package org.jboss.seam.security.management;

import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.core.Events;
import org.jboss.seam.security.management.UserAccount;
import org.jboss.seam.util.Hex;

@BypassInterceptors
@Scope(ScopeType.APPLICATION)
/* loaded from: input_file:jboss-seam-2.0.1.GA.jar:org/jboss/seam/security/management/JpaIdentityStore.class */
public class JpaIdentityStore implements IdentityStore {
    public static final String EVENT_ACCOUNT_CREATED = "org.jboss.seam.security.management.accountCreated";
    public static final String EVENT_ACCOUNT_AUTHENTICATED = "org.jboss.seam.security.management.accountAuthenticated";
    private String hashFunction = "MD5";
    private String hashCharset = "UTF-8";
    private String entityManagerName = "entityManager";
    private Class<? extends UserAccount> accountClass;
    private Map<String, Set<String>> roleCache;

    @Create
    public void init() {
        loadRoles();
    }

    protected void loadRoles() {
        List<UserAccount> resultList = getEntityManager().createQuery("from " + this.accountClass.getName() + " where enabled = true and accountType = :accountType").setParameter("accountType", UserAccount.AccountType.role).getResultList();
        this.roleCache = new HashMap();
        for (UserAccount userAccount : resultList) {
            HashSet hashSet = new HashSet();
            Iterator<UserAccount> it = userAccount.getMemberships().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getUsername());
            }
            this.roleCache.put(userAccount.getUsername(), hashSet);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean createAccount(String str, String str2) {
        try {
            if (this.accountClass == null) {
                throw new IdentityManagementException("Could not create account, accountClass not set");
            }
            if (accountExists(str)) {
                throw new IdentityManagementException("Could not create account, already exists");
            }
            UserAccount newInstance = this.accountClass.newInstance();
            newInstance.setAccountType(UserAccount.AccountType.user);
            newInstance.setUsername(str);
            if (str2 == null) {
                newInstance.setEnabled(false);
            } else {
                newInstance.setPasswordHash(hashPassword(str2, str));
                newInstance.setEnabled(true);
            }
            persistAccount(newInstance);
            if (!Events.exists()) {
                return true;
            }
            Events.instance().raiseEvent(EVENT_ACCOUNT_CREATED, newInstance);
            return true;
        } catch (Exception e) {
            if (e instanceof IdentityManagementException) {
                throw ((IdentityManagementException) e);
            }
            throw new IdentityManagementException("Could not create account", e);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean deleteAccount(String str) {
        try {
            getEntityManager().remove(validateUser(str));
            return true;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean grantRole(String str, String str2) {
        try {
            UserAccount validateUser = validateUser(str);
            UserAccount validateRole = validateRole(str2);
            if (validateUser.getMemberships() == null) {
                validateUser.setMemberships(new HashSet());
            } else if (validateUser.getMemberships().contains(validateRole)) {
                return false;
            }
            validateUser.getMemberships().add(validateRole);
            mergeAccount(validateUser);
            return true;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean revokeRole(String str, String str2) {
        try {
            UserAccount validateUser = validateUser(str);
            boolean remove = validateUser.getMemberships().remove(validateRole(str2));
            mergeAccount(validateUser);
            return remove;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean enableAccount(String str) {
        try {
            UserAccount validateUser = validateUser(str);
            if (validateUser.isEnabled()) {
                return false;
            }
            validateUser.setEnabled(true);
            mergeAccount(validateUser);
            return true;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean disableAccount(String str) {
        try {
            UserAccount validateUser = validateUser(str);
            if (!validateUser.isEnabled()) {
                return false;
            }
            validateUser.setEnabled(false);
            mergeAccount(validateUser);
            return true;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean changePassword(String str, String str2) {
        try {
            UserAccount validateUser = validateUser(str);
            validateUser.setPasswordHash(hashPassword(str2, str));
            mergeAccount(validateUser);
            return true;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean accountExists(String str) {
        try {
            return validateUser(str) != null;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean isEnabled(String str) {
        try {
            return validateUser(str).isEnabled();
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getGrantedRoles(String str) {
        try {
            UserAccount validateUser = validateUser(str);
            ArrayList arrayList = new ArrayList();
            if (validateUser.getMemberships() != null) {
                for (UserAccount userAccount : validateUser.getMemberships()) {
                    if (userAccount.getAccountType().equals(UserAccount.AccountType.role)) {
                        arrayList.add(userAccount.getUsername());
                    }
                }
            }
            return arrayList;
        } catch (NoSuchUserException e) {
            return null;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getImpliedRoles(String str) {
        try {
            UserAccount validateUser = validateUser(str);
            HashSet hashSet = new HashSet();
            for (UserAccount userAccount : validateUser.getMemberships()) {
                if (userAccount.getAccountType().equals(UserAccount.AccountType.role)) {
                    addRoleAndMemberships(userAccount.getUsername(), hashSet);
                }
            }
            return new ArrayList(hashSet);
        } catch (NoSuchUserException e) {
            return null;
        }
    }

    private void addRoleAndMemberships(String str, Set<String> set) {
        set.add(str);
        for (String str2 : this.roleCache.get(str)) {
            if (!set.contains(str2)) {
                addRoleAndMemberships(str2, set);
            }
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean authenticate(String str, String str2) {
        try {
            UserAccount validateUser = validateUser(str);
            if (validateUser == null || !validateUser.getAccountType().equals(UserAccount.AccountType.user) || !validateUser.isEnabled()) {
                return false;
            }
            boolean equals = hashPassword(str2, str).equals(validateUser.getPasswordHash());
            if (equals && Events.exists()) {
                Events.instance().raiseEvent(EVENT_ACCOUNT_AUTHENTICATED, validateUser);
            }
            return equals;
        } catch (NoSuchUserException e) {
            return false;
        }
    }

    protected UserAccount validateUser(String str) throws NoSuchUserException {
        try {
            return (UserAccount) getEntityManager().createQuery("from " + this.accountClass.getName() + " where username = :username and accountType = :accountType").setParameter("username", str).setParameter("accountType", UserAccount.AccountType.user).getSingleResult();
        } catch (NoResultException e) {
            throw new NoSuchUserException("No such user: " + str);
        }
    }

    protected UserAccount validateRole(String str) {
        try {
            UserAccount userAccount = (UserAccount) getEntityManager().createQuery("from " + this.accountClass.getName() + " where username = :username and accountType = :accountType").setParameter("username", str).setParameter("accountType", UserAccount.AccountType.role).getSingleResult();
            if (!this.roleCache.containsKey(userAccount.getUsername())) {
                HashSet hashSet = new HashSet();
                Iterator<UserAccount> it = userAccount.getMemberships().iterator();
                while (it.hasNext()) {
                    hashSet.add(it.next().getUsername());
                }
                this.roleCache.put(userAccount.getUsername(), hashSet);
            }
            return userAccount;
        } catch (NoResultException e) {
            this.roleCache.remove(str);
            throw new IdentityManagementException("No such role: " + str);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listUsers() {
        return getEntityManager().createQuery("select username from " + this.accountClass.getName() + " where accountType = :accountType").setParameter("accountType", UserAccount.AccountType.user).getResultList();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listUsers(String str) {
        return getEntityManager().createQuery("select username from " + this.accountClass.getName() + " where accountType = :accountType and lower(username) like :username").setParameter("accountType", UserAccount.AccountType.user).setParameter("username", "%" + (str != null ? str.toLowerCase() : "") + "%").getResultList();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listRoles() {
        return getEntityManager().createQuery("select username from " + this.accountClass.getName() + " where accountType = :accountType").setParameter("accountType", UserAccount.AccountType.role).getResultList();
    }

    protected void persistAccount(UserAccount userAccount) {
        getEntityManager().persist(userAccount);
    }

    protected UserAccount mergeAccount(UserAccount userAccount) {
        return (UserAccount) getEntityManager().merge(userAccount);
    }

    public Class<? extends UserAccount> getAccountClass() {
        return this.accountClass;
    }

    public void setAccountClass(Class<? extends UserAccount> cls) {
        this.accountClass = cls;
    }

    private EntityManager getEntityManager() {
        return (EntityManager) Component.getInstance(this.entityManagerName);
    }

    public String getEntityManagerName() {
        return this.entityManagerName;
    }

    public void setEntityManagerName(String str) {
        this.entityManagerName = str;
    }

    protected String hashPassword(String str, String str2) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.hashFunction);
            messageDigest.update(str2.getBytes());
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            messageDigest.update(str.getBytes(this.hashCharset));
            messageDigest.update(digest);
            return new String(Hex.encodeHex(messageDigest.digest()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
