package de.bsvrz.dav.daf.userManagement;

import de.bsvrz.dav.daf.communication.protocol.UserLogin;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpClientAuthentication;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpCryptoParameter;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpUtilities;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpVerifierAndUser;
import de.bsvrz.dav.daf.communication.srpAuthentication.SrpVerifierData;
import de.bsvrz.dav.daf.main.InconsistentLoginException;
import de.bsvrz.dav.daf.main.authentication.ClientCredentials;
import de.bsvrz.dav.daf.main.config.ConfigurationChangeException;
import de.bsvrz.dav.daf.main.config.ConfigurationTaskException;
import de.bsvrz.sys.funclib.filelock.FileLock;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:de/bsvrz/dav/daf/userManagement/UserManagementFileOffline.class */
public class UserManagementFileOffline implements UserManagementFileInterface {
    private static final String _secretToken = new BigInteger(64, new SecureRandom()).toString(16);
    private final Map<String, UserAccount> _userAccounts = new HashMap();
    private final File _xmlFile;
    private final Document _xmlDocument;
    private final FileLock _lockAuthenticationFile;

    /* loaded from: input_file:de/bsvrz/dav/daf/userManagement/UserManagementFileOffline$ConfigAuthenticationEntityResolver.class */
    private static class ConfigAuthenticationEntityResolver implements EntityResolver {
        static final /* synthetic */ boolean $assertionsDisabled;

        private ConfigAuthenticationEntityResolver() {
        }

        @Override // org.xml.sax.EntityResolver
        public InputSource resolveEntity(String str, String str2) throws SAXException, IOException {
            if (str == null || !str.equals("-//K2S//DTD Authentifizierung//DE")) {
                return null;
            }
            URL resource = getClass().getResource("authentication.dtd");
            if ($assertionsDisabled || resource != null) {
                return new InputSource(resource.toExternalForm());
            }
            throw new AssertionError(getClass());
        }

        static {
            $assertionsDisabled = !UserManagementFileOffline.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/bsvrz/dav/daf/userManagement/UserManagementFileOffline$SingleServingPassword.class */
    public final class SingleServingPassword {
        private final String _password;
        private final int _index;
        private final Element _xmlObject;
        private boolean _passwordUsable;

        public SingleServingPassword(String str, int i, boolean z, Element element) {
            this._password = str;
            this._index = i;
            this._passwordUsable = z;
            this._xmlObject = element;
        }

        public String getPassword() {
            return this._password;
        }

        public int getIndex() {
            return this._index;
        }

        public boolean isPasswordUsable() {
            return this._passwordUsable;
        }

        public void setPasswortInvalid() throws IOException, TransformerException {
            this._xmlObject.setAttribute("gueltig", "nein");
            UserManagementFileOffline.this.saveXMLFile();
            this._passwordUsable = false;
        }

        public String toString() {
            return "SingleServingPassword{_password='" + this._password + "', _index=" + this._index + ", _passwordUsable=" + this._passwordUsable + ", _xmlObject=" + this._xmlObject + '}';
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/bsvrz/dav/daf/userManagement/UserManagementFileOffline$UserAccount.class */
    public final class UserAccount {
        private final String _username;
        private final LinkedList<SingleServingPassword> _usableSingleServingPasswords = new LinkedList<>();
        private final Element _xmlObject;
        private String _password;
        private boolean _admin;
        private int _greatestSingleServingPasswordIndex;

        public UserAccount(String str, String str2, boolean z, List<SingleServingPassword> list, Element element) {
            this._greatestSingleServingPasswordIndex = -1;
            this._username = str;
            this._password = str2;
            this._xmlObject = element;
            this._admin = z;
            for (SingleServingPassword singleServingPassword : list) {
                if (singleServingPassword.getIndex() > this._greatestSingleServingPasswordIndex) {
                    this._greatestSingleServingPasswordIndex = singleServingPassword.getIndex();
                }
                if (singleServingPassword.isPasswordUsable()) {
                    this._usableSingleServingPasswords.add(singleServingPassword);
                }
            }
        }

        public String getUsername() {
            return this._username;
        }

        public String getPassword() {
            return this._password;
        }

        public void setPassword(String str) throws IOException, TransformerException {
            this._xmlObject.setAttribute("passwort", str);
            UserManagementFileOffline.this.saveXMLFile();
            this._password = str;
        }

        public boolean isAdmin() {
            return this._admin;
        }

        public void setAdminRights(boolean z) throws IOException, TransformerException {
            if (z) {
                this._xmlObject.setAttribute("admin", "ja");
            } else {
                this._xmlObject.setAttribute("admin", "nein");
            }
            UserManagementFileOffline.this.saveXMLFile();
            this._admin = z;
        }

        public int createNewSingleServingPasswords(List<SrpVerifierData> list) throws ConfigurationTaskException {
            int i = this._greatestSingleServingPasswordIndex + 1;
            for (SrpVerifierData srpVerifierData : list) {
                int i2 = this._greatestSingleServingPasswordIndex + 1;
                Element createXMLSingleServingPasswort = UserManagementFileOffline.this.createXMLSingleServingPasswort(srpVerifierData.toString(), i2);
                this._xmlObject.appendChild(createXMLSingleServingPasswort);
                this._greatestSingleServingPasswordIndex++;
                this._usableSingleServingPasswords.add(new SingleServingPassword(srpVerifierData.toString(), i2, true, createXMLSingleServingPasswort));
            }
            try {
                UserManagementFileOffline.this.saveXMLFile();
                return i;
            } catch (Exception e) {
                throw new ConfigurationTaskException(e);
            }
        }

        public void clearSingleServingPasswords() throws TransformerException, IOException {
            while (this._xmlObject.hasChildNodes()) {
                this._xmlObject.removeChild(this._xmlObject.getFirstChild());
            }
            UserManagementFileOffline.this.saveXMLFile();
            this._usableSingleServingPasswords.clear();
            this._greatestSingleServingPasswordIndex = -1;
        }

        public String getPassword(int i) {
            if (i == -1) {
                return getPassword();
            }
            Iterator<SingleServingPassword> it = this._usableSingleServingPasswords.iterator();
            while (it.hasNext()) {
                SingleServingPassword next = it.next();
                if (next.getIndex() == i) {
                    return next.getPassword();
                }
            }
            return "";
        }

        public void disableSingleServingPassword(int i) throws ConfigurationTaskException {
            try {
                if (i == -1) {
                    throw new IllegalArgumentException("Das Standard-passwort kann nicht deaktiviert werden");
                }
                Iterator<SingleServingPassword> it = this._usableSingleServingPasswords.iterator();
                while (it.hasNext()) {
                    SingleServingPassword next = it.next();
                    if (next.getIndex() == i) {
                        next.setPasswortInvalid();
                        it.remove();
                        return;
                    }
                }
                throw new IllegalArgumentException("Angegebener Passwort-Index ist nicht am Benutzer " + this._username + " vorhanden: " + i);
            } catch (Exception e) {
                throw new ConfigurationTaskException(e);
            }
        }

        public LinkedList<SingleServingPassword> getUsableSingleServingPasswords() {
            return this._usableSingleServingPasswords;
        }
    }

    public UserManagementFileOffline(File file) throws ParserConfigurationException {
        this._lockAuthenticationFile = new FileLock(file);
        try {
            this._lockAuthenticationFile.lock();
            try {
                this._xmlFile = file.getCanonicalFile();
                DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
                newInstance.setNamespaceAware(true);
                newInstance.setValidating(true);
                newInstance.setAttribute("http://xml.org/sax/features/validation", Boolean.TRUE);
                DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
                try {
                    newDocumentBuilder.setEntityResolver(new ConfigAuthenticationEntityResolver());
                    this._xmlDocument = newDocumentBuilder.parse(this._xmlFile);
                    readUserAccounts();
                } catch (Exception e) {
                    throw new RuntimeException("Die Benutzerdaten der Konfiguration konnten nicht eingelesen werden: " + this._xmlFile.toString(), e);
                }
            } catch (IOException e2) {
                throw new IllegalArgumentException(e2);
            }
        } catch (IOException e3) {
            throw new RuntimeException("IOException beim Versuch die lock-Datei zu schreiben. Datei, die gesichert werden sollte " + file.getAbsolutePath(), e3);
        }
    }

    private void readUserAccounts() {
        NodeList elementsByTagName = this._xmlDocument.getDocumentElement().getElementsByTagName("benutzeridentifikation");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element = (Element) elementsByTagName.item(i);
            String attribute = element.getAttribute("name");
            String attribute2 = element.getAttribute("passwort");
            boolean equals = element.getAttribute("admin").toLowerCase().equals("ja");
            ArrayList arrayList = new ArrayList();
            NodeList elementsByTagName2 = element.getElementsByTagName("autorisierungspasswort");
            for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                Element element2 = (Element) elementsByTagName2.item(i2);
                arrayList.add(new SingleServingPassword(element2.getAttribute("passwort"), Integer.parseInt(element2.getAttribute("passwortindex")), element2.getAttribute("gueltig").toLowerCase().equals("ja"), element2));
            }
            UserAccount userAccount = new UserAccount(attribute, attribute2, equals, arrayList, element);
            this._userAccounts.put(userAccount.getUsername(), userAccount);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public Set<String> getUsers() {
        return this._userAccounts.keySet();
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public boolean isUserAdmin(String str) throws ConfigurationTaskException {
        if (this._userAccounts.containsKey(str)) {
            return this._userAccounts.get(str).isAdmin();
        }
        throw new ConfigurationTaskException("Unbekannter Benutzer");
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void setUserAdmin(String str, boolean z) throws ConfigurationTaskException {
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        try {
            this._userAccounts.get(str).setAdminRights(z);
        } catch (Exception e) {
            throw new ConfigurationTaskException(e);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public ClientCredentials setUserPassword(String str, char[] cArr) throws ConfigurationTaskException {
        SrpVerifierData createVerifier = SrpClientAuthentication.createVerifier(getCryptoParameters(), str, ClientCredentials.ofPassword(cArr));
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        try {
            this._userAccounts.get(str).setPassword(createVerifier.toString());
            try {
                return SrpClientAuthentication.createLoginToken(createVerifier, str, cArr);
            } catch (InconsistentLoginException e) {
                throw new IllegalStateException(e);
            }
        } catch (Exception e2) {
            throw new ConfigurationTaskException(e2);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public ClientCredentials setUserNameAndPassword(String str, String str2, char[] cArr) throws ConfigurationTaskException {
        SrpVerifierData createVerifier = SrpClientAuthentication.createVerifier(getCryptoParameters(), str2, ClientCredentials.ofPassword(cArr));
        UserAccount remove = this._userAccounts.remove(str);
        if (remove == null) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        createUser(str2, createVerifier, remove.isAdmin());
        try {
            return SrpClientAuthentication.createLoginToken(createVerifier, str, cArr);
        } catch (InconsistentLoginException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public ClientCredentials setRandomToken(String str) throws ConfigurationTaskException {
        ClientCredentials createRandomToken = SrpClientAuthentication.createRandomToken(getCryptoParameters());
        SrpVerifierData createVerifier = SrpClientAuthentication.createVerifier(getCryptoParameters(), str, createRandomToken);
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        try {
            this._userAccounts.get(str).setPassword(createVerifier.toString());
            return createRandomToken;
        } catch (Exception e) {
            throw new ConfigurationTaskException(e);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void createUser(String str, ClientCredentials clientCredentials, boolean z, ConsoleInterface consoleInterface) throws ConfigurationTaskException {
        createUser(str, clientCredentials, z);
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void createUser(String str, ClientCredentials clientCredentials, boolean z, String str2, String str3) throws ConfigurationTaskException {
        createUser(str, clientCredentials, z);
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void createUser(String str, ClientCredentials clientCredentials, boolean z) throws ConfigurationTaskException {
        createUser(str, SrpClientAuthentication.createVerifier(getCryptoParameters(), str, clientCredentials), z);
    }

    private void createUser(String str, SrpVerifierData srpVerifierData, boolean z) throws ConfigurationTaskException {
        if (this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Der Benutzername ist bereits vergeben");
        }
        try {
            createUserXML(str, srpVerifierData.toString(), z);
        } catch (Exception e) {
            throw new ConfigurationTaskException(e);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void deleteUser(String str) throws ConfigurationTaskException {
        try {
            deleteUserXML(str);
        } catch (Exception e) {
            throw new ConfigurationTaskException(e);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public Map<Integer, String> createOneTimePasswords(String str, Collection<? extends String> collection) throws ConfigurationTaskException {
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        int createNewSingleServingPasswords = this._userAccounts.get(str).createNewSingleServingPasswords((List) collection.stream().map(str2 -> {
            return SrpClientAuthentication.createVerifier(getCryptoParameters(), str, ClientCredentials.ofString(str2));
        }).collect(Collectors.toList()));
        TreeMap treeMap = new TreeMap();
        int i = 0;
        Iterator<? extends String> it = collection.iterator();
        while (it.hasNext()) {
            treeMap.put(Integer.valueOf(createNewSingleServingPasswords + i), it.next());
            i++;
        }
        return treeMap;
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void clearOneTimePasswords(String str) throws ConfigurationTaskException {
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        try {
            this._userAccounts.get(str).clearSingleServingPasswords();
        } catch (Exception e) {
            throw new ConfigurationChangeException("Konnte Einmalpasswörter nicht löschen", e);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public int[] getOneTimePasswordIDs(String str) throws ConfigurationTaskException {
        if (this._userAccounts.containsKey(str)) {
            return this._userAccounts.get(str).getUsableSingleServingPasswords().stream().mapToInt((v0) -> {
                return v0.getIndex();
            }).toArray();
        }
        throw new IllegalArgumentException("Benutzername/Passwort ist falsch");
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void disableOneTimePassword(String str, int i) throws ConfigurationTaskException {
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        this._userAccounts.get(str).disableSingleServingPassword(i);
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public String getDavPid() {
        return "<Lokale Datenverteiler-Pid>";
    }

    public void close() throws IOException {
        try {
            try {
                saveXMLFile();
            } catch (IOException | TransformerException e) {
                throw new IOException("Fehler beim Speichern der Benutzerdateien, es wird weiter versucht weitere Daten zu sichern", e);
            }
        } finally {
            this._lockAuthenticationFile.unlock();
        }
    }

    public String toString() {
        return this._xmlFile.toString();
    }

    private void createUserXML(String str, String str2, boolean z) throws IOException, TransformerException {
        Element createXMLUserAccount = createXMLUserAccount(str, str2, z ? "ja" : "nein");
        UserAccount userAccount = new UserAccount(str, str2, z, new ArrayList(), createXMLUserAccount);
        this._xmlDocument.getDocumentElement().appendChild(createXMLUserAccount);
        saveXMLFile();
        this._userAccounts.put(userAccount.getUsername(), userAccount);
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public SrpVerifierAndUser getVerifier(String str, int i) {
        UserAccount userAccount = this._userAccounts.get(str);
        if (userAccount == null) {
            return new SrpVerifierAndUser(UserLogin.systemUser(), fakeVerifier(str, secretHash(str, i), ClientCredentials.ofString(_secretToken)), false);
        }
        try {
            return new SrpVerifierAndUser(UserLogin.systemUser(), new SrpVerifierData(userAccount.getPassword(i)), false);
        } catch (IllegalArgumentException e) {
            ClientCredentials ofString = ClientCredentials.ofString(userAccount.getPassword(i));
            return ofString != null ? new SrpVerifierAndUser(UserLogin.systemUser(), fakeVerifier(str, secretHash(str, i), ofString), true) : new SrpVerifierAndUser(UserLogin.systemUser(), fakeVerifier(str, secretHash(str, i), ClientCredentials.ofString(_secretToken)), false);
        }
    }

    @Override // de.bsvrz.dav.daf.userManagement.UserManagementFileInterface
    public void setVerifier(String str, SrpVerifierData srpVerifierData) throws ConfigurationTaskException {
        if (!this._userAccounts.containsKey(str)) {
            throw new ConfigurationTaskException("Unbekannter Benutzer");
        }
        try {
            this._userAccounts.get(str).setPassword(srpVerifierData.toString());
        } catch (Exception e) {
            throw new ConfigurationTaskException(e);
        }
    }

    private SrpVerifierData fakeVerifier(String str, byte[] bArr, ClientCredentials clientCredentials) {
        return SrpClientAuthentication.createVerifier(getCryptoParameters(), str, clientCredentials, bArr);
    }

    private byte[] secretHash(String str, int i) {
        return SrpUtilities.generatePredictableSalt(getCryptoParameters(), (str + _secretToken + i).getBytes(StandardCharsets.UTF_8));
    }

    private SrpCryptoParameter getCryptoParameters() {
        return SrpCryptoParameter.getDefaultInstance();
    }

    private void deleteUserXML(String str) throws TransformerException, IOException {
        Node namedItem;
        try {
            NodeList childNodes = this._xmlDocument.getDocumentElement().getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item.hasAttributes() && (namedItem = item.getAttributes().getNamedItem("name")) != null && namedItem.getNodeValue().equals(str)) {
                    this._xmlDocument.getDocumentElement().removeChild(item);
                    saveXMLFile();
                    this._userAccounts.keySet().remove(str);
                    return;
                }
            }
        } finally {
            this._userAccounts.keySet().remove(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveXMLFile() throws TransformerException, IOException {
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("encoding", "ISO-8859-1");
        newTransformer.setOutputProperty("indent", "yes");
        newTransformer.setOutputProperty("standalone", "no");
        String str = null;
        String str2 = null;
        if (this._xmlDocument.getDoctype() != null) {
            str = this._xmlDocument.getDoctype().getPublicId();
            str2 = this._xmlDocument.getDoctype().getSystemId();
        }
        if (str != null) {
            newTransformer.setOutputProperty("doctype-public", str);
        } else {
            newTransformer.setOutputProperty("doctype-public", "-//K2S//DTD Authentifizierung//DE");
        }
        if (str2 != null) {
            newTransformer.setOutputProperty("doctype-system", str2);
        } else {
            newTransformer.setOutputProperty("doctype-system", "authentication.dtd");
        }
        DOMSource dOMSource = new DOMSource(this._xmlDocument);
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(this._xmlFile));
        try {
            newTransformer.transform(dOMSource, new StreamResult(bufferedOutputStream));
            bufferedOutputStream.close();
        } catch (Throwable th) {
            try {
                bufferedOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Element createXMLSingleServingPasswort(String str, int i) {
        Element createElement = this._xmlDocument.createElement("autorisierungspasswort");
        createElement.setAttribute("passwort", str);
        createElement.setAttribute("passwortindex", String.valueOf(i));
        createElement.setAttribute("gueltig", "ja");
        return createElement;
    }

    private Element createXMLUserAccount(String str, String str2, String str3) {
        Element createElement = this._xmlDocument.createElement("benutzeridentifikation");
        createElement.setAttribute("name", str);
        createElement.setAttribute("passwort", str2);
        createElement.setAttribute("admin", str3);
        return createElement;
    }
}
