package io.hops.hopsworks.common.user;

import com.google.zxing.WriterException;
import io.hops.hopsworks.common.dao.user.BbcGroup;
import io.hops.hopsworks.common.dao.user.BbcGroupFacade;
import io.hops.hopsworks.common.dao.user.UserDTO;
import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.dao.user.Users;
import io.hops.hopsworks.common.dao.user.security.Address;
import io.hops.hopsworks.common.dao.user.security.Organization;
import io.hops.hopsworks.common.dao.user.security.audit.AccountAudit;
import io.hops.hopsworks.common.dao.user.security.audit.AccountAuditFacade;
import io.hops.hopsworks.common.dao.user.security.audit.AccountsAuditActions;
import io.hops.hopsworks.common.dao.user.security.audit.RolesAudit;
import io.hops.hopsworks.common.dao.user.security.audit.RolesAuditAction;
import io.hops.hopsworks.common.dao.user.security.audit.RolesAuditFacade;
import io.hops.hopsworks.common.dao.user.security.audit.UserAuditActions;
import io.hops.hopsworks.common.dao.user.security.ua.SecurityQuestion;
import io.hops.hopsworks.common.dao.user.security.ua.SecurityUtils;
import io.hops.hopsworks.common.dao.user.security.ua.UserAccountStatus;
import io.hops.hopsworks.common.dao.user.security.ua.UserAccountType;
import io.hops.hopsworks.common.dao.user.security.ua.UserAccountsEmailMessages;
import io.hops.hopsworks.common.dao.user.sshkey.SshKeyDTO;
import io.hops.hopsworks.common.dao.user.sshkey.SshKeys;
import io.hops.hopsworks.common.dao.user.sshkey.SshKeysPK;
import io.hops.hopsworks.common.dao.user.sshkey.SshkeysFacade;
import io.hops.hopsworks.common.exception.RESTCodes;
import io.hops.hopsworks.common.exception.ServiceException;
import io.hops.hopsworks.common.exception.UserException;
import io.hops.hopsworks.common.util.EmailBean;
import io.hops.hopsworks.common.util.FormatUtils;
import io.hops.hopsworks.common.util.QRCodeGenerator;
import io.hops.hopsworks.common.util.Settings;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/user/UsersController.class */
public class UsersController {
    private static final Logger LOGGER = Logger.getLogger(UsersController.class.getName());

    @EJB
    private UserFacade userFacade;

    @EJB
    private AccountAuditFacade accountAuditFacade;

    @EJB
    private RolesAuditFacade rolesAuditFacade;

    @EJB
    private BbcGroupFacade bbcGroupFacade;

    @EJB
    private SshkeysFacade sshKeysBean;

    @EJB
    private UserValidator userValidator;

    @EJB
    private EmailBean emailBean;

    @EJB
    private Settings settings;

    @EJB
    private AuthController authController;

    @EJB
    private AccountAuditFacade auditManager;
    private byte[] qrCode;

    public byte[] registerUser(UserDTO userDTO, HttpServletRequest httpServletRequest) throws NoSuchAlgorithmException, UserException {
        this.userValidator.isValidNewUser(userDTO);
        Users createNewUser = createNewUser(userDTO, UserAccountStatus.NEW_MOBILE_ACCOUNT, UserAccountType.M_ACCOUNT_TYPE);
        addAddress(createNewUser);
        addOrg(createNewUser);
        try {
            if (!userDTO.isTestUser()) {
                this.emailBean.sendEmail(userDTO.getEmail(), Message.RecipientType.TO, UserAccountsEmailMessages.ACCOUNT_REQUEST_SUBJECT, UserAccountsEmailMessages.buildMobileRequestMessage(FormatUtils.getUserURL(httpServletRequest), createNewUser.getUsername() + createNewUser.getValidationKey()));
            }
            this.userFacade.persist(createNewUser);
            this.qrCode = QRCodeGenerator.getQRCodeBytes(userDTO.getEmail(), Settings.ISSUER, createNewUser.getSecret());
            this.accountAuditFacade.registerAccountChange(createNewUser, AccountsAuditActions.REGISTRATION.name(), AccountsAuditActions.SUCCESS.name(), "", createNewUser, httpServletRequest);
            this.accountAuditFacade.registerAccountChange(createNewUser, AccountsAuditActions.QRCODE.name(), AccountsAuditActions.SUCCESS.name(), "", createNewUser, httpServletRequest);
            return this.qrCode;
        } catch (WriterException | MessagingException | IOException e) {
            this.accountAuditFacade.registerAccountChange(createNewUser, AccountsAuditActions.REGISTRATION.name(), AccountsAuditActions.FAILED.name(), "", createNewUser, httpServletRequest);
            this.accountAuditFacade.registerAccountChange(createNewUser, AccountsAuditActions.QRCODE.name(), AccountsAuditActions.FAILED.name(), "", createNewUser, httpServletRequest);
            throw new UserException(RESTCodes.UserErrorCode.ACCOUNT_REGISTRATION_ERROR, Level.SEVERE, "user: " + userDTO.getUsername(), e.getMessage(), e);
        }
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public String activateUser(String str, Users users, Users users2, HttpServletRequest httpServletRequest) {
        BbcGroup findByGroupName = this.bbcGroupFacade.findByGroupName(str);
        if (findByGroupName == null) {
            this.auditManager.registerAccountChange(users2, UserAccountStatus.ACTIVATED_ACCOUNT.name(), RolesAuditAction.FAILED.name(), "Role could not be granted.", users, httpServletRequest);
            return "Role could not be granted.";
        }
        registerGroup(users, findByGroupName.getGid().intValue());
        this.auditManager.registerRoleChange(users2, RolesAuditAction.ROLE_ADDED.name(), RolesAuditAction.SUCCESS.name(), findByGroupName.getGroupName(), users, httpServletRequest);
        try {
            updateStatus(users, UserAccountStatus.ACTIVATED_ACCOUNT);
            this.auditManager.registerAccountChange(users2, UserAccountStatus.ACTIVATED_ACCOUNT.name(), UserAuditActions.SUCCESS.name(), "", users, httpServletRequest);
            return null;
        } catch (IllegalArgumentException e) {
            this.auditManager.registerAccountChange(users2, UserAccountStatus.ACTIVATED_ACCOUNT.name(), RolesAuditAction.FAILED.name(), "User could not be activated.", users, httpServletRequest);
            return "User could not be activated.";
        }
    }

    public Users createNewUser(UserDTO userDTO, UserAccountStatus userAccountStatus, UserAccountType userAccountType) throws NoSuchAlgorithmException {
        String calculateSecretKey = SecurityUtils.calculateSecretKey();
        String randomPassword = SecurityUtils.getRandomPassword(64);
        String generateUsername = generateUsername(userDTO.getEmail());
        ArrayList arrayList = new ArrayList();
        String generateSalt = this.authController.generateSalt();
        Users users = new Users(generateUsername, this.authController.getPasswordHash(userDTO.getChosenPassword(), generateSalt), userDTO.getEmail(), userDTO.getFirstName(), userDTO.getLastName(), new Timestamp(new Date().getTime()), "-", "-", userAccountStatus, calculateSecretKey, randomPassword, SecurityQuestion.getQuestion(userDTO.getSecurityQuestion()), this.authController.getHash(userDTO.getSecurityAnswer().toLowerCase()), userAccountType, new Timestamp(new Date().getTime()), userDTO.getTelephoneNum(), this.settings.getMaxNumProjPerUser(), userDTO.isTwoFactor(), generateSalt, userDTO.getToursState());
        users.setBbcGroupCollection(arrayList);
        return users;
    }

    public Users createNewAgent(String str, String str2, String str3, String str4, String str5) {
        String generateUsername = generateUsername(str);
        ArrayList arrayList = new ArrayList();
        String generateSalt = this.authController.generateSalt();
        Users users = new Users(generateUsername, this.authController.getPasswordHash(str4, generateSalt), str, str2, str3, str5, "-", UserAccountStatus.NEW_MOBILE_ACCOUNT, UserAccountType.M_ACCOUNT_TYPE, 0, generateSalt);
        users.setBbcGroupCollection(arrayList);
        return users;
    }

    public Users createNewLdapUser(String str, String str2, String str3, String str4, UserAccountStatus userAccountStatus) {
        String generateUsername = generateUsername(str);
        ArrayList arrayList = new ArrayList();
        String generateSalt = this.authController.generateSalt();
        Users users = new Users(generateUsername, this.authController.getPasswordHash(str4, generateSalt), str, str2, str3, "-", "-", userAccountStatus, UserAccountType.LDAP_ACCOUNT_TYPE, this.settings.getMaxNumProjPerUser(), generateSalt);
        users.setBbcGroupCollection(arrayList);
        addAddress(users);
        addOrg(users);
        return users;
    }

    public void addAddress(Users users) {
        Address address = new Address();
        address.setUid(users);
        address.setAddress1("-");
        address.setAddress2("-");
        address.setAddress3("-");
        address.setCity("Stockholm");
        address.setCountry("SE");
        address.setPostalcode("-");
        address.setState("-");
        users.setAddress(address);
    }

    public void addOrg(Users users) {
        Organization organization = new Organization();
        organization.setUid(users);
        organization.setContactEmail("-");
        organization.setContactPerson("-");
        organization.setDepartment("-");
        organization.setFax("-");
        organization.setOrgName("-");
        organization.setWebsite("-");
        organization.setPhone("-");
        users.setOrganization(organization);
    }

    public void recoverPassword(String str, String str2, String str3, HttpServletRequest httpServletRequest) throws UserException, ServiceException {
        if (this.userValidator.isValidEmail(str) && this.userValidator.isValidsecurityQA(str2, str3)) {
            Users findByEmail = this.userFacade.findByEmail(str);
            if (findByEmail == null) {
                throw new UserException(RESTCodes.UserErrorCode.USER_WAS_NOT_FOUND, Level.FINE);
            }
            if (!this.authController.validateSecurityQA(findByEmail, str2, str3, httpServletRequest)) {
                throw new UserException(RESTCodes.UserErrorCode.SEC_QA_INCORRECT, Level.FINE);
            }
            this.authController.resetPassword(findByEmail, httpServletRequest);
        }
    }

    public void changePassword(Users users, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws UserException {
        if (!this.authController.validatePassword(users, str, httpServletRequest)) {
            throw new UserException(RESTCodes.UserErrorCode.PASSWORD_INCORRECT, Level.FINE);
        }
        if (this.userValidator.isValidPassword(str2, str3)) {
            try {
                this.authController.changePassword(users, str2, httpServletRequest);
                this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.PASSWORDCHANGE.name(), AccountsAuditActions.SUCCESS.name(), "Changed password.", users, httpServletRequest);
                if (users.getEmail().compareTo(Settings.SITE_EMAIL) == 0) {
                    this.settings.setAdminPasswordChanged();
                }
            } catch (Exception e) {
                throw new UserException(RESTCodes.UserErrorCode.PASSWORD_RESET_UNSUCCESSFUL, Level.SEVERE, null, e.getMessage(), e);
            }
        }
    }

    public void changeSecQA(Users users, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws UserException {
        if (!this.authController.validatePassword(users, str, httpServletRequest)) {
            throw new UserException(RESTCodes.UserErrorCode.PASSWORD_INCORRECT, Level.FINE);
        }
        if (this.userValidator.isValidsecurityQA(str2, str3)) {
            this.authController.changeSecQA(users, str2, str3, httpServletRequest);
        }
    }

    public Users updateProfile(Users users, String str, String str2, String str3, Integer num, HttpServletRequest httpServletRequest) throws UserException {
        if (users == null) {
            throw new UserException(RESTCodes.UserErrorCode.USER_WAS_NOT_FOUND, Level.FINE);
        }
        if (str != null) {
            users.setFname(str);
        }
        if (str2 != null) {
            users.setLname(str2);
        }
        if (str3 != null) {
            users.setMobile(str3);
        }
        if (num != null) {
            users.setToursState(num.intValue());
        }
        this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.SECQUESTION.name(), AccountsAuditActions.SUCCESS.name(), "Update Profile Info", users, httpServletRequest);
        this.userFacade.update(users);
        return users;
    }

    public SshKeyDTO addSshKey(int i, String str, String str2) {
        SshKeys sshKeys = new SshKeys();
        sshKeys.setSshKeysPK(new SshKeysPK(i, str));
        sshKeys.setPublicKey(str2);
        this.sshKeysBean.persist(sshKeys);
        return new SshKeyDTO(sshKeys);
    }

    public void removeSshKey(int i, String str) {
        this.sshKeysBean.removeByIdName(i, str);
    }

    public List<SshKeyDTO> getSshKeys(int i) {
        List<SshKeys> findAllById = this.sshKeysBean.findAllById(i);
        ArrayList arrayList = new ArrayList();
        Iterator<SshKeys> it = findAllById.iterator();
        while (it.hasNext()) {
            arrayList.add(new SshKeyDTO(it.next()));
        }
        return arrayList;
    }

    public String generateUsername(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Email is null");
        }
        String replaceAll = str.substring(0, str.lastIndexOf("@")).toLowerCase().replaceAll("[^a-z0-9]", "");
        String substring = replaceAll.length() <= 8 ? replaceAll + StringUtils.repeat("0", 8 - replaceAll.length()) : replaceAll.substring(0, 8);
        Users findByUsername = this.userFacade.findByUsername(substring);
        if (findByUsername == null) {
            return substring;
        }
        String str2 = "";
        String str3 = "";
        int i = 1;
        while (findByUsername != null && i < 100) {
            str3 = String.valueOf(i);
            str2 = substring.substring(0, 8 - str3.length());
            findByUsername = this.userFacade.findByUsername(str2 + str3);
            i++;
        }
        if (i == 100) {
            throw new IllegalStateException("You cannot register with this email address. Pick another.");
        }
        return str2 + str3;
    }

    public byte[] changeTwoFactor(Users users, String str, HttpServletRequest httpServletRequest) throws UserException {
        if (users == null) {
            throw new IllegalArgumentException("User was not provided.");
        }
        if (!this.authController.validatePassword(users, str, httpServletRequest)) {
            this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.TWO_FACTOR.name(), AccountsAuditActions.FAILED.name(), "Incorrect password", users, httpServletRequest);
            throw new UserException(RESTCodes.UserErrorCode.PASSWORD_INCORRECT, Level.FINE);
        }
        byte[] bArr = null;
        if (users.getTwoFactor()) {
            users.setTwoFactor(false);
            this.userFacade.update(users);
            this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.TWO_FACTOR.name(), AccountsAuditActions.SUCCESS.name(), "Disabled 2-factor", users, httpServletRequest);
        } else {
            try {
                users.setTwoFactor(true);
                this.userFacade.update(users);
                bArr = QRCodeGenerator.getQRCodeBytes(users.getEmail(), Settings.ISSUER, users.getSecret());
                this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.TWO_FACTOR.name(), AccountsAuditActions.SUCCESS.name(), "Enabled 2-factor", users, httpServletRequest);
                this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.QRCODE.name(), AccountsAuditActions.SUCCESS.name(), "Enabled 2-factor", users, httpServletRequest);
            } catch (IOException | WriterException e) {
                LOGGER.log(Level.SEVERE, (String) null, (Throwable) e);
                this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.TWO_FACTOR.name(), AccountsAuditActions.FAILED.name(), "Enabled 2-factor", users, httpServletRequest);
                this.accountAuditFacade.registerAccountChange(users, AccountsAuditActions.QRCODE.name(), AccountsAuditActions.FAILED.name(), "Enabled 2-factor", users, httpServletRequest);
                throw new UserException(RESTCodes.UserErrorCode.TWO_FA_ENABLE_ERROR, Level.SEVERE, "user: " + users.getUsername(), e.getMessage(), e);
            }
        }
        return bArr;
    }

    public byte[] getQRCode(Users users, String str, HttpServletRequest httpServletRequest) throws UserException {
        if (users == null) {
            throw new IllegalArgumentException("User was not provided");
        }
        if (!this.authController.validatePassword(users, str, httpServletRequest)) {
            throw new UserException(RESTCodes.UserErrorCode.PASSWORD_INCORRECT, Level.FINE);
        }
        byte[] bArr = null;
        if (users.getTwoFactor()) {
            try {
                bArr = QRCodeGenerator.getQRCodeBytes(users.getEmail(), Settings.ISSUER, users.getSecret());
            } catch (IOException | WriterException e) {
                LOGGER.log(Level.SEVERE, (String) null, (Throwable) e);
            }
        }
        return bArr;
    }

    public void registerGroup(Users users, int i) {
        users.getBbcGroupCollection().add(this.bbcGroupFacade.find(Integer.valueOf(i)));
        this.userFacade.update(users);
    }

    public void registerAddress(Users users) {
        Address address = new Address();
        address.setAddress1("-");
        address.setAddress2("-");
        address.setAddress3("-");
        address.setState("-");
        address.setCity("-");
        address.setCountry("-");
        address.setPostalcode("-");
        users.setAddress(address);
        this.userFacade.persist(users);
    }

    public void increaseLockNum(int i, int i2) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        if (find != null) {
            find.setFalseLogin(i2);
            this.userFacade.update(find);
        }
    }

    public void setOnline(int i, int i2) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        find.setIsonline(i2);
        this.userFacade.update(find);
    }

    public void resetLock(int i) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        find.setFalseLogin(0);
        this.userFacade.update(find);
    }

    public void changeAccountStatus(int i, String str, UserAccountStatus userAccountStatus) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        if (find != null) {
            find.setNotes(str);
            find.setStatus(userAccountStatus);
            this.userFacade.update(find);
        }
    }

    public void resetKey(int i) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        find.setValidationKey(SecurityUtils.getRandomPassword(64));
        this.userFacade.update(find);
    }

    public void resetSecQuestion(int i, SecurityQuestion securityQuestion, String str) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        find.setSecurityQuestion(securityQuestion);
        find.setSecurityAnswer(str);
        this.userFacade.update(find);
    }

    public void updateStatus(Users users, UserAccountStatus userAccountStatus) {
        users.setStatus(userAccountStatus);
        this.userFacade.update(users);
    }

    public void updateSecret(int i, String str) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        find.setSecret(str);
        this.userFacade.update(find);
    }

    public void increaseNumCreatedProjects(int i) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        find.setNumCreatedProjects(Integer.valueOf(find.getNumCreatedProjects().intValue() + 1));
        find.setNumActiveProjects(Integer.valueOf(find.getNumActiveProjects().intValue() + 1));
        this.userFacade.update(find);
    }

    public void decrementNumProjectsCreated(int i) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        int intValue = find.getNumCreatedProjects().intValue();
        if (intValue > 0) {
            find.setNumCreatedProjects(Integer.valueOf(intValue - 1));
            this.userFacade.update(find);
        }
    }

    public void decrementNumActiveProjects(int i) {
        Users find = this.userFacade.find(Integer.valueOf(i));
        int intValue = find.getNumActiveProjects().intValue();
        if (intValue > 0) {
            find.setNumActiveProjects(Integer.valueOf(intValue - 1));
            this.userFacade.update(find);
        }
    }

    public boolean isUsernameTaken(String str) {
        return this.userFacade.findByEmail(str) != null;
    }

    public boolean isUserInRole(Users users, String str) {
        BbcGroup findByGroupName;
        if (users == null || str == null || (findByGroupName = this.bbcGroupFacade.findByGroupName(str)) == null) {
            return false;
        }
        return users.getBbcGroupCollection().contains(findByGroupName);
    }

    public List<String> getUserRoles(Users users) {
        Collection<BbcGroup> bbcGroupCollection = users.getBbcGroupCollection();
        ArrayList arrayList = new ArrayList();
        Iterator<BbcGroup> it = bbcGroupCollection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getGroupName());
        }
        return arrayList;
    }

    public void updateMaxNumProjs(Users users, int i) {
        users.setMaxNumProjects(Integer.valueOf(i));
        this.userFacade.update(users);
    }

    public void deleteUser(Users users) {
        if (users != null) {
            List<RolesAudit> findByInitiator = this.rolesAuditFacade.findByInitiator(users);
            findByInitiator.addAll(this.rolesAuditFacade.findByTarget(users));
            Iterator<RolesAudit> it = findByInitiator.iterator();
            while (it.hasNext()) {
                this.rolesAuditFacade.remove(it.next());
            }
            List<AccountAudit> findByInitiator2 = this.accountAuditFacade.findByInitiator(users);
            findByInitiator2.addAll(this.accountAuditFacade.findByTarget(users));
            Iterator<AccountAudit> it2 = findByInitiator2.iterator();
            while (it2.hasNext()) {
                this.accountAuditFacade.remove(it2.next());
            }
            this.userFacade.removeByEmail(users.getEmail());
        }
    }
}
