package com.appiancorp.expr.server.scriptingfunctions;

import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.ag.security.PasswordConfig;
import com.appiancorp.ag.user.ResetPasswordWriter;
import com.appiancorp.ag.user.UserReactivationWriter;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.core.expr.exceptions.ExpressionRuntimeException;
import com.appiancorp.core.expr.fn.ResourceBound;
import com.appiancorp.core.expr.fn.ResourceBoundCategory;
import com.appiancorp.core.util.FluentDictionary;
import com.appiancorp.expr.server.ServerAPI;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.security.auth.saml.SamlSettingsSelector;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.services.spring.ServiceContextProvider;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.AdminSecurityConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suiteapi.common.Constants;
import com.appiancorp.suiteapi.common.ResultPage;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.common.exceptions.UnsupportedRoleException;
import com.appiancorp.suiteapi.common.paging.DataSubset;
import com.appiancorp.suiteapi.common.paging.PagingInfo;
import com.appiancorp.suiteapi.common.paging.SortInfo;
import com.appiancorp.suiteapi.common.paging.TypedValueDataSubset;
import com.appiancorp.suiteapi.expression.annotations.Function;
import com.appiancorp.suiteapi.expression.annotations.HiddenCategory;
import com.appiancorp.suiteapi.expression.annotations.Parameter;
import com.appiancorp.suiteapi.personalization.Group;
import com.appiancorp.suiteapi.personalization.GroupService;
import com.appiancorp.suiteapi.personalization.UserService;
import com.appiancorp.suiteapi.type.Type;
import com.appiancorp.suiteapi.type.TypedValue;
import com.appiancorp.type.AppianTypeLong;
import com.google.common.collect.ImmutableMap;
import java.util.ArrayList;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

@HiddenCategory
@ResourceBound(ResourceBoundCategory.IO)
/* loaded from: input_file:com/appiancorp/expr/server/scriptingfunctions/UserManagementFunctions.class */
public class UserManagementFunctions {
    private static final Logger LOG = Logger.getLogger(UserManagementFunctions.class);
    public static final String MEMBER_KEY = "MEMBER";
    public static final String ADMIN_KEY = "ADMIN";
    private static final Map<String, Integer> groupRoleConverter = ImmutableMap.of(MEMBER_KEY, GroupService.USER_ROLE_MEMBER, ADMIN_KEY, GroupService.USER_ROLE_ADMINISTRATOR);
    private static final Map<String, Integer> groupSortFieldConverter = ImmutableMap.of("name", Group.SORT_BY_GROUP_NAME, "id", Group.SORT_BY_ID);
    private static final Map<Boolean, Integer> groupSortOrderConverter = ImmutableMap.of(true, Constants.SORT_ORDER_ASCENDING, false, Constants.SORT_ORDER_DESCENDING);

    @Function
    public boolean isvalidpasswordforuncreateduser_appian_internal(ServiceContext serviceContext, @Parameter String str, @Parameter String str2) {
        try {
            if (((PasswordConfig) ApplicationContextHolder.getBean(PasswordConfig.class)).createPasswordVerifier(serviceContext).verify(null, str2.toCharArray())) {
                if (!passwordContainsUsername(str, str2)) {
                    return true;
                }
            }
            return false;
        } catch (PrivilegeException e) {
            throw new ExpressionRuntimeException("Could not check password compliance");
        }
    }

    private boolean passwordContainsUsername(String str, String str2) {
        return ((AdminSecurityConfiguration) ApplicationContextHolder.getBean(AdminSecurityConfiguration.class)).passwordCannotContainUsername().booleanValue() && !StringUtils.isBlank(str) && Pattern.compile(Pattern.quote(str), 2).matcher(str2).find();
    }

    private void validatePagingInfo(PagingInfo pagingInfo) {
        if (pagingInfo == null) {
            throw new ExpressionRuntimeException("pagingInfo parameter must be provided");
        }
        if (pagingInfo.getSort() == null || pagingInfo.getSort().size() != 1) {
            throw new ExpressionRuntimeException("pagingInfo parameter must contain exactly one sortInfo");
        }
        if (pagingInfo.getStartIndex() < 1) {
            throw new ExpressionRuntimeException("startIndex is one-indexed and must be >0");
        }
        if (((SortInfo) pagingInfo.getSort().get(0)).getField() == null) {
            throw new ExpressionRuntimeException("pagingInfo's sortInfo must have a sort field");
        }
        if (pagingInfo.getBatchSize() < -1 || pagingInfo.getBatchSize() == 0) {
            throw new ExpressionRuntimeException("batchSize must be -1 or >0");
        }
    }

    @Type(namespace = "http://www.appian.com/ae/types/2009", name = "DataSubset")
    @Function
    public DataSubset<TypedValue, TypedValue> getgroupsforuserbyrole_appian_internal(GroupService groupService, @Parameter String str, @Parameter String str2, @Type(namespace = "http://www.appian.com/ae/types/2009", name = "PagingInfo") @Parameter(required = true) PagingInfo pagingInfo) throws UnsupportedRoleException, PrivilegeException {
        validatePagingInfo(pagingInfo);
        SortInfo sortInfo = (SortInfo) pagingInfo.getSort().get(0);
        if (!groupRoleConverter.containsKey(str2)) {
            throw new ExpressionRuntimeException(str2 + " is not a supported role. Supported roles: " + groupRoleConverter.keySet().toString());
        }
        if (!groupSortFieldConverter.containsKey(sortInfo.getField())) {
            throw new ExpressionRuntimeException(sortInfo.getField() + " is not currently supported. Supported fields: " + groupSortFieldConverter.keySet().toString());
        }
        ResultPage groupsForUserByRolePaging = groupService.getGroupsForUserByRolePaging(str, groupRoleConverter.get(str2), pagingInfo.getStartIndex() - 1, pagingInfo.getBatchSize(), groupSortFieldConverter.get(sortInfo.getField()), groupSortOrderConverter.get(Boolean.valueOf(sortInfo.isAscending())));
        Group[] groupArr = (Group[]) groupsForUserByRolePaging.getResults();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Group group : groupArr) {
            arrayList.add(ServerAPI.valueToTypedValue(FluentDictionary.create().put("id", com.appiancorp.core.expr.portable.Type.INTEGER.valueOf(Integer.valueOf(group.getId().intValue()))).put("name", com.appiancorp.core.expr.portable.Type.STRING.valueOf(group.getGroupName())).put("uuid", com.appiancorp.core.expr.portable.Type.STRING.valueOf(group.getUuid())).toValue()));
            arrayList2.add(new TypedValue(AppianTypeLong.GROUP, group.getId()));
        }
        return new TypedValueDataSubset(pagingInfo.getStartIndex(), pagingInfo.getBatchSize(), pagingInfo.getSort(), (int) groupsForUserByRolePaging.getAvailableItems(), arrayList, arrayList2);
    }

    @Function
    public Long[] getgroupidsforuserbyrole_appian_internal(GroupService groupService, @Parameter String str, @Parameter String str2) {
        try {
            if (str2.equals(MEMBER_KEY)) {
                return groupService.getGroupIdsForUserByRole(str, GroupService.USER_ROLE_MEMBER);
            }
            if (str2.equals(ADMIN_KEY)) {
                return groupService.getGroupIdsForUserByRole(str, GroupService.USER_ROLE_ADMINISTRATOR);
            }
            throw new ExpressionRuntimeException("Role must be either MEMBER or ADMIN");
        } catch (PrivilegeException | InvalidUserException | UnsupportedRoleException e) {
            throw new ExpressionRuntimeException(e);
        }
    }

    @Function
    public UserReactivationWriter userreactivationwriter_appian_internal(UserService userService, SecurityContextProvider securityContextProvider, @Parameter String[] strArr, @Parameter Boolean bool) {
        ensureUserIsSystemAdministrator(securityContextProvider);
        return new UserReactivationWriter(userService, strArr, bool.booleanValue());
    }

    @Function
    public ResetPasswordWriter passwordresetwriter_appian_internal(ExtendedUserService extendedUserService, SecurityContextProvider securityContextProvider, ServiceContextProvider serviceContextProvider, @Parameter String[] strArr) {
        ensureUserIsSystemAdministrator(securityContextProvider);
        return new ResetPasswordWriter(extendedUserService, serviceContextProvider, strArr, (SamlConfiguration) ConfigurationFactory.getConfiguration(SamlConfiguration.class), (SamlSettingsSelector) ApplicationContextHolder.getBean(SamlSettingsSelector.class));
    }

    @Function
    public int getUserAccountLimit_appian_internal() {
        return ((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getUserAccountLimit();
    }

    @Function
    public boolean isUserLocked_appian_internal(UserService userService, @Parameter String str) {
        return userService.getUser(str).isUserLocked();
    }

    private static void ensureUserIsSystemAdministrator(SecurityContextProvider securityContextProvider) {
        if (!securityContextProvider.get().isSysAdmin()) {
            throw new AppianRuntimeException(ErrorCode.ADMIN_CONSOLE_PLUGIN_INSUFFICIENT_PRIVILEGES_ERROR, new Object[0]);
        }
    }
}
