package io.hops.hopsworks.common.user.ldap;

import io.hops.hopsworks.common.dao.user.BbcGroup;
import io.hops.hopsworks.common.dao.user.BbcGroupFacade;
import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.dao.user.Users;
import io.hops.hopsworks.common.dao.user.ldap.LdapUser;
import io.hops.hopsworks.common.dao.user.ldap.LdapUserDTO;
import io.hops.hopsworks.common.dao.user.ldap.LdapUserFacade;
import io.hops.hopsworks.common.dao.user.security.ua.SecurityUtils;
import io.hops.hopsworks.common.dao.user.security.ua.UserAccountStatus;
import io.hops.hopsworks.common.user.UsersController;
import io.hops.hopsworks.common.util.Settings;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.ejb.EJBException;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/user/ldap/LdapUserController.class */
public class LdapUserController {
    private static final Logger LOGGER = Logger.getLogger(LdapUserController.class.getName());

    @EJB
    private LdapRealm ldapRealm;

    @EJB
    private LdapUserFacade ldapUserFacade;

    @EJB
    private UsersController userController;

    @EJB
    private BbcGroupFacade groupFacade;

    @EJB
    private UserFacade userFacade;

    @EJB
    private Settings settings;

    public LdapUserState login(String str, String str2, boolean z, String str3) throws LoginException {
        try {
            LdapUserDTO findAndBind = this.ldapRealm.findAndBind(str, str2);
            if (findAndBind == null) {
                throw new LoginException("User not found.");
            }
            LdapUser findByLdapUid = this.ldapUserFacade.findByLdapUid(findAndBind.getEntryUUID());
            if (findByLdapUid == null) {
                if (z) {
                    findByLdapUid = createNewLdapUser(findAndBind, str3);
                    persistLdapUser(findByLdapUid);
                }
                return new LdapUserState(z, findByLdapUid, findAndBind);
            }
            LdapUserState ldapUserState = new LdapUserState(true, findByLdapUid, findAndBind);
            if (!ldapUserUpdated(findAndBind, findByLdapUid.getUid())) {
                return ldapUserState;
            }
            ldapUserState.setLdapUser(updateLdapUser(findAndBind, findByLdapUid));
            return ldapUserState;
        } catch (EJBException | NamingException e) {
            throw new LoginException("Could not reach LDAP server.");
        }
    }

    private LdapUser createNewLdapUser(LdapUserDTO ldapUserDTO, String str) throws LoginException {
        LOGGER.log(Level.INFO, "Creating new ldap user.");
        if (ldapUserDTO.getEmail().size() != 1 && (str == null || str.isEmpty())) {
            throw new LoginException("Could not register user. Email not chosen.");
        }
        if (!ldapUserDTO.getEmail().contains(str)) {
            throw new LoginException("Could not register user. Chosen email not in ldap user email list.");
        }
        String str2 = ldapUserDTO.getEmail().size() == 1 ? ldapUserDTO.getEmail().get(0) : str;
        if (this.userFacade.findByEmail(str2) != null) {
            throw new LoginException("Failed to login. User with the chosen email already exist in the system.");
        }
        String randomPassword = SecurityUtils.getRandomPassword(16);
        Users createNewLdapUser = this.userController.createNewLdapUser(str2, ldapUserDTO.getGivenName(), ldapUserDTO.getSn(), randomPassword, UserAccountStatus.fromValue(this.settings.getLdapAccountStatus()));
        new ArrayList();
        try {
            Iterator<String> it = this.ldapRealm.getUserGroups(ldapUserDTO.getUid()).iterator();
            while (it.hasNext()) {
                BbcGroup findByGroupName = this.groupFacade.findByGroupName(it.next());
                if (findByGroupName != null) {
                    createNewLdapUser.getBbcGroupCollection().add(findByGroupName);
                }
            }
            return new LdapUser(ldapUserDTO.getEntryUUID(), createNewLdapUser, randomPassword);
        } catch (NamingException e) {
            throw new LoginException("Could not reach LDAP server.");
        }
    }

    private boolean ldapUserUpdated(LdapUserDTO ldapUserDTO, Users users) {
        if (ldapUserDTO == null || users == null) {
            return false;
        }
        return (users.getFname().equals(ldapUserDTO.getGivenName()) && users.getLname().equals(ldapUserDTO.getSn())) ? false : true;
    }

    private LdapUser updateLdapUser(LdapUserDTO ldapUserDTO, LdapUser ldapUser) {
        if (!ldapUser.getUid().getFname().equals(ldapUserDTO.getGivenName())) {
            ldapUser.getUid().setFname(ldapUserDTO.getGivenName());
        }
        if (!ldapUser.getUid().getLname().equals(ldapUserDTO.getSn())) {
            ldapUser.getUid().setLname(ldapUserDTO.getSn());
        }
        return this.ldapUserFacade.update(ldapUser);
    }

    private void persistLdapUser(LdapUser ldapUser) {
        this.ldapUserFacade.save(ldapUser);
    }
}
