package org.broadleafcommerce.openadmin.server.security.service;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.annotation.Resource;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.broadleafcommerce.common.email.service.EmailService;
import org.broadleafcommerce.common.email.service.info.EmailInfo;
import org.broadleafcommerce.common.security.util.PasswordChange;
import org.broadleafcommerce.common.security.util.PasswordUtils;
import org.broadleafcommerce.common.service.GenericResponse;
import org.broadleafcommerce.common.time.SystemTime;
import org.broadleafcommerce.openadmin.server.security.dao.AdminPermissionDao;
import org.broadleafcommerce.openadmin.server.security.dao.AdminRoleDao;
import org.broadleafcommerce.openadmin.server.security.dao.AdminUserDao;
import org.broadleafcommerce.openadmin.server.security.dao.ForgotPasswordSecurityTokenDao;
import org.broadleafcommerce.openadmin.server.security.domain.AdminPermission;
import org.broadleafcommerce.openadmin.server.security.domain.AdminRole;
import org.broadleafcommerce.openadmin.server.security.domain.AdminUser;
import org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken;
import org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityTokenImpl;
import org.broadleafcommerce.openadmin.server.security.service.type.PermissionType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.SaltSource;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service("blAdminSecurityService")
/* loaded from: input_file:org/broadleafcommerce/openadmin/server/security/service/AdminSecurityServiceImpl.class */
public class AdminSecurityServiceImpl implements AdminSecurityService {
    private static final Log LOG = LogFactory.getLog(AdminSecurityServiceImpl.class);
    private static int PASSWORD_TOKEN_LENGTH = 12;

    @Resource(name = "blAdminRoleDao")
    protected AdminRoleDao adminRoleDao;

    @Resource(name = "blAdminUserDao")
    protected AdminUserDao adminUserDao;

    @Resource(name = "blForgotPasswordSecurityTokenDao")
    protected ForgotPasswordSecurityTokenDao forgotPasswordSecurityTokenDao;

    @Resource(name = "blAdminPermissionDao")
    AdminPermissionDao adminPermissionDao;

    @Resource(name = "blPasswordEncoder")
    protected PasswordEncoder passwordEncoder;

    @Deprecated
    protected String salt;

    @Autowired(required = false)
    @Qualifier("blAdminSaltSource")
    protected SaltSource saltSource;

    @Resource(name = "blEmailService")
    protected EmailService emailService;

    @Resource(name = "blSendAdminResetPasswordEmail")
    protected EmailInfo resetPasswordEmailInfo;

    @Resource(name = "blSendAdminUsernameEmailInfo")
    protected EmailInfo sendUsernameEmailInfo;

    @Value("${tokenExpiredMinutes}")
    protected int tokenExpiredMinutes = 30;

    @Value("${resetPasswordURL}")
    protected String resetPasswordURL;

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public void deleteAdminPermission(AdminPermission adminPermission) {
        this.adminPermissionDao.deleteAdminPermission(adminPermission);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public void deleteAdminRole(AdminRole adminRole) {
        this.adminRoleDao.deleteAdminRole(adminRole);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public void deleteAdminUser(AdminUser adminUser) {
        this.adminUserDao.deleteAdminUser(adminUser);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public AdminPermission readAdminPermissionById(Long l) {
        return this.adminPermissionDao.readAdminPermissionById(l);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public AdminRole readAdminRoleById(Long l) {
        return this.adminRoleDao.readAdminRoleById(l);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public AdminUser readAdminUserById(Long l) {
        return this.adminUserDao.readAdminUserById(l);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public AdminPermission saveAdminPermission(AdminPermission adminPermission) {
        return this.adminPermissionDao.saveAdminPermission(adminPermission);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public AdminRole saveAdminRole(AdminRole adminRole) {
        return this.adminRoleDao.saveAdminRole(adminRole);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public AdminUser saveAdminUser(AdminUser adminUser) {
        boolean z = false;
        String unencodedPassword = adminUser.getUnencodedPassword();
        if (adminUser.getUnencodedPassword() != null) {
            z = true;
            adminUser.setPassword(unencodedPassword);
        }
        if (adminUser.getPassword() == null) {
            adminUser.setPassword(generateSecurePassword());
        }
        AdminUser saveAdminUser = this.adminUserDao.saveAdminUser(adminUser);
        if (z) {
            saveAdminUser.setPassword(this.passwordEncoder.encodePassword(unencodedPassword, getSalt(saveAdminUser, unencodedPassword)));
        }
        return this.adminUserDao.saveAdminUser(saveAdminUser);
    }

    protected String generateSecurePassword() {
        return RandomStringUtils.randomAlphanumeric(16);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public AdminUser changePassword(PasswordChange passwordChange) {
        AdminUser readAdminUserByUserName = readAdminUserByUserName(passwordChange.getUsername());
        readAdminUserByUserName.setUnencodedPassword(passwordChange.getNewPassword());
        AdminUser saveAdminUser = saveAdminUser(readAdminUserByUserName);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(passwordChange.getUsername(), passwordChange.getNewPassword(), authentication.getAuthorities()));
        authentication.setAuthenticated(false);
        return saveAdminUser;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public boolean isUserQualifiedForOperationOnCeilingEntity(AdminUser adminUser, PermissionType permissionType, String str) {
        return this.adminPermissionDao.isUserQualifiedForOperationOnCeilingEntity(adminUser, permissionType, str);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public boolean doesOperationExistForCeilingEntity(PermissionType permissionType, String str) {
        return this.adminPermissionDao.doesOperationExistForCeilingEntity(permissionType, str);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public AdminUser readAdminUserByUserName(String str) {
        return this.adminUserDao.readAdminUserByUserName(str);
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public List<AdminUser> readAllAdminUsers() {
        return this.adminUserDao.readAllAdminUsers();
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public List<AdminRole> readAllAdminRoles() {
        return this.adminRoleDao.readAllAdminRoles();
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public List<AdminPermission> readAllAdminPermissions() {
        return this.adminPermissionDao.readAllAdminPermissions();
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public GenericResponse sendForgotUsernameNotification(String str) {
        GenericResponse genericResponse = new GenericResponse();
        List<AdminUser> readAdminUserByEmail = str != null ? this.adminUserDao.readAdminUserByEmail(str) : null;
        if (readAdminUserByEmail == null || readAdminUserByEmail.isEmpty()) {
            genericResponse.addErrorCode("notFound");
        } else {
            ArrayList arrayList = new ArrayList();
            for (AdminUser adminUser : readAdminUserByEmail) {
                if (adminUser.getActiveStatusFlag().booleanValue()) {
                    arrayList.add(adminUser.getLogin());
                }
            }
            if (arrayList.size() > 0) {
                HashMap hashMap = new HashMap();
                hashMap.put("accountNames", arrayList);
                this.emailService.sendTemplateEmail(str, getSendUsernameEmailInfo(), hashMap);
            } else {
                genericResponse.addErrorCode("inactiveUser");
            }
        }
        return genericResponse;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public GenericResponse sendResetPasswordNotification(String str) {
        GenericResponse genericResponse = new GenericResponse();
        AdminUser adminUser = null;
        if (str != null) {
            adminUser = this.adminUserDao.readAdminUserByUserName(str);
        }
        checkUser(adminUser, genericResponse);
        if (!genericResponse.getHasErrors()) {
            String lowerCase = PasswordUtils.generateTemporaryPassword(PASSWORD_TOKEN_LENGTH).toLowerCase();
            ForgotPasswordSecurityTokenImpl forgotPasswordSecurityTokenImpl = new ForgotPasswordSecurityTokenImpl();
            forgotPasswordSecurityTokenImpl.setAdminUserId(adminUser.getId());
            forgotPasswordSecurityTokenImpl.setToken(this.passwordEncoder.encodePassword(lowerCase, (Object) null));
            forgotPasswordSecurityTokenImpl.setCreateDate(SystemTime.asDate());
            this.forgotPasswordSecurityTokenDao.saveToken(forgotPasswordSecurityTokenImpl);
            HashMap hashMap = new HashMap();
            hashMap.put("token", lowerCase);
            String resetPasswordURL = getResetPasswordURL();
            if (!StringUtils.isEmpty(resetPasswordURL)) {
                resetPasswordURL = resetPasswordURL.contains("?") ? resetPasswordURL + "&token=" + lowerCase : resetPasswordURL + "?token=" + lowerCase;
            }
            hashMap.put("resetPasswordUrl", resetPasswordURL);
            this.emailService.sendTemplateEmail(adminUser.getEmail(), getResetPasswordEmailInfo(), hashMap);
        }
        return genericResponse;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public GenericResponse resetPasswordUsingToken(String str, String str2, String str3, String str4) {
        GenericResponse genericResponse = new GenericResponse();
        AdminUser adminUser = null;
        if (str != null) {
            adminUser = this.adminUserDao.readAdminUserByUserName(str);
        }
        checkUser(adminUser, genericResponse);
        checkPassword(str3, str4, genericResponse);
        if (str2 == null || "".equals(str2)) {
            genericResponse.addErrorCode("invalidToken");
        }
        ForgotPasswordSecurityToken forgotPasswordSecurityToken = null;
        if (!genericResponse.getHasErrors()) {
            forgotPasswordSecurityToken = this.forgotPasswordSecurityTokenDao.readToken(this.passwordEncoder.encodePassword(str2.toLowerCase(), (Object) null));
            if (forgotPasswordSecurityToken == null) {
                genericResponse.addErrorCode("invalidToken");
            } else if (forgotPasswordSecurityToken.isTokenUsedFlag()) {
                genericResponse.addErrorCode("tokenUsed");
            } else if (isTokenExpired(forgotPasswordSecurityToken)) {
                genericResponse.addErrorCode("tokenExpired");
            }
        }
        if (!genericResponse.getHasErrors()) {
            adminUser.setUnencodedPassword(str3);
            saveAdminUser(adminUser);
            forgotPasswordSecurityToken.setTokenUsedFlag(true);
            this.forgotPasswordSecurityTokenDao.saveToken(forgotPasswordSecurityToken);
        }
        return genericResponse;
    }

    protected void checkUser(AdminUser adminUser, GenericResponse genericResponse) {
        if (adminUser == null) {
            genericResponse.addErrorCode("invalidUser");
            return;
        }
        if (adminUser.getEmail() == null || "".equals(adminUser.getEmail())) {
            genericResponse.addErrorCode("emailNotFound");
        } else if (adminUser.getActiveStatusFlag() == null || !adminUser.getActiveStatusFlag().booleanValue()) {
            genericResponse.addErrorCode("inactiveUser");
        }
    }

    protected void checkPassword(String str, String str2, GenericResponse genericResponse) {
        if (str == null || str2 == null || "".equals(str) || "".equals(str2)) {
            genericResponse.addErrorCode("invalidPassword");
        } else {
            if (str.equals(str2)) {
                return;
            }
            genericResponse.addErrorCode("passwordMismatch");
        }
    }

    protected void checkExistingPassword(String str, AdminUser adminUser, GenericResponse genericResponse) {
        if (this.passwordEncoder.isPasswordValid(adminUser.getPassword(), str, getSalt(adminUser, str))) {
            return;
        }
        genericResponse.addErrorCode("invalidPassword");
    }

    protected boolean isTokenExpired(ForgotPasswordSecurityToken forgotPasswordSecurityToken) {
        return (SystemTime.asDate().getTime() - forgotPasswordSecurityToken.getCreateDate().getTime()) / 60000 > ((long) this.tokenExpiredMinutes);
    }

    public int getTokenExpiredMinutes() {
        return this.tokenExpiredMinutes;
    }

    public void setTokenExpiredMinutes(int i) {
        this.tokenExpiredMinutes = i;
    }

    public static int getPASSWORD_TOKEN_LENGTH() {
        return PASSWORD_TOKEN_LENGTH;
    }

    public static void setPASSWORD_TOKEN_LENGTH(int i) {
        PASSWORD_TOKEN_LENGTH = i;
    }

    public String getResetPasswordURL() {
        return this.resetPasswordURL;
    }

    public void setResetPasswordURL(String str) {
        this.resetPasswordURL = str;
    }

    public EmailInfo getSendUsernameEmailInfo() {
        return this.sendUsernameEmailInfo;
    }

    public void setSendUsernameEmailInfo(EmailInfo emailInfo) {
        this.sendUsernameEmailInfo = emailInfo;
    }

    public EmailInfo getResetPasswordEmailInfo() {
        return this.resetPasswordEmailInfo;
    }

    public void setResetPasswordEmailInfo(EmailInfo emailInfo) {
        this.resetPasswordEmailInfo = emailInfo;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public Object getSalt(AdminUser adminUser, String str) {
        Object obj = null;
        if (this.saltSource != null) {
            obj = this.saltSource.getSalt(new AdminUserDetails(adminUser.getId(), adminUser.getLogin(), str, new ArrayList()));
        }
        return obj;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public String getSalt() {
        return this.salt;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public void setSalt(String str) {
        this.salt = str;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public SaltSource getSaltSource() {
        return this.saltSource;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    public void setSaltSource(SaltSource saltSource) {
        this.saltSource = saltSource;
    }

    @Override // org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService
    @Transactional("blTransactionManager")
    public GenericResponse changePassword(String str, String str2, String str3, String str4) {
        GenericResponse genericResponse = new GenericResponse();
        AdminUser adminUser = null;
        if (str != null) {
            adminUser = this.adminUserDao.readAdminUserByUserName(str);
        }
        checkUser(adminUser, genericResponse);
        checkPassword(str3, str4, genericResponse);
        if (!genericResponse.getHasErrors()) {
            checkExistingPassword(str2, adminUser, genericResponse);
        }
        if (!genericResponse.getHasErrors()) {
            adminUser.setUnencodedPassword(str3);
            saveAdminUser(adminUser);
        }
        return genericResponse;
    }
}
