package edu.internet2.middleware.grouper.externalSubjects;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperAPI;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.audit.AuditEntry;
import edu.internet2.middleware.grouper.audit.AuditTypeBuiltin;
import edu.internet2.middleware.grouper.cache.GrouperCache;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
import edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectConfig;
import edu.internet2.middleware.grouper.hibernate.AuditControl;
import edu.internet2.middleware.grouper.hibernate.GrouperTransactionType;
import edu.internet2.middleware.grouper.hibernate.HibUtilsMapping;
import edu.internet2.middleware.grouper.hibernate.HibernateHandler;
import edu.internet2.middleware.grouper.hibernate.HibernateHandlerBean;
import edu.internet2.middleware.grouper.hibernate.HibernateSession;
import edu.internet2.middleware.grouper.hooks.ExternalSubjectHooks;
import edu.internet2.middleware.grouper.hooks.beans.HooksBean;
import edu.internet2.middleware.grouper.hooks.beans.HooksExternalSubjectBean;
import edu.internet2.middleware.grouper.hooks.logic.GrouperHookType;
import edu.internet2.middleware.grouper.hooks.logic.GrouperHooksUtils;
import edu.internet2.middleware.grouper.hooks.logic.VetoTypeGrouper;
import edu.internet2.middleware.grouper.internal.dao.GrouperDAOException;
import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
import edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GrouperVersioned;
import edu.internet2.middleware.grouper.internal.util.GrouperUuid;
import edu.internet2.middleware.grouper.misc.GrouperHasContext;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.util.GrouperEmail;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.collections.MultiKey;
import edu.internet2.middleware.subject.Subject;
import java.sql.Timestamp;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.5.5.jar:edu/internet2/middleware/grouper/externalSubjects/ExternalSubject.class */
public class ExternalSubject extends GrouperAPI implements GrouperHasContext, Hib3GrouperVersioned {
    private String uuid;
    private String identifier;
    private String name;
    private String description;
    private String email;
    private String institution;
    private String searchStringLower;
    private String contextId;
    private String creatorMemberId;
    private String modifierMemberId;
    private String vettedEmailAddresses;
    public static final String TABLE_GROUPER_EXT_SUBJ = "grouper_ext_subj";
    public static final String COLUMN_CONTEXT_ID = "context_id";
    public static final String COLUMN_DESCRIPTION = "description";
    public static final String COLUMN_DISABLED_TIME = "disabled_time";
    public static final String COLUMN_EMAIL = "email";
    public static final String COLUMN_ENABLED = "enabled";
    public static final String COLUMN_IDENTIFIER = "identifier";
    public static final String COLUMN_INSTITUTION = "institution";
    public static final String COLUMN_NAME = "name";
    public static final String COLUMN_SEARCH_STRING_LOWER = "search_string_lower";
    public static final String COLUMN_VETTED_EMAIL_ADDRESSES = "vetted_email_addresses";
    public static final String COLUMN_UUID = "uuid";
    public static final String COLUMN_CREATE_TIME = "create_time";
    public static final String COLUMN_CREATOR_MEMBER_ID = "creator_member_id";
    public static final String COLUMN_MODIFY_TIME = "modify_time";
    public static final String COLUMN_MODIFIER_MEMBER_ID = "modifier_member_id";
    public static final String FIELD_CONTEXT_ID = "contextId";
    public static final String FIELD_CREATE_TIME = "createTime";
    public static final String FIELD_CREATOR_MEMBER_ID = "creatorMemberId";
    public static final String FIELD_DESCRIPTION = "description";
    public static final String FIELD_EMAIL = "email";
    public static final String FIELD_ENABLED = "enabled";
    public static final String FIELD_IDENTIFIER = "identifier";
    public static final String FIELD_INSTITUTION = "institution";
    public static final String FIELD_MODIFIER_MEMBER_ID = "modifierMemberId";
    public static final String FIELD_MODIFY_TIME = "modifyTime";
    public static final String FIELD_NAME = "name";
    public static final String FIELD_UUID = "uuid";
    public static final String FIELD_DISABLED_TIME = "disabledTime";
    public static final String FIELD_SEARCH_STRING_LOWER = "searchStringLower";
    public static final String FIELD_VETTED_EMAIL_ADDRESSES = "vettedEmailAddresses";
    private static final Set<String> DB_VERSION_FIELDS = GrouperUtil.toSet("contextId", "createTime", "creatorMemberId", "description", FIELD_DISABLED_TIME, "email", "enabled", "identifier", "institution", "modifierMemberId", "modifyTime", "name", FIELD_SEARCH_STRING_LOWER, FIELD_VETTED_EMAIL_ADDRESSES, "uuid");
    private static final Set<String> CLONE_FIELDS = GrouperUtil.toSet("contextId", "createTime", "creatorMemberId", "description", FIELD_DISABLED_TIME, "email", "enabled", GrouperAPI.FIELD_HIBERNATE_VERSION_NUMBER, "identifier", "institution", "modifierMemberId", "modifyTime", "name", FIELD_SEARCH_STRING_LOWER, FIELD_VETTED_EMAIL_ADDRESSES, "uuid");
    private static GrouperCache<MultiKey, Boolean> subjectCanEditExternalUser = new GrouperCache<>(ExternalSubject.class.getName(), 200, false, 60, 60, false);
    private static final Log LOG = GrouperUtil.getLog(ExternalSubject.class);
    static int lastDisabledFixCount = -1;
    private long createTime = System.currentTimeMillis();
    private long modifyTime = System.currentTimeMillis();
    private Long disabledTime = null;
    private boolean enabled = true;

    public String getVettedEmailAddresses() {
        return this.vettedEmailAddresses;
    }

    public void setVettedEmailAddresses(String str) {
        this.vettedEmailAddresses = str;
    }

    public static void notifyWatcherAboutRegistration(String str, String str2, String str3) {
        try {
            String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("externalSubjectsNotifyInviterEmail");
            if (StringUtils.isBlank(propertyValueString)) {
                propertyValueString = "Hello,$newline$$newline$This is a notification that user $inviteeIdentifier$ from email address $inviteeEmailAddress$ has registered with the identity management service.  They can now use applications at this institution.$newline$$newline$Regards.";
            }
            String propertyValueString2 = GrouperConfig.retrieveConfig().propertyValueString("externalSubjectsNotifyInviterSubject");
            if (StringUtils.isBlank(propertyValueString2)) {
                propertyValueString2 = "$inviteeIdentifier$ has registered";
            }
            new GrouperEmail().setTo(str2).setSubject(StringUtils.replace(StringUtils.replace(propertyValueString2, "$inviteeIdentifier$", str), "$inviteeEmailAddress$", str3)).setBody(StringUtils.replace(StringUtils.replace(StringUtils.replace(propertyValueString, "$newline$", "\n"), "$inviteeIdentifier$", str), "$inviteeEmailAddress$", str3)).send();
        } catch (Exception e) {
            LOG.error("Problem sending notification of registration to: '" + str2 + "' for external subject invite for: " + str, e);
        }
    }

    public void addVettedEmailAddress(String str) {
        if (StringUtils.isBlank(this.vettedEmailAddresses)) {
            this.vettedEmailAddresses = str;
        } else if (GrouperUtil.splitTrimToSet(this.vettedEmailAddresses, ",").contains(str)) {
            return;
        } else {
            this.vettedEmailAddresses += ", " + str;
        }
        store();
    }

    public Long getDisabledTimeDb() {
        return this.disabledTime;
    }

    public void setDisabledTimeDb(Long l) {
        this.disabledTime = l;
    }

    public Date getDisabledTime() {
        if (this.disabledTime == null) {
            return null;
        }
        return new Date(this.disabledTime.longValue());
    }

    public void setDisabledTime(Date date) {
        this.disabledTime = date == null ? null : Long.valueOf(date.getTime());
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public String getEnabledDb() {
        return this.enabled ? "T" : "F";
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public void setEnabledDb(String str) {
        this.enabled = GrouperUtil.booleanValue(str);
    }

    public String getContextId() {
        return this.contextId;
    }

    public String getSearchStringLower() {
        return this.searchStringLower;
    }

    public void setSearchStringLower(String str) {
        this.searchStringLower = str;
    }

    public String getUuid() {
        return this.uuid;
    }

    public void setUuid(String str) {
        this.uuid = str;
    }

    public String getIdentifier() {
        return this.identifier;
    }

    public void setIdentifier(String str) {
        this.identifier = str;
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public String getDescription() {
        return this.description;
    }

    public void setDescription(String str) {
        this.description = str;
    }

    public String getEmail() {
        return this.email;
    }

    public void setEmail(String str) {
        this.email = str;
    }

    public String getInstitution() {
        return this.institution;
    }

    public void setInstitution(String str) {
        this.institution = str;
    }

    @Override // edu.internet2.middleware.grouper.GrouperAPI, edu.internet2.middleware.grouper.misc.GrouperCloneable
    public ExternalSubject clone() {
        return (ExternalSubject) GrouperUtil.clone(this, CLONE_FIELDS);
    }

    @Override // edu.internet2.middleware.grouper.misc.GrouperHasContext
    public void setContextId(String str) {
        this.contextId = str;
    }

    public Date getCreateTime() {
        return new Date(getCreateTimeDb());
    }

    public long getCreateTimeDb() {
        return this.createTime;
    }

    public String getCreatorMemberId() {
        return this.creatorMemberId;
    }

    public String getModifierMemberId() {
        return this.modifierMemberId;
    }

    public void setCreateTimeDb(long j) {
        this.createTime = j;
    }

    public void setCreatorMemberId(String str) {
        this.creatorMemberId = str;
    }

    public void setModifierMemberId(String str) {
        this.modifierMemberId = str;
    }

    public void setModifyTimeDb(long j) {
        this.modifyTime = j;
    }

    public Date getModifyTime() {
        return new Date(getModifyTimeDb());
    }

    public long getModifyTimeDb() {
        return this.modifyTime;
    }

    public static boolean subjectCanEditExternalUser(final Subject subject) {
        boolean z = false;
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession(false);
        if (staticGrouperSession == null) {
            staticGrouperSession = GrouperSession.startRootSession();
            z = true;
        }
        try {
            boolean booleanValue = ((Boolean) GrouperSession.callbackGrouperSession(staticGrouperSession.internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.externalSubjects.ExternalSubject.1
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    MultiKey multiKey = new MultiKey(Subject.this.getSourceId(), Subject.this.getId());
                    Boolean bool = ExternalSubject.subjectCanEditExternalUser.get(multiKey);
                    if (bool != null) {
                        return bool;
                    }
                    boolean propertyValueBoolean = GrouperConfig.retrieveConfig().propertyValueBoolean("externalSubjects.wheelOrRootCanEdit", true);
                    String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("externalSubjects.groupAllowedForEdit");
                    if (propertyValueBoolean && PrivilegeHelper.isWheelOrRoot(Subject.this)) {
                        bool = true;
                    }
                    if ((bool == null || !bool.booleanValue()) && !StringUtils.isBlank(propertyValueString)) {
                        return Boolean.valueOf(GroupFinder.findByName(grouperSession, propertyValueString, true).hasMember(Subject.this));
                    }
                    if (bool != null && bool.booleanValue()) {
                        ExternalSubject.subjectCanEditExternalUser.put(multiKey, bool);
                    }
                    return Boolean.valueOf(bool != null ? bool.booleanValue() : false);
                }
            })).booleanValue();
            if (z) {
                GrouperSession.stopQuietly(staticGrouperSession);
            }
            return booleanValue;
        } catch (Throwable th) {
            if (z) {
                GrouperSession.stopQuietly(staticGrouperSession);
            }
            throw th;
        }
    }

    @Override // edu.internet2.middleware.grouper.GrouperAPI, edu.internet2.middleware.grouper.hibernate.HibGrouperLifecycle
    public void onPreSave(HibernateSession hibernateSession) {
        super.onPreSave(hibernateSession);
        if (StringUtils.isBlank(getUuid())) {
            setUuid(GrouperUuid.getUuid());
        }
        setModifierMemberId(GrouperSession.staticGrouperSession().getMember().getUuid());
        setModifyTimeDb(System.currentTimeMillis());
        setCreatorMemberId(GrouperSession.staticGrouperSession().getMember().getUuid());
        setCreateTimeDb(System.currentTimeMillis());
    }

    @Override // edu.internet2.middleware.grouper.GrouperAPI, edu.internet2.middleware.grouper.hibernate.HibGrouperLifecycle
    public void onPreUpdate(HibernateSession hibernateSession) {
        super.onPreUpdate(hibernateSession);
        setModifierMemberId(GrouperSession.staticGrouperSession().getMember().getUuid());
        setModifyTimeDb(System.currentTimeMillis());
    }

    private void assertRequiredFieldsAreThere(Set<ExternalSubjectAttribute> set, String str) {
        ExternalSubjectConfig.ExternalSubjectConfigBean externalSubjectConfigBean = ExternalSubjectConfig.externalSubjectConfigBean();
        if (externalSubjectConfigBean.isNameRequired() && StringUtils.isBlank(getName())) {
            throw new RuntimeException("Name is a required field.  If unsure what it should be, use the identifier or something: " + this);
        }
        if (externalSubjectConfigBean.isEmailRequired() && StringUtils.isBlank(getEmail())) {
            throw new RuntimeException("Email is a required field: " + this);
        }
        if (externalSubjectConfigBean.isInstitutionRequired() && StringUtils.isBlank(getInstitution())) {
            throw new RuntimeException("Institution is a required field: " + this);
        }
        for (ExternalSubjectConfig.ExternalSubjectAttributeConfigBean externalSubjectAttributeConfigBean : externalSubjectConfigBean.getExternalSubjectAttributeConfigBeans()) {
            if (externalSubjectAttributeConfigBean.isRequired()) {
                ExternalSubjectAttribute externalSubjectAttribute = null;
                if (set != null) {
                    Iterator<ExternalSubjectAttribute> it = set.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        ExternalSubjectAttribute next = it.next();
                        if (StringUtils.equals(next.getAttributeSystemName(), externalSubjectAttributeConfigBean.getSystemName())) {
                            externalSubjectAttribute = next;
                            break;
                        }
                    }
                } else {
                    externalSubjectAttribute = retrieveAttribute(externalSubjectAttributeConfigBean.getSystemName(), false);
                }
                if (externalSubjectAttribute == null || StringUtils.isBlank(externalSubjectAttribute.getAttributeValue()) || (!StringUtils.isBlank(str) && StringUtils.equals(str, externalSubjectAttributeConfigBean.getSystemName()))) {
                    throw new RuntimeException("External subject attribute: " + externalSubjectAttributeConfigBean.getSystemName() + " is a required field");
                }
            }
        }
    }

    public void store() {
        store(null, null, true, true, false);
    }

    static Map<String, Object> substitutionMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("grouperUtil", new GrouperUtil());
        String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("externalSubjects.customElClasses");
        if (!StringUtils.isBlank(propertyValueString)) {
            for (String str : GrouperUtil.splitTrim(propertyValueString, ",")) {
                Class forName = GrouperUtil.forName(str);
                hashMap.put(StringUtils.uncapitalize(forName.getSimpleName()), GrouperUtil.newInstance(forName));
            }
        }
        return hashMap;
    }

    void changeDynamicFields() {
        if (!GrouperConfig.retrieveConfig().propertyValueBoolean("externalSubjects.desc.manual", false)) {
            String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("externalSubjects.desc.el");
            if (StringUtils.isBlank(propertyValueString)) {
                throw new RuntimeException("externalSubjects.desc.el is required in the grouper.properties");
            }
            Map<String, Object> substitutionMap = substitutionMap();
            substitutionMap.put(HooksExternalSubjectBean.FIELD_EXTERNAL_SUBJECT, this);
            setDescription(GrouperUtil.substituteExpressionLanguage(propertyValueString, substitutionMap, false, true, true));
        }
        String propertyValueString2 = GrouperConfig.retrieveConfig().propertyValueString("externalSubjects.searchStringFields");
        if (StringUtils.isBlank(propertyValueString2)) {
            throw new RuntimeException("externalSubjects.searchStringFields is required in the grouper.properties");
        }
        Set<String> splitTrimToSet = GrouperUtil.splitTrimToSet(propertyValueString2, ",");
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = splitTrimToSet.iterator();
        while (it.hasNext()) {
            String trimToEmpty = StringUtils.trimToEmpty(retrieveFieldValue(it.next()));
            if (!StringUtils.isBlank(trimToEmpty)) {
                if (sb.length() > 0) {
                    sb.append(", ");
                }
                sb.append(trimToEmpty.toLowerCase());
            }
        }
        setSearchStringLower(sb.toString());
    }

    public String retrieveFieldValue(String str) {
        String attributeValue;
        if (StringUtils.equalsIgnoreCase("name", str)) {
            attributeValue = getName();
        } else if (StringUtils.equalsIgnoreCase("uuid", str)) {
            attributeValue = getUuid();
        } else if (StringUtils.equalsIgnoreCase("email", str)) {
            attributeValue = getEmail();
        } else if (StringUtils.equalsIgnoreCase("identifier", str)) {
            attributeValue = getIdentifier();
        } else if (StringUtils.equalsIgnoreCase("description", str)) {
            attributeValue = getDescription();
        } else if (StringUtils.equalsIgnoreCase("institution", str)) {
            attributeValue = getInstitution();
        } else {
            ExternalSubjectAttribute retrieveAttribute = retrieveAttribute(str, false);
            attributeValue = retrieveAttribute == null ? null : retrieveAttribute.getAttributeValue();
        }
        return attributeValue;
    }

    public void store(final Set<ExternalSubjectAttribute> set, final String str, boolean z, final boolean z2, final boolean z3) {
        assertCurrentUserCanEditExternalUsers();
        changeDynamicFields();
        if (z) {
            assertRequiredFieldsAreThere(set, null);
        }
        calculateDisabledFlag();
        validateIdentifier();
        HibernateSession.callbackHibernateSession(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_NOT_AUDIT, new HibernateHandler() { // from class: edu.internet2.middleware.grouper.externalSubjects.ExternalSubject.2
            @Override // edu.internet2.middleware.grouper.hibernate.HibernateHandler
            public Object callback(HibernateHandlerBean hibernateHandlerBean) throws GrouperDAOException {
                ExternalSubjectConfig.ExternalSubjectAutoaddBean externalSubjectAutoaddBean;
                boolean booleanValue = ((Boolean) HibernateSession.callbackHibernateSession(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT, new HibernateHandler() { // from class: edu.internet2.middleware.grouper.externalSubjects.ExternalSubject.2.1
                    @Override // edu.internet2.middleware.grouper.hibernate.HibernateHandler
                    public Object callback(HibernateHandlerBean hibernateHandlerBean2) throws GrouperDAOException {
                        AuditEntry auditEntry;
                        hibernateHandlerBean2.getHibernateSession().setCachingEnabled(false);
                        boolean isInsert = HibUtilsMapping.isInsert(ExternalSubject.this);
                        ExternalSubjectStorageController.saveOrUpdate(ExternalSubject.this);
                        if (!hibernateHandlerBean2.isCallerWillCreateAudit()) {
                            if (isInsert) {
                                auditEntry = new AuditEntry(AuditTypeBuiltin.EXTERNAL_SUBJECT_ADD, "id", ExternalSubject.this.getUuid(), "name", ExternalSubject.this.getName(), "identifier", ExternalSubject.this.getIdentifier());
                                auditEntry.setDescription("Added external subject: " + ExternalSubject.this.getDescription());
                            } else {
                                auditEntry = new AuditEntry(AuditTypeBuiltin.EXTERNAL_SUBJECT_UPDATE, "id", ExternalSubject.this.getUuid(), "name", ExternalSubject.this.getName(), "identifier", ExternalSubject.this.getIdentifier());
                                auditEntry.setDescription("Updated external subject: " + ExternalSubject.this.getDescription());
                            }
                            auditEntry.saveOrUpdate(true);
                        }
                        return Boolean.valueOf(isInsert);
                    }
                })).booleanValue();
                Iterator it = GrouperUtil.nonNull(set).iterator();
                while (it.hasNext()) {
                    ((ExternalSubjectAttribute) it.next()).store(ExternalSubject.this);
                }
                if (z2 && ExternalSubject.this.isEnabled()) {
                    ExternalSubject.this.assignGroups(GrouperConfig.retrieveConfig().propertyValueString("externalSubjects.autoaddGroups"), GrouperConfig.retrieveConfig().propertyValueString("externalSubjects.autoaddGroupActions"), booleanValue, GrouperConfig.retrieveConfig().propertyValueInt("externalSubjects.autoaddGroupExpireAfterDays", -1));
                    if (!StringUtils.isBlank(str) && (externalSubjectAutoaddBean = ExternalSubjectConfig.externalSubjectAutoaddConfigBean().get(str)) != null) {
                        ExternalSubject.this.assignGroups(externalSubjectAutoaddBean.getGroups(), externalSubjectAutoaddBean.getActions(), booleanValue, externalSubjectAutoaddBean.getExpireAfterDays());
                    }
                }
                GrouperHookType grouperHookType = GrouperHookType.EXTERNAL_SUBJECT;
                Object[] objArr = new Object[7];
                objArr[0] = ExternalSubject.this;
                objArr[1] = Boolean.valueOf(booleanValue);
                objArr[2] = Boolean.valueOf(!booleanValue);
                objArr[3] = set;
                objArr[4] = str;
                objArr[5] = Boolean.valueOf(z2);
                objArr[6] = Boolean.valueOf(z3);
                GrouperHooksUtils.callHooksIfRegistered(grouperHookType, ExternalSubjectHooks.METHOD_POST_EDIT_EXTERNAL_SUBJECT, (Class<? extends HooksBean>) HooksExternalSubjectBean.class, objArr, new Class[]{ExternalSubject.class, Boolean.TYPE, Boolean.TYPE, Set.class, String.class, Boolean.TYPE, Boolean.TYPE}, VetoTypeGrouper.EXTERNAL_SUBJECT_POST_EDIT);
                return null;
            }
        });
    }

    public void validateIdentifier() {
        if (StringUtils.isBlank(this.identifier)) {
            throw new RuntimeException("Identifier cannot be blank");
        }
        if (GrouperConfig.retrieveConfig().propertyValueBoolean("externalSubjects.validateIndentiferLikeEmail", true) && !GrouperUtil.validEmail(this.identifier)) {
            throw new RuntimeException("Not allowed to register this identifier, should be in email format: '" + this.identifier + "'");
        }
        for (int i = 0; i < 100; i++) {
            String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("externalSubjects.regexForInvalidIdentifier." + i);
            if (StringUtils.isBlank(propertyValueString)) {
                return;
            }
            if (Pattern.compile(propertyValueString).matcher(this.identifier).matches()) {
                throw new RuntimeException("Identifier '" + this.identifier + "' cannot match regex: " + propertyValueString);
            }
        }
    }

    private void assignGroups(String str, String str2, boolean z, final int i) {
        boolean z2 = true;
        if (!StringUtils.isBlank(str2)) {
            if (z && !str2.contains("insert")) {
                z2 = false;
            }
            if (!z && !str2.contains("update")) {
                z2 = false;
            }
        }
        if (StringUtils.isBlank(str)) {
            z2 = false;
        }
        if (z2) {
            final Subject findByIdAndSource = SubjectFinder.findByIdAndSource(getUuid(), sourceId(), true);
            final Set<String> splitTrimToSet = GrouperUtil.splitTrimToSet(str, ",");
            GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
            boolean z3 = false;
            if (staticGrouperSession == null) {
                staticGrouperSession = GrouperSession.startRootSession(false);
                z3 = true;
            }
            if (!PrivilegeHelper.isWheelOrRoot(staticGrouperSession.getSubject())) {
                staticGrouperSession = staticGrouperSession.internal_getRootSession();
            }
            try {
                GrouperSession.callbackGrouperSession(staticGrouperSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.externalSubjects.ExternalSubject.3
                    @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                    public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                        for (String str3 : splitTrimToSet) {
                            if (ExternalSubject.LOG.isDebugEnabled()) {
                                ExternalSubject.LOG.debug("Assigning external subject to group: " + str3 + ", and expireAfterDays: " + i);
                            }
                            Group findByName = GroupFinder.findByName(grouperSession, str3, true);
                            findByName.addMember(findByIdAndSource, false);
                            if (i > 0) {
                                Membership immediateMembership = findByName.getImmediateMembership(Group.getDefaultList(), findByIdAndSource, true, true);
                                immediateMembership.setEnabledTime(new Timestamp(System.currentTimeMillis() + (i * 24 * 60 * 60 * 1000)));
                                immediateMembership.update();
                            }
                        }
                        return null;
                    }
                });
                if (z3) {
                    GrouperSession.stopQuietly(staticGrouperSession);
                }
            } catch (Throwable th) {
                if (z3) {
                    GrouperSession.stopQuietly(staticGrouperSession);
                }
                throw th;
            }
        }
    }

    public static String sourceName() {
        String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("externalSubject.sourceName");
        return StringUtils.isBlank(propertyValueString) ? "External Users" : propertyValueString;
    }

    public static String sourceId() {
        String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("externalSubject.sourceId");
        return StringUtils.isBlank(propertyValueString) ? "grouperExternal" : propertyValueString;
    }

    public void delete() {
        assertCurrentUserCanEditExternalUsers();
        HibernateSession.callbackHibernateSession(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT, new HibernateHandler() { // from class: edu.internet2.middleware.grouper.externalSubjects.ExternalSubject.4
            @Override // edu.internet2.middleware.grouper.hibernate.HibernateHandler
            public Object callback(HibernateHandlerBean hibernateHandlerBean) throws GrouperDAOException {
                hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
                ExternalSubjectStorageController.delete(ExternalSubject.this);
                if (hibernateHandlerBean.isCallerWillCreateAudit()) {
                    return null;
                }
                AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.EXTERNAL_SUBJECT_DELETE, "id", ExternalSubject.this.getUuid(), "name", ExternalSubject.this.getName(), "identifier", ExternalSubject.this.getIdentifier());
                auditEntry.setDescription("Deleted external subject: " + ExternalSubject.this.getDescription());
                auditEntry.saveOrUpdate(true);
                return null;
            }
        });
    }

    private void calculateDisabledFlag() {
        this.enabled = this.disabledTime == null || this.disabledTime.longValue() > System.currentTimeMillis();
    }

    public static int internal_fixDisabled() {
        Set<ExternalSubject> findAllDisabledMismatch = ExternalSubjectStorageController.findAllDisabledMismatch();
        Iterator<ExternalSubject> it = findAllDisabledMismatch.iterator();
        while (it.hasNext()) {
            it.next().store();
        }
        lastDisabledFixCount = findAllDisabledMismatch.size();
        return findAllDisabledMismatch.size();
    }

    public static int internal_daemonCalcFields() {
        int i = 0;
        for (ExternalSubject externalSubject : ExternalSubjectStorageController.findAll()) {
            String description = externalSubject.getDescription();
            String searchStringLower = externalSubject.getSearchStringLower();
            boolean isEnabled = externalSubject.isEnabled();
            externalSubject.changeDynamicFields();
            externalSubject.calculateDisabledFlag();
            if (!StringUtils.equals(description, externalSubject.getDescription()) || !StringUtils.equals(searchStringLower, externalSubject.getSearchStringLower()) || isEnabled != externalSubject.isEnabled()) {
                externalSubject.store(null, null, false, false, true);
                i++;
            }
        }
        lastDisabledFixCount = i;
        return i;
    }

    public boolean assignAttribute(String str, String str2) {
        assertCurrentUserCanEditExternalUsers();
        if (StringUtils.isBlank(getUuid())) {
            throw new RuntimeException("uuid cannot be null! " + this);
        }
        ExternalSubjectAttribute retrieveAttribute = retrieveAttribute(str, false);
        if (retrieveAttribute != null) {
            if (StringUtils.equals(retrieveAttribute.getAttributeValue(), str2)) {
                return false;
            }
            retrieveAttribute.setAttributeValue(str2);
            retrieveAttribute.store(this);
            store();
            return true;
        }
        ExternalSubjectAttribute externalSubjectAttribute = new ExternalSubjectAttribute();
        externalSubjectAttribute.setAttributeSystemName(str);
        externalSubjectAttribute.setAttributeValue(str2);
        externalSubjectAttribute.setSubjectUuid(getUuid());
        externalSubjectAttribute.store(this);
        store();
        return true;
    }

    public Set<ExternalSubjectAttribute> retrieveAttributes() {
        return ExternalSubjectAttributeStorageController.findBySubject(getUuid(), new QueryOptions().secondLevelCache(false));
    }

    public ExternalSubjectAttribute retrieveAttribute(String str, boolean z) {
        assertCurrentUserCanEditExternalUsers();
        ExternalSubjectAttribute.assertValidAttribute(str);
        for (ExternalSubjectAttribute externalSubjectAttribute : GrouperUtil.nonNull((Set) retrieveAttributes())) {
            if (StringUtils.equals(str, externalSubjectAttribute.getAttributeSystemName())) {
                return externalSubjectAttribute;
            }
        }
        if (z) {
            throw new RuntimeException("Cant find attribute assignment: " + str + " for subject: " + this);
        }
        return null;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        try {
            if (this.uuid != null) {
                sb.append("uuid: ").append(this.uuid).append(", ");
            }
            if (this.identifier != null) {
                sb.append("identifier: ").append(this.identifier).append(", ");
            }
            if (this.name != null) {
                sb.append("name: ").append(this.name).append(", ");
            }
            if (this.description != null) {
                sb.append("description: ").append(this.description).append(", ");
            }
        } catch (Exception e) {
        }
        return sb.toString();
    }

    public boolean removeAttribute(String str) {
        assertCurrentUserCanEditExternalUsers();
        assertRequiredFieldsAreThere(null, str);
        ExternalSubjectAttribute retrieveAttribute = retrieveAttribute(str, false);
        if (retrieveAttribute == null) {
            return false;
        }
        retrieveAttribute.delete(this);
        store();
        return true;
    }

    private void assertCurrentUserCanEditExternalUsers() {
        Subject subject = GrouperSession.staticGrouperSession().getSubject();
        if (!subjectCanEditExternalUser(subject)) {
            throw new InsufficientPrivilegeException("Subject cannot edit external users (per grouper.properties): " + GrouperUtil.subjectToString(subject));
        }
    }
}
