package com.inet.authentication;

import com.inet.annotations.PublicApi;
import com.inet.authentication.base.LoginApiAccessor;
import com.inet.config.ConfigKey;
import com.inet.config.ConfigValue;
import com.inet.http.ClientMessageException;
import com.inet.id.GUID;
import com.inet.lib.util.StringFunctions;
import com.inet.logging.LogManager;
import com.inet.logging.Logger;
import com.inet.logging.SecurityEventLog;
import com.inet.plugin.DynamicExtension;
import com.inet.search.SearchResultEntry;
import com.inet.search.command.SearchCommand;
import com.inet.search.command.SearchCondition;
import com.inet.thread.BaseRunnableSession;
import com.inet.thread.SessionLocal;
import com.inet.thread.ThreadUtils;
import com.inet.usersandgroups.api.user.LoginSettings;
import com.inet.usersandgroups.api.user.MutableUserData;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserAccountType;
import com.inet.usersandgroups.api.user.UserManager;
import com.inet.usersandgroups.user.search.SearchTagLoginSettings;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

@PublicApi
/* loaded from: input_file:com/inet/authentication/LoginProcessor.class */
public abstract class LoginProcessor {
    private static LoginProcessor b;
    public static final String SYSTEM_LOGIN_SOURCE = "system";
    public static final String MASTER_LOGIN_SOURCE = "master";
    public static final String MASTER_LOGIN_ID = "Master";
    public static final String GUEST_LOGIN_SOURCE = "guest";
    public static final String TEMP_LOGIN_SOURCE = "temp";
    private final AuthenticationDescription e;
    private GUID f;
    private a g;
    private static final ConfigValue<Boolean> a = new ConfigValue<>(ConfigKey.AUTHENTICATION_ALLOW_NEW_USER);
    private static final SessionLocal<LoginProcessor> c = new SessionLocal<>();
    private static final DynamicExtension<LoginListener> d = new DynamicExtension<>(LoginListener.class);

    @Nonnull
    public static final Logger LOGGER = LogManager.getLogger("Authentication");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/inet/authentication/LoginProcessor$a.class */
    public enum a {
        NewUser,
        CreationBlocked
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LoginProcessor(AuthenticationDescription authenticationDescription) {
        this.e = authenticationDescription;
    }

    @Nullable
    public AuthenticationDescription getAuthenticationDescription() {
        return this.e;
    }

    @Nullable
    public GUID getUserAccountID() {
        return this.f;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public GUID a(Predicate<UserAccount> predicate) {
        UserAccount orCreateUserAccount;
        if (this.f == null) {
            String loginID = getLoginID();
            if (!StringFunctions.isEmpty(loginID) && (orCreateUserAccount = getOrCreateUserAccount(loginID)) != null) {
                GUID id = orCreateUserAccount.getID();
                if (LoginApiAccessor.getInstance().isAddSignUpMode()) {
                    this.f = id;
                } else if (predicate == null || predicate.test(orCreateUserAccount)) {
                    this.f = id;
                    Iterator<LoginListener> it = d.get().iterator();
                    while (it.hasNext()) {
                        try {
                            it.next().userLoggedIn(orCreateUserAccount, this);
                        } catch (Exception e) {
                            LOGGER.error((Throwable) e);
                        }
                    }
                }
            }
        }
        return this.f;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public UserAccount getOrCreateUserAccount(@Nonnull String str) {
        UserAccount userAccount;
        LoginApiAccessor loginApiAccessor = LoginApiAccessor.getInstance();
        boolean isAddSignUpMode = loginApiAccessor.isAddSignUpMode();
        UserManager recoveryEnabledInstance = isAddSignUpMode ? UserManager.getRecoveryEnabledInstance() : UserManager.getInstance();
        ThreadUtils.Semaphore semaphore = ThreadUtils.getSemaphore(str.toLowerCase());
        try {
            synchronized (semaphore) {
                UserAccount findActiveUserAccount = recoveryEnabledInstance.findActiveUserAccount(getLoginSource(), str);
                if (findActiveUserAccount == null && !isAddSignUpMode) {
                    findActiveUserAccount = a(getLoginSource(), str, recoveryEnabledInstance);
                }
                if (findActiveUserAccount == null) {
                    if (isCreateUserAccountSupported()) {
                        List<SearchResultEntry<GUID>> entries = recoveryEnabledInstance.getSearchEngine().search(new SearchCommand(SearchTagLoginSettings.KEY, SearchCondition.SearchTermOperator.Equals, SearchTagLoginSettings.settingsAsToken(getLoginSource(), str))).getEntries();
                        LoginSettings createLoginSettings = createLoginSettings(str);
                        if (entries.size() == 0) {
                            findActiveUserAccount = loginApiAccessor.createUserAccount(getUserAccountType(), createLoginSettings, createNewUserData());
                            if (findActiveUserAccount != null) {
                                this.g = a.NewUser;
                            }
                        } else {
                            findActiveUserAccount = recoveryEnabledInstance.getUserAccount(entries.get(0).getId());
                            if (findActiveUserAccount != null && !findActiveUserAccount.isActive()) {
                                SecurityEventLog.DeactivatedUser.log(str);
                                throw new ClientMessageException(LoginApiAccessor.I18N.getMsg("user.deactivated", createLoginSettings.getDisplayName()));
                            }
                            recoveryEnabledInstance.getSearchEngine().reIndexAsync();
                        }
                    } else {
                        LOGGER.debug("The new authenticated user was not created because this is disabled in the configuration: " + str);
                        SecurityEventLog.CreationBlocked.log(str);
                        this.g = a.CreationBlocked;
                    }
                } else if (isAddSignUpMode) {
                    loginApiAccessor.createUserAccount(getUserAccountType(), createLoginSettings(str), createNewUserData());
                }
                userAccount = findActiveUserAccount;
            }
            if (semaphore != null) {
                semaphore.close();
            }
            return userAccount;
        } catch (Throwable th) {
            if (semaphore != null) {
                try {
                    semaphore.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Nonnull
    public LoginSettings createLoginSettings(String str) {
        return new LoginSettings(getLoginSource(), str, null);
    }

    private UserAccount a(String str, String str2, UserManager userManager) {
        String substring;
        UserAccount findActiveUserAccount;
        String replace = str2.replace('/', '\\');
        if (str != "system" || !replace.contains("\\") || (findActiveUserAccount = userManager.findActiveUserAccount(str, (substring = replace.substring(replace.indexOf(92) + 1)))) == null || findActiveUserAccount.getLoginSettingsFor(str).stream().anyMatch(loginSettings -> {
            return loginSettings.getLoginID().matches(".+[/\\\\]" + substring);
        })) {
            return null;
        }
        userManager.updateLoginSettings(findActiveUserAccount.getID(), Arrays.asList(createLoginSettings(replace)), Collections.emptyList());
        return findActiveUserAccount;
    }

    protected boolean isCreateUserAccountSupported() {
        if (a.get().booleanValue()) {
            return true;
        }
        return LoginApiAccessor.getInstance().isAddSignUpMode();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public MutableUserData createNewUserData() {
        return new MutableUserData();
    }

    @Nonnull
    public abstract String getLoginSource();

    @Nullable
    public abstract String getLoginID();

    @Nonnull
    public UserAccountType getUserAccountType() {
        return UserAccountType.Standard;
    }

    public abstract boolean supportsRoles();

    public abstract boolean isWebUserInRole(String str);

    public boolean isNewUser() {
        return this.g == a.NewUser;
    }

    public boolean isCreationBlocked() {
        return this.g == a.CreationBlocked;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T> T unwrap(Class<T> cls) {
        if (cls.isAssignableFrom(getClass())) {
            return this;
        }
        return null;
    }

    public static void setCurrentForAllThreads(LoginProcessor loginProcessor) {
        b = loginProcessor;
        UserManager.getInstance().setCurrentUserAccountIDForAllThreads(b == null ? null : b.a(null));
    }

    public static void setCurrent(LoginProcessor loginProcessor) {
        c.set(loginProcessor);
    }

    public static void setCurrent(@Nonnull BaseRunnableSession baseRunnableSession, LoginProcessor loginProcessor) {
        baseRunnableSession.setSessionValue(c, loginProcessor);
    }

    public static void destroyCurrent() {
        c.removeThreadFromSession();
    }

    @Nullable
    public static LoginProcessor getCurrent() {
        return b != null ? b : c.get();
    }

    public boolean isSameAccount(@Nonnull String str, @Nullable char[] cArr, LoginSettings loginSettings) {
        return Objects.equals(getLoginSource(), loginSettings.getLoginSource()) && str.equalsIgnoreCase(loginSettings.getLoginID());
    }
}
