package edu.internet2.middleware.grouper.app.usdu;

import edu.internet2.middleware.grouper.Field;
import edu.internet2.middleware.grouper.FieldFinder;
import edu.internet2.middleware.grouper.FieldType;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.MembershipFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.attr.AttributeDef;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
import edu.internet2.middleware.grouper.exception.MemberDeleteException;
import edu.internet2.middleware.grouper.exception.MemberNotFoundException;
import edu.internet2.middleware.grouper.exception.RevokePrivilegeException;
import edu.internet2.middleware.grouper.exception.SchemaException;
import edu.internet2.middleware.grouper.exception.StemNotFoundException;
import edu.internet2.middleware.grouper.membership.MembershipType;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.NamingPrivilege;
import edu.internet2.middleware.grouper.privs.Privilege;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Source;
import edu.internet2.middleware.subject.SourceUnavailableException;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.SubjectNotFoundException;
import edu.internet2.middleware.subject.SubjectNotUniqueException;
import edu.internet2.middleware.subject.provider.SubjectImpl;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.7.0.jar:edu/internet2/middleware/grouper/app/usdu/USDU.class */
public class USDU {
    private static final Log LOG = GrouperUtil.getLog(USDU.class);
    private static Map<String, Privilege> list2priv = new HashMap();

    public static void resolveMember(GrouperSession grouperSession, String str, boolean z) throws IllegalArgumentException, InsufficientPrivilegeException, GroupNotFoundException, MemberDeleteException, MemberNotFoundException, RevokePrivilegeException, SchemaException, SourceUnavailableException, StemNotFoundException {
        try {
            Member findByUuid = MemberFinder.findByUuid(grouperSession, str, true);
            if (isMemberResolvable(grouperSession, findByUuid)) {
                System.out.println("member " + findByUuid + " is resolvable");
                return;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(findByUuid);
            resolveMembers(hashSet, z);
        } catch (MemberNotFoundException e) {
            System.out.println("member with uuid '" + str + "' not found");
        }
    }

    public static void resolveMembers(GrouperSession grouperSession, boolean z) throws IllegalArgumentException, InsufficientPrivilegeException, GroupNotFoundException, MemberDeleteException, MemberNotFoundException, RevokePrivilegeException, SchemaException, SourceUnavailableException, StemNotFoundException {
        resolveMembers(grouperSession, null, z);
    }

    public static void resolveMembers(GrouperSession grouperSession, Source source, boolean z) throws IllegalArgumentException, InsufficientPrivilegeException, GroupNotFoundException, MemberDeleteException, MemberNotFoundException, RevokePrivilegeException, SchemaException, SourceUnavailableException, StemNotFoundException {
        resolveMembers(getUnresolvableMembers(grouperSession, source), z);
    }

    protected static void resolveMembers(Set<Member> set, boolean z) throws IllegalArgumentException, InsufficientPrivilegeException, GroupNotFoundException, MemberDeleteException, MemberNotFoundException, RevokePrivilegeException, SchemaException, SourceUnavailableException, StemNotFoundException {
        int propertyValueInt = GrouperConfig.retrieveConfig().propertyValueInt("usdu.failsafe.maxUnresolvableSubjects", 200);
        if (z && set.size() > propertyValueInt) {
            throw new RuntimeException("Found too many unresolvable subjects: " + set.size() + ". Maximum allowed: " + propertyValueInt);
        }
        Set<Field> memberFields = getMemberFields();
        for (Member member : set) {
            Set<Membership> allImmediateMemberships = getAllImmediateMemberships(member, memberFields);
            if (allImmediateMemberships.isEmpty()) {
                System.out.println("member_uuid='" + member.getUuid() + "' subject=" + member + " no_memberships");
            } else {
                for (Membership membership : allImmediateMemberships) {
                    System.out.print("member_uuid='" + member.getUuid() + "' subject=" + member);
                    if (membership.getList().getType().equals(FieldType.LIST) || membership.getList().getType().equals(FieldType.ACCESS)) {
                        System.out.print(" group='" + membership.getOwnerGroup().getName());
                    }
                    if (membership.getList().getType().equals(FieldType.NAMING)) {
                        System.out.print(" stem='" + membership.getStem().getName());
                    }
                    System.out.print(" list='" + membership.getList().getName() + "'");
                    if (z) {
                        System.out.print(" delete");
                        if (membership.getList().getType().equals(FieldType.LIST)) {
                            deleteUnresolvableMember(membership.getMember(), membership.getOwnerGroup(), membership.getList());
                        }
                        if (membership.getList().getType().equals(FieldType.ACCESS)) {
                            deleteUnresolvableMember(membership.getMember(), membership.getOwnerGroup(), getPrivilege(membership.getList()));
                        }
                        if (membership.getList().getType().equals(FieldType.NAMING)) {
                            deleteUnresolvableMember(membership.getMember(), membership.getStem(), getPrivilege(membership.getList()));
                        }
                    }
                    System.out.println();
                }
            }
        }
    }

    protected static Set<Membership> getAllImmediateMemberships(Member member, Set<Field> set) throws SchemaException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator<Field> it = set.iterator();
        while (it.hasNext()) {
            Iterator it2 = GrouperUtil.nonNull((Set) new MembershipFinder().addMemberId(member.getId()).addField(it.next()).assignEnabled(null).assignMembershipType(MembershipType.IMMEDIATE).findMembershipsMembers()).iterator();
            while (it2.hasNext()) {
                linkedHashSet.add((Membership) ((Object[]) it2.next())[0]);
            }
        }
        return linkedHashSet;
    }

    public static void deleteUnresolvableMember(Member member, Group group, Field field) throws IllegalArgumentException, InsufficientPrivilegeException, MemberDeleteException, SourceUnavailableException, SchemaException {
        group.deleteMember(getUSDUSubject(member), field, false);
    }

    public static void deleteUnresolvableMember(Member member, Group group, Privilege privilege) throws IllegalArgumentException, InsufficientPrivilegeException, RevokePrivilegeException, SchemaException, SourceUnavailableException {
        group.revokePriv(getUSDUSubject(member), privilege, false);
    }

    public static void deleteUnresolvableMember(Member member, Stem stem, Privilege privilege) throws IllegalArgumentException, InsufficientPrivilegeException, RevokePrivilegeException, SchemaException, SourceUnavailableException {
        stem.revokePriv(getUSDUSubject(member), privilege, false);
    }

    public static void deleteUnresolvableMember(Member member, AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException, InsufficientPrivilegeException, RevokePrivilegeException, SchemaException, SourceUnavailableException {
        attributeDef.getPrivilegeDelegate().revokePriv(getUSDUSubject(member), privilege, false);
    }

    protected static Subject getUSDUSubject(Member member) throws IllegalArgumentException, SourceUnavailableException {
        return new SubjectImpl(member.getSubjectId(), member.getSubjectId(), null, member.getSubjectTypeId(), member.getSubjectSourceId());
    }

    protected static String getGrouperSourceAdapterId() {
        return SubjectFinder.internal_getGSA().getId();
    }

    protected static Set<Field> getMemberFields() throws SchemaException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator<Field> it = FieldFinder.findAllByType(FieldType.LIST).iterator();
        while (it.hasNext()) {
            linkedHashSet.add(it.next());
        }
        Iterator<Field> it2 = FieldFinder.findAllByType(FieldType.ACCESS).iterator();
        while (it2.hasNext()) {
            linkedHashSet.add(it2.next());
        }
        Iterator<Field> it3 = FieldFinder.findAllByType(FieldType.NAMING).iterator();
        while (it3.hasNext()) {
            linkedHashSet.add(it3.next());
        }
        return linkedHashSet;
    }

    protected static Privilege getPrivilege(Field field) {
        return list2priv.get(field.getName());
    }

    public static Set<Member> getUnresolvableMembers(GrouperSession grouperSession, Source source) {
        return getUnresolvableMembers(grouperSession, source, null);
    }

    public static Set<Member> getUnresolvableMembers(GrouperSession grouperSession, Source source, Map<String, Subject> map) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Member member : MemberFinder.findAllUsed(grouperSession, source)) {
            if (!isMemberResolvable(grouperSession, member, map)) {
                linkedHashSet.add(member);
            }
        }
        return linkedHashSet;
    }

    public static boolean isMemberResolvable(GrouperSession grouperSession, Member member) {
        return isMemberResolvable(grouperSession, member, null);
    }

    public static boolean isMemberResolvable(GrouperSession grouperSession, Member member, Map<String, Subject> map) {
        if (member.getSubjectSourceId().equals(getGrouperSourceAdapterId())) {
            try {
                GroupFinder.findByUuid(grouperSession, member.getSubjectId(), true);
                return true;
            } catch (GroupNotFoundException e) {
                return false;
            }
        }
        try {
            Subject findByIdAndSource = SubjectFinder.findByIdAndSource(member.getSubjectId(), member.getSubjectSourceId(), true, true);
            if (map == null) {
                return true;
            }
            map.put(member.getId(), findByIdAndSource);
            member.updateMemberAttributes(findByIdAndSource, true);
            return true;
        } catch (SourceUnavailableException e2) {
            return true;
        } catch (SubjectNotFoundException e3) {
            return false;
        } catch (SubjectNotUniqueException e4) {
            return false;
        }
    }

    static {
        list2priv.put(Field.FIELD_NAME_ADMINS, AccessPrivilege.ADMIN);
        list2priv.put(Field.FIELD_NAME_OPTINS, AccessPrivilege.OPTIN);
        list2priv.put(Field.FIELD_NAME_OPTOUTS, AccessPrivilege.OPTOUT);
        list2priv.put(Field.FIELD_NAME_READERS, AccessPrivilege.READ);
        list2priv.put(Field.FIELD_NAME_UPDATERS, AccessPrivilege.UPDATE);
        list2priv.put(Field.FIELD_NAME_VIEWERS, AccessPrivilege.VIEW);
        list2priv.put(Field.FIELD_NAME_GROUP_ATTR_READERS, AccessPrivilege.GROUP_ATTR_READ);
        list2priv.put(Field.FIELD_NAME_GROUP_ATTR_UPDATERS, AccessPrivilege.GROUP_ATTR_UPDATE);
        list2priv.put(Field.FIELD_NAME_CREATORS, NamingPrivilege.CREATE);
        list2priv.put(Field.FIELD_NAME_STEM_ADMINS, NamingPrivilege.STEM_ADMIN);
        list2priv.put(Field.FIELD_NAME_STEM_VIEWERS, NamingPrivilege.STEM_VIEW);
        list2priv.put(Field.FIELD_NAME_STEM_ATTR_READERS, NamingPrivilege.STEM_ATTR_READ);
        list2priv.put(Field.FIELD_NAME_STEM_ATTR_UPDATERS, NamingPrivilege.STEM_ATTR_UPDATE);
    }
}
