package org.artifactory.storage.db.security.service.access;

import java.util.Arrays;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.artifactory.api.security.UserInfoBuilder;
import org.artifactory.common.home.ArtifactoryHome;
import org.artifactory.factory.InfoFactoryHolder;
import org.artifactory.model.xstream.security.UserProperty;
import org.artifactory.security.MutableUserInfo;
import org.artifactory.security.SaltedPassword;
import org.artifactory.security.UserGroupInfo;
import org.artifactory.security.UserInfo;
import org.jfrog.access.model.Realm;
import org.jfrog.access.model.UserStatus;
import org.jfrog.access.rest.imports.ImportUserRequest;
import org.jfrog.access.rest.user.CustomDataBuilder;
import org.jfrog.access.rest.user.UpdateUserRequest;
import org.jfrog.access.rest.user.User;
import org.jfrog.access.rest.user.UserBase;
import org.jfrog.access.rest.user.UserRequest;
import org.jfrog.access.rest.user.UserWithGroups;
import org.jfrog.common.ClockUtils;
import org.jfrog.security.crypto.DecodedKeyPair;
import org.jfrog.security.crypto.EncodedKeyPair;
import org.jfrog.security.crypto.EncryptionWrapper;
import org.jfrog.security.crypto.result.DecryptionStatusHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/artifactory/storage/db/security/service/access/UserMapper.class */
public class UserMapper {
    private static final Logger log = LoggerFactory.getLogger(UserMapper.class);

    /* loaded from: input_file:org/artifactory/storage/db/security/service/access/UserMapper$ArtifactoryBuiltInUserProperty.class */
    public enum ArtifactoryBuiltInUserProperty {
        artifactory_admin(false),
        policy_manager(false),
        watch_manager(false),
        private_key(true),
        public_key(true),
        gen_password_key(true),
        updatable_profile(false),
        bintray_auth(true),
        disabled_password(false);

        private boolean sensitive;

        ArtifactoryBuiltInUserProperty(boolean z) {
            this.sensitive = z;
        }

        public static boolean contains(String str) {
            return Arrays.stream(values()).anyMatch(artifactoryBuiltInUserProperty -> {
                return artifactoryBuiltInUserProperty.name().equals(str);
            });
        }

        public boolean isSensitive() {
            return this.sensitive;
        }
    }

    public static boolean isFieldSensitive(String str) {
        return ((Boolean) Arrays.stream(ArtifactoryBuiltInUserProperty.values()).filter(artifactoryBuiltInUserProperty -> {
            return artifactoryBuiltInUserProperty.name().equals(str);
        }).findFirst().map((v0) -> {
            return v0.isSensitive();
        }).orElse(true)).booleanValue();
    }

    @Nonnull
    public static MutableUserInfo toArtifactoryUser(@Nonnull UserBase userBase) {
        UserInfoBuilder realm = new UserInfoBuilder(userBase.getUsername()).email(userBase.getEmail()).admin(userBase.getBooleanCustomData(ArtifactoryBuiltInUserProperty.artifactory_admin.name())).policyManager(userBase.getBooleanCustomData(ArtifactoryBuiltInUserProperty.policy_manager.name())).watchManager(userBase.getBooleanCustomData(ArtifactoryBuiltInUserProperty.watch_manager.name())).privateKey(userBase.getCustomData(ArtifactoryBuiltInUserProperty.private_key.name())).publicKey(userBase.getCustomData(ArtifactoryBuiltInUserProperty.public_key.name())).updatableProfile(userBase.getBooleanCustomData(ArtifactoryBuiltInUserProperty.updatable_profile.name())).bintrayAuth(userBase.getCustomData(ArtifactoryBuiltInUserProperty.bintray_auth.name())).lastLogin(userBase.getLastLoginTime(), userBase.getLastLoginIp()).credentialsExpired(userBase.isPasswordExpired()).genPasswordKey(userBase.getCustomData(ArtifactoryBuiltInUserProperty.gen_password_key.name())).groups(groupsFromUser(userBase)).groupAdmin(isGroupAdmin(userBase)).passwordDisabled(userBase.getBooleanCustomData(ArtifactoryBuiltInUserProperty.disabled_password.name())).password(new SaltedPassword(userBase.getPasswordHash(), (String) null)).locked(UserStatus.LOCKED.equals(userBase.getStatus())).realm(GroupMapper.fromAccessRealm(userBase.getRealm()));
        Stream map = userBase.getCustomData().entrySet().stream().filter(entry -> {
            return !ArtifactoryBuiltInUserProperty.contains((String) entry.getKey());
        }).filter(entry2 -> {
            return !UserPropertiesSearchHelper.isSearchableHelperProperty(userBase, (String) entry2.getKey());
        }).map(entry3 -> {
            return new UserProperty((String) entry3.getKey(), (String) entry3.getValue());
        });
        Objects.requireNonNull(realm);
        map.forEach((v1) -> {
            r1.addProp(v1);
        });
        return realm.build();
    }

    private static Set<UserGroupInfo> groupsFromUser(UserBase userBase) {
        return (Set) Stream.of(userBase).flatMap(UserMapper::getUserGroups).map(pair -> {
            return InfoFactoryHolder.get().createUserGroup((String) pair.getLeft(), GroupMapper.fromAccessRealm((Realm) pair.getRight()));
        }).collect(Collectors.toSet());
    }

    private static Stream<Pair<String, Realm>> getUserGroups(UserBase userBase) {
        if (userBase instanceof User) {
            return ((User) userBase).getGroups().stream().map(str -> {
                return Pair.of(str, Realm.INTERNAL);
            });
        }
        if (userBase instanceof UserWithGroups) {
            return ((UserWithGroups) userBase).getGroups().stream().map(groupResponse -> {
                return Pair.of(groupResponse.getName(), groupResponse.getRealm());
            });
        }
        throw new IllegalArgumentException(userBase.getClass().getCanonicalName() + " is not a supported child of " + UserBase.class.getCanonicalName());
    }

    private static Boolean isGroupAdmin(UserBase userBase) {
        if (userBase instanceof UserWithGroups) {
            return Boolean.valueOf(((UserWithGroups) userBase).getGroups().stream().map((v0) -> {
                return GroupMapper.toArtifactoryGroup(v0);
            }).anyMatch((v0) -> {
                return v0.isAdminPrivileges();
            }));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static UpdateUserRequest toUpdateUserRequest(MutableUserInfo mutableUserInfo, boolean z) {
        return toAccessUser(UpdateUserRequest.create(), mutableUserInfo, z).passwordExpired(Boolean.valueOf(mutableUserInfo.isCredentialsExpired()));
    }

    @Nonnull
    public static UserRequest toAccessUser(@Nonnull UserInfo userInfo, boolean z) {
        return toAccessUser(UserRequest.create(), userInfo, z);
    }

    @Nonnull
    private static <T extends UserRequest> T toAccessUser(T t, @Nonnull UserInfo userInfo, boolean z) {
        t.username(userInfo.getUsername()).email(userInfo.getEmail()).realm(GroupMapper.toAccessRealm(userInfo.getRealm())).status(toAccessStatus(userInfo)).groups((Set) userInfo.getGroups().stream().map((v0) -> {
            return v0.getGroupName();
        }).collect(Collectors.toSet()));
        addCustomData((CustomDataBuilder) t, userInfo, z);
        if (!isUpdate(t)) {
            t.password(userInfo.getPassword());
        } else if (userInfo.getPassword() != null) {
            t.password(userInfo.getPassword());
        }
        return t;
    }

    @Nonnull
    public static ImportUserRequest toFullAccessUser(@Nonnull UserInfo userInfo) {
        ImportUserRequest.Builder groups = ImportUserRequest.builder().username(userInfo.getUsername()).password(userInfo.getPassword()).email(userInfo.getEmail()).realm(GroupMapper.toAccessRealm(userInfo.getRealm())).status(toAccessStatus(userInfo)).created(ClockUtils.epochMillis()).modified(ClockUtils.epochMillis()).lastLoginTime(userInfo.getLastLoginTimeMillis()).lastLoginIp(userInfo.getLastLoginClientIp()).statusLastModified(ClockUtils.epochMillis()).passwordLastModified(userInfo.isCredentialsExpired() ? 0L : getPasswordCreated(userInfo)).groups(toUserGroups(userInfo.getGroups()));
        addCustomData((CustomDataBuilder) groups, userInfo, true);
        return groups.build();
    }

    private static long getPasswordCreated(UserInfo userInfo) {
        return ((Long) userInfo.getUserProperty("passwordCreated").filter(StringUtils::isNumeric).map(Long::parseLong).orElseGet(ClockUtils::epochMillis)).longValue();
    }

    private static UserStatus toAccessStatus(@Nonnull UserInfo userInfo) {
        return userInfo.isEnabled() ? userInfo.isLocked() ? UserStatus.LOCKED : UserStatus.ENABLED : UserStatus.DISABLED;
    }

    private static void addCustomData(CustomDataBuilder customDataBuilder, UserInfo userInfo, boolean z) {
        UserInfo decryptUser = decryptUser(userInfo);
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.artifactory_admin, decryptUser.isAdmin());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.policy_manager, decryptUser.isPolicyManager());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.watch_manager, decryptUser.isWatchManager());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.private_key, decryptUser.getPrivateKey());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.public_key, decryptUser.getPublicKey());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.gen_password_key, decryptUser.getGenPasswordKey());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.updatable_profile, decryptUser.isUpdatableProfile());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.bintray_auth, decryptUser.getBintrayAuth());
        addCustomData(customDataBuilder, ArtifactoryBuiltInUserProperty.disabled_password, decryptUser.isPasswordDisabled());
        if (z) {
            decryptUser.getUserProperties().forEach(userPropertyInfo -> {
                customDataBuilder.addCustomData(userPropertyInfo.getPropKey(), StringUtils.isBlank(userPropertyInfo.getPropValue()) ? null : userPropertyInfo.getPropValue(), true);
            });
            decryptUser.getUserProperties().stream().map(userPropertyInfo2 -> {
                return UserPropertiesSearchHelper.getSearchableProp(userPropertyInfo2.getPropKey(), userPropertyInfo2.getPropValue());
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).forEach(pair -> {
                customDataBuilder.addCustomData((String) pair.getKey(), (String) pair.getValue(), false);
            });
        }
    }

    private static UserInfo decryptUser(UserInfo userInfo) {
        return UserPropertiesSearchHelper.decryptUserProperties(decryptKeys(userInfo));
    }

    private static UserInfo decryptKeys(UserInfo userInfo) {
        if (userInfo.getPrivateKey() != null && userInfo.getPublicKey() != null) {
            EncodedKeyPair encodedKeyPair = new EncodedKeyPair(userInfo.getPrivateKey(), userInfo.getPublicKey());
            try {
                encodedKeyPair.decode((EncryptionWrapper) null, new DecryptionStatusHolder());
            } catch (Exception e) {
                if (ArtifactoryHome.get().getArtifactoryEncryptionWrapper() != null) {
                    log.trace("Keypair is not in the expected format. reformatting", e);
                    return firstFallbackOldArtifactoryFormat(userInfo, encodedKeyPair);
                }
            }
        }
        return userInfo;
    }

    private static UserInfo firstFallbackOldArtifactoryFormat(UserInfo userInfo, EncodedKeyPair encodedKeyPair) {
        try {
            EncodedKeyPair saveEncodedKeyPair = encodedKeyPair.toSaveEncodedKeyPair(ArtifactoryHome.get().getArtifactoryEncryptionWrapper());
            if (saveEncodedKeyPair != null) {
                return reencodeUser(userInfo, saveEncodedKeyPair.decode(ArtifactoryHome.get().getArtifactoryEncryptionWrapper(), new DecryptionStatusHolder()));
            }
        } catch (Exception e) {
            log.trace("Artifactory old format converting failed", e);
        }
        return secondFallbackArtifactoryAESFormat(userInfo, encodedKeyPair);
    }

    private static UserInfo secondFallbackArtifactoryAESFormat(UserInfo userInfo, EncodedKeyPair encodedKeyPair) {
        try {
            return reencodeUser(userInfo, encodedKeyPair.decode(ArtifactoryHome.get().getArtifactoryEncryptionWrapper(), new DecryptionStatusHolder()));
        } catch (Exception e) {
            log.trace("Last fallback failed");
            return userInfo;
        }
    }

    private static UserInfo reencodeUser(UserInfo userInfo, DecodedKeyPair decodedKeyPair) {
        EncodedKeyPair encodedKeyPair = new EncodedKeyPair(decodedKeyPair, (EncryptionWrapper) null);
        MutableUserInfo copyUser = InfoFactoryHolder.get().copyUser(userInfo);
        copyUser.setPrivateKey(encodedKeyPair.getEncodedPrivateKey());
        copyUser.setPublicKey(encodedKeyPair.getEncodedPublicKey());
        return copyUser;
    }

    private static void addCustomData(CustomDataBuilder customDataBuilder, ArtifactoryBuiltInUserProperty artifactoryBuiltInUserProperty, boolean z) {
        if (z || isUpdate(customDataBuilder)) {
            customDataBuilder.addCustomData(artifactoryBuiltInUserProperty.name(), z ? "true" : null, artifactoryBuiltInUserProperty.sensitive);
        }
    }

    private static void addCustomData(CustomDataBuilder customDataBuilder, ArtifactoryBuiltInUserProperty artifactoryBuiltInUserProperty, String str) {
        if (!StringUtils.isBlank(str)) {
            customDataBuilder.addCustomData(artifactoryBuiltInUserProperty.name(), str, artifactoryBuiltInUserProperty.sensitive);
        } else if (isUpdate(customDataBuilder)) {
            customDataBuilder.addCustomData(artifactoryBuiltInUserProperty.name(), (String) null, false);
        }
    }

    private static Set<ImportUserRequest.UserGroup> toUserGroups(Set<UserGroupInfo> set) {
        return (Set) set.stream().map(userGroupInfo -> {
            return new ImportUserRequest.UserGroup(userGroupInfo.getGroupName(), GroupMapper.toAccessRealm(userGroupInfo.getRealm()));
        }).collect(Collectors.toSet());
    }

    private static boolean isUpdate(Object obj) {
        return obj instanceof UpdateUserRequest;
    }
}
