package net.bluemind.user.service.internal;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import io.vertx.core.json.JsonObject;
import java.sql.SQLException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.TimeZone;
import javax.sql.DataSource;
import net.bluemind.addressbook.api.VCard;
import net.bluemind.authentication.persistence.APIKeyStore;
import net.bluemind.core.api.Email;
import net.bluemind.core.api.ParametersValidator;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.Container;
import net.bluemind.core.container.model.Item;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.sanitizer.Sanitizer;
import net.bluemind.core.task.api.TaskRef;
import net.bluemind.core.task.service.IServerTaskMonitor;
import net.bluemind.core.task.service.ITasksManager;
import net.bluemind.core.utils.ImageUtils;
import net.bluemind.core.utils.JsonUtils;
import net.bluemind.core.utils.ValidationResult;
import net.bluemind.core.validator.Validator;
import net.bluemind.directory.api.BaseDirEntry;
import net.bluemind.directory.service.DirDomainValue;
import net.bluemind.directory.service.DirEntryAndValue;
import net.bluemind.directory.service.DirEntryHandlers;
import net.bluemind.directory.service.DirValueStoreService;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.DomainSettingsKeys;
import net.bluemind.domain.api.IDomainSettings;
import net.bluemind.group.api.Group;
import net.bluemind.group.api.IGroup;
import net.bluemind.group.api.Member;
import net.bluemind.group.persistence.GroupStore;
import net.bluemind.hornetq.client.MQ;
import net.bluemind.lib.vertx.VertxPlatform;
import net.bluemind.mailbox.api.MailFilter;
import net.bluemind.mailbox.api.Mailbox;
import net.bluemind.mailbox.service.IInCoreMailboxes;
import net.bluemind.mailbox.service.internal.MailboxQuotaHelper;
import net.bluemind.role.api.IRoles;
import net.bluemind.role.api.RoleDescriptor;
import net.bluemind.role.service.IInternalRoles;
import net.bluemind.user.api.ChangePassword;
import net.bluemind.user.api.IPasswordUpdater;
import net.bluemind.user.api.IUser;
import net.bluemind.user.api.User;
import net.bluemind.user.hook.IUserHook;
import net.bluemind.user.persistence.security.HashAlgorithm;
import net.bluemind.user.persistence.security.HashFactory;
import net.bluemind.user.service.IInCoreUser;
import net.bluemind.user.service.accounttype.UserAccountFactory;
import net.bluemind.user.service.passwordvalidator.PasswordValidator;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/user/service/internal/UserService.class */
public class UserService implements IInCoreUser, IUser {
    private static final Logger logger = LoggerFactory.getLogger(UserService.class);
    private final ContainerUserStoreService storeService;
    private final Container userContainer;
    private final Domain domain;
    private final String domainName;
    private final SecurityContext context;
    private final GroupStore groupStore;
    private final List<IUserHook> userHooks;
    private final List<IPasswordUpdater> userPasswordUpdaters;
    private final BmContext bmContext;
    private final boolean globalVirt;
    private final Sanitizer sanitizer;
    private final APIKeyStore apikeyStore;
    private final Validator validator;
    private final PasswordValidator passwordValidator;
    private IInCoreMailboxes mailboxes;
    private RBACManager rbacManager;
    private UserEventProducer eventProducer;
    private DirValueStoreService.MailboxAdapter<User> mailboxAdapter;

    public UserService(BmContext bmContext, ItemValue<Domain> itemValue, Container container, List<IUserHook> list, List<IPasswordUpdater> list2) throws ServerFault {
        this.eventProducer = new UserEventProducer(itemValue.uid, VertxPlatform.eventBus());
        this.userHooks = list;
        this.userPasswordUpdaters = list2;
        this.userContainer = container;
        DataSource dataSource = bmContext.getDataSource();
        this.domain = (Domain) itemValue.value;
        this.domainName = itemValue.uid;
        this.globalVirt = "global.virt".equals(itemValue.uid);
        this.bmContext = bmContext;
        this.context = bmContext.getSecurityContext();
        this.storeService = new ContainerUserStoreService(bmContext, container, itemValue, this.globalVirt);
        this.mailboxes = (IInCoreMailboxes) this.bmContext.su().provider().instance(IInCoreMailboxes.class, new String[]{this.domainName});
        this.apikeyStore = new APIKeyStore(bmContext.getDataSource(), bmContext.getSecurityContext());
        this.groupStore = new GroupStore(dataSource, container);
        this.sanitizer = new Sanitizer(bmContext);
        this.validator = new Validator(bmContext);
        this.passwordValidator = new PasswordValidator(bmContext);
        this.rbacManager = new RBACManager(bmContext).forDomain(this.userContainer.uid);
        this.mailboxAdapter = UserMailboxAdapter.create(this.globalVirt);
    }

    public void create(String str, User user) throws ServerFault {
        createWithExtId(str, null, user);
    }

    public void createWithExtId(String str, String str2, User user) throws ServerFault {
        ItemValue<User> createItemValue = createItemValue(str, user);
        createItemValue.externalId = str2;
        createWithItem(createItemValue);
    }

    private void createWithItem(ItemValue<User> itemValue) throws ServerFault {
        User user = (User) itemValue.value;
        String str = itemValue.uid;
        this.rbacManager.forOrgUnit(user.orgUnitUid).check(new String[]{"manageUser"});
        this.sanitizer.create(user);
        this.sanitizer.create(new DirDomainValue(this.domainName, str, user));
        this.validator.create(user);
        this.passwordValidator.validate(user.password);
        if (byLogin(user.login) != null) {
            throw new ServerFault("user with login " + user.login + " already exists", ErrorCode.ALREADY_EXISTS);
        }
        Iterator<IUserHook> it = this.userHooks.iterator();
        while (it.hasNext()) {
            it.next().beforeCreate(this.bmContext, this.domainName, str, user);
        }
        if (!this.globalVirt && !user.system) {
            if (user.quota == null) {
                user.quota = (Integer) MailboxQuotaHelper.getDefaultQuota(((IDomainSettings) this.bmContext.su().provider().instance(IDomainSettings.class, new String[]{this.domainName})).get(), DomainSettingsKeys.mailbox_max_user_quota.name(), DomainSettingsKeys.mailbox_default_user_quota.name()).orElse(null);
            }
            this.mailboxes.validate(str, this.mailboxAdapter.asMailbox(this.domainName, str, user));
        }
        String str2 = user.password;
        if (StringUtils.isNotBlank(user.password)) {
            if (HashFactory.algorithm(user.password) == HashAlgorithm.UNKNOWN) {
                user.password = HashFactory.getDefault().create(user.password);
            }
            user.passwordLastChange = new Date();
        }
        MailFilter mailFilter = null;
        if (!this.globalVirt && !user.system) {
            mailFilter = transformExternalEmailsToForwards(user, new MailFilter());
        }
        this.storeService.create(itemValue);
        ItemValue<User> createItemValue = createItemValue(str, user);
        if (!this.globalVirt && !user.system) {
            this.mailboxes.created(str, this.mailboxAdapter.asMailbox(this.domainName, str, user));
            if (user.routing == Mailbox.Routing.internal) {
                this.mailboxes.setMailboxFilter(str, mailFilter);
            }
        }
        user.password = str2;
        for (IUserHook iUserHook : this.userHooks) {
            try {
                iUserHook.onUserCreated(this.bmContext, this.domainName, createItemValue);
            } catch (Exception e) {
                if (logger.isDebugEnabled()) {
                    logger.error("error during executing onUserCreated {}/{} hook {}}", new Object[]{this.domainName, str, iUserHook.getClass().getName(), e});
                } else {
                    logger.error("error during executing onUserCreated {}/{} hook {} : message: {}", new Object[]{this.domainName, str, iUserHook.getClass().getName(), e.getMessage()});
                }
            }
        }
        this.eventProducer.changed(str, user);
    }

    ItemValue<User> createItemValue(String str, User user) {
        return ItemValue.create(Item.create(str, (String) null), user);
    }

    public void update(String str, User user) throws ServerFault {
        updateWithItem(createItemValue(str, user));
    }

    private void updateWithItem(ItemValue<User> itemValue) throws ServerFault {
        String str = itemValue.uid;
        this.rbacManager.forEntry(str).check(new String[]{"manageUser"});
        User user = (User) itemValue.value;
        ItemValue<User> full = getFull(str);
        if (full == null) {
            throw notFoundServerFault(str);
        }
        if (!StringUtils.equals(user.orgUnitUid, ((User) full.value).orgUnitUid)) {
            this.rbacManager.forOrgUnit(user.orgUnitUid).check(new String[]{"manageUser"});
        }
        this.sanitizer.update(full.value, user);
        this.sanitizer.update(new DirDomainValue(this.domainName, str, (User) full.value), new DirDomainValue(this.domainName, str, user));
        this.validator.update(full.value, user);
        Iterator<IUserHook> it = this.userHooks.iterator();
        while (it.hasNext()) {
            it.next().beforeUpdate(this.bmContext, this.domainName, str, user, (User) full.value);
        }
        user.password = ((User) full.value).password;
        user.passwordLastChange = ((User) full.value).passwordLastChange;
        MailFilter mailFilter = null;
        if (!this.globalVirt && !user.system) {
            mailFilter = transformExternalEmailsToForwards(user, this.mailboxes.getMailboxFilter(str));
            this.mailboxes.validate(str, this.mailboxAdapter.asMailbox(this.domainName, str, user));
        }
        this.storeService.update(itemValue);
        if (!this.globalVirt && !user.system) {
            this.mailboxes.updated(str, this.mailboxAdapter.asMailbox(this.domainName, str, (User) full.value), this.mailboxAdapter.asMailbox(this.domainName, str, user));
            this.mailboxes.setMailboxFilter(str, mailFilter);
        }
        for (IUserHook iUserHook : this.userHooks) {
            try {
                iUserHook.onUserUpdated(this.bmContext, this.domainName, full, createItemValue(str, user));
            } catch (Exception e) {
                if (logger.isDebugEnabled()) {
                    logger.error("error during executing onUserUpdated {}/{} hook {}}", new Object[]{this.domainName, str, iUserHook.getClass().getName(), e});
                } else {
                    logger.error("error during executing onUserUpdated {}/{} hook {} : message: {}", new Object[]{this.domainName, str, iUserHook.getClass().getName(), e.getMessage()});
                }
            }
        }
        if (!((User) full.value).archived && user.archived) {
            MQ.getProducer("bm.core.session").send(new JsonObject().put("latd", String.valueOf(user.login) + "@" + this.domainName).put("operation", "archived"));
        }
        this.eventProducer.changed(str, user);
    }

    @Override // net.bluemind.user.service.IInCoreUser
    public ItemValue<User> getFull(String str) throws ServerFault {
        return asFullUser(this.storeService.get(str, null));
    }

    private ItemValue<User> asFullUser(ItemValue<DirEntryAndValue<User>> itemValue) throws ServerFault {
        if (itemValue == null) {
            return null;
        }
        return ItemValue.create(itemValue, (User) ((DirEntryAndValue) itemValue.value).value);
    }

    public ItemValue<User> getComplete(String str) throws ServerFault {
        logger.debug("[{} @ {}] GET uid: {}", new Object[]{this.context.getSubject(), this.context.getContainerUid(), str});
        this.rbacManager.forEntry(str).check(new String[]{"self", "domainManager"});
        return filterUser(getFull(str));
    }

    private ItemValue<User> filterUser(ItemValue<User> itemValue) {
        if (itemValue != null) {
            ((User) itemValue.value).password = null;
        }
        return itemValue;
    }

    public ItemValue<User> byEmail(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageUser"});
        return filterUser(asFullUser(this.storeService.findByEmailFull(str)));
    }

    public ItemValue<User> byLogin(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageUser"});
        ItemValue<User> itemValue = null;
        if (str.contains("@")) {
            str = str.split("@")[0];
        }
        String findByLogin = this.storeService.findByLogin(str);
        if (findByLogin != null) {
            itemValue = getComplete(findByLogin);
        }
        return filterUser(itemValue);
    }

    public ItemValue<User> byExtId(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageUser"});
        ParametersValidator.notNullAndNotEmpty(str);
        return this.storeService.findByExtId(str);
    }

    public TaskRef delete(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUser"});
        return ((ITasksManager) this.bmContext.provider().instance(ITasksManager.class, new String[0])).run(iServerTaskMonitor -> {
            performDelete(str, iServerTaskMonitor);
        });
    }

    private void performDelete(String str, IServerTaskMonitor iServerTaskMonitor) {
        iServerTaskMonitor.begin(2.0d, "Deleting user " + str + "@" + this.domainName);
        ItemValue<User> full = getFull(str);
        if (full == null) {
            logger.warn("no user for {}@{}", str, this.domainName);
            iServerTaskMonitor.end(true, "no user for " + str, JsonUtils.asString(""));
            return;
        }
        if (this.domainName.equalsIgnoreCase("global.virt") && ((User) full.value).login.equals("admin0")) {
            logger.warn("Can't delete Admin0");
            iServerTaskMonitor.end(true, "Can't delete admin0", JsonUtils.asString(""));
            return;
        }
        if (str.equals(this.context.getSubject()) && this.domainName.equals(this.context.getContainerUid())) {
            iServerTaskMonitor.end(false, "Cannot delete myself", JsonUtils.asString(""));
            return;
        }
        User user = (User) full.value;
        Iterator<IUserHook> it = this.userHooks.iterator();
        while (it.hasNext()) {
            it.next().beforeDelete(this.bmContext, this.domainName, str, user);
        }
        List<String> memberOfGroupUid = memberOfGroupUid(str);
        IGroup iGroup = (IGroup) this.bmContext.su().provider().instance(IGroup.class, new String[]{this.domainName});
        ArrayList arrayList = new ArrayList();
        Member member = new Member();
        member.type = Member.Type.user;
        member.uid = str;
        arrayList.add(member);
        Iterator<String> it2 = memberOfGroupUid.iterator();
        while (it2.hasNext()) {
            iGroup.remove(it2.next(), arrayList);
        }
        for (IUserHook iUserHook : this.userHooks) {
            try {
                iUserHook.onUserDeleted(this.bmContext, this.domainName, createItemValue(str, user));
            } catch (Exception e) {
                if (logger.isDebugEnabled()) {
                    logger.error("error during executing onUserDeleted {}/{} hook {}}", new Object[]{this.domainName, str, iUserHook.getClass().getName(), e});
                } else {
                    logger.error("error during executing onUserDeleted {}/{} hook {} : message: {}", new Object[]{this.domainName, str, iUserHook.getClass().getName(), e.getMessage()});
                }
            }
        }
        if (!this.globalVirt && !user.system) {
            iServerTaskMonitor.progress(1.0d, "Deleting user mailbox ...");
            this.mailboxes.deleted(str, this.mailboxAdapter.asMailbox(this.domainName, str, user));
            iServerTaskMonitor.progress(2.0d, "User mailbox deleted");
        }
        this.storeService.delete(str);
        this.eventProducer.deleted(str, user);
        iServerTaskMonitor.end(true, "User deleted", JsonUtils.asString(""));
    }

    private Date addDaysToDate(Date date, int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(5, i);
        return calendar.getTime();
    }

    private Date getToday() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        try {
            return simpleDateFormat.parse(simpleDateFormat.format(new Date()));
        } catch (ParseException unused) {
            logger.error("Unable to get today date");
            throw new ServerFault("Unable to get today date");
        }
    }

    @Override // net.bluemind.user.service.IInCoreUser
    public boolean passwordUpdateNeeded(String str) {
        ParametersValidator.notNullAndNotEmpty(str);
        ItemValue<User> userFromLogin = getUserFromLogin(str);
        if (userFromLogin.externalId != null && (userFromLogin.externalId.startsWith("ldap://") || userFromLogin.externalId.startsWith("ad://"))) {
            return false;
        }
        if (((User) userFromLogin.value).passwordMustChange) {
            return true;
        }
        if (((User) userFromLogin.value).passwordNeverExpires) {
            return false;
        }
        try {
            Integer valueOf = Integer.valueOf((String) ((IDomainSettings) this.bmContext.su().provider().instance(IDomainSettings.class, new String[]{this.domainName})).get().get(DomainSettingsKeys.password_lifetime.name()));
            if (valueOf.intValue() > 0) {
                return ((User) userFromLogin.value).passwordLastChange == null || addDaysToDate(((User) userFromLogin.value).passwordLastChange, valueOf.intValue()).compareTo(getToday()) <= 0;
            }
            return false;
        } catch (NumberFormatException unused) {
            return false;
        }
    }

    @Override // net.bluemind.user.service.IInCoreUser
    public boolean checkPassword(String str, String str2) {
        ParametersValidator.notNullAndNotEmpty(str);
        ParametersValidator.notNullAndNotEmpty(str2);
        try {
            ItemValue<User> userFromLogin = getUserFromLogin(str);
            if (((User) userFromLogin.value).password == null) {
                return false;
            }
            boolean validate = HashFactory.getByPassword(((User) userFromLogin.value).password).validate(str2, ((User) userFromLogin.value).password);
            updatePasswordAlgorithm(userFromLogin, validate, ((User) userFromLogin.value).password, str2);
            return validate;
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            return false;
        }
    }

    private ItemValue<User> getUserFromLogin(String str) {
        if (str.contains("@")) {
            str = str.split("@")[0];
        }
        String findByLogin = this.storeService.findByLogin(str);
        if (findByLogin == null) {
            throw new ServerFault(String.format("Unable to get user UID from login %s", str));
        }
        ItemValue<User> itemValue = this.storeService.get(findByLogin);
        if (itemValue == null) {
            throw new ServerFault(String.format("Unable to get user from uid %s", findByLogin));
        }
        return itemValue;
    }

    private void updatePasswordAlgorithm(ItemValue<User> itemValue, boolean z, String str, String str2) throws ServerFault {
        User user = (User) itemValue.value;
        if (!z || HashFactory.usesDefaultAlgorithm(str)) {
            return;
        }
        if (logger.isInfoEnabled()) {
            logger.info("Updating password algorithm of user {} from {} to {}", new Object[]{user.login, HashFactory.algorithm(str), HashFactory.DEFAULT.name()});
        }
        this.storeService.setPassword(itemValue.uid, HashFactory.getDefault().create(str2), false);
    }

    public boolean checkApiKey(String str, String str2) {
        try {
            return this.apikeyStore.check(str, str2);
        } catch (SQLException e) {
            logger.error(e.getMessage(), e);
            return false;
        }
    }

    public List<ItemValue<Group>> memberOf(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageUser", "manageGroupMembers"});
        List<String> memberOfGroupUid = memberOfGroupUid(str);
        ArrayList arrayList = new ArrayList();
        IGroup iGroup = (IGroup) this.bmContext.provider().instance(IGroup.class, new String[]{this.domainName});
        Iterator<String> it = memberOfGroupUid.iterator();
        while (it.hasNext()) {
            arrayList.add(iGroup.getComplete(it.next()));
        }
        return arrayList;
    }

    public List<String> memberOfGroups(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageUser", "manageGroupMembers"});
        return memberOfGroupUid(str);
    }

    private List<String> memberOfGroupUid(String str) throws ServerFault {
        try {
            Item item = this.storeService.getItemStore().get(str);
            if (item == null) {
                throw notFoundServerFault(str);
            }
            try {
                return this.groupStore.getUserGroups(this.userContainer, item);
            } catch (SQLException e) {
                logger.error("Unable to get groups for user {}", str, e);
                throw ServerFault.sqlFault(e);
            }
        } catch (SQLException e2) {
            logger.error("Fail to get item {}", str, e2);
            throw new ServerFault(e2);
        }
    }

    public ValidationResult validate(String[] strArr) throws ServerFault {
        boolean allValid = this.storeService.allValid(strArr);
        if (allValid) {
            return new ValidationResult(allValid, strArr);
        }
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            hashMap.put(str, Boolean.valueOf(this.storeService.allValid(new String[]{str})));
        }
        return new ValidationResult(allValid, hashMap);
    }

    public List<String> allUids() throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageUser"});
        return this.storeService.allUids();
    }

    public void setRoles(String str, Set<String> set) throws ServerFault {
        RBACManager forEntry = this.rbacManager.forEntry(str);
        forEntry.check(new String[]{"manageUser"});
        if (set == null) {
            set = Collections.emptySet();
        }
        ItemValue itemValue = this.storeService.get(str);
        if (itemValue == null) {
            throw notFoundServerFault(str);
        }
        if (((User) itemValue.value).accountType == BaseDirEntry.AccountType.SIMPLE) {
            throw new ServerFault("Cannot set role for user " + str, ErrorCode.FORBIDDEN);
        }
        HashSet hashSet = new HashSet(set);
        HashSet hashSet2 = new HashSet();
        for (RoleDescriptor roleDescriptor : ((IRoles) this.bmContext.provider().instance(IRoles.class, new String[0])).getRoles()) {
            if (roleDescriptor.delegable) {
                hashSet.remove(roleDescriptor.id);
            }
            if (hashSet.contains(roleDescriptor.id) && roleDescriptor.selfPromote && roleDescriptor.parentRoleId != null) {
                hashSet.remove(roleDescriptor.id);
                hashSet2.add(roleDescriptor.parentRoleId);
            }
        }
        hashSet.removeAll(this.storeService.getRoles(str));
        if (!this.rbacManager.can(new String[]{"systemManagement"}) && ((!hashSet.isEmpty() && !this.rbacManager.roles().containsAll(hashSet)) || (!hashSet2.isEmpty() && !forEntry.roles().containsAll(hashSet2)))) {
            throw new ServerFault("cannot assign roles which current user doesnt have (needed roles {" + String.join(",", (Iterable<? extends CharSequence>) ImmutableSet.builder().addAll(Sets.difference(hashSet, this.rbacManager.roles())).addAll(Sets.difference(hashSet2, forEntry.roles())).build()) + "} )", ErrorCode.PERMISSION_DENIED);
        }
        this.storeService.setRoles(str, set);
    }

    public Set<String> getRoles(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"self", "domainManager"});
        return this.storeService.getRoles(str);
    }

    public Set<String> getResolvedRoles(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"self", "domainManager"});
        if (getFull(str) == null) {
            throw notFoundServerFault(str);
        }
        return directResolvedRoles(str, memberOfGroupUid(str));
    }

    @Override // net.bluemind.user.service.IInCoreUser
    public Set<String> directResolvedRoles(String str, List<String> list) throws ServerFault {
        ItemValue<User> full = getFull(str);
        Set<String> sanitizeRoles = UserAccountFactory.get(((User) full.value).accountType).sanitizeRoles(this.bmContext, this.storeService.getRoles(str), this.domainName, full, list);
        IInternalRoles iInternalRoles = (IInternalRoles) this.bmContext.su().provider().instance(IInternalRoles.class, new String[0]);
        return iInternalRoles.resolve(iInternalRoles.filter(sanitizeRoles));
    }

    public Set<String> getUsersWithRoles(List<String> list) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageUser"});
        return this.storeService.getItemsWithRoles(list);
    }

    public void setPassword(String str, ChangePassword changePassword) throws ServerFault {
        ParametersValidator.notNullAndNotEmpty(str);
        ParametersValidator.notNull(changePassword);
        ParametersValidator.notNull(changePassword.newPassword);
        this.passwordValidator.validate(changePassword.currentPassword, changePassword.newPassword);
        ItemValue itemValue = this.storeService.get(str);
        if (itemValue == null) {
            throw notFoundServerFault(str);
        }
        Iterator<IPasswordUpdater> it = this.userPasswordUpdaters.iterator();
        while (it.hasNext() && !it.next().update(this.context, this.domainName, itemValue, changePassword)) {
        }
    }

    public void updatePassword(String str, ChangePassword changePassword) throws ServerFault {
        if (!StringUtils.isBlank(changePassword.currentPassword)) {
            changePassword(str, changePassword.currentPassword, changePassword.newPassword);
        } else {
            this.rbacManager.forEntry(str).check(new String[]{"manageUserPassword"});
            setPassword(str, changePassword.newPassword);
        }
    }

    private void changePassword(String str, String str2, String str3) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"selfChangePassword", "manageUserPassword"});
        ParametersValidator.notNull(str3);
        this.passwordValidator.validate(str3);
        ItemValue itemValue = this.storeService.get(str);
        if (itemValue == null) {
            throw notFoundServerFault(str);
        }
        if (!checkPassword(((User) itemValue.value).login, str2)) {
            throw new ServerFault("password is not valid " + str, ErrorCode.AUTHENTICATION_FAIL);
        }
        this.storeService.setPassword(str, HashFactory.getDefault().create(str3), true);
        this.eventProducer.passwordUpdated(str);
        notifyPasswordChange(itemValue);
    }

    private void setPassword(String str, String str2) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUserPassword"});
        this.passwordValidator.validate(str2);
        ItemValue itemValue = this.storeService.get(str);
        if (itemValue == null) {
            throw notFoundServerFault(str);
        }
        if (HashFactory.algorithm(str2) != HashAlgorithm.UNKNOWN) {
            this.storeService.setPassword(str, str2, true);
        } else {
            this.storeService.setPassword(str, HashFactory.getDefault().create(str2), true);
        }
        this.eventProducer.passwordUpdated(str);
        notifyPasswordChange(itemValue);
    }

    private void notifyPasswordChange(ItemValue<User> itemValue) {
        HashSet hashSet = new HashSet();
        hashSet.add(String.valueOf(((User) itemValue.value).login) + "@" + this.domainName);
        ((User) itemValue.value).emails.forEach(email -> {
            hashSet.add(email.address);
            if (email.allAliases) {
                this.domain.aliases.forEach(str -> {
                    hashSet.add(String.valueOf(email.localPart()) + "@" + str);
                });
            }
        });
        MQ.getProducer("bm.core.session").send(new JsonObject().put("emails", hashSet.toArray(new String[0])).put("operation", "pwchange"));
    }

    public void setPhoto(String str, byte[] bArr) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUserVCard"});
        if (this.storeService.get(str) == null) {
            throw notFoundServerFault(str);
        }
        byte[] checkAndSanitize = ImageUtils.checkAndSanitize(bArr);
        this.storeService.setPhoto(str, checkAndSanitize, ImageUtils.resize(checkAndSanitize, 22, 22));
        this.eventProducer.changed(str, this.storeService.getVersion());
    }

    public void deletePhoto(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUserVCard"});
        if (this.storeService.hasPhoto(str)) {
            this.storeService.deletePhoto(str);
            this.eventProducer.changed(str, this.storeService.getVersion());
        }
    }

    public byte[] getPhoto(String str) throws ServerFault {
        return this.storeService.getPhoto(str);
    }

    public byte[] getIcon(String str) throws ServerFault {
        return this.storeService.getIcon(str);
    }

    public void updateVCard(String str, VCard vCard) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUserVCard"});
        ItemValue<User> full = getFull(str);
        if (full == null) {
            throw notFoundServerFault(str);
        }
        this.sanitizer.create(vCard);
        this.validator.create(vCard);
        ((User) full.value).contactInfos = vCard;
        this.storeService.updateVCard(str, (User) full.value);
        this.eventProducer.changed(str, this.storeService.getVersion());
    }

    public VCard getVCard(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"self", "domainManager"});
        ItemValue itemValue = this.storeService.get(str, null);
        if (itemValue != null) {
            return ((DirEntryAndValue) itemValue.value).vcard;
        }
        return null;
    }

    @Override // net.bluemind.user.service.IInCoreUser
    public void deleteUserIdentitiesForMailbox(String str) throws ServerFault {
        this.storeService.deleteMailboxIdentities(str);
    }

    @Override // net.bluemind.user.service.IInCoreUser
    public void deleteUserIdentitiesForMailbox(String str, String str2) throws ServerFault {
        this.storeService.deleteMailboxIdentities(str, str2);
    }

    public void setExtId(String str, String str2) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUser"});
        if (getFull(str) == null) {
            throw notFoundServerFault(str);
        }
        this.storeService.setExtId(str, str2);
        this.eventProducer.changed(str, this.storeService.getVersion());
    }

    public void updateAccountType(String str, BaseDirEntry.AccountType accountType) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUser"});
        if (Objects.isNull(accountType)) {
            return;
        }
        ItemValue<User> complete = getComplete(str);
        if (((User) complete.value).accountType != accountType) {
            if (accountType == BaseDirEntry.AccountType.SIMPLE && ((User) complete.value).fullAccount()) {
                return;
            }
            DirEntryHandlers.byKind(BaseDirEntry.Kind.USER).updateAccountType(this.bmContext, this.domainName, str, accountType);
            Iterator<IUserHook> it = this.userHooks.iterator();
            while (it.hasNext()) {
                it.next().onAccountTypeUpdated(this.bmContext, this.domainName, complete, accountType);
            }
            this.eventProducer.changed(str, this.storeService.getVersion());
        }
    }

    private MailFilter transformExternalEmailsToForwards(User user, MailFilter mailFilter) {
        if (mailFilter == null) {
            mailFilter = new MailFilter();
        }
        if (user.routing != Mailbox.Routing.none) {
            return mailFilter;
        }
        user.emails = new ArrayList(user.emails);
        user.routing = Mailbox.Routing.internal;
        ArrayList arrayList = new ArrayList(this.domain.aliases);
        arrayList.add(this.domain.name);
        Iterator it = user.emails.iterator();
        while (it.hasNext()) {
            Email email = (Email) it.next();
            if (isExternalEmail(arrayList, email)) {
                mailFilter.forwarding.emails.add(email.address);
                it.remove();
            }
        }
        mailFilter.forwarding.enabled = !mailFilter.forwarding.emails.isEmpty();
        return mailFilter;
    }

    private boolean isExternalEmail(List<String> list, Email email) {
        return (email.allAliases || list.contains(email.domainPart())) ? false : true;
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public User m16get(String str) {
        ItemValue<User> complete = getComplete(str);
        if (complete != null) {
            return (User) complete.value;
        }
        return null;
    }

    public void restore(ItemValue<User> itemValue, boolean z) {
        if (z) {
            createWithItem(itemValue);
        } else {
            updateWithItem(itemValue);
        }
    }

    private ServerFault notFoundServerFault(String str) {
        return new ServerFault("User " + str + " not found in domain " + this.domainName, ErrorCode.NOT_FOUND);
    }
}
