package de.bsvrz.puk.config.main.authentication;

import de.bsvrz.dav.daf.communication.protocol.UserLogin;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpClientAuthentication;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpCryptoParameter;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpUtilities;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpVerifierAndUser;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpVerifierData;
import de.bsvrz.dav.daf.main.DataAndATGUsageInformation;
import de.bsvrz.dav.daf.main.authentication.ClientCredentials;
import de.bsvrz.dav.daf.main.config.AttributeGroupUsage;
import de.bsvrz.dav.daf.main.config.ConfigurationArea;
import de.bsvrz.dav.daf.main.config.ConfigurationChangeException;
import de.bsvrz.dav.daf.main.config.ConfigurationException;
import de.bsvrz.dav.daf.main.config.ConfigurationTaskException;
import de.bsvrz.dav.daf.main.config.DataModel;
import de.bsvrz.dav.daf.main.config.DynamicObjectType;
import de.bsvrz.dav.daf.main.config.SystemObject;
import de.bsvrz.dav.daf.main.impl.config.request.RequestException;
import de.bsvrz.sys.funclib.crypt.EncryptDecryptProcedure;
import de.bsvrz.sys.funclib.crypt.decrypt.DecryptFactory;
import de.bsvrz.sys.funclib.crypt.encrypt.EncryptFactory;
import de.bsvrz.sys.funclib.dataSerializer.Deserializer;
import de.bsvrz.sys.funclib.dataSerializer.NoSuchVersionException;
import de.bsvrz.sys.funclib.dataSerializer.SerializingFactory;
import de.bsvrz.sys.funclib.debug.Debug;
import de.bsvrz.sys.funclib.filelock.FileLock;
import de.bsvrz.sys.funclib.xmlSupport.CountingErrorHandler;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Random;
import java.util.Set;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentType;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.EntityResolver;
import org.xml.sax.ErrorHandler;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:de/bsvrz/puk/config/main/authentication/ConfigAuthentication.class */
public class ConfigAuthentication implements Authentication {
    private final File _xmlFile;
    private final Document _xmlDocument;
    private final URI _uriBase;
    private final DataModel _dataModel;
    private final FileLock _lockAuthenticationFile;
    private static final Debug _debug = Debug.getLogger();
    private static final String _secretToken = new BigInteger(64, new SecureRandom()).toString(16);
    private final Map<String, UserAccount> _userAccounts = new HashMap();
    private final LinkedList<String> _randomText = new LinkedList<>();

    /* loaded from: input_file:de/bsvrz/puk/config/main/authentication/ConfigAuthentication$ConfigAuthenticationEntityResolver.class */
    private class ConfigAuthenticationEntityResolver implements EntityResolver {
        static final /* synthetic */ boolean $assertionsDisabled;

        private ConfigAuthenticationEntityResolver() {
        }

        @Override // org.xml.sax.EntityResolver
        public InputSource resolveEntity(String str, String str2) throws SAXException, IOException {
            if (str == null || !str.equals("-//K2S//DTD Authentifizierung//DE")) {
                return null;
            }
            URL resource = getClass().getResource("authentication.dtd");
            if ($assertionsDisabled || resource != null) {
                return new InputSource(resource.toExternalForm());
            }
            throw new AssertionError(getClass());
        }

        static {
            $assertionsDisabled = !ConfigAuthentication.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/bsvrz/puk/config/main/authentication/ConfigAuthentication$SingleServingPassword.class */
    public final class SingleServingPassword {
        private final String _xmlVerifierText;
        private final int _index;
        private boolean _passwordUsable;
        private final Element _xmlObject;

        public SingleServingPassword(String str, int i, boolean z, Element element) {
            this._xmlVerifierText = str;
            this._index = i;
            this._passwordUsable = z;
            this._xmlObject = element;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getXmlVerifierText() {
            return this._xmlVerifierText;
        }

        public int getIndex() {
            return this._index;
        }

        public synchronized boolean isPasswordUsable() {
            return this._passwordUsable;
        }

        public synchronized void setPasswortInvalid() throws FileNotFoundException, TransformerException {
            this._xmlObject.setAttribute("gueltig", "nein");
            ConfigAuthentication.this.saveXMLFile();
            this._passwordUsable = false;
        }

        public String toString() {
            return "SingleServingPassword{_password='" + this._xmlVerifierText + "', _index=" + this._index + ", _passwordUsable=" + this._passwordUsable + ", _xmlObject=" + this._xmlObject + '}';
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/bsvrz/puk/config/main/authentication/ConfigAuthentication$UserAccount.class */
    public final class UserAccount {
        private final String _username;
        private String _xmlVerifierText;
        private boolean _admin;
        private final Collection<SingleServingPassword> _usableSingleServingPasswords = new HashSet();
        private final Set<String> _allSingleServingPasswords = new HashSet();
        private int _greatestSingleServingPasswordIndex;
        private final Element _xmlObject;
        private static final int NO_RESULT = -1;

        public UserAccount(String str, String str2, boolean z, List<SingleServingPassword> list, Element element) {
            this._greatestSingleServingPasswordIndex = NO_RESULT;
            this._username = str;
            this._xmlVerifierText = str2;
            this._xmlObject = element;
            this._admin = z;
            for (SingleServingPassword singleServingPassword : list) {
                this._allSingleServingPasswords.add(singleServingPassword.getXmlVerifierText());
                if (singleServingPassword.getIndex() > this._greatestSingleServingPasswordIndex) {
                    this._greatestSingleServingPasswordIndex = singleServingPassword.getIndex();
                }
                if (singleServingPassword.isPasswordUsable()) {
                    this._usableSingleServingPasswords.add(singleServingPassword);
                }
            }
        }

        public String getUsername() {
            return this._username;
        }

        @Deprecated
        public ClientCredentials getClientCredentials() {
            return getClientCredentials(NO_RESULT);
        }

        @Deprecated
        public ClientCredentials getClientCredentials(int i) {
            try {
                getSrpVerifier(i);
                throw new IllegalArgumentException("Das Passwort am Benutzer " + this._username + " ist verschlüsselt gespeichert, eine Authentifizierung über das veraltete HMAC-Verfahren ist damit nicht mehr möglich. Datenverteiler und Applikationsfunktionen müssen ggf. aktualisiert werden.");
            } catch (IllegalArgumentException e) {
                return ClientCredentials.ofPassword(getXmlVerifierText(i).toCharArray());
            }
        }

        public SrpVerifierData getSrpVerifier() {
            return getSrpVerifier(NO_RESULT);
        }

        public SrpVerifierData getSrpVerifier(int i) {
            return new SrpVerifierData(getXmlVerifierText(i));
        }

        public void setXmlVerifierText(String str) throws FileNotFoundException, TransformerException {
            this._xmlObject.setAttribute("passwort", str);
            ConfigAuthentication.this.saveXMLFile();
            this._xmlVerifierText = str;
        }

        public boolean isAdmin() {
            return this._admin;
        }

        public void setAdminRights(boolean z) throws FileNotFoundException, TransformerException {
            if (z) {
                this._xmlObject.setAttribute("admin", "ja");
            } else {
                this._xmlObject.setAttribute("admin", "nein");
            }
            ConfigAuthentication.this.saveXMLFile();
            this._admin = z;
        }

        public synchronized void createNewSingleServingPassword(String str) throws ConfigurationTaskException, RequestException {
            if (this._allSingleServingPasswords.contains(str)) {
                throw new ConfigurationTaskException("Das Passwort wurde bereits vergeben");
            }
            Element createXMLSingleServingPasswort = ConfigAuthentication.this.createXMLSingleServingPasswort(str, this._greatestSingleServingPasswordIndex + 1, "ja");
            this._xmlObject.appendChild(createXMLSingleServingPasswort);
            try {
                ConfigAuthentication.this.saveXMLFile();
                this._allSingleServingPasswords.add(str);
                this._usableSingleServingPasswords.add(new SingleServingPassword(str, this._greatestSingleServingPasswordIndex + 1, true, createXMLSingleServingPasswort));
                this._greatestSingleServingPasswordIndex++;
            } catch (Exception e) {
                ConfigAuthentication._debug.error("Fehler beim Anlegen eines Einmal-Passworts", e);
                throw new RequestException(e);
            }
        }

        public synchronized int createNewSingleServingPasswords(List<String> list, boolean z) throws ConfigurationTaskException, RequestException {
            if (z) {
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    if (this._allSingleServingPasswords.contains(it.next())) {
                        throw new ConfigurationTaskException("Ein Passwort wurde bereits vergeben");
                    }
                }
            } else {
                try {
                    clearSingleServingPasswords();
                } catch (FileNotFoundException | TransformerException e) {
                    throw new ConfigurationChangeException("Konnte Einmalpasswörter nicht löschen", e);
                }
            }
            int i = this._greatestSingleServingPasswordIndex + 1;
            ArrayList arrayList = new ArrayList(list.size());
            Iterator<String> it2 = list.iterator();
            while (it2.hasNext()) {
                Element createXMLSingleServingPasswort = ConfigAuthentication.this.createXMLSingleServingPasswort(it2.next(), this._greatestSingleServingPasswordIndex + 1, "ja");
                this._xmlObject.appendChild(createXMLSingleServingPasswort);
                arrayList.add(createXMLSingleServingPasswort);
                this._greatestSingleServingPasswordIndex++;
            }
            try {
                ConfigAuthentication.this.saveXMLFile();
                this._allSingleServingPasswords.addAll(list);
                for (int i2 = 0; i2 < list.size(); i2++) {
                    this._usableSingleServingPasswords.add(new SingleServingPassword(list.get(i2), i + i2, true, (Element) arrayList.get(i2)));
                }
                return i;
            } catch (Exception e2) {
                ConfigAuthentication._debug.error("Fehler beim Anlegen eines Einmal-Passworts", e2);
                throw new RequestException(e2);
            }
        }

        @Deprecated
        public synchronized void useSingleServingPassword(byte[] bArr, String str, String str2) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException, FileNotFoundException, TransformerException {
            for (SingleServingPassword singleServingPassword : this._usableSingleServingPasswords) {
                SecretKeySpec secretKeySpec = new SecretKeySpec(singleServingPassword.getXmlVerifierText().getBytes("ISO-8859-1"), str2);
                Mac mac = Mac.getInstance("HmacMD5");
                mac.init(secretKeySpec);
                if (Arrays.equals(bArr, mac.doFinal(str.getBytes("ISO-8859-1")))) {
                    singleServingPassword.setPasswortInvalid();
                    this._usableSingleServingPasswords.remove(singleServingPassword);
                    return;
                }
            }
            ConfigAuthentication._debug.warning("Authentifizierungsversuch eines registrierten Benutzers fehlgeschlagen, Benutzername", getUsername());
            throw new IllegalArgumentException("Benutzername/Passwort ist falsch");
        }

        public synchronized void clearSingleServingPasswords() throws TransformerException, FileNotFoundException {
            while (this._xmlObject.hasChildNodes()) {
                this._xmlObject.removeChild(this._xmlObject.getFirstChild());
            }
            ConfigAuthentication.this.saveXMLFile();
            this._allSingleServingPasswords.clear();
            this._usableSingleServingPasswords.clear();
            this._greatestSingleServingPasswordIndex = NO_RESULT;
        }

        public synchronized int countSingleServingPasswords() {
            return this._usableSingleServingPasswords.size();
        }

        private String getXmlVerifierText(int i) {
            if (i == NO_RESULT) {
                return this._xmlVerifierText;
            }
            for (SingleServingPassword singleServingPassword : this._usableSingleServingPasswords) {
                if (singleServingPassword.getIndex() == i) {
                    return singleServingPassword.getXmlVerifierText();
                }
            }
            ConfigAuthentication._debug.warning("Angegebener Passwort-Index ist nicht am Benutzer " + this._username + " vorhanden: " + i);
            return "";
        }

        public synchronized void disableSingleServingPassword(int i) throws RequestException {
            try {
                if (i == NO_RESULT) {
                    throw new IllegalArgumentException("Das Standard-Passwort kann nicht deaktiviert werden");
                }
                Iterator<SingleServingPassword> it = this._usableSingleServingPasswords.iterator();
                while (it.hasNext()) {
                    SingleServingPassword next = it.next();
                    if (next.getIndex() == i) {
                        next.setPasswortInvalid();
                        it.remove();
                        return;
                    }
                }
                ConfigAuthentication._debug.warning("Kann Einmalpasswort nicht deaktivieren, Passwort-Index ist nicht am Benutzer " + this._username + " vorhanden: " + i);
            } catch (Exception e) {
                ConfigAuthentication._debug.error("Fehler beim Deaktivieren eines Einmal-Passworts", e);
                throw new RequestException(e);
            }
        }

        public int[] getUsableIDs() {
            return this._usableSingleServingPasswords.stream().mapToInt((v0) -> {
                return v0.getIndex();
            }).sorted().toArray();
        }
    }

    public ConfigAuthentication(File file, DataModel dataModel) throws ParserConfigurationException {
        this._lockAuthenticationFile = new FileLock(file);
        try {
            this._lockAuthenticationFile.lock();
            try {
                this._xmlFile = file.getCanonicalFile();
                this._dataModel = dataModel;
                ErrorHandler countingErrorHandler = new CountingErrorHandler();
                DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
                newInstance.setNamespaceAware(true);
                newInstance.setIgnoringElementContentWhitespace(true);
                newInstance.setValidating(true);
                newInstance.setAttribute("http://xml.org/sax/features/validation", Boolean.TRUE);
                DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
                _debug.config("Datei wird eingelesen", this._xmlFile);
                try {
                    newDocumentBuilder.setErrorHandler(countingErrorHandler);
                    newDocumentBuilder.setEntityResolver(new ConfigAuthenticationEntityResolver());
                    this._xmlDocument = newDocumentBuilder.parse(this._xmlFile);
                    countingErrorHandler.printSummary();
                    if (countingErrorHandler.getErrorCount() > 0) {
                        throw new ConfigurationException(countingErrorHandler.getErrorCount() + " Fehler beim Parsen der XML-Datei " + this._xmlFile.toString());
                    }
                    this._uriBase = this._xmlFile.getParentFile().toURI();
                    _debug.config("Verzeichnisbasis für die Benutzer der Konfiguration", this._uriBase.toString());
                    readUserAccounts();
                    _debug.config("Benutzerdaten der Konfiguration wurden vollständig eingelesen.");
                } catch (Exception e) {
                    String str = "Die Benutzerdaten der Konfiguration konnten nicht eingelesen werden: " + this._xmlFile.toString();
                    _debug.error(str, e);
                    throw new RuntimeException(str, e);
                }
            } catch (IOException e2) {
                throw new IllegalArgumentException(e2);
            }
        } catch (IOException e3) {
            String str2 = "IOException beim Versuch die lock-Datei zu schreiben. Datei, die gesichert werden sollte " + file.getAbsolutePath();
            e3.printStackTrace();
            _debug.error(str2, e3);
            throw new RuntimeException(str2);
        }
    }

    private void readUserAccounts() {
        synchronized (this._xmlDocument) {
            NodeList elementsByTagName = this._xmlDocument.getDocumentElement().getElementsByTagName("benutzeridentifikation");
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                Element element = (Element) elementsByTagName.item(i);
                String attribute = element.getAttribute("name");
                String attribute2 = element.getAttribute("passwort");
                boolean equals = "ja".equals(element.getAttribute("admin").toLowerCase());
                ArrayList arrayList = new ArrayList();
                NodeList elementsByTagName2 = element.getElementsByTagName("autorisierungspasswort");
                for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                    Element element2 = (Element) elementsByTagName2.item(i2);
                    arrayList.add(new SingleServingPassword(element2.getAttribute("passwort"), Integer.parseInt(element2.getAttribute("passwortindex")), "ja".equals(element2.getAttribute("gueltig").toLowerCase()), element2));
                }
                UserAccount userAccount = new UserAccount(attribute, attribute2, equals, arrayList, element);
                if (this._userAccounts.containsKey(userAccount.getUsername())) {
                    _debug.warning("Der Benutzername " + userAccount.getUsername() + " ist bereits in der Benutzerdatei vorhanden");
                }
                this._userAccounts.put(userAccount.getUsername(), userAccount);
            }
        }
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    @Deprecated
    public void isValidUser(String str, byte[] bArr, String str2, String str3) throws Exception {
        EncryptDecryptProcedure isEncryptDecryptProcedureAllowed = isEncryptDecryptProcedureAllowed(str3);
        if (!this._userAccounts.containsKey(str)) {
            _debug.warning("Zu dem Benutzer '" + str + "' existiert in der benutzerverwaltung.xml keine Benutzeridentifikation");
            throw new IllegalArgumentException("Benutzername/Passwort ist falsch");
        }
        if (Arrays.equals(bArr, EncryptFactory.getEncryptInstance(isEncryptDecryptProcedureAllowed).encrypt(new String(this._userAccounts.get(str).getClientCredentials().getPassword()), str2))) {
            return;
        }
        this._userAccounts.get(str).useSingleServingPassword(bArr, str2, str3);
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    @Deprecated
    public byte[] getText() {
        byte[] bytes;
        Long valueOf = Long.valueOf(new Random().nextLong());
        synchronized (this._randomText) {
            if (this._randomText.size() == 100) {
                this._randomText.removeFirst();
            }
            this._randomText.addLast(valueOf.toString());
            bytes = valueOf.toString().getBytes();
        }
        return bytes;
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void close() {
        try {
            try {
                try {
                    saveXMLFile();
                } catch (TransformerException e) {
                    e.printStackTrace();
                    _debug.error("Fehler beim Speichern der Benutzerdateien, es wird weiter versucht weitere Daten zu sichern", e);
                }
            } catch (FileNotFoundException e2) {
                e2.printStackTrace();
                _debug.error("Fehler beim Speichern der Benutzerdateien, es wird weiter versucht weitere Daten zu sichern", e2);
            }
        } finally {
            this._lockAuthenticationFile.unlock();
        }
    }

    private void checkRandomText(byte[] bArr) throws ConfigurationTaskException {
        String str = new String(bArr);
        synchronized (this._randomText) {
            if (!this._randomText.remove(str)) {
                throw new ConfigurationTaskException("Annahme verweigert");
            }
        }
    }

    public String toString() {
        return this._xmlFile.toString();
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    @Deprecated
    public int processTask(String str, byte[] bArr, String str2) throws RequestException, ConfigurationTaskException {
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Benutzer/Passwortkombination ist falsch");
        }
        try {
            try {
                byte[] decrypt = DecryptFactory.getDecryptInstance(isEncryptDecryptProcedureAllowed(str2)).decrypt(bArr, new String(this._userAccounts.get(str).getClientCredentials().getPassword()));
                Deserializer createDeserializer = SerializingFactory.createDeserializer(getSerializerVersion(decrypt), new ByteArrayInputStream(removeFirst4Bytes(decrypt)));
                int readInt = createDeserializer.readInt();
                checkRandomText(createDeserializer.readBytes(createDeserializer.readInt()));
                switch (readInt) {
                    case 1:
                        createSingleServingPassword(str, createDeserializer.readString(), createDeserializer.readString());
                        return -1;
                    case 2:
                        createNewUser(str, createDeserializer.readString(), createDeserializer.readString(), createDeserializer.readString(), createDeserializer.readBoolean(), createDeserializer.readString(), null);
                        return -1;
                    case 3:
                        changeUserPassword(str, createDeserializer.readString(), createDeserializer.readString());
                        return -1;
                    case 4:
                        changeUserRights(str, createDeserializer.readString(), createDeserializer.readBoolean());
                        return -1;
                    case 5:
                        deleteUser(str, createDeserializer.readString());
                        return -1;
                    case 6:
                        clearSingleServingPasswords(str, createDeserializer.readString());
                        return -1;
                    case 7:
                        return isUserAdmin(str, createDeserializer.readString()) ? 1 : 0;
                    case 8:
                        return countRemainingSingleServingPasswords(str, createDeserializer.readString());
                    case 9:
                        createNewUser(str, createDeserializer);
                        return -1;
                    case 10:
                        return isUser(createDeserializer.readString()) ? 1 : 0;
                    default:
                        throw new ConfigurationTaskException("Unbekannte Anweisung");
                }
            } catch (Exception e) {
                _debug.fine("Fehler beim Entschlüsseln der Nachricht", e);
                throw new ConfigurationTaskException("Die Nachricht konnte nicht entschlüsselt werden (Passwort, Benutzername falsch?)");
            }
        } catch (IOException e2) {
            _debug.error("Fehler im Deserialisierer", e2);
            throw new RequestException(e2);
        } catch (NoSuchVersionException e3) {
            _debug.error("Unbekannte Version", e3);
            throw new RequestException(e3);
        }
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void createNewUser(String str, Deserializer deserializer) throws ConfigurationTaskException, RequestException, IOException {
        createNewUser(str, deserializer.readString(), deserializer.readString(), deserializer.readString(), deserializer.readBoolean(), deserializer.readString(), readDataAndATGUsageInformation(deserializer));
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public boolean isUser(String str) {
        return this._userAccounts.containsKey(str) && userHasObject(str, "");
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void clearSingleServingPasswords(String str, String str2) throws FileNotFoundException, ConfigurationTaskException {
        if (!isAdmin(str) && !str.equals(str2)) {
            throw new ConfigurationTaskException("Benutzer verfügt nicht über die benötigten Rechte");
        }
        if (!this._userAccounts.containsKey(str2)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        try {
            this._userAccounts.get(str2).clearSingleServingPasswords();
        } catch (TransformerException e) {
            throw new ConfigurationChangeException("Konnte Einmalpasswörter nicht löschen", e);
        }
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public int countRemainingSingleServingPasswords(String str, String str2) throws FileNotFoundException, ConfigurationTaskException {
        if (!isAdmin(str) && !str.equals(str2)) {
            throw new ConfigurationTaskException("Benutzer verfügt nicht über die benötigten Rechte");
        }
        if (this._userAccounts.containsKey(str2)) {
            return this._userAccounts.get(str2).countSingleServingPasswords();
        }
        throw new ConfigurationTaskException("Unbekannter Benutzer");
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public int[] getRemainingSingleServingPasswordIDs(String str, String str2) throws FileNotFoundException, ConfigurationTaskException {
        if (!isAdmin(str) && !str.equals(str2)) {
            throw new ConfigurationTaskException("Benutzer verfügt nicht über die benötigten Rechte");
        }
        if (this._userAccounts.containsKey(str2)) {
            return this._userAccounts.get(str2).getUsableIDs();
        }
        throw new ConfigurationTaskException("Unbekannter Benutzer");
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public boolean isUserAdmin(String str, String str2) throws ConfigurationTaskException {
        if (this._userAccounts.containsKey(str2)) {
            return this._userAccounts.get(str2).isAdmin();
        }
        throw new ConfigurationTaskException("Unbekannter Benutzer");
    }

    private Collection<DataAndATGUsageInformation> readDataAndATGUsageInformation(Deserializer deserializer) throws IOException {
        int readInt = deserializer.readInt();
        ArrayList arrayList = new ArrayList(readInt);
        for (int i = 0; i < readInt; i++) {
            AttributeGroupUsage readObjectReference = deserializer.readObjectReference(this._dataModel);
            arrayList.add(new DataAndATGUsageInformation(readObjectReference, deserializer.readData(readObjectReference.getAttributeGroup())));
        }
        return arrayList;
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void createSingleServingPassword(String str, String str2, String str3) throws RequestException, ConfigurationTaskException {
        if (!isAdmin(str)) {
            throw new ConfigurationTaskException("Benutzer verfügt nicht über die benötigten Rechte");
        }
        if (!this._userAccounts.containsKey(str2)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        this._userAccounts.get(str2).createNewSingleServingPassword(str3);
    }

    private EncryptDecryptProcedure isEncryptDecryptProcedureAllowed(String str) throws ConfigurationTaskException {
        EncryptDecryptProcedure valueOf = EncryptDecryptProcedure.valueOf(str);
        if (valueOf == EncryptDecryptProcedure.HmacMD5 || valueOf == EncryptDecryptProcedure.PBEWithMD5AndDES) {
            return valueOf;
        }
        throw new ConfigurationTaskException("Das Verfahren wird nicht unterstützt: " + str);
    }

    private boolean isAdmin(String str) {
        if (this._userAccounts.containsKey(str)) {
            return this._userAccounts.get(str).isAdmin();
        }
        return false;
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void createNewUser(String str, String str2, String str3, String str4, boolean z, String str5, Collection<DataAndATGUsageInformation> collection) throws ConfigurationTaskException, RequestException {
        if (!isAdmin(str)) {
            throw new ConfigurationTaskException("Der Benutzer hat nicht die nötigen Rechte");
        }
        boolean userHasObject = userHasObject(str2, str3);
        if (!userHasObject && !this._userAccounts.containsKey(str2)) {
            try {
                createUserObject(str5, str2, str3, collection);
                createUserXML(str2, str4, z);
                return;
            } catch (Exception e) {
                _debug.error("Neuen Benutzer anlegen, XML und Objekt", e);
                throw new RequestException(e);
            }
        }
        if (!userHasObject) {
            createUserObject(str5, str2, str3, collection);
        } else {
            if (this._userAccounts.containsKey(str2)) {
                throw new ConfigurationTaskException("Der Benutzername ist bereits vergeben");
            }
            try {
                createUserXML(str2, str4, z);
            } catch (Exception e2) {
                _debug.error("Neuen Benutzer anlegen, XML", e2);
                throw new RequestException(e2);
            }
        }
    }

    private void createUserObject(String str, String str2, String str3, Collection<DataAndATGUsageInformation> collection) throws ConfigurationChangeException {
        ConfigurationArea configurationArea = this._dataModel.getConfigurationArea(str);
        if (configurationArea == null) {
            String str4 = "Das Erzeugen eines neuen Benutzerobjekts ist fehlgeschlagen, weil der angegebene Konfigurationsbereich mit der PID " + str + " nicht gefunden wurde.";
            _debug.error(str4);
            throw new ConfigurationChangeException(str4);
        }
        DynamicObjectType type = this._dataModel.getType("typ.benutzer");
        if (type instanceof DynamicObjectType) {
            configurationArea.createDynamicObject(type, str3, str2, collection);
        } else {
            _debug.error("Das Erzeugen eines neuen Benutzerobjekts ist fehlgeschlagen, weil der typ.benutzer nicht gefunden wurde oder kein dynamischer Typ ist");
            throw new ConfigurationChangeException("Das Erzeugen eines neuen Benutzerobjekts ist fehlgeschlagen, weil der typ.benutzer nicht gefunden wurde oder kein dynamischer Typ ist");
        }
    }

    private void createUserXML(String str, String str2, boolean z) throws FileNotFoundException, TransformerException {
        Element createXMLUserAccount = createXMLUserAccount(str, str2, z ? "ja" : "nein");
        UserAccount userAccount = new UserAccount(str, str2, z, new ArrayList(), createXMLUserAccount);
        synchronized (this._xmlDocument) {
            this._xmlDocument.getDocumentElement().appendChild(createXMLUserAccount);
        }
        saveXMLFile();
        this._userAccounts.put(userAccount.getUsername(), userAccount);
    }

    private boolean userHasObject(String str, String str2) {
        if (str2 == null || str2.isEmpty()) {
            return getUserObject(str) != null;
        }
        SystemObject object = this._dataModel.getObject(str2);
        if (object == null) {
            return false;
        }
        if (str.equals(object.getName())) {
            return true;
        }
        throw new IllegalStateException("Es darf zu einer Pid nur einen Benutzernamen geben");
    }

    private final int getSerializerVersion(byte[] bArr) {
        return ((bArr[0] << 24) & (-16777216)) | ((bArr[1] << 16) & 16711680) | ((bArr[2] << 8) & 65280) | (bArr[3] & 255);
    }

    private final byte[] removeFirst4Bytes(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length - 4];
        System.arraycopy(bArr, 4, bArr2, 0, bArr2.length);
        return bArr2;
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void changeUserPassword(String str, String str2, String str3) throws ConfigurationTaskException, RequestException {
        boolean userHasObject = userHasObject(str2, "");
        synchronized (this._userAccounts) {
            if (userHasObject) {
                if (this._userAccounts.containsKey(str2)) {
                    if (!isAdmin(str) && !str.equals(str2)) {
                        throw new ConfigurationTaskException("Passwortänderung verworfen");
                    }
                    try {
                        this._userAccounts.get(str2).setXmlVerifierText(str3);
                    } catch (Exception e) {
                        _debug.error("Passwort ändern", e);
                        throw new RequestException(e);
                    }
                }
            }
            if (!userHasObject || this._userAccounts.containsKey(str2)) {
                if (!userHasObject) {
                    throw new ConfigurationTaskException("Kein Benutzerobjekt vorhanden");
                }
                if (!this._userAccounts.containsKey(str2)) {
                    throw new ConfigurationTaskException("Unbekannter Benutzer");
                }
            } else {
                if (!isAdmin(str)) {
                    throw new ConfigurationTaskException("Passwortänderung verworfen, da benötigte Rechte fehlen");
                }
                try {
                    createUserXML(str2, str3, false);
                } catch (Exception e2) {
                    _debug.error("Passwort ändern", e2);
                    throw new RequestException(e2);
                }
            }
        }
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void changeUserRights(String str, String str2, boolean z) throws ConfigurationTaskException, RequestException {
        if (!isAdmin(str)) {
            throw new ConfigurationTaskException("Der Benutzer besitzt nicht die nötgen Rechte");
        }
        if (!this._userAccounts.containsKey(str2)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        try {
            this._userAccounts.get(str2).setAdminRights(z);
        } catch (Exception e) {
            _debug.error("Benutzerrechte ändern", e);
            throw new RequestException(e);
        }
    }

    private final Deserializer getDeserializer(byte[] bArr, String str, String str2) throws Exception {
        byte[] decrypt = DecryptFactory.getDecryptInstance(isEncryptDecryptProcedureAllowed(str2)).decrypt(bArr, str);
        return SerializingFactory.createDeserializer(getSerializerVersion(decrypt), new ByteArrayInputStream(removeFirst4Bytes(decrypt)));
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void deleteUser(String str, String str2) throws RequestException, ConfigurationTaskException {
        if (!isAdmin(str)) {
            throw new ConfigurationTaskException("Der Benutzer hat nicht die nötigen Rechte");
        }
        boolean userHasObject = userHasObject(str2, "");
        if (userHasObject && this._userAccounts.containsKey(str2)) {
            try {
                deleteUserObject(str2);
                deleteUserXML(str2);
                return;
            } catch (Exception e) {
                _debug.error("Benutzer löschen, XML und Objekt", e);
                throw new RequestException(e);
            }
        }
        if (userHasObject) {
            deleteUserObject(str2);
        } else {
            if (!this._userAccounts.containsKey(str2)) {
                throw new ConfigurationTaskException("Der Benutzer existiert nicht");
            }
            try {
                deleteUserXML(str2);
            } catch (Exception e2) {
                _debug.error("Benutzer löschen, XML", e2);
                throw new RequestException(e2);
            }
        }
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public SrpVerifierAndUser getSrpVerifierData(String str, String str2, int i) throws ConfigurationTaskException {
        if (isAdmin(str) || str.equals(str2)) {
            return getVerifier(str2, getUserLogin(str2), i);
        }
        throw new ConfigurationTaskException("Der Benutzer hat nicht die nötigen Rechte");
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public int setOneTimePasswords(String str, String str2, List<String> list, boolean z) throws ConfigurationTaskException, RequestException {
        if (!isAdmin(str)) {
            throw new ConfigurationTaskException("Benutzer verfügt nicht über die benötigten Rechte");
        }
        if (this._userAccounts.containsKey(str2)) {
            return this._userAccounts.get(str2).createNewSingleServingPasswords(list, z);
        }
        throw new ConfigurationTaskException("Unbekannter Benutzer");
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public void disableSingleServingPassword(String str, String str2, int i) throws ConfigurationTaskException, RequestException {
        if (!isAdmin(str) && !str.equals(str2)) {
            throw new ConfigurationTaskException("Benutzer verfügt nicht über die benötigten Rechte");
        }
        if (!this._userAccounts.containsKey(str2)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        this._userAccounts.get(str2).disableSingleServingPassword(i);
    }

    public UserLogin getUserLogin(String str) {
        SystemObject userObject;
        return (!this._userAccounts.containsKey(str) || (userObject = getUserObject(str)) == null) ? UserLogin.notAuthenticated() : UserLogin.user(userObject.getId());
    }

    @Override // de.bsvrz.puk.config.main.authentication.Authentication
    public SystemObject getUserObject(String str) {
        ArrayList<SystemObject> arrayList = new ArrayList();
        for (SystemObject systemObject : this._dataModel.getType("typ.benutzer").getObjects()) {
            if (systemObject.getName().equals(str)) {
                arrayList.add(systemObject);
            }
        }
        switch (arrayList.size()) {
            case 0:
                return null;
            case 1:
                return (SystemObject) arrayList.get(0);
            default:
                List list = (List) arrayList.stream().filter(this::isLocalUser).collect(Collectors.toList());
                arrayList.sort(Comparator.comparing((v0) -> {
                    return v0.getPidOrId();
                }));
                list.sort(Comparator.comparing((v0) -> {
                    return v0.getPidOrId();
                }));
                StringBuilder append = new StringBuilder().append("Zum Benutzernamen \"").append(str).append("\" gibt es ").append(arrayList.size()).append(" SystemObjekte, davon sind ").append(list.size()).append(" der lokalen AOE zugeordnet: ");
                for (SystemObject systemObject2 : arrayList) {
                    append.append("\n").append(systemObject2.getPidOrId()).append(" (").append(systemObject2.getConfigurationArea().getConfigurationAuthority().getPidOrId()).append(")");
                }
                if (list.size() != 1) {
                    return list.size() > 0 ? chooseRandomUser(list, append) : chooseRandomUser(arrayList, append);
                }
                append.append("\nDer Benutzer des lokalen AOE ").append(this._dataModel.getConfigurationAuthority().getPidOrId()).append(" wird verwendet");
                _debug.warning(append.toString());
                return (SystemObject) list.get(0);
        }
    }

    private static SystemObject chooseRandomUser(List<SystemObject> list, StringBuilder sb) {
        sb.append("\nEs sollte unter dem lokalen AOE genau ein Benutzerobjekt pro Benutzernamen geben.\nDer Benutzer \"").append(list.get(0).getPidOrId()).append("\" wurde willkürlich ausgewählt.");
        _debug.warning(sb.toString());
        return list.get(0);
    }

    private boolean isLocalUser(SystemObject systemObject) {
        return Objects.equals(systemObject.getConfigurationArea().getConfigurationAuthority(), this._dataModel.getConfigurationAuthority());
    }

    private SrpVerifierAndUser getVerifier(String str, UserLogin userLogin, int i) {
        UserAccount userAccount = this._userAccounts.get(str);
        if (userAccount == null) {
            return new SrpVerifierAndUser(userLogin, fakeVerifier(str, secretHash(str, i), ClientCredentials.ofString(_secretToken)), false);
        }
        try {
            return new SrpVerifierAndUser(userLogin, userAccount.getSrpVerifier(i), false);
        } catch (IllegalArgumentException e) {
            ClientCredentials clientCredentials = userAccount.getClientCredentials(i);
            return clientCredentials != null ? new SrpVerifierAndUser(userLogin, fakeVerifier(str, secretHash(str, i), clientCredentials), true) : new SrpVerifierAndUser(userLogin, fakeVerifier(str, secretHash(str, i), ClientCredentials.ofString(_secretToken)), false);
        }
    }

    private static SrpVerifierData fakeVerifier(String str, byte[] bArr, ClientCredentials clientCredentials) {
        return SrpClientAuthentication.createVerifier(SrpCryptoParameter.getDefaultInstance(), str, clientCredentials, bArr);
    }

    private byte[] secretHash(String str, int i) {
        return SrpUtilities.generatePredictableSalt(getCryptoParameters(), (str + _secretToken + i).getBytes(StandardCharsets.UTF_8));
    }

    private SrpCryptoParameter getCryptoParameters() {
        return SrpCryptoParameter.getDefaultInstance();
    }

    private void deleteUserXML(String str) throws TransformerException, FileNotFoundException {
        Node namedItem;
        try {
            synchronized (this._xmlDocument) {
                NodeList childNodes = this._xmlDocument.getDocumentElement().getChildNodes();
                for (int i = 0; i < childNodes.getLength(); i++) {
                    Node item = childNodes.item(i);
                    if (item.hasAttributes() && (namedItem = item.getAttributes().getNamedItem("name")) != null && namedItem.getNodeValue().equals(str)) {
                        this._xmlDocument.getDocumentElement().removeChild(item);
                        saveXMLFile();
                        return;
                    }
                }
                _debug.error("deleteUserXML: Konnte Benutzer nicht aus XML-Datei löschen. Knoten wurde nicht gefunden.", str);
                this._userAccounts.keySet().remove(str);
            }
        } finally {
            this._userAccounts.keySet().remove(str);
        }
    }

    private void deleteUserObject(String str) throws ConfigurationChangeException {
        for (SystemObject systemObject : this._dataModel.getType("typ.benutzer").getObjects()) {
            if (systemObject.getName().equals(str)) {
                systemObject.invalidate();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveXMLFile() throws TransformerException, FileNotFoundException {
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("encoding", "ISO-8859-1");
        newTransformer.setOutputProperty("indent", "yes");
        newTransformer.setOutputProperty("standalone", "no");
        newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
        synchronized (this._xmlDocument) {
            DocumentType doctype = this._xmlDocument.getDoctype();
            String str = null;
            String str2 = null;
            if (doctype != null) {
                str = doctype.getPublicId();
                str2 = doctype.getSystemId();
            }
            if (str != null) {
                newTransformer.setOutputProperty("doctype-public", str);
            } else {
                newTransformer.setOutputProperty("doctype-public", "-//K2S//DTD Authentifizierung//DE");
            }
            if (str2 != null) {
                newTransformer.setOutputProperty("doctype-system", str2);
            } else {
                newTransformer.setOutputProperty("doctype-system", "authentication.dtd");
            }
            DOMSource dOMSource = new DOMSource(this._xmlDocument);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(this._xmlFile));
            try {
                newTransformer.transform(dOMSource, new StreamResult(bufferedOutputStream));
            } finally {
                try {
                    bufferedOutputStream.close();
                } catch (IOException e) {
                }
            }
        }
    }

    public void createBackupFile(File file) throws IOException {
        String name = this._xmlFile.getName();
        try {
            saveXMLFile();
            FileOutputStream fileOutputStream = new FileOutputStream(new File(file, name));
            Throwable th = null;
            try {
                FileInputStream fileInputStream = new FileInputStream(this._xmlFile);
                Throwable th2 = null;
                try {
                    try {
                        byte[] bArr = new byte[1024];
                        while (true) {
                            int read = fileInputStream.read(bArr);
                            if (read <= 0) {
                                break;
                            } else {
                                fileOutputStream.write(bArr, 0, read);
                            }
                        }
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        if (fileOutputStream != null) {
                            if (0 == 0) {
                                fileOutputStream.close();
                                return;
                            }
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        }
                    } catch (Throwable th5) {
                        th2 = th5;
                        throw th5;
                    }
                } catch (Throwable th6) {
                    if (fileInputStream != null) {
                        if (th2 != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th7) {
                                th2.addSuppressed(th7);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th6;
                }
            } catch (Throwable th8) {
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th9) {
                            th.addSuppressed(th9);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                throw th8;
            }
        } catch (TransformerException e) {
            e.printStackTrace();
            throw new IOException("Konnte XML-Datei nicht sichern: " + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Element createXMLSingleServingPasswort(String str, int i, String str2) {
        Element createElement;
        synchronized (this._xmlDocument) {
            createElement = this._xmlDocument.createElement("autorisierungspasswort");
            createElement.setAttribute("passwort", str);
            createElement.setAttribute("passwortindex", String.valueOf(i));
            createElement.setAttribute("gueltig", str2);
        }
        return createElement;
    }

    private synchronized Element createXMLUserAccount(String str, String str2, String str3) {
        Element createElement;
        synchronized (this._xmlDocument) {
            createElement = this._xmlDocument.createElement("benutzeridentifikation");
            createElement.setAttribute("name", str);
            createElement.setAttribute("passwort", str2);
            createElement.setAttribute("admin", str3);
        }
        return createElement;
    }
}
