package ch.elexis.data;

import ch.elexis.admin.AbstractAccessControl;
import ch.elexis.core.jdt.NonNull;
import ch.elexis.core.jdt.Nullable;
import ch.elexis.core.model.util.ElexisIdGenerator;
import ch.rgw.tools.PasswordEncryptionService;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:ch/elexis/data/User.class */
public class User extends PersistentObject {
    public static final String TABLENAME = "USER_";
    public static final String USERNAME_ADMINISTRATOR = "Administrator";
    public static final String FLD_IS_ACTIVE = "IS_ACTIVE";
    public static final String FLD_IS_ADMINISTRATOR = "IS_ADMINISTRATOR";
    public static final String FLD_ALLOW_EXTERNAL = "ALLOW_EXTERNAL";
    public static final String FLD_ASSOC_CONTACT = "KONTAKT_ID";
    public static final String FLD_HASHED_PASSWORD = "HASHED_PASSWORD";
    public static final String FLD_SALT = "SALT";
    public static final String FLD_KEYSTORE = "KEYSTORE";
    public static final String FLD_TOTP = "TOTP";
    public static final String FLD_JOINT_ROLES = "Roles";
    private static PasswordEncryptionService pes = new PasswordEncryptionService();

    static {
        addMapping(TABLENAME, PersistentObject.FLD_ID, FLD_IS_ACTIVE, FLD_IS_ADMINISTRATOR, FLD_ASSOC_CONTACT, FLD_HASHED_PASSWORD, FLD_SALT, FLD_KEYSTORE, FLD_TOTP, FLD_ALLOW_EXTERNAL, "Roles=LIST:USER_ID:USER_ROLE_JOINT");
        initTables();
    }

    @Deprecated(forRemoval = true)
    protected static void initTables() {
        if (tableExists(TABLENAME)) {
            return;
        }
        executeDBInitScriptForClass(User.class, null);
        migrateToNewStructure();
    }

    public User() {
    }

    public User(Anwender anwender, String str, String str2) {
        create(str);
        setAssignedContact(anwender);
        setPassword((str2 == null || str2.length() == 0) ? ElexisIdGenerator.generateId() : str2);
        setAssignedRole(Role.load(AbstractAccessControl.USER_GROUP), true);
    }

    protected User(String str) {
        super(str);
    }

    @NonNull
    public static User load(String str) {
        return new User(str);
    }

    @Deprecated(forRemoval = true)
    private static void migrateToNewStructure() {
        User user;
        Role.initTables();
        log.info("Starting migration to new user structure");
        for (Anwender anwender : new Query(Anwender.class).execute()) {
            String str = anwender.get(Kontakt.FLD_NAME3);
            if (str == null || str.length() == 0) {
                log.warn("Username for Anwender " + anwender.getLabel() + " not set. Skipping user creation.");
            } else {
                String str2 = (String) anwender.getExtInfoStoredObjectByKey("UsrPwd");
                boolean z = true;
                if (str2 == null || str2.length() == 0) {
                    str2 = "pass";
                    log.warn("Password for Anwender " + anwender.getLabel() + " is empty, setting 'pass' and deactivating user.");
                    z = false;
                }
                if (str.equals("Administrator")) {
                    user = load("Administrator");
                    user.setAssignedContact(anwender);
                    user.setPassword(str2);
                    log.info("Overriding Administrator password with password from anwender [{}]", anwender.getLabel());
                } else {
                    user = new User(anwender, str, str2);
                }
                user.setActive(z);
                if (anwender.getBoolean(Kontakt.FLD_IS_MANDATOR)) {
                    user.setAssignedRole(Role.load(AbstractAccessControl.ADMIN_GROUP), true);
                    user.setAssignedRole(Role.load("doctor"), true);
                }
                log.info("Migrated anwender [{}] to new user structure with id [{}]", anwender.getLabel(), user.getId());
            }
        }
    }

    public String getTotp() {
        String str = get(FLD_TOTP);
        if (StringUtils.isEmpty(str)) {
            resetTotp();
        }
        return str;
    }

    public boolean verifyTotp(String str) {
        return false;
    }

    public void resetTotp() {
        throw new UnsupportedOperationException();
    }

    public List<Role> getAssignedRoles() {
        return (List) getList(FLD_JOINT_ROLES, false).stream().map(str -> {
            return Role.load(str);
        }).collect(Collectors.toList());
    }

    public void setAssignedRole(Role role, boolean z) {
        List<Role> assignedRoles = getAssignedRoles();
        if (z) {
            if (assignedRoles.contains(role)) {
                return;
            }
            addToList(FLD_JOINT_ROLES, role.getId(), new String[0]);
        } else if (assignedRoles.contains(role)) {
            removeFromList(FLD_JOINT_ROLES, role.getId());
        }
    }

    public boolean verifyPassword(char[] cArr) {
        boolean z = false;
        String[] strArr = get(false, FLD_HASHED_PASSWORD, FLD_SALT);
        try {
            z = pes.authenticate(cArr, strArr[0], strArr[1]);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException | DecoderException e) {
            log.error("Error verifying password", e);
        }
        return z;
    }

    public String getUsername() {
        return get(PersistentObject.FLD_ID);
    }

    public static boolean verifyUsernameNotTaken(String str) {
        Query query = new Query(User.class);
        query.clear(true);
        query.add(PersistentObject.FLD_ID, Query.EQUALS, str);
        return query.execute().size() == 0;
    }

    @Nullable
    public User setUsername(String str) {
        if (!verifyUsernameNotTaken(str)) {
            return null;
        }
        List<Role> assignedRoles = getAssignedRoles();
        assignedRoles.stream().forEachOrdered(role -> {
            setAssignedRole(role, false);
        });
        set(PersistentObject.FLD_ID, str);
        User load = load(str);
        assignedRoles.stream().forEachOrdered(role2 -> {
            load.setAssignedRole(role2, true);
        });
        return load;
    }

    public void setPassword(@NonNull String str) {
        try {
            String generateSaltAsHexString = pes.generateSaltAsHexString();
            set(new String[]{FLD_SALT, FLD_HASHED_PASSWORD}, generateSaltAsHexString, pes.getEncryptedPasswordAsHexString(str, generateSaltAsHexString));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException | DecoderException e) {
            log.error("Error setting password for contact", e);
        }
    }

    public void setAssignedContact(@Nullable Kontakt kontakt) {
        if (kontakt == null) {
            return;
        }
        set(FLD_ASSOC_CONTACT, kontakt.getId());
    }

    @Nullable
    public String getAssignedContactId() {
        return get(FLD_ASSOC_CONTACT);
    }

    public boolean isAdministrator() {
        return getBoolean(FLD_IS_ADMINISTRATOR);
    }

    public void setAdministrator(boolean z) {
        set(FLD_IS_ADMINISTRATOR, ts(Boolean.valueOf(z)));
    }

    @Override // ch.elexis.data.PersistentObject, ch.elexis.core.data.interfaces.IPersistentObject
    public String getLabel() {
        return getUsername();
    }

    @Override // ch.elexis.data.PersistentObject
    protected String getTableName() {
        return TABLENAME;
    }

    @Nullable
    public Anwender getAssignedContact() {
        String assignedContactId = getAssignedContactId();
        if (assignedContactId == null || assignedContactId.length() <= 1) {
            return null;
        }
        return Anwender.load(assignedContactId);
    }

    public boolean isActive() {
        return getBoolean(FLD_IS_ACTIVE);
    }

    public void setActive(boolean z) {
        set(FLD_IS_ACTIVE, ts(Boolean.valueOf(z)));
    }

    @Override // ch.elexis.data.PersistentObject
    public boolean delete() {
        getAssignedRoles().stream().forEachOrdered(role -> {
            setAssignedRole(role, false);
        });
        return super.delete();
    }
}
