package systems.dmx.ldap;

import java.util.List;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.DELETE;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import systems.dmx.accesscontrol.AccessControlService;
import systems.dmx.accesscontrol.AuthorizationMethod;
import systems.dmx.core.Assoc;
import systems.dmx.core.Topic;
import systems.dmx.core.model.AssocModel;
import systems.dmx.core.model.PlayerModel;
import systems.dmx.core.osgi.PluginActivator;
import systems.dmx.core.service.Inject;
import systems.dmx.core.service.Transactional;
import systems.dmx.core.service.accesscontrol.Credentials;
import systems.dmx.core.service.event.PostCreateAssoc;
import systems.dmx.core.service.event.PreDeleteAssoc;
import systems.dmx.core.storage.spi.DMXTransaction;
import systems.dmx.ldap.LDAP;
import systems.dmx.ldap.service.LDAPService;
import systems.dmx.workspaces.WorkspacesService;

@Path("/ldap")
/* loaded from: input_file:systems/dmx/ldap/LDAPPlugin.class */
public class LDAPPlugin extends PluginActivator implements AuthorizationMethod, LDAPService, PostCreateAssoc, PreDeleteAssoc {
    public static final String WORKSPACE_TYPE = "dmx.workspaces.workspace";
    public static final String GROUP_TYPE = "systems.dmx.ldap.group";
    public static final String COMPOSITION_ASSOC_TYPE = "dmx.core.composition";
    public static final String MEMBERSHIP_ASSOC_TYPE = "dmx.accesscontrol.membership";
    public static final String USERNAME_TOPIC_TYPE = "dmx.accesscontrol.username";
    private static Logger logger = Logger.getLogger(LDAPPlugin.class.getName());

    @Inject
    private AccessControlService acs;

    @Inject
    private WorkspacesService wss;
    private Configuration configuration;
    private PluginLog pluginLog;
    private LDAP ldap;

    /* renamed from: systems.dmx.ldap.LDAPPlugin$1 */
    /* loaded from: input_file:systems/dmx/ldap/LDAPPlugin$1.class */
    class AnonymousClass1 implements LDAP.CompletableAction {
        final /* synthetic */ AtomicReference val$usernameTopicRef;

        AnonymousClass1(AtomicReference atomicReference) {
            r5 = atomicReference;
        }

        @Override // systems.dmx.ldap.LDAP.CompletableAction
        public boolean run(String str) {
            Topic topic = null;
            try {
                try {
                    topic = LDAPPlugin.this.lookupOrCreateUsernameTopic(str);
                    boolean z = topic != null;
                    r5.set(topic);
                    return z;
                } catch (Exception e) {
                    LDAPPlugin.this.pluginLog.actionError(String.format("Creating username %s failed but LDAP entry was already created. Rolling back.", str), e);
                    throw new RuntimeException("Creating username failed", e);
                }
            } catch (Throwable th) {
                r5.set(topic);
                throw th;
            }
        }
    }

    public void serviceArrived(Object obj) {
        if (obj instanceof AccessControlService) {
            ((AccessControlService) obj).registerAuthorizationMethod("LDAP", this);
        }
    }

    public void serviceGone(Object obj) {
        if (obj instanceof AccessControlService) {
            ((AccessControlService) obj).unregisterAuthorizationMethod("LDAP");
        }
    }

    public void init() {
        try {
            this.configuration = Configuration.createFromProperties();
            this.pluginLog = PluginLog$.newInstance(this.configuration.loggingMode);
        } catch (Exception e) {
            this.configuration = Configuration.createFallback();
            this.pluginLog = PluginLog$.newInstance(this.configuration.loggingMode);
            this.pluginLog.configurationError("Error parsing configuration", e);
            this.pluginLog.configurationHint("Configuration could not be parsed. Providing an emergency fallback configuration. LDAP logins will not work!", new Object[0]);
        }
        this.pluginLog.configurationHint("Plugin configuration:\n%s", this.configuration.summary());
        if (this.configuration.check(this.pluginLog)) {
            this.ldap = LDAP$.newInstance(this.configuration, this.pluginLog);
        } else {
            this.pluginLog.configurationError("LDAP Plugin configuration is not correct. Please fix the issues mentioned in the log.", new Object[0]);
            this.ldap = LDAP$.newDummyInstance(this.pluginLog);
        }
    }

    @Override // systems.dmx.ldap.service.LDAPService
    public Configuration getConfiguration() {
        return this.configuration;
    }

    private String sanitise(String str) {
        return str.toLowerCase(Locale.ROOT);
    }

    public Topic checkCredentials(Credentials credentials) {
        String sanitise = sanitise(credentials.username);
        if (!this.ldap.checkCredentials(sanitise, credentials.password)) {
            this.pluginLog.actionError(String.format("Credential check for user %s failed.", sanitise), null);
            return null;
        }
        Topic lookupOrCreateUsernameTopic = lookupOrCreateUsernameTopic(sanitise);
        if (lookupOrCreateUsernameTopic != null) {
            this.pluginLog.actionHint("LDAP log-in successful for user %s", sanitise);
            return lookupOrCreateUsernameTopic;
        }
        this.pluginLog.actionError("Credentials in LDAP are OK but unable find or create username topic", null);
        return null;
    }

    @Override // systems.dmx.ldap.service.LDAPService
    public Topic createUser(Credentials credentials) {
        if (!this.configuration.userCreationEnabled) {
            logger.warning("User creation is disabled in plugin configuration!");
            return null;
        }
        AtomicReference atomicReference = new AtomicReference();
        this.ldap.createUser(sanitise(credentials.username), credentials.password, new LDAP.CompletableAction() { // from class: systems.dmx.ldap.LDAPPlugin.1
            final /* synthetic */ AtomicReference val$usernameTopicRef;

            AnonymousClass1(AtomicReference atomicReference2) {
                r5 = atomicReference2;
            }

            @Override // systems.dmx.ldap.LDAP.CompletableAction
            public boolean run(String str) {
                Topic topic = null;
                try {
                    try {
                        topic = LDAPPlugin.this.lookupOrCreateUsernameTopic(str);
                        boolean z = topic != null;
                        r5.set(topic);
                        return z;
                    } catch (Exception e) {
                        LDAPPlugin.this.pluginLog.actionError(String.format("Creating username %s failed but LDAP entry was already created. Rolling back.", str), e);
                        throw new RuntimeException("Creating username failed", e);
                    }
                } catch (Throwable th) {
                    r5.set(topic);
                    throw th;
                }
            }
        });
        return (Topic) atomicReference2.get();
    }

    public Topic lookupOrCreateUsernameTopic(String str) {
        Topic usernameTopic = this.acs.getUsernameTopic(str);
        if (usernameTopic != null) {
            return usernameTopic;
        }
        DMXTransaction beginTx = this.dmx.beginTx();
        try {
            Topic createUsername = this.acs.createUsername(str);
            beginTx.success();
            beginTx.finish();
            return createUsername;
        } catch (Throwable th) {
            beginTx.finish();
            throw th;
        }
    }

    @Override // systems.dmx.ldap.service.LDAPService
    public Topic changePassword(Credentials credentials) {
        if (!this.configuration.userCreationEnabled) {
            this.pluginLog.actionWarning("Cannot change password because user creation is disabled in plugin configuration!", new Object[0]);
            return null;
        }
        String sanitise = sanitise(credentials.username);
        Topic usernameTopic = this.acs.getUsernameTopic(sanitise);
        if (usernameTopic == null || !this.ldap.changePassword(sanitise, credentials.password)) {
            return null;
        }
        this.pluginLog.actionHint("Succesfully changed password for %s", sanitise);
        return usernameTopic;
    }

    @Override // systems.dmx.ldap.service.LDAPService
    @Path("/user/{username}")
    @DELETE
    @Transactional
    public void deleteUser(@PathParam("username") String str) {
        try {
            str = sanitise(str);
            this.acs.getUsernameTopic(str).delete();
            if (this.ldap.deleteUser(str)) {
            } else {
                throw new RuntimeException("ldap.deleteUser() returned false; see server log for actual error");
            }
        } catch (Exception e) {
            throw new RuntimeException("Deleting LDAP user \"" + str + "\" failed", e);
        }
    }

    private List<String> getMembers(Topic topic, String str) {
        Function function;
        Stream stream = topic.getRelatedTopics(MEMBERSHIP_ASSOC_TYPE, (String) null, (String) null, USERNAME_TOPIC_TYPE).stream();
        function = LDAPPlugin$$Lambda$1.instance;
        return (List) stream.map(function).filter(LDAPPlugin$$Lambda$3.lambdaFactory$(str)).collect(Collectors.toList());
    }

    private boolean isWorkspaceGroupComposition(AssocModel assocModel) {
        return isType(assocModel, COMPOSITION_ASSOC_TYPE) && isType(assocModel.getPlayer1(), WORKSPACE_TYPE) && isType(assocModel.getPlayer2(), GROUP_TYPE);
    }

    private boolean isUsernameWorkspaceMembership(AssocModel assocModel) {
        return isType(assocModel, MEMBERSHIP_ASSOC_TYPE) && isPlayerType(assocModel, USERNAME_TOPIC_TYPE) && isPlayerType(assocModel, WORKSPACE_TYPE);
    }

    public void postCreateAssoc(Assoc assoc) {
        if (isWorkspaceGroupComposition(assoc.getModel())) {
            String workspaceOwner = this.acs.getWorkspaceOwner(assoc.getPlayer1().getId());
            this.ldap.createGroup(this.dmx.getTopic(assoc.getPlayer2().getId()).getSimpleValue().toString(), workspaceOwner, getMembers(this.dmx.getTopic(assoc.getPlayer1().getId()), workspaceOwner));
            return;
        }
        if (isUsernameWorkspaceMembership(assoc.getModel())) {
            String string = assoc.getDMXObjectByType(WORKSPACE_TYPE).getChildTopics().getString(GROUP_TYPE, (String) null);
            String simpleValue = assoc.getDMXObjectByType(USERNAME_TOPIC_TYPE).getSimpleValue().toString();
            String workspaceOwner2 = this.acs.getWorkspaceOwner(assoc.getPlayer2().getId());
            if (string == null || simpleValue.equals(workspaceOwner2)) {
                return;
            }
            this.ldap.addMember(string, simpleValue);
        }
    }

    public void preDeleteAssoc(Assoc assoc) {
        AssocModel model = assoc.getModel();
        if (isWorkspaceGroupComposition(model)) {
            this.ldap.deleteGroup(this.dmx.getTopic(model.getPlayer2().getId()).getSimpleValue().toString());
        } else if (isUsernameWorkspaceMembership(model)) {
            String string = assoc.getDMXObjectByType(WORKSPACE_TYPE).getChildTopics().getString(GROUP_TYPE, (String) null);
            String simpleValue = assoc.getDMXObjectByType(USERNAME_TOPIC_TYPE).getSimpleValue().toString();
            String workspaceOwner = this.acs.getWorkspaceOwner(model.getPlayer2().getId());
            if (string == null || simpleValue.equals(workspaceOwner)) {
                return;
            }
            this.ldap.removeMember(string, simpleValue);
        }
    }

    private boolean isPlayerType(AssocModel assocModel, String str) {
        return assocModel.getPlayer1().getTypeUri().equals(str) || assocModel.getPlayer2().getTypeUri().equals(str);
    }

    private boolean isType(PlayerModel playerModel, String str) {
        return playerModel.getTypeUri().equals(str);
    }

    private boolean isType(AssocModel assocModel, String str) {
        return assocModel.getTypeUri().equals(str);
    }

    public static /* synthetic */ boolean lambda$getMembers$1(String str, String str2) {
        return !str2.equals(str);
    }
}
