package edu.internet2.middleware.grouperDuo;

import com.duosecurity.client.Http;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.StemFinder;
import edu.internet2.middleware.grouper.app.loader.GrouperLoaderScheduleType;
import edu.internet2.middleware.grouper.app.loader.GrouperLoaderStatus;
import edu.internet2.middleware.grouper.app.loader.GrouperLoaderType;
import edu.internet2.middleware.grouper.app.loader.OtherJobBase;
import edu.internet2.middleware.grouper.app.loader.db.Hib3GrouperLoaderLog;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.SubjectNotFoundException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.quartz.DisallowConcurrentExecution;

@DisallowConcurrentExecution
/* loaded from: input_file:edu/internet2/middleware/grouperDuo/GrouperDuoAdminFullRefresh.class */
public class GrouperDuoAdminFullRefresh extends OtherJobBase {
    private static final Log LOG = GrouperUtil.getLog(GrouperDuoAdminFullRefresh.class);
    public static final String GROUPER_DUO_ADMIN_FULL_REFRESH = "OTHER_JOB_grouperDuoAdminFullRefresh";

    public static void fullRefreshLogic() {
        OtherJobBase.OtherJobInput otherJobInput = new OtherJobBase.OtherJobInput();
        GrouperSession startRootSession = GrouperSession.startRootSession();
        otherJobInput.setGrouperSession(startRootSession);
        otherJobInput.setHib3GrouperLoaderLog(new Hib3GrouperLoaderLog());
        try {
            fullRefreshLogic(otherJobInput);
        } finally {
            GrouperSession.stopQuietly(startRootSession);
        }
    }

    public static void fullRefreshLogic(OtherJobBase.OtherJobInput otherJobInput) {
        LOG.info("Starting GrouperDuo Administrator Full Refresh...");
        GrouperSession grouperSession = otherJobInput.getGrouperSession();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("method", "fullRefreshLogic");
        Hib3GrouperLoaderLog hib3GrouperLoaderLog = otherJobInput.getHib3GrouperLoaderLog();
        hib3GrouperLoaderLog.setHost(GrouperUtil.hostname());
        hib3GrouperLoaderLog.setJobName(GROUPER_DUO_ADMIN_FULL_REFRESH);
        hib3GrouperLoaderLog.setJobScheduleType(GrouperLoaderScheduleType.CRON.name());
        hib3GrouperLoaderLog.setJobType(GrouperLoaderType.MAINTENANCE.name());
        hib3GrouperLoaderLog.setStartedTime(new Timestamp(System.currentTimeMillis()));
        Map<String, GrouperDuoAdministrator> retrieveAdminAccounts = GrouperDuoCommands.retrieveAdminAccounts();
        ArrayList arrayList = new ArrayList(retrieveAdminAccounts.values());
        HashSet<Member> retrieveMembersFromAdminGroups = retrieveMembersFromAdminGroups(grouperSession);
        LOG.debug(String.format("Fetched %d administrator accounts, and %d grouper members.", Integer.valueOf(arrayList.size()), Integer.valueOf(retrieveMembersFromAdminGroups.size())));
        Iterator<Member> it = retrieveMembersFromAdminGroups.iterator();
        while (it.hasNext()) {
            Member next = it.next();
            try {
                GrouperDuoAdministrator fetchOrCreateGrouperDuoAdministrator = GrouperDuoUtils.fetchOrCreateGrouperDuoAdministrator(next, true, retrieveAdminAccounts);
                if (fetchOrCreateGrouperDuoAdministrator == null) {
                    LOG.error("Failed to fetch or create Administrator for grouper user " + next.getName());
                } else {
                    LOG.debug(String.format("Syncing Grouper Member %s with Duo Admin %s <%s>", next.getName(), fetchOrCreateGrouperDuoAdministrator.getAdminId(), fetchOrCreateGrouperDuoAdministrator.getEmail()));
                    if (GrouperDuoUtils.manageableAdminRoles().contains(fetchOrCreateGrouperDuoAdministrator.getRole())) {
                        try {
                            GrouperDuoUtils.synchronizeMemberAndDuoAdministrator(grouperSession, next, fetchOrCreateGrouperDuoAdministrator);
                            arrayList.remove(fetchOrCreateGrouperDuoAdministrator);
                        } catch (SubjectNotFoundException e) {
                        }
                    } else {
                        LOG.debug("Skipping admin " + fetchOrCreateGrouperDuoAdministrator.toString() + " due to unmanaged admin role.");
                        arrayList.remove(fetchOrCreateGrouperDuoAdministrator);
                    }
                }
            } catch (Exception e2) {
                LOG.error("Error fetchOrCreating Duo Administrator for Member " + next.getName() + "(" + next.getId() + "), " + e2.getMessage(), e2);
                if (GrouperDuoUtils.configEmailRecipientsGroupName().length() > 0) {
                    String str = "Failed to create an administrator object during an Administrator Full Sync operation.\nCheck the logs for a stack trace.\n\n";
                    try {
                        Subject subject = next.getSubject();
                        LOG.error(String.format("Subject Id: %s, Subject Source: %s", subject.getId(), subject.getSource()));
                        str = ((str + "\n\nSubject Information:\n") + String.format("Subject Id: %s \nSubject Source: %n", subject.getId(), subject.getSource())) + GrouperDuoUtils.getSubjectAttributesForEmail(subject);
                    } catch (SubjectNotFoundException e3) {
                        LOG.error(e2);
                        str = (((str + "\nAdditionally, there was a SubjectNotFoundException thrown while handling this exception.") + "\n\nMember Information:\n") + "Member Id: " + next.getId() + "\n") + "Member Name: " + next.getName() + "\n";
                    }
                    GrouperDuoUtils.sendEmailToGroupMembers(GroupFinder.findByName(grouperSession, GrouperDuoUtils.configEmailRecipientsGroupName(), false), "Error Creating an Administrator in Duo.", str);
                }
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            GrouperDuoAdministrator grouperDuoAdministrator = (GrouperDuoAdministrator) it2.next();
            if (GrouperDuoUtils.manageableAdminRoles().contains(grouperDuoAdministrator.getRole())) {
                LOG.debug(String.format("Found unmanaged Duo administrator account... ID: %s, Email: %s", grouperDuoAdministrator.getAdminId(), grouperDuoAdministrator.getEmail()));
                if (GrouperDuoUtils.isDisableUnknownAdminAccountsEnabled() && grouperDuoAdministrator.isActive()) {
                    LOG.warn(String.format("Disabling unmanaged administrator account. ID: %s, Email: %s, Name: %s, Last Login: %d", grouperDuoAdministrator.getAdminId(), grouperDuoAdministrator.getEmail(), grouperDuoAdministrator.getName(), grouperDuoAdministrator.getLastLogin()));
                    try {
                        Http startAdminUpdateRequest = GrouperDuoCommands.startAdminUpdateRequest(grouperDuoAdministrator);
                        GrouperDuoCommands.updateAdminStatus(startAdminUpdateRequest, false);
                        GrouperDuoCommands.updateAdminRole(startAdminUpdateRequest, "Read-only");
                        GrouperDuoCommands.executeAdminUpdateRequest(grouperDuoAdministrator, startAdminUpdateRequest);
                    } catch (Exception e4) {
                        LOG.error("Error while disabling an unmanaged administrator account...", e4);
                    }
                }
                if (GrouperDuoUtils.isDeleteUnknownAdminAccountsEnabled() && !grouperDuoAdministrator.isActive() && Math.round((float) (System.currentTimeMillis() / 1000)) - grouperDuoAdministrator.getLastLogin().longValue() > GrouperDuoUtils.deleteUnknownAdminAccountsAfterSeconds()) {
                    LOG.warn(String.format("Deleting unmanaged administrator account. ID: %s, Email: %s, Name: %s, Last Login: %d", grouperDuoAdministrator.getAdminId(), grouperDuoAdministrator.getEmail(), grouperDuoAdministrator.getName(), grouperDuoAdministrator.getLastLogin()));
                    try {
                        GrouperDuoCommands.deleteAdminAccount(grouperDuoAdministrator.getAdminId());
                    } catch (Exception e5) {
                        LOG.error("Failed to delete Duo Administrator account: " + grouperDuoAdministrator.getAdminId(), e5);
                    }
                }
            } else {
                LOG.debug("Skipping admin " + grouperDuoAdministrator.toString() + " due to unmanaged admin role.");
            }
        }
        hib3GrouperLoaderLog.setJobMessage(GrouperUtil.mapToString(linkedHashMap));
        hib3GrouperLoaderLog.setStatus(GrouperLoaderStatus.SUCCESS.name());
        hib3GrouperLoaderLog.store();
        LOG.info("Finished GrouperDuo Admin Full Refresh.");
    }

    private static HashSet<Member> retrieveMembersFromAdminGroups(GrouperSession grouperSession) {
        String configFolderForDuoAdmins = GrouperDuoUtils.configFolderForDuoAdmins();
        Stem findByName = StemFinder.findByName(grouperSession, configFolderForDuoAdmins.substring(0, configFolderForDuoAdmins.length() - 1), true);
        HashSet<Member> hashSet = new HashSet<>();
        Iterator it = findByName.getChildGroups().iterator();
        while (it.hasNext()) {
            hashSet.addAll(((Group) it.next()).getMembers());
        }
        return hashSet;
    }

    public OtherJobBase.OtherJobOutput run(OtherJobBase.OtherJobInput otherJobInput) {
        OtherJobBase.OtherJobOutput otherJobOutput = new OtherJobBase.OtherJobOutput();
        fullRefreshLogic(otherJobInput);
        return otherJobOutput;
    }
}
