package com.appiancorp.apikey.config;

import com.appiancorp.ag.ExtendedGroupService;
import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.ap2.portal.SiteLocaleSettingsProvider;
import com.appiancorp.core.expr.fn.text.ResourceFromBundleAppianInternal;
import com.appiancorp.security.authz.SystemRoleAeImpl;
import com.appiancorp.security.user.service.UserService;
import com.appiancorp.suiteapi.common.RoleMap;
import com.appiancorp.suiteapi.common.Security;
import com.appiancorp.suiteapi.common.exceptions.DuplicateNameException;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupException;
import com.appiancorp.suiteapi.common.exceptions.InvalidNameException;
import com.appiancorp.suiteapi.common.exceptions.InvalidSupervisorException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.personalization.User;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserProfileService;
import com.google.common.annotations.VisibleForTesting;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/appiancorp/apikey/config/UserServiceFacade.class */
public class UserServiceFacade {
    private static final String BUNDLE = "text.java.com.appiancorp.core.apikey.ConfigureApiKey";
    private static final String RESOURCE = "apikey.serviceAccount.lastName";
    private static final String ROLE_VIEWER = "viewer";
    private static final SecureRandom RANDOM = new SecureRandom();
    private static final int PASSWORD_SIZE = 16;
    private UserService userService;
    private ExtendedUserService extendedUserService;
    private UserProfileService userProfileService;
    private ExtendedGroupService extendedGroupService;
    private SiteLocaleSettingsProvider localeSettingsProvider;

    public UserServiceFacade(UserService userService, ExtendedUserService extendedUserService, UserProfileService userProfileService, ExtendedGroupService extendedGroupService, SiteLocaleSettingsProvider siteLocaleSettingsProvider) {
        this.userService = userService;
        this.extendedUserService = extendedUserService;
        this.userProfileService = userProfileService;
        this.extendedGroupService = extendedGroupService;
        this.localeSettingsProvider = siteLocaleSettingsProvider;
    }

    public User getUser(String str) {
        return this.extendedUserService.getUser(str);
    }

    public Map<Long, String> getUsernamesFromIds(Set<Long> set) {
        return this.userService.getUsernamesFromIds(set);
    }

    public String getUsernameFromId(Long l) {
        return this.userService.getUsernameFromId(l);
    }

    public void createNewServiceAccount(String str) throws InvalidNameException, DuplicateNameException, InvalidSupervisorException, PrivilegeException, InvalidGroupException {
        createNewServiceAccount(str, false);
    }

    public void createNewServiceAccount(String str, boolean z) throws InvalidNameException, DuplicateNameException, InvalidSupervisorException, PrivilegeException, InvalidGroupException {
        UserProfile userProfile = new UserProfile();
        userProfile.setUsername(str);
        userProfile.setFirstName(getFirstName(str));
        userProfile.setLastName(getLastName());
        if (z) {
            userProfile.setUserTypeId(UserProfile.USER_TYPE_SYS_ADMIN);
        } else {
            userProfile.setUserTypeId(UserProfile.USER_TYPE_BASIC);
        }
        userProfile.setUserPassword(generateThrowawayPassword());
        this.userProfileService.createUser(userProfile);
        this.extendedGroupService.addMemberUser(str, SystemRoleAeImpl.SERVICE_ACCOUNT.getGroupId());
        limitServiceAccountVisibility(str);
    }

    public User[] findServiceAccounts() throws InvalidGroupException, PrivilegeException {
        return this.extendedGroupService.getMemberUsers(Long.valueOf(SystemRoleAeImpl.SERVICE_ACCOUNT.getGroupId().longValue()));
    }

    public void limitServiceAccountVisibility(String str) throws PrivilegeException, InvalidGroupException {
        Long[] lArr = {SystemRoleAeImpl.DESIGNER.getGroupId()};
        Security securityForUser = this.extendedUserService.getSecurityForUser(str);
        RoleMap roleMap = securityForUser.getNative();
        HashMap hashMap = (HashMap) roleMap.get(ROLE_VIEWER);
        if (Arrays.equals(lArr, hashMap != null ? (Long[]) hashMap.get("groups") : null)) {
            return;
        }
        roleMap.setActorsInRole(ROLE_VIEWER, "groups", lArr);
        this.extendedUserService.setSecurityForUser(str, securityForUser);
    }

    private byte[] generateThrowawayPassword() {
        byte[] bArr = new byte[PASSWORD_SIZE];
        RANDOM.nextBytes(bArr);
        return Base64.getEncoder().encode(bArr);
    }

    private String getFirstName(String str) {
        return str.length() <= 35 ? str : str.substring(0, 32) + "...";
    }

    @VisibleForTesting
    String getLastName() {
        return ResourceFromBundleAppianInternal.getInternationalizedValue(BUNDLE, RESOURCE, this.localeSettingsProvider.get().getPrimaryLocale(), new Object[0]);
    }
}
