package pl.edu.icm.sedno.model.users;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.OrderBy;
import javax.persistence.SequenceGenerator;
import javax.persistence.Table;
import javax.persistence.Transient;
import javax.persistence.UniqueConstraint;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;
import org.hibernate.Hibernate;
import org.hibernate.annotations.Cache;
import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.Cascade;
import org.hibernate.annotations.CascadeType;
import org.hibernate.annotations.Index;
import org.hibernate.annotations.Where;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;
import pl.edu.icm.common.message.model.MessageContainer;
import pl.edu.icm.common.util.RandomDataGenerator;
import pl.edu.icm.crmanager.model.CrmTransparent;
import pl.edu.icm.sedno.common.model.ADataObject;
import pl.edu.icm.sedno.common.model.DataObject;
import pl.edu.icm.sedno.common.util.MailTokenGenerator;
import pl.edu.icm.sedno.common.util.Md5Generator;
import pl.edu.icm.sedno.exception.SednoSystemException;
import pl.edu.icm.sedno.model.Journal;
import pl.edu.icm.sedno.model.dict.ActivationStatus;
import pl.edu.icm.sedno.model.notifications.PackableMessage;
import pl.edu.icm.sedno.model.opi.Person;
import pl.edu.icm.sedno.patterns.Visitor;

@Table(name = "SDC_SEDNO_USER", uniqueConstraints = {@UniqueConstraint(columnNames = {"login"})})
@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
@Entity
@SequenceGenerator(name = "seq_sedno_user", allocationSize = 1, sequenceName = "seq_sedno_user")
/* loaded from: input_file:WEB-INF/lib/sedno-api-1.2.21.4.jar:pl/edu/icm/sedno/model/users/SednoUser.class */
public class SednoUser extends ADataObject implements Comparable<SednoUser> {
    public static final int PASSWD_MIN_LEN = 6;
    private int idSednoUser;
    private String login;
    private String firstName;
    private String secondName;
    private String lastName;
    private String passwdHash;
    private String passwdSalt;
    private List<Role> roles;
    private Person opiPerson;
    private List<FederativeIdentity> federativeIdentities;
    private Date lastSuccessfulLogin;
    private int loginCount;
    private int badPasswdCount;
    private boolean accountLocked;
    private Date accountLockedUntil;
    private boolean accountDisabled;
    private ActivationStatus status;
    private String mailToken;
    private Boolean technical;
    private String backupEmail;
    private Profile profile;
    private SednoUserSettings sednoUserSettings;
    private List<PackableMessage> packableMessages;
    private static transient Logger logger = LoggerFactory.getLogger(SednoUser.class);
    public static final List<Integer> LOCK_ACCOUNT_AFTER_BAD_PASSWD_ATTEMPTS = new ImmutableList.Builder().add((Object[]) new Integer[]{0, 0, 0, 0, 0, 5, 60}).build();

    /* loaded from: input_file:WEB-INF/lib/sedno-api-1.2.21.4.jar:pl/edu/icm/sedno/model/users/SednoUser$StatusTransition.class */
    public enum StatusTransition {
        START,
        ACC
    }

    public SednoUser() {
    }

    public SednoUser(String str) {
        this.login = str;
    }

    public SednoUser(String str, Set<Role> set) {
        this.login = str;
        this.roles = new ArrayList(set);
    }

    public SednoUser(String str, String str2, String str3) {
        this.login = str;
        this.firstName = str2;
        this.lastName = str3;
    }

    @Override // pl.edu.icm.sedno.common.model.ADataObject, pl.edu.icm.sedno.common.model.DataObject
    public void initialize() {
        Hibernate.initialize(getOpiPerson());
        Hibernate.initialize(getRoles());
    }

    @Override // pl.edu.icm.sedno.common.model.ADataObject, pl.edu.icm.sedno.common.model.DataObject, pl.edu.icm.sedno.patterns.Visitable
    public final void accept(Visitor<DataObject> visitor) {
        super.accept(visitor);
        if (getProfile() != null) {
            getProfile().accept(visitor);
        }
        if (getRoles() != null) {
            Iterator<Role> it = getRoles().iterator();
            while (it.hasNext()) {
                it.next().accept(visitor);
            }
        }
        if (getFederativeIdentities() != null) {
            for (FederativeIdentity federativeIdentity : getFederativeIdentities()) {
                federativeIdentity.getType();
                federativeIdentity.accept(visitor);
            }
        }
        if (getSednoUserSettings() != null) {
            getSednoUserSettings().accept(visitor);
        }
        if (getPackableMessages() != null) {
            Iterator<PackableMessage> it2 = getPackableMessages().iterator();
            while (it2.hasNext()) {
                it2.next().accept(visitor);
            }
        }
    }

    @Id
    @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "seq_sedno_user")
    public int getIdSednoUser() {
        return this.idSednoUser;
    }

    @ManyToOne(fetch = FetchType.LAZY)
    @Index(name = "sedno_user_opi_person_idx")
    public Person getOpiPerson() {
        return this.opiPerson;
    }

    @Index(name = "user_login_idx")
    @Column(length = 100)
    public String getLogin() {
        return this.login;
    }

    public String getBackupEmail() {
        return this.backupEmail;
    }

    @CrmTransparent
    @OneToOne(orphanRemoval = false, fetch = FetchType.LAZY)
    @Cascade({CascadeType.PERSIST, CascadeType.SAVE_UPDATE, CascadeType.REMOVE})
    public Profile getProfile() {
        if (this.profile == null) {
            this.profile = new Profile();
        }
        return this.profile;
    }

    @Column(length = 100)
    public String getPasswdHash() {
        return this.passwdHash;
    }

    @Column(length = 100)
    public String getPasswdSalt() {
        return this.passwdSalt;
    }

    public Date getLastSuccessfulLogin() {
        return this.lastSuccessfulLogin;
    }

    public int getLoginCount() {
        return this.loginCount;
    }

    public int getBadPasswdCount() {
        return this.badPasswdCount;
    }

    @Column(length = 50)
    public String getFirstName() {
        return this.firstName;
    }

    @Column(length = 50)
    public String getSecondName() {
        return this.secondName;
    }

    @Column(length = 50)
    public String getLastName() {
        return this.lastName;
    }

    @Transient
    public boolean isLocked() {
        return isAccountLocked() || isLockedTemporarily();
    }

    @Transient
    public boolean isLockedTemporarily() {
        return this.accountLockedUntil != null && this.accountLockedUntil.after(new Date());
    }

    public boolean isAccountLocked() {
        return this.accountLocked;
    }

    public void lockAccount() {
        logger.info("permanently locking account [" + getLogin() + "]");
        setAccountLocked(true);
        setAccountLockedUntil(null);
    }

    protected void lockAccountTemporarily(int i) {
        Preconditions.checkArgument(i > 0);
        setAccountLocked(false);
        setAccountLockedUntil(DateUtils.addMinutes(new Date(), i));
        logger.info("temporarily locking account [" + getLogin() + "], locked until: " + getAccountLockedUntil());
    }

    public void unlock() {
        setAccountLocked(false);
        clearBadPasswdCounters();
    }

    private void clearBadPasswdCounters() {
        setAccountLockedUntil(null);
        setBadPasswdCount(0);
    }

    @CrmTransparent
    public Date getAccountLockedUntil() {
        return this.accountLockedUntil;
    }

    public Boolean getTechnical() {
        return this.technical;
    }

    public boolean isAccountDisabled() {
        return this.accountDisabled;
    }

    @Column(length = 30)
    @Enumerated(EnumType.STRING)
    public ActivationStatus getStatus() {
        return this.status;
    }

    @Column(length = 50)
    public String getMailToken() {
        return this.mailToken;
    }

    @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
    @Cascade({CascadeType.PERSIST, CascadeType.SAVE_UPDATE, CascadeType.REMOVE})
    @OneToMany(mappedBy = "user")
    @OrderBy("createDate")
    @Basic(fetch = FetchType.LAZY)
    @Where(clause = "data_object_status = 'ACTIVE'")
    public List<Role> getRoles() {
        if (this.roles == null) {
            this.roles = new ArrayList();
        }
        return this.roles;
    }

    @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
    @Cascade({CascadeType.PERSIST, CascadeType.SAVE_UPDATE, CascadeType.REMOVE})
    @OneToMany(mappedBy = "sednoUser", orphanRemoval = true)
    @Basic(fetch = FetchType.LAZY)
    @Where(clause = "data_object_status = 'ACTIVE'")
    public List<FederativeIdentity> getFederativeIdentities() {
        return this.federativeIdentities == null ? Collections.emptyList() : this.federativeIdentities;
    }

    public void registerSuccesfulLogin() {
        this.lastSuccessfulLogin = new Date();
        this.loginCount++;
        if (isLocked()) {
            unlock();
        } else {
            clearBadPasswdCounters();
        }
    }

    public BadPasswdResult registerBadPasswdEntered() {
        this.badPasswdCount++;
        logger.info("bad passwd entered by [" + getLogin() + "], attempts left: " + getAttemptsLeft());
        if (this.accountLocked) {
            return BadPasswdResult.youAreLocked();
        }
        if (this.badPasswdCount > LOCK_ACCOUNT_AFTER_BAD_PASSWD_ATTEMPTS.size()) {
            lockAccount();
            return BadPasswdResult.youAreLocked();
        }
        int intValue = LOCK_ACCOUNT_AFTER_BAD_PASSWD_ATTEMPTS.get(this.badPasswdCount - 1).intValue();
        if (intValue <= 0) {
            return BadPasswdResult.tryAgain(getAttemptsLeft());
        }
        lockAccountTemporarily(intValue);
        return BadPasswdResult.youAreLockedUntil(getAttemptsLeft(), getAccountLockedUntil());
    }

    @Transient
    public int getAttemptsLeft() {
        int i = 0;
        for (int i2 = this.badPasswdCount; i2 < LOCK_ACCOUNT_AFTER_BAD_PASSWD_ATTEMPTS.size() && LOCK_ACCOUNT_AFTER_BAD_PASSWD_ATTEMPTS.get(i2).intValue() == 0; i2++) {
            i++;
        }
        return i;
    }

    @Transient
    public boolean isActivated() {
        return ActivationStatus.ACTIVATED.equals(this.status);
    }

    @Transient
    public boolean isActive() {
        return (!isActivated() || isAccountDisabled() || isAccountLocked()) ? false : true;
    }

    @Transient
    public boolean isFederative() {
        return !CollectionUtils.isEmpty(getFederativeIdentities());
    }

    @Transient
    public String getFullName() {
        return StringUtils.join(new String[]{this.firstName, this.secondName, this.lastName}, " ").trim();
    }

    public void registrationTransition(StatusTransition statusTransition, String str, MessageContainer messageContainer) {
        if (!statusTransition.equals(StatusTransition.ACC)) {
            if (!statusTransition.equals(StatusTransition.START)) {
                throw new RuntimeException("unknown transition");
            }
            this.status = ActivationStatus.WAITING_FOR_ACTIVATION;
            generteMailToken();
            logger.info("account [" + this.login + "] created, new status: " + this.status);
            return;
        }
        if (!this.status.equals(ActivationStatus.WAITING_FOR_ACTIVATION)) {
            logger.warn("status transition error for user " + this.login + ", requested {} but status is {}", statusTransition.name(), this.status.name());
            messageContainer.addMessageWarn("sednoUser.warn.account_already_accepted", getLogin());
        } else {
            if (!this.mailToken.equals(str)) {
                throw new SecurityException("security violation, token mismatch");
            }
            activate();
            logger.info("account [" + this.login + "] confirmed, new status: " + this.status);
            messageContainer.addMessageInfo("sednoUser.account_accepted", getLogin());
        }
    }

    public void activate() {
        this.mailToken = null;
        this.status = ActivationStatus.ACTIVATED;
        if (getFederativeIdentities() != null) {
            for (FederativeIdentity federativeIdentity : getFederativeIdentities()) {
                if (!federativeIdentity.isActivated()) {
                    federativeIdentity.activate();
                }
            }
        }
    }

    public void newMailToken() {
        generteMailToken();
    }

    public void clearMailToken() {
        setMailToken(null);
    }

    private void generteMailToken() {
        this.mailToken = MailTokenGenerator.generateToken(this);
    }

    @Override // pl.edu.icm.sedno.common.model.ADataObject
    public String toString() {
        return "SednoUser: " + this.login + " " + this.idSednoUser + " , roleNames: " + StringUtils.join(getRoleNames(), ",");
    }

    public void resetPassword(String str) {
        if (str == null || str.length() < 6) {
            throw new SednoSystemException("password.is.too.short");
        }
        this.passwdSalt = RandomDataGenerator.randomString(10);
        this.passwdHash = Md5Generator.doSaltedMd5(str, this.passwdSalt);
    }

    public boolean matchPassword(String str) {
        if (StringUtils.isEmpty(getPasswdHash())) {
            return false;
        }
        return getPasswdHash().equals(StringUtils.isEmpty(getPasswdSalt()) ? Md5Generator.doMd5(str) : Md5Generator.doSaltedMd5(str, getPasswdSalt()));
    }

    public String niceFullName() {
        return StringUtils.join(new String[]{this.firstName, this.lastName}, " ").trim();
    }

    @Transient
    public boolean hasRole(RoleName roleName) {
        return getRoleNames().contains(roleName);
    }

    @Transient
    public boolean hasJournalContextRole(RoleName roleName, Journal journal) {
        if (journal == null) {
            throw new IllegalArgumentException("journal == null");
        }
        for (Role role : getRoles()) {
            if (role.getName() != null && role.getName().equals(roleName) && journal.equals(role.getJournalContext())) {
                return true;
            }
        }
        return false;
    }

    public void addRole(RoleName roleName) {
        addRole(new Role(roleName));
    }

    public void addRole(Role role) {
        if (this.roles == null) {
            this.roles = new ArrayList();
        }
        role.setUser(this);
        this.roles.add(role);
    }

    public void removeRole(Role role) {
        int indexOfRole;
        if (this.roles == null || (indexOfRole = getIndexOfRole(role)) == -1) {
            return;
        }
        getRoles().remove(indexOfRole);
    }

    @Transient
    private int getIndexOfRole(Role role) {
        int i = 0;
        Iterator<Role> it = getRoles().iterator();
        while (it.hasNext()) {
            if (it.next().equalsValue(role)) {
                return i;
            }
            i++;
        }
        return -1;
    }

    public void addFederativeIdentity(FederativeIdentity federativeIdentity) {
        if (this.federativeIdentities == null) {
            this.federativeIdentities = new ArrayList();
        }
        federativeIdentity.setSednoUser(this);
        this.federativeIdentities.add(federativeIdentity);
    }

    @Transient
    public Set<RoleName> getRoleNames() {
        HashSet hashSet = new HashSet();
        Iterator<Role> it = getRoles().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName());
        }
        return hashSet;
    }

    @Transient
    public RoleName getMaxJournalRoleName(Journal journal) {
        if (hasRole(RoleName.JOURNAL_OPERATOR)) {
            return RoleName.JOURNAL_OPERATOR;
        }
        if (hasJournalContextRole(RoleName.JOURNAL_REPRESENTATIVE, journal)) {
            return RoleName.JOURNAL_REPRESENTATIVE;
        }
        return null;
    }

    @Transient
    public boolean isPersonAssigned() {
        return this.opiPerson != null;
    }

    @Override // java.lang.Comparable
    public int compareTo(SednoUser sednoUser) {
        int compareTo = StringUtils.defaultString(getLastName()).compareTo(StringUtils.defaultString(sednoUser.getLastName()));
        if (compareTo == 0) {
            compareTo = StringUtils.defaultString(getFirstName()).compareTo(StringUtils.defaultString(sednoUser.getFirstName()));
        }
        if (compareTo == 0) {
            compareTo = StringUtils.defaultString(getSecondName()).compareTo(StringUtils.defaultString(sednoUser.getSecondName()));
        }
        if (compareTo == 0) {
            compareTo = getLogin().compareTo(sednoUser.getLogin());
        }
        return compareTo;
    }

    public void bindToPerson(Person person) {
        setOpiPerson(person);
        if (person != null) {
            person.setBoundedUser(this);
        }
    }

    protected void setOpiPerson(Person person) {
        this.opiPerson = person;
    }

    public void setRoles(List<Role> list) {
        this.roles = list;
    }

    protected void setLogin(String str) {
        this.login = str;
    }

    protected void setIdSednoUser(int i) {
        this.idSednoUser = i;
    }

    protected void setPasswdHash(String str) {
        this.passwdHash = str;
    }

    protected void setPasswdSalt(String str) {
        this.passwdSalt = str;
    }

    protected void setLastSuccessfulLogin(Date date) {
        this.lastSuccessfulLogin = date;
    }

    protected void setLoginCount(int i) {
        this.loginCount = i;
    }

    protected void setBadPasswdCount(int i) {
        this.badPasswdCount = i;
    }

    protected void setAccountLocked(boolean z) {
        this.accountLocked = z;
    }

    protected void setAccountLockedUntil(Date date) {
        this.accountLockedUntil = date;
    }

    public void setAccountDisabled(boolean z) {
        this.accountDisabled = z;
    }

    public void setStatus(ActivationStatus activationStatus) {
        this.status = activationStatus;
    }

    public void setMailToken(String str) {
        this.mailToken = str;
    }

    private void setFederativeIdentities(List<FederativeIdentity> list) {
        this.federativeIdentities = list;
    }

    public void setFirstName(String str) {
        this.firstName = str;
    }

    public void setSecondName(String str) {
        this.secondName = str;
    }

    public void setLastName(String str) {
        this.lastName = str;
    }

    public void setTechnical(Boolean bool) {
        this.technical = bool;
    }

    public void setBackupEmail(String str) {
        this.backupEmail = str;
    }

    public void setProfile(Profile profile) {
        this.profile = profile;
    }

    @OneToMany(mappedBy = "sednoUser", fetch = FetchType.LAZY, orphanRemoval = true)
    public List<PackableMessage> getPackableMessages() {
        if (this.packableMessages == null) {
            this.packableMessages = new ArrayList();
        }
        return this.packableMessages;
    }

    public void setPackableMessages(List<PackableMessage> list) {
        this.packableMessages = list;
    }

    @OneToOne(orphanRemoval = false, fetch = FetchType.LAZY)
    @Cascade({CascadeType.PERSIST, CascadeType.SAVE_UPDATE, CascadeType.REMOVE})
    public SednoUserSettings getSednoUserSettings() {
        if (this.sednoUserSettings == null) {
            this.sednoUserSettings = new SednoUserSettings();
        }
        return this.sednoUserSettings;
    }

    public void setSednoUserSettings(SednoUserSettings sednoUserSettings) {
        this.sednoUserSettings = sednoUserSettings;
    }
}
