package net.solarnetwork.node.setup.security;

import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.solarnetwork.node.dao.BasicBatchOptions;
import net.solarnetwork.node.dao.BatchableDao;
import net.solarnetwork.node.dao.SettingDao;
import net.solarnetwork.node.domain.Setting;
import net.solarnetwork.node.service.IdentityService;
import net.solarnetwork.node.setup.UserAuthenticationInfo;
import net.solarnetwork.node.setup.UserProfile;
import net.solarnetwork.node.setup.UserService;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:net/solarnetwork/node/setup/security/SettingsUserService.class */
public class SettingsUserService implements UserService, UserDetailsService {
    public static final String SETTING_TYPE_USER = "solarnode.user";
    public static final String SETTING_TYPE_ROLE = "solarnode.role";
    public static final String GRANTED_AUTH_USER = "ROLE_USER";
    private final SettingDao settingDao;
    private final IdentityService identityService;
    private final PasswordEncoder passwordEncoder;
    private static final Pattern BCRYPT_PAT = Pattern.compile("(\\$2[abxy]\\$\\d{2}\\$.{22}).+");

    public SettingsUserService(SettingDao settingDao, IdentityService identityService, PasswordEncoder passwordEncoder) {
        this.settingDao = settingDao;
        this.identityService = identityService;
        this.passwordEncoder = passwordEncoder;
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        User user = null;
        String setting = this.settingDao.getSetting(str, SETTING_TYPE_USER);
        if (setting == null && this.identityService != null && this.passwordEncoder != null && !someUserExists()) {
            Long nodeId = this.identityService.getNodeId();
            if (nodeId != null && nodeId.toString().equalsIgnoreCase(str)) {
                user = new User(str, this.passwordEncoder.encode("solar"), Collections.singleton(new SimpleGrantedAuthority(GRANTED_AUTH_USER)));
            }
        } else if (setting != null) {
            String setting2 = this.settingDao.getSetting(str, SETTING_TYPE_ROLE);
            user = new User(str, setting, setting2 != null ? Collections.singleton(new SimpleGrantedAuthority(setting2)) : Collections.emptySet());
        }
        if (user == null) {
            throw new UsernameNotFoundException(str);
        }
        return user;
    }

    public boolean someUserExists() {
        final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        final HashMap hashMap = new HashMap(2);
        this.settingDao.batchProcess(new BatchableDao.BatchCallback<Setting>() { // from class: net.solarnetwork.node.setup.security.SettingsUserService.1
            public BatchableDao.BatchCallbackResult handle(Setting setting) {
                if (setting.getType().equals(SettingsUserService.SETTING_TYPE_ROLE) && SettingsUserService.GRANTED_AUTH_USER.equals(setting.getValue())) {
                    if (hashMap.containsKey(setting.getKey())) {
                        atomicBoolean.set(true);
                        return BatchableDao.BatchCallbackResult.STOP;
                    }
                    hashMap.put(setting.getKey(), Boolean.TRUE);
                } else if (setting.getType().equals(SettingsUserService.SETTING_TYPE_USER)) {
                    if (Boolean.TRUE.equals(hashMap.get(setting.getKey()))) {
                        atomicBoolean.set(true);
                        return BatchableDao.BatchCallbackResult.STOP;
                    }
                    hashMap.put(setting.getKey(), Boolean.FALSE);
                }
                return BatchableDao.BatchCallbackResult.CONTINUE;
            }
        }, new BasicBatchOptions("FindUser"));
        return atomicBoolean.get();
    }

    public void changePassword(String str, String str2, String str3) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        UserDetails userDetails = authentication == null ? null : (UserDetails) authentication.getPrincipal();
        if (userDetails == null) {
            throw new InsufficientAuthenticationException("Active user not found.");
        }
        UserDetails loadUserByUsername = loadUserByUsername(userDetails.getUsername());
        if (loadUserByUsername == null) {
            throw new UsernameNotFoundException("User not found");
        }
        if (this.passwordEncoder != null) {
            if (!this.passwordEncoder.matches(str, loadUserByUsername.getPassword())) {
                throw new BadCredentialsException("Existing password does not match.");
            }
        } else if (!str.equals(loadUserByUsername.getPassword())) {
            throw new BadCredentialsException("Existing password does not match.");
        }
        if (str2 == null || str3 == null || !str2.equals(str3)) {
            throw new IllegalArgumentException("New password not provided or does not match repeated password.");
        }
        this.settingDao.storeSetting(loadUserByUsername.getUsername(), SETTING_TYPE_USER, this.passwordEncoder != null ? this.passwordEncoder.encode(str2) : str2);
        this.settingDao.storeSetting(loadUserByUsername.getUsername(), SETTING_TYPE_ROLE, GRANTED_AUTH_USER);
    }

    public void changeUsername(final String str, String str2) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        UserDetails userDetails = authentication == null ? null : (UserDetails) authentication.getPrincipal();
        if (userDetails == null) {
            throw new InsufficientAuthenticationException("Active user not found.");
        }
        final UserDetails loadUserByUsername = loadUserByUsername(userDetails.getUsername());
        if (loadUserByUsername == null) {
            throw new UsernameNotFoundException("User not found");
        }
        if (str == null || str2 == null || !str.equals(str2)) {
            throw new IllegalArgumentException("New username not provided or does not match repeated username.");
        }
        final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        final AtomicBoolean atomicBoolean2 = new AtomicBoolean(false);
        this.settingDao.batchProcess(new BatchableDao.BatchCallback<Setting>() { // from class: net.solarnetwork.node.setup.security.SettingsUserService.2
            public BatchableDao.BatchCallbackResult handle(Setting setting) {
                if (setting.getType().equals(SettingsUserService.SETTING_TYPE_USER) && setting.getKey().equals(loadUserByUsername.getUsername())) {
                    atomicBoolean.set(true);
                    setting.setKey(str);
                    return atomicBoolean2.get() ? BatchableDao.BatchCallbackResult.UPDATE_STOP : BatchableDao.BatchCallbackResult.UPDATE;
                }
                if (!setting.getType().equals(SettingsUserService.SETTING_TYPE_ROLE) || !setting.getKey().equals(loadUserByUsername.getUsername())) {
                    return BatchableDao.BatchCallbackResult.CONTINUE;
                }
                atomicBoolean2.set(true);
                setting.setKey(str);
                return atomicBoolean.get() ? BatchableDao.BatchCallbackResult.UPDATE_STOP : BatchableDao.BatchCallbackResult.UPDATE;
            }
        }, new BasicBatchOptions("UpdateUser", 50, true, (Map) null));
        if (!atomicBoolean.get()) {
            UserProfile userProfile = new UserProfile();
            userProfile.setUsername(str);
            userProfile.setPassword("solar");
            userProfile.setPasswordAgain("solar");
            storeUserProfile(userProfile);
        }
        User user = new User(str, "", Collections.singleton(new SimpleGrantedAuthority(GRANTED_AUTH_USER)));
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user, (Object) null, user.getAuthorities()));
    }

    public void storeUserProfile(UserProfile userProfile) {
        if (userProfile.getUsername() == null || userProfile.getPassword() == null || !userProfile.getPassword().equals(userProfile.getPasswordAgain())) {
            throw new IllegalArgumentException("Username, password, and repeated password must be provided.");
        }
        this.settingDao.storeSetting(userProfile.getUsername(), SETTING_TYPE_USER, this.passwordEncoder != null ? this.passwordEncoder.encode(userProfile.getPassword()) : userProfile.getPassword());
        this.settingDao.storeSetting(userProfile.getUsername(), SETTING_TYPE_ROLE, GRANTED_AUTH_USER);
    }

    public UserAuthenticationInfo authenticationInfo(String str) {
        try {
            UserDetails loadUserByUsername = loadUserByUsername(str);
            if (loadUserByUsername == null) {
                return null;
            }
            String password = loadUserByUsername.getPassword();
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            return new UserAuthenticationInfo(hashAlgorithmFromPassword(password, linkedHashMap), linkedHashMap);
        } catch (AuthenticationException e) {
            return null;
        }
    }

    private String hashAlgorithmFromPassword(String str, Map<String, Object> map) {
        Matcher matcher = BCRYPT_PAT.matcher(str);
        if (!matcher.matches()) {
            return null;
        }
        map.put("salt", matcher.group(1));
        return "bcrypt";
    }

    public SettingDao getSettingDao() {
        return this.settingDao;
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }
}
