnresolvedReferenceException(th);
        }
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('USER_UPDATE')")
    /* renamed from: link */
    public /* bridge */ /* synthetic */ AnyTO mo4link(String str, Collection collection) {
        return link(str, (Collection<String>) collection);
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('USER_UPDATE')")
    /* renamed from: unlink */
    public /* bridge */ /* synthetic */ AnyTO mo5unlink(String str, Collection collection) {
        return unlink(str, (Collection<String>) collection);
    }
}
