package Sirius.server.middleware.impls.proxy;

import Sirius.server.ServerExitError;
import Sirius.server.localserver.user.LoginRestrictionHelper;
import Sirius.server.middleware.interfaces.domainserver.UserService;
import Sirius.server.newuser.User;
import Sirius.server.newuser.UserException;
import Sirius.server.newuser.UserGroup;
import Sirius.server.newuser.UserServer;
import de.cismet.cids.server.ws.rest.RESTfulSerialInterface;
import de.cismet.cidsx.client.connector.RESTfulInterfaceConnector;
import de.cismet.connectioncontext.ConnectionContext;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.security.Keys;
import java.lang.management.ManagementFactory;
import java.rmi.RemoteException;
import java.util.Base64;
import java.util.Hashtable;
import java.util.Vector;
import javax.crypto.spec.SecretKeySpec;
import javax.management.ObjectName;
import org.apache.log4j.Logger;

/* loaded from: input_file:Sirius/server/middleware/impls/proxy/UserServiceImpl.class */
public class UserServiceImpl {
    private static final String DOMAINSPLITTER = "@";
    private UserServer userServer;
    private Hashtable activeLocalServers;
    private static final transient Logger LOG = Logger.getLogger(UserServiceImpl.class);
    private static byte[] decodedKey = Base64.getDecoder().decode(createRandomKey());

    public UserServiceImpl(Hashtable hashtable, UserServer userServer) throws RemoteException {
        this.activeLocalServers = hashtable;
        this.userServer = userServer;
    }

    private static String createRandomKey() {
        return (String) Encoders.BASE64.encode(Keys.secretKeyFor(SignatureAlgorithm.HS256).getEncoded());
    }

    public static void recreateRandomKey() {
        decodedKey = Base64.getDecoder().decode(createRandomKey());
    }

    public static void main(String[] strArr) {
        System.out.println("Will produce 20 random Secret Keys");
        for (int i = 0; i < 20; i++) {
            System.out.println((String) Encoders.BASE64.encode(Keys.secretKeyFor(SignatureAlgorithm.HS256).getEncoded()));
        }
        System.out.println("\nDecoding Test");
        SecretKeySpec secretKeySpec = new SecretKeySpec(Base64.getDecoder().decode("J0j+LcPz1I3ATqoi/QENz0dZD+C4pL6B9waw4zVw4e4="), SignatureAlgorithm.HS256.getJcaName());
        System.out.println((String) Encoders.BASE64.encode(secretKeySpec.getEncoded()));
        String compact = Jwts.builder().setId("1").setSubject("admin@s").signWith(secretKeySpec).compact();
        System.out.println("\nJWS Test");
        System.out.println(compact);
    }

    public static void registerMBean() {
        try {
            ManagementFactory.getPlatformMBeanServer().registerMBean(new UserServiceManagement(), new ObjectName("Sirius.server.middleware.impls.proxy:type=UserServiceManagementMBean"));
        } catch (Exception e) {
            LOG.error("could not register connection user service MBean", e);
            throw new ServerExitError("could not register connection user service MBean", e);
        }
    }

    public User getUser(String str, String str2, String str3, String str4, String str5, ConnectionContext connectionContext) throws RemoteException, UserException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(decodedKey, SignatureAlgorithm.HS256.getJcaName());
        if (LOG.isDebugEnabled()) {
            LOG.debug("getUser calles for user::" + str4);
            LOG.debug("userLsName:" + str3);
            LOG.debug("userName:" + str4);
            LOG.debug("userGroupLsName:" + str);
            LOG.debug(new StringBuilder().append("password:").append(str5).toString() == null ? "null" : "*****");
        }
        if (str4.equals("jwt")) {
            Claims claims = (Claims) Jwts.parserBuilder().setSigningKey(secretKeySpec).build().parseClaimsJws(str5).getBody();
            new Integer(claims.getId()).intValue();
            String subject = claims.getSubject();
            User user = this.userServer.getUser((String) claims.get("usergroupDomain", String.class), (String) claims.get("usergroup", String.class), (String) claims.get(RESTfulSerialInterface.PARAM_DOMAIN, String.class), subject, "jwtCreatedUser");
            user.setValid();
            return user;
        }
        User user2 = this.userServer.getUser(str, str2, str3, str4, str5);
        boolean z = false;
        if (user2 != null) {
            UserService userService = (UserService) this.activeLocalServers.get(str3);
            if (userService == null) {
                throw new UserException("Login failed, home server of the user is not reachable :: " + str4, false, false, false, true);
            }
            z = userService.validateUser(user2, str5, connectionContext);
        }
        if (!z) {
            throw new UserException("Login failed :: " + str4, false, true, false, false);
        }
        String configAttr = getConfigAttr(user2, "login.restriction", connectionContext);
        if (configAttr != null) {
            LoginRestrictionHelper.getInstance().checkLoginRestriction(configAttr);
        }
        JwtBuilder subject2 = Jwts.builder().setId(user2.getId() + RESTfulInterfaceConnector.ENTITIES_API).setSubject(str4);
        subject2.claim(RESTfulSerialInterface.PARAM_DOMAIN, str3);
        if (str2 != null && str != null) {
            subject2.claim("usergroup", str2);
            subject2.claim("usergroupDomain", str);
        }
        user2.setJwsToken(subject2.signWith(secretKeySpec).compact());
        return user2;
    }

    public Vector getUserGroupNames(ConnectionContext connectionContext) throws RemoteException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("getUserGroupName called");
        }
        Vector vector = new Vector(20, 20);
        for (UserGroup userGroup : this.userServer.getUserGroups()) {
            vector.add(new String[]{userGroup.getName(), userGroup.getDomain()});
        }
        return vector;
    }

    public Vector getUserGroupNames(String str, String str2, ConnectionContext connectionContext) throws RemoteException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("getUserGroupNames called for :username:" + str);
        }
        return this.userServer.getUserGroupNames(str.trim(), str2.trim());
    }

    public boolean changePassword(User user, String str, String str2, ConnectionContext connectionContext) throws RemoteException, UserException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("changePassword called for :user:" + user);
        }
        return ((UserService) this.activeLocalServers.get(user.getDomain())).changePassword(user, str, str2, connectionContext);
    }

    public String getConfigAttr(User user, String str, ConnectionContext connectionContext) throws RemoteException {
        String domain;
        String str2;
        if (str.contains(DOMAINSPLITTER)) {
            String[] split = str.split(DOMAINSPLITTER);
            domain = split[1];
            str2 = split[0];
        } else {
            domain = user.getDomain();
            str2 = str;
        }
        UserService userService = (UserService) this.activeLocalServers.get(domain);
        if (userService != null) {
            return userService.getConfigAttr(user, str2, connectionContext);
        }
        return null;
    }
}
