package tigase.http.modules.dashboard;

import com.google.zxing.BarcodeFormat;
import com.google.zxing.EncodeHintType;
import com.google.zxing.WriterException;
import com.google.zxing.client.j2se.MatrixToImageConfig;
import com.google.zxing.client.j2se.MatrixToImageWriter;
import com.google.zxing.common.BitMatrix;
import com.google.zxing.qrcode.QRCodeWriter;
import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriInfo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.System;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotEmpty;
import tigase.auth.credentials.entries.XTokenCredentialsEntry;
import tigase.dashboard.users.JteindexGenerated;
import tigase.db.AuthRepository;
import tigase.db.TigaseDBException;
import tigase.db.UserExistsException;
import tigase.db.UserRepository;
import tigase.db.services.AccountExpirationService;
import tigase.eventbus.EventBus;
import tigase.http.jaxrs.Handler;
import tigase.http.jaxrs.Model;
import tigase.http.jaxrs.Page;
import tigase.http.jaxrs.Pageable;
import tigase.http.jaxrs.SecurityContextHolder;
import tigase.http.jaxrs.annotations.JidLocalpart;
import tigase.http.util.StaticFileServlet;
import tigase.kernel.beans.Bean;
import tigase.kernel.beans.Inject;
import tigase.server.xmppsession.DisconnectUserEBAction;
import tigase.util.Base64;
import tigase.util.stringprep.TigaseStringprepException;
import tigase.vhosts.VHostManager;
import tigase.xmpp.StreamError;
import tigase.xmpp.jid.BareJID;

@Bean(name = "users", parent = DashboardModule.class, active = true)
@Path("/users")
/* loaded from: input_file:tigase/http/modules/dashboard/UsersHandler.class */
public class UsersHandler extends DashboardHandler {

    @Inject
    private AuthRepository authRepository;

    @Inject
    private UserRepository userRepository;

    @Inject
    private VHostManager vHostManager;

    @Inject
    private EventBus eventBus;

    @Inject(nullAllowed = true)
    private DashboardModule dashboardModule;

    @Inject(nullAllowed = true)
    private AccountExpirationService accountExpirationService;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$tigase$db$AuthRepository$AccountStatus;
    private final SecureRandom secureRandom = new SecureRandom();
    System.Logger logger = System.getLogger(UsersHandler.class.getName());

    /* loaded from: input_file:tigase/http/modules/dashboard/UsersHandler$QRCode.class */
    public static class QRCode {
        private final String token;
        private final String png;

        public QRCode(String str, String str2) {
            this.token = str;
            this.png = str2;
        }

        public String getToken() {
            return this.token;
        }

        public String getPng() {
            return this.png;
        }
    }

    /* loaded from: input_file:tigase/http/modules/dashboard/UsersHandler$User.class */
    public static final class User extends Record {
        private final BareJID jid;
        private final AuthRepository.AccountStatus accountStatus;
        private final List<UserRole> roles;
        private final boolean canManageUser;

        public User(BareJID bareJID, AuthRepository.AccountStatus accountStatus, List<UserRole> list, boolean z) {
            this.jid = bareJID;
            this.accountStatus = accountStatus;
            this.roles = list;
            this.canManageUser = z;
        }

        public boolean hasRole(UserRole userRole) {
            return this.roles.stream().anyMatch(userRole2 -> {
                return userRole2.id.equals(userRole.id);
            });
        }

        public BareJID jid() {
            return this.jid;
        }

        public AuthRepository.AccountStatus accountStatus() {
            return this.accountStatus;
        }

        public List<UserRole> roles() {
            return this.roles;
        }

        public boolean canManageUser() {
            return this.canManageUser;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, User.class), User.class, "jid;accountStatus;roles;canManageUser", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->jid:Ltigase/xmpp/jid/BareJID;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->accountStatus:Ltigase/db/AuthRepository$AccountStatus;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->roles:Ljava/util/List;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->canManageUser:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, User.class), User.class, "jid;accountStatus;roles;canManageUser", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->jid:Ltigase/xmpp/jid/BareJID;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->accountStatus:Ltigase/db/AuthRepository$AccountStatus;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->roles:Ljava/util/List;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->canManageUser:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, User.class, Object.class), User.class, "jid;accountStatus;roles;canManageUser", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->jid:Ltigase/xmpp/jid/BareJID;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->accountStatus:Ltigase/db/AuthRepository$AccountStatus;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->roles:Ljava/util/List;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$User;->canManageUser:Z").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    /* loaded from: input_file:tigase/http/modules/dashboard/UsersHandler$UserRole.class */
    public static final class UserRole extends Record {
        private final String id;
        private final String label;

        public UserRole(String str, String str2) {
            this.id = str;
            this.label = str2;
        }

        public String id() {
            return this.id;
        }

        public String label() {
            return this.label;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, UserRole.class), UserRole.class, "id;label", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$UserRole;->id:Ljava/lang/String;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$UserRole;->label:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, UserRole.class), UserRole.class, "id;label", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$UserRole;->id:Ljava/lang/String;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$UserRole;->label:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, UserRole.class, Object.class), UserRole.class, "id;label", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$UserRole;->id:Ljava/lang/String;", "FIELD:Ltigase/http/modules/dashboard/UsersHandler$UserRole;->label:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    @Override // tigase.http.jaxrs.Handler
    public Handler.Role getRequiredRole() {
        return Handler.Role.User;
    }

    @Produces({"text/html"})
    @RolesAllowed({"admin", "account_manager"})
    @GET
    @Path("")
    public Response index(@QueryParam("query") String str, Pageable pageable, Model model) throws TigaseDBException {
        List list = this.vHostManager.getAllVHosts().stream().map((v0) -> {
            return v0.getDomain();
        }).filter(str2 -> {
            return !"default".equals(str2);
        }).sorted().toList();
        HashSet hashSet = new HashSet(list);
        List list2 = this.userRepository.getUsers().stream().filter(bareJID -> {
            return bareJID.getLocalpart() != null;
        }).filter(bareJID2 -> {
            return hashSet.contains(bareJID2.getDomain());
        }).filter(bareJID3 -> {
            return str == null || bareJID3.toString().contains(str);
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getLocalpart();
        }).thenComparing((v0) -> {
            return v0.getDomain();
        })).toList();
        List list3 = list2.stream().skip(pageable.offset()).limit(pageable.pageSize()).map(bareJID4 -> {
            try {
                return new User(bareJID4, this.authRepository.getAccountStatus(bareJID4), getUserRoles(bareJID4), canManageUser(bareJID4));
            } catch (TigaseDBException e) {
                throw new RuntimeException((Throwable) e);
            }
        }).toList();
        model.put("query", str);
        model.put("users", new Page(pageable, list2.size(), list3));
        model.put("domains", list);
        model.put("allRoles", getAllRoles());
        model.put("accountExpirationService", this.accountExpirationService);
        model.put("isXTokenActive", Boolean.valueOf(this.authRepository.isMechanismSupported("default", "XTOKEN-HMAC-SHA-256")));
        return Response.ok(renderTemplate(JteindexGenerated.JTE_NAME, model), "text/html").build();
    }

    private List<UserRole> getAllRoles() {
        return mapRoleIdsToUserRoles(List.of("account_manager"));
    }

    private List<UserRole> getUserRoles(BareJID bareJID) throws TigaseDBException {
        return mapRoleIdsToUserRoles(getUserRolesIds(bareJID));
    }

    private List<UserRole> mapRoleIdsToUserRoles(List<String> list) {
        return list.stream().map(str -> {
            String str;
            switch (str.hashCode()) {
                case -385236069:
                    if (str.equals("account_manager")) {
                        str = "Account Manager";
                        break;
                    }
                    str = (String) Arrays.stream(str.split("_")).map(str2 -> {
                        return str2.substring(0, 1).toUpperCase() + str2.substring(1);
                    }).collect(Collectors.joining(" "));
                    break;
                case 3599307:
                    if (str.equals("user")) {
                        str = "User";
                        break;
                    }
                    str = (String) Arrays.stream(str.split("_")).map(str22 -> {
                        return str22.substring(0, 1).toUpperCase() + str22.substring(1);
                    }).collect(Collectors.joining(" "));
                    break;
                case 92668751:
                    if (str.equals("admin")) {
                        str = "Administrator";
                        break;
                    }
                    str = (String) Arrays.stream(str.split("_")).map(str222 -> {
                        return str222.substring(0, 1).toUpperCase() + str222.substring(1);
                    }).collect(Collectors.joining(" "));
                    break;
                default:
                    str = (String) Arrays.stream(str.split("_")).map(str2222 -> {
                        return str2222.substring(0, 1).toUpperCase() + str2222.substring(1);
                    }).collect(Collectors.joining(" "));
                    break;
            }
            return new UserRole(str, str);
        }).sorted().toList();
    }

    private List<String> getUserRolesIds(BareJID bareJID) throws TigaseDBException {
        ArrayList arrayList = new ArrayList();
        if (this.dashboardModule.isAdmin(bareJID)) {
            arrayList.add("admin");
        }
        String[] dataList = this.userRepository.getDataList(bareJID, "roles", "roles");
        if (dataList != null) {
            arrayList.addAll(Arrays.asList(dataList));
        }
        return arrayList;
    }

    private boolean canManageUser(BareJID bareJID) {
        try {
            SecurityContext securityContext = SecurityContextHolder.getSecurityContext();
            if (securityContext == null) {
                return false;
            }
            if (securityContext.isUserInRole("admin")) {
                return true;
            }
            if (!securityContext.isUserInRole("account_manager")) {
                return false;
            }
            List<String> userRolesIds = getUserRolesIds(bareJID);
            if (userRolesIds.contains("admin") || userRolesIds.contains("account_manager")) {
                return securityContext.getUserPrincipal().getName().equals(bareJID.toString());
            }
            return true;
        } catch (TigaseDBException unused) {
            return false;
        }
    }

    private void checkModificationPermission(BareJID bareJID) {
        if (!canManageUser(bareJID)) {
            throw new RuntimeException();
        }
    }

    @POST
    @RolesAllowed({"admin", "account_manager"})
    @Path("/create")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response createUser(@JidLocalpart(message = "is not a valid username") @NotEmpty @FormParam("localpart") String str, @NotEmpty @FormParam("domain") String str2, @FormParam("password") String str3, @FormParam("expiration") String str4, UriInfo uriInfo) throws TigaseStringprepException, TigaseDBException {
        if (str.isBlank() || str2.isBlank()) {
            throw new RuntimeException();
        }
        BareJID bareJIDInstance = BareJID.bareJIDInstance(str.toLowerCase(), str2);
        if (this.userRepository.userExists(bareJIDInstance)) {
            throw new RuntimeException("User already exist!");
        }
        if (str3 == null || str3.trim().isBlank()) {
            this.userRepository.addUser(bareJIDInstance);
        } else {
            this.authRepository.addUser(bareJIDInstance, str3);
            this.authRepository.setAccountStatus(bareJIDInstance, AuthRepository.AccountStatus.active);
            try {
                this.userRepository.addUser(bareJIDInstance);
            } catch (UserExistsException unused) {
            }
        }
        validateAndSetExpirationTime(bareJIDInstance, str4);
        return redirectToIndex(uriInfo, bareJIDInstance.toString());
    }

    @POST
    @RolesAllowed({"admin", "account_manager"})
    @Path("/{jid}/delete")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response deleteUser(@NotEmpty @PathParam("jid") BareJID bareJID, UriInfo uriInfo) throws TigaseDBException {
        checkModificationPermission(bareJID);
        this.authRepository.removeUser(bareJID);
        this.eventBus.fire(new DisconnectUserEBAction(bareJID, StreamError.Reset, "Account was deleted"));
        return redirectToIndex(uriInfo);
    }

    @RolesAllowed({"admin", "account_manager"})
    @GET
    @Path("/{jid}/accountStatus/{accountStatus}")
    public Response changeAccountStatus(@NotEmpty @PathParam("jid") BareJID bareJID, @PathParam("accountStatus") AuthRepository.AccountStatus accountStatus, UriInfo uriInfo) throws TigaseDBException {
        checkModificationPermission(bareJID);
        this.authRepository.setAccountStatus(bareJID, accountStatus);
        switch ($SWITCH_TABLE$tigase$db$AuthRepository$AccountStatus()[accountStatus.ordinal()]) {
            case 2:
            case 3:
            case 8:
                logoutUser(bareJID);
                break;
        }
        return redirectToIndex(uriInfo);
    }

    @POST
    @RolesAllowed({"admin", "account_manager"})
    @Path("/{jid}/password")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response changePassword(@NotEmpty @PathParam("jid") BareJID bareJID, @NotBlank @FormParam("password") String str, @NotBlank @FormParam("password-confirm") String str2, UriInfo uriInfo) throws TigaseDBException {
        checkModificationPermission(bareJID);
        if (!str.equals(str2)) {
            throw new RuntimeException("Passwords do not match!");
        }
        this.authRepository.updateCredential(bareJID, "default", str);
        this.authRepository.setAccountStatus(bareJID, AuthRepository.AccountStatus.active);
        logoutUser(bareJID);
        return redirectToIndex(uriInfo);
    }

    @POST
    @RolesAllowed({"admin"})
    @Path("/{jid}/roles")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response updateRoles(@NotEmpty @PathParam("jid") BareJID bareJID, @FormParam("roles") List<String> list, UriInfo uriInfo) throws TigaseDBException {
        this.userRepository.setDataList(bareJID, "roles", "roles", (String[]) Optional.ofNullable(list).map(list2 -> {
            return (String[]) list2.toArray(i -> {
                return new String[i];
            });
        }).orElse(new String[0]));
        return redirectToIndex(uriInfo);
    }

    public static Response redirectToIndex(UriInfo uriInfo) {
        return redirectToIndex(uriInfo, null);
    }

    public static Response redirectToIndex(UriInfo uriInfo, String str) {
        return Response.seeOther(uriInfo.getBaseUriBuilder().path(UsersHandler.class, StaticFileServlet.INDEX_KEY).replaceQueryParam("query", new Object[]{str}).build(new Object[0])).build();
    }

    @Produces({"image/png"})
    @POST
    @RolesAllowed({"admin", "account_manager"})
    @Path("/{jid}/qrCode")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response generateAuthQrCodePng(@NotEmpty @PathParam("jid") BareJID bareJID) throws IOException, WriterException, TigaseDBException {
        checkModificationPermission(bareJID);
        return Response.ok(encodeStringToQRCode(generateAuthQrCodeToken(bareJID)), "image/png").build();
    }

    @Produces({"application/json"})
    @POST
    @RolesAllowed({"admin", "account_manager"})
    @Path("/{jid}/qrCode")
    @Consumes({"application/x-www-form-urlencoded"})
    public QRCode generateAuthQrCodeJson(@NotEmpty @PathParam("jid") BareJID bareJID) throws IOException, WriterException, TigaseDBException {
        checkModificationPermission(bareJID);
        String generateAuthQrCodeToken = generateAuthQrCodeToken(bareJID);
        return new QRCode(generateAuthQrCodeToken, "data:image/png;base64," + Base64.encode(encodeStringToQRCode(generateAuthQrCodeToken)));
    }

    @POST
    @RolesAllowed({"admin", "account_manager"})
    @Path("/{jid}/expiration")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response setAccountExpiration(@NotEmpty @PathParam("jid") BareJID bareJID, @FormParam("expiration") String str, UriInfo uriInfo) throws TigaseDBException {
        checkModificationPermission(bareJID);
        validateAndSetExpirationTime(bareJID, str);
        return redirectToIndex(uriInfo);
    }

    private byte[] encodeStringToQRCode(String str) throws IOException, WriterException {
        BitMatrix encode = new QRCodeWriter().encode(str.toString(), BarcodeFormat.QR_CODE, 300, 300, Map.of(EncodeHintType.CHARACTER_SET, StandardCharsets.UTF_8, EncodeHintType.MARGIN, 0));
        MatrixToImageConfig matrixToImageConfig = new MatrixToImageConfig(-16777216, -1);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        MatrixToImageWriter.writeToStream(encode, "PNG", byteArrayOutputStream, matrixToImageConfig);
        return byteArrayOutputStream.toByteArray();
    }

    private String generateAuthQrCodeToken(BareJID bareJID) throws TigaseDBException {
        byte[] bArr = new byte[32];
        this.secureRandom.nextBytes(bArr);
        byte[] bytes = bareJID.toString().getBytes(StandardCharsets.UTF_8);
        byte[] bArr2 = new byte[bArr.length + 1 + bytes.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(bytes, 0, bArr2, bArr.length + 1, bytes.length);
        String encode = Base64.encode(bArr2);
        this.authRepository.removeCredential(bareJID, "default");
        this.authRepository.updateCredential(bareJID, "default", "XTOKEN-HMAC-SHA-256", new XTokenCredentialsEntry(bArr, true).encoded());
        this.authRepository.setAccountStatus(bareJID, AuthRepository.AccountStatus.active);
        logoutUser(bareJID);
        return encode;
    }

    private void logoutUser(BareJID bareJID) throws TigaseDBException {
        this.eventBus.fire(new DisconnectUserEBAction(bareJID, StreamError.Reset, "Account credentials were changed, please login again with new credentials"));
        this.authRepository.logout(bareJID);
    }

    private void validateAndSetExpirationTime(BareJID bareJID, String str) throws TigaseDBException {
        if (str == null || str.trim().isBlank()) {
            this.accountExpirationService.setUserExpiration(bareJID, 0);
            return;
        }
        try {
            this.accountExpirationService.setUserExpiration(bareJID, Integer.valueOf(str));
        } catch (NumberFormatException unused) {
            this.logger.log(System.Logger.Level.WARNING, "Invalid expiration time: " + str + " for account " + String.valueOf(bareJID));
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$tigase$db$AuthRepository$AccountStatus() {
        int[] iArr = $SWITCH_TABLE$tigase$db$AuthRepository$AccountStatus;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[AuthRepository.AccountStatus.values().length];
        try {
            iArr2[AuthRepository.AccountStatus.active.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.banned.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.disabled.ordinal()] = 2;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.paid.ordinal()] = 7;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.pending.ordinal()] = 4;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.spam.ordinal()] = 8;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.system.ordinal()] = 5;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.undefined_active.ordinal()] = 9;
        } catch (NoSuchFieldError unused8) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.undefined_inactive.ordinal()] = 10;
        } catch (NoSuchFieldError unused9) {
        }
        try {
            iArr2[AuthRepository.AccountStatus.vip.ordinal()] = 6;
        } catch (NoSuchFieldError unused10) {
        }
        $SWITCH_TABLE$tigase$db$AuthRepository$AccountStatus = iArr2;
        return iArr2;
    }
}
