package com.greenhat.server.container.server.security;

import com.greenhat.server.container.server.audit.AuditService;
import com.greenhat.server.container.server.context.ContextService;
import com.greenhat.server.container.server.security.token.TokenService;
import com.greenhat.server.container.server.security.util.SecurityEnablementService;
import com.greenhat.server.container.shared.audit.AuditAction;
import com.greenhat.server.container.shared.datamodel.Role;
import com.greenhat.server.container.shared.datamodel.SecurityToken;
import com.greenhat.server.container.shared.datamodel.User;
import etm.core.configuration.EtmManager;
import etm.core.monitor.EtmMonitor;
import etm.core.monitor.EtmPoint;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;

/* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/SimpleAuthenticationService.class */
public class SimpleAuthenticationService implements AuthenticationService {
    private static final EtmMonitor etmMonitor = EtmManager.getEtmMonitor();
    private final CredentialsStore store;
    private final AuthenticationCache authenticationCache;
    private final AuditService auditService;
    private final SecurityEnablementService securityEnablementService;
    private final ContextService contextService;
    private final TokenService tokenService;

    public SimpleAuthenticationService(CredentialsStore credentialsStore, AuditService auditService, SecurityEnablementService securityEnablementService, ContextService contextService, TokenService tokenService) {
        this.store = credentialsStore;
        this.auditService = auditService;
        this.securityEnablementService = securityEnablementService;
        this.contextService = contextService;
        this.authenticationCache = new AuthenticationCache(getSessionInactiveTimeout());
        this.tokenService = tokenService;
    }

    protected SimpleAuthenticationService(CredentialsStore credentialsStore, AuditService auditService, SecurityEnablementService securityEnablementService, ContextService contextService, AuthenticationCache authenticationCache, TokenService tokenService) {
        this.store = credentialsStore;
        this.auditService = auditService;
        this.securityEnablementService = securityEnablementService;
        this.contextService = contextService;
        this.authenticationCache = authenticationCache;
        this.tokenService = tokenService;
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public AuthenticationResponse authenticate(String str, String str2) {
        String hasMatch = this.store.hasMatch(nullSafeTrim(str), nullSafeTrim(str2));
        boolean z = hasMatch != null;
        User makeUser = z ? makeUser(hasMatch) : User.getDefaultUser();
        SecurityToken addEntry = z ? this.authenticationCache.addEntry(hasMatch) : null;
        if (z) {
            this.contextService.setUpCommandContext(makeUser, addEntry);
            this.auditService.log(Level.FINEST, "simpleAuthenticationService_authenticatedSuccessfully", AuditAction.AUTHENTICATE, str);
        } else {
            this.auditService.log(Level.WARNING, "simpleAuthenticationService_userNotAuthenticated", AuditAction.AUTHENTICATE, str);
        }
        return new AuthenticationResponse(z, makeUser, addEntry);
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public AuthenticationResponse isAuthenticated(SecurityToken securityToken, boolean z) {
        EtmPoint createPoint = etmMonitor.createPoint("AuthenticationService.isAuthenticated()");
        try {
            boolean z2 = isUserSecurityEnabled() && this.authenticationCache.isAuthenticated(securityToken, z);
            if (!z2) {
                TokenService.ValidationResponse validateToken = this.tokenService.validateToken(securityToken, z);
                if (validateToken.valid) {
                    AuthenticationResponse authenticationResponse = new AuthenticationResponse(true, makeUser(validateToken.user), securityToken);
                    createPoint.collect();
                    return authenticationResponse;
                }
            }
            AuthenticationResponse authenticationResponse2 = new AuthenticationResponse(z2, z2 ? makeUser(this.authenticationCache.getEntry(securityToken)) : User.getDefaultUser(), securityToken);
            createPoint.collect();
            return authenticationResponse2;
        } catch (Throwable th) {
            createPoint.collect();
            throw th;
        }
    }

    private User makeUser(String str) {
        return new User(str, this.store.getRoles(str));
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public boolean saveCredentials(String str, String str2) {
        String nullSafeTrim = nullSafeTrim(str);
        boolean z = this.store.userExists(nullSafeTrim) == null;
        this.store.saveCredentials(nullSafeTrim, nullSafeTrim(str2));
        if (z) {
            this.store.addRole(str, Role.USER);
            this.auditService.log(Level.FINE, "simpleAuthenticationService_createdNewUser", AuditAction.CREATE_USER, str);
        } else {
            this.auditService.log(Level.FINE, "simpleAuthenticationService_changedCredentialsForUser", AuditAction.MODIFY_USER, str);
            this.authenticationCache.removeEntries(nullSafeTrim);
        }
        return z;
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public Set<User> getUsers() {
        HashSet hashSet;
        Set<String> users = this.store.getUsers();
        if (users == null) {
            hashSet = null;
        } else {
            hashSet = new HashSet();
            Iterator<String> it = users.iterator();
            while (it.hasNext()) {
                hashSet.add(makeUser(it.next()));
            }
        }
        return hashSet;
    }

    private String nullSafeTrim(String str) {
        return (str == null || str.equals("")) ? "" : str.trim();
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public User userExists(String str) {
        String userExists = this.store.userExists(str);
        if (userExists == null) {
            return null;
        }
        return makeUser(userExists);
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public boolean deleteUser(String str) {
        boolean deleteUser = !this.store.getRoles(str).contains(Role.SERVER_ADMIN) ? this.store.deleteUser(str) : false;
        this.auditService.log(deleteUser, Level.FINE, "simpleAuthenticationService_userDeleted", AuditAction.DELETE_USER, str);
        return deleteUser;
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public boolean isUserSecurityEnabled() {
        return this.securityEnablementService.isSecurityEnabled();
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public void setUserSecurityEnabled(boolean z, User user) {
        if (makeUser(user.getName()).hasRole(Role.SERVER_ADMIN)) {
            this.securityEnablementService.setSecurityEnabled(z);
        }
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public long getSessionInactiveTimeout() {
        return TimeUnit.HOURS.toMillis(12L);
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public void unauthenticate(SecurityToken securityToken) {
        if (securityToken != null) {
            this.authenticationCache.removeEntry(securityToken);
        }
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public User addRole(User user, Role role) {
        this.store.addRole(user.getName(), role);
        this.auditService.log(Level.FINE, "simpleAuthenticationService_addRole", AuditAction.ADD_ROLE, role.getId(), user.toString());
        return makeUser(user.getName());
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public User removeRole(User user, Role role) {
        this.store.removeRole(user.getName(), role);
        this.auditService.log(Level.FINE, "simpleAuthenticationService_removeRole", AuditAction.REMOVE_ROLE, role.getId(), user.toString());
        return makeUser(user.getName());
    }

    public void close() {
        this.store.close();
    }

    @Override // com.greenhat.server.container.server.security.AuthenticationService
    public boolean canAlterUsers() {
        return this.store.canAlterUsers();
    }
}
