package com.appiancorp.suite;

import com.appiancorp.ag.ExtendedUserProfileService;
import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.ag.security.DefaultAuthenticator;
import com.appiancorp.ag.security.PasswordConfig;
import com.appiancorp.ag.security.RandomPasswordGenerator;
import com.appiancorp.ag.security.SaltCreator;
import com.appiancorp.ag.util.Utilities;
import com.appiancorp.common.spring.AbstractSpringContextListener;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.services.ServiceContextFactory;
import com.appiancorp.suite.cfg.AdminSecurityConfiguration;
import com.appiancorp.suiteapi.common.exceptions.AppianException;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserValidationUtils;
import com.google.common.base.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.event.ContextClosedEvent;
import org.springframework.context.event.ContextRefreshedEvent;

/* loaded from: input_file:com/appiancorp/suite/AdminUserLoader.class */
public class AdminUserLoader extends AbstractSpringContextListener {
    private static final Logger LOG = LoggerFactory.getLogger(AdminUserLoader.class);
    private final PasswordProperties passwordProperties;
    private final SaltCreator saltCreator;
    private final ExtendedUserProfileService extendedUserProfileService;
    private final DefaultAuthenticator defaultAuthenticator;
    private final AdminSecurityConfiguration adminSecurityConfiguration;
    private final ExtendedUserService extendedUserService;
    private final boolean isDev;

    public AdminUserLoader(PasswordProperties passwordProperties, SaltCreator saltCreator, ExtendedUserProfileService extendedUserProfileService, DefaultAuthenticator defaultAuthenticator, AdminSecurityConfiguration adminSecurityConfiguration, ExtendedUserService extendedUserService, boolean z) {
        this.passwordProperties = passwordProperties;
        this.saltCreator = saltCreator;
        this.extendedUserProfileService = extendedUserProfileService;
        this.defaultAuthenticator = defaultAuthenticator;
        this.adminSecurityConfiguration = adminSecurityConfiguration;
        this.extendedUserService = extendedUserService;
        this.isDev = z;
    }

    @Override // com.appiancorp.common.spring.AbstractSpringContextListener
    protected void onStart(ContextRefreshedEvent contextRefreshedEvent, boolean z) {
        if (z) {
            new Thread(() -> {
                createAdminUser(this.passwordProperties);
            }).start();
        }
    }

    @Override // com.appiancorp.common.spring.AbstractSpringContextListener
    protected void onStop(ContextClosedEvent contextClosedEvent) {
    }

    protected boolean createAdminUser(PasswordProperties passwordProperties) {
        boolean z;
        if (passwordProperties == null) {
            return false;
        }
        String adminUsername = passwordProperties.getAdminUsername();
        String adminTemporaryPassword = passwordProperties.getAdminTemporaryPassword();
        String adminPermanentPassword = passwordProperties.getAdminPermanentPassword();
        String adminFirstName = passwordProperties.getAdminFirstName();
        String adminLastName = passwordProperties.getAdminLastName();
        String adminEmail = passwordProperties.getAdminEmail();
        if (Strings.isNullOrEmpty(adminTemporaryPassword)) {
            z = !this.isDev;
        } else {
            z = true;
        }
        String str = z ? adminTemporaryPassword : adminPermanentPassword;
        LOG.info("System administrator '{}' will be assigned a non-temporary password.", adminUsername);
        try {
            return createAdminUser(this.saltCreator, adminUsername, adminFirstName, adminLastName, adminEmail, str, Boolean.valueOf(z));
        } catch (AppianRuntimeException e) {
            if (this.isDev && ErrorCode.BOOTSTRAP_SYSTEM_ADMINS_EXIST.equals(e.getErrorCode())) {
                LOG.info("The system administrator specified in passwords.properties already exists. This would be an error on a production site but is lowered to INFO now because the engineering flag is set.");
                return false;
            }
            LOG.error("Could not create system administrator {} from passwords.properties", adminUsername, e);
            return false;
        } catch (Exception e2) {
            LOG.error("Could not create system administrator {} from passwords.properties", adminUsername, e2);
            return false;
        }
    }

    private boolean createAdminUser(SaltCreator saltCreator, String str, String str2, String str3, String str4, String str5, Boolean bool) throws AppianException {
        if (UserValidationUtils.isEmptyField(str)) {
            LOG.debug("No admin username found; nothing to do");
            return false;
        }
        validateInputs(str, str2, str3, str4);
        byte[] validateAndHashPassword = validateAndHashPassword(saltCreator, str5);
        LOG.debug("User metadata is valid; preparing to create user {}", str);
        UserProfile userProfile = new UserProfile();
        userProfile.setUsername(str);
        userProfile.setFirstName(str2);
        userProfile.setLastName(str3);
        userProfile.setEmail(str4);
        userProfile.setUserPassword(validateAndHashPassword);
        userProfile.setTemporaryPassword(bool.booleanValue());
        userProfile.setUserTypeId(UserProfile.USER_TYPE_SYS_ADMIN);
        LOG.debug("Creating user {}", str);
        SpringSecurityContextHelper.runAsAdminWithAppianException(() -> {
            return this.extendedUserProfileService.createUser(userProfile);
        });
        Utilities.userCreationNotifications(str, ServiceContextFactory.getAdministratorServiceContext());
        LOG.info("Created system administrator user \"{}\" as specified in the passwords.properties file", str);
        LOG.info("Checking Administrator user password...");
        if (this.defaultAuthenticator.isPasswordValid("Administrator", "admin".toCharArray())) {
            LOG.info("Default password in use.  Changing Administrator user's password");
            String str6 = new String(new RandomPasswordGenerator(this.adminSecurityConfiguration).generatePassword());
            SpringSecurityContextHelper.runAsAdmin(() -> {
                try {
                    this.extendedUserService.changeUnhashedUserPassword("Administrator", str6.toCharArray(), false);
                    LOG.info("Changed user {} password", str);
                } catch (PrivilegeException e) {
                    LOG.error("Failed to update user {} password", str);
                }
            });
        }
        LOG.info("Created admin user {}", str);
        return true;
    }

    private void validateInputs(String str, String str2, String str3, String str4) {
        SpringSecurityContextHelper.runAsAdmin(() -> {
            if (this.extendedUserService.findActiveSystemAdminsPaging(false, 0, 0, 0, 0).getAvailableItems() > 0) {
                throw new AppianRuntimeException(ErrorCode.BOOTSTRAP_SYSTEM_ADMINS_EXIST, new Object[]{str});
            }
            if (!this.extendedUserService.isUsernameAvailable(str)) {
                throw new AppianRuntimeException(ErrorCode.BOOTSTRAP_EXISTING_USER, new Object[]{str});
            }
        });
        if (!UserValidationUtils.isValidUsername(str)) {
            throw new AppianRuntimeException(ErrorCode.BOOTSTRAP_INVALID_USERNAME, new Object[]{str});
        }
        if (UserValidationUtils.isEmptyField(str2) || !UserValidationUtils.isValidName(str2)) {
            throw new AppianRuntimeException(ErrorCode.BOOTSTRAP_INVALID_FIRST_NAME, new Object[]{str});
        }
        if (UserValidationUtils.isEmptyField(str3) || !UserValidationUtils.isValidName(str3)) {
            throw new AppianRuntimeException(ErrorCode.BOOTSTRAP_INVALID_LAST_NAME, new Object[]{str});
        }
        if (!UserValidationUtils.isValidEmail(str4)) {
            throw new AppianRuntimeException(ErrorCode.BOOTSTRAP_INVALID_EMAIL, new Object[]{str});
        }
    }

    private byte[] validateAndHashPassword(SaltCreator saltCreator, String str) {
        if (str == null || str.trim().isEmpty()) {
            throw new AppianRuntimeException(ErrorCode.BOOTSTRAP_INVALID_PASSWORD, new Object[0]);
        }
        return new PasswordConfig().createCurrentPasswordHasher().hash(str.toCharArray(), saltCreator.getSaltForNewUser());
    }
}
