package eu.etaxonomy.cdm.api.service;

import eu.etaxonomy.cdm.model.permission.GrantedAuthorityImpl;
import eu.etaxonomy.cdm.model.permission.User;
import eu.etaxonomy.cdm.persistence.dao.permission.IGrantedAuthorityDao;
import eu.etaxonomy.cdm.persistence.dao.permission.IUserDao;
import eu.etaxonomy.cdm.persistence.query.MatchMode;
import eu.etaxonomy.cdm.persistence.query.OrderHint;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.hibernate.NonUniqueResultException;
import org.hibernate.criterion.Criterion;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.SaltSource;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

@Transactional(readOnly = true)
@Service
/* loaded from: input_file:lib/cdmlib-services-5.46.0-SNAPSHOT.jar:eu/etaxonomy/cdm/api/service/UserService.class */
public class UserService extends ServiceBase<User, IUserDao> implements IUserService {
    private IGrantedAuthorityDao grantedAuthorityDao;
    private SaltSource saltSource;
    private PasswordEncoder passwordEncoder;
    private AuthenticationManager authenticationManager;
    private UserCache userCache = new NullUserCache();

    @Autowired(required = false)
    public void setUserCache(UserCache userCache) {
        Assert.notNull(userCache, "userCache cannot be null");
        this.userCache = userCache;
    }

    @Autowired(required = false)
    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    @Autowired(required = false)
    public void setSaltSource(SaltSource saltSource) {
        this.saltSource = saltSource;
    }

    @Autowired(required = false)
    @Lazy
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // eu.etaxonomy.cdm.api.service.ServiceBase
    @Autowired
    public void setDao(IUserDao iUserDao) {
        this.dao = iUserDao;
    }

    @Autowired
    public void setGrantedAuthorityDao(IGrantedAuthorityDao iGrantedAuthorityDao) {
        this.grantedAuthorityDao = iGrantedAuthorityDao;
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    @Transactional(readOnly = false)
    @PreAuthorize("isAuthenticated()")
    public void changePassword(String str, String str2) {
        Assert.hasText(str, "Old password must not be empty.");
        Assert.hasText(str2, "New password must not be empty.");
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || authentication.getPrincipal() == null || !(authentication.getPrincipal() instanceof User)) {
            throw new AccessDeniedException("Can't change password as no Authentication object found in context for current user.");
        }
        User load = ((IUserDao) this.dao).load(((User) authentication.getPrincipal()).getUuid());
        this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(load.getUsername(), str));
        encodeUserPassword(load, str2);
        ((IUserDao) this.dao).update(load);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(load, load.getPassword(), load.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(authentication.getDetails());
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        this.userCache.removeUserFromCache(load.getUsername());
    }

    @Override // eu.etaxonomy.cdm.api.service.IUserService
    public void encodeUserPassword(User user, String str) {
        user.setPassword(this.passwordEncoder.encodePassword(str, this.saltSource.getSalt(user)));
    }

    @Override // eu.etaxonomy.cdm.api.service.IUserService
    @Transactional(readOnly = false)
    @PreAuthorize("#username == authentication.name or hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public void changePasswordForUser(String str, String str2) {
        Assert.hasText(str, "Username must not be empty.");
        Assert.hasText(str2, "Password must not be empty.");
        try {
            User findUserByUsername = ((IUserDao) this.dao).findUserByUsername(str);
            if (findUserByUsername == null) {
                throw new UsernameNotFoundException(str);
            }
            encodeUserPassword(findUserByUsername, str2);
            ((IUserDao) this.dao).update(findUserByUsername);
            this.userCache.removeUserFromCache(findUserByUsername.getUsername());
        } catch (NonUniqueResultException e) {
            throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + str + "'", 1);
        }
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public void createUser(UserDetails userDetails) {
        Assert.isInstanceOf(User.class, userDetails);
        encodeUserPassword((User) userDetails, userDetails.getPassword());
        ((IUserDao) this.dao).save((User) userDetails);
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public void deleteUser(String str) {
        Assert.hasLength(str, "Username must not be empty.");
        User findUserByUsername = ((IUserDao) this.dao).findUserByUsername(str);
        if (findUserByUsername != null) {
            ((IUserDao) this.dao).delete(findUserByUsername);
        }
        this.userCache.removeUserFromCache(str);
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public void updateUser(UserDetails userDetails) {
        Assert.isInstanceOf(User.class, userDetails);
        ((IUserDao) this.dao).update((User) userDetails);
        this.userCache.removeUserFromCache(userDetails.getUsername());
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public boolean userExists(String str) {
        Assert.hasText(str, "Parameter 'username' must not be empty.");
        return ((IUserDao) this.dao).findUserByUsername(str) != null;
    }

    @Override // org.springframework.security.core.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        Assert.hasText(str, "Username must not be empty.");
        try {
            User findUserByUsername = ((IUserDao) this.dao).findUserByUsername(str);
            if (findUserByUsername == null) {
                throw new UsernameNotFoundException(str);
            }
            return findUserByUsername;
        } catch (NonUniqueResultException e) {
            throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + str + "'", 1);
        }
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @Transactional(readOnly = false)
    public <S extends User> S save(S s) {
        if (s.getId() == 0 || ((IUserDao) this.dao).load(s.getUuid()) == null) {
            createUser(s);
        } else {
            updateUser(s);
        }
        return s;
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public UUID update(User user) {
        updateUser(user);
        return user.getUuid();
    }

    @Override // eu.etaxonomy.cdm.api.service.IUserService
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public UUID saveGrantedAuthority(GrantedAuthority grantedAuthority) {
        return ((GrantedAuthorityImpl) this.grantedAuthorityDao.save((GrantedAuthorityImpl) grantedAuthority)).getUuid();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // eu.etaxonomy.cdm.api.service.IUserService
    @Transactional(readOnly = true)
    public List<User> listByUsername(String str, MatchMode matchMode, List<Criterion> list, Integer num, Integer num2, List<OrderHint> list2, List<String> list3) {
        long countByUsername = ((IUserDao) this.dao).countByUsername(str, matchMode, list);
        List arrayList = new ArrayList();
        if (countByUsername > 0) {
            arrayList = ((IUserDao) this.dao).findByUsername(str, matchMode, list, num, num2, list2, list3);
        }
        return arrayList;
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public DeleteResult delete(User user) {
        return super.delete((UserService) user);
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @Transactional(readOnly = false)
    public DeleteResult delete(UUID uuid) {
        return delete(((IUserDao) this.dao).load(uuid));
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public Map<UUID, User> save(Collection<? extends User> collection) {
        HashMap hashMap = new HashMap();
        for (User user : collection) {
            createUser(user);
            hashMap.put(user.getUuid(), user);
        }
        return hashMap;
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public UUID saveOrUpdate(User user) {
        return super.saveOrUpdate((UserService) user);
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public User merge(User user) {
        return (User) super.merge((UserService) user);
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @Transactional(readOnly = false)
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public List<User> merge(List<User> list) {
        return super.merge(list);
    }

    @Override // eu.etaxonomy.cdm.api.service.ServiceBase, eu.etaxonomy.cdm.api.service.IService
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_USER_MANAGER')")
    public Map<UUID, User> saveOrUpdate(Collection<User> collection) {
        return super.saveOrUpdate(collection);
    }
}
