package org.opencastproject.userdirectory;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.OrganizationDirectoryListener;
import org.opencastproject.security.api.OrganizationDirectoryService;
import org.opencastproject.security.api.SecurityConstants;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.impl.jpa.JpaGroup;
import org.opencastproject.security.impl.jpa.JpaOrganization;
import org.opencastproject.security.impl.jpa.JpaRole;
import org.opencastproject.security.impl.jpa.JpaUser;
import org.opencastproject.security.util.SecurityUtil;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(property = {"service.description=System admin user and group loader"}, immediate = true, service = {AdminUserAndGroupLoader.class})
/* loaded from: input_file:org/opencastproject/userdirectory/AdminUserAndGroupLoader.class */
public class AdminUserAndGroupLoader implements OrganizationDirectoryListener {
    private static final Logger logger = LoggerFactory.getLogger(AdminUserAndGroupLoader.class);
    public static final String OPT_ADMIN_PASSWORD = "org.opencastproject.security.admin.pass";
    private static final String DEFAULT_ADMIN_PASSWORD_CONFIGURATION = "opencast";
    public static final String OPT_ADMIN_EMAIL = "org.opencastproject.admin.email";
    public static final String OPT_ADMIN_ROLES = "org.opencastproject.security.admin.roles";
    public static final String SYSTEM_ADMIN_GROUP_SUFFIX = "_SYSTEM_ADMINS";
    protected JpaUserAndRoleProvider userAndRoleProvider;
    protected JpaGroupRoleProvider groupRoleProvider;
    protected OrganizationDirectoryService organizationDirectoryService;
    protected SecurityService securityService;
    private String adminUserName = null;
    private String adminPassword = null;
    private String adminEmail = null;
    private String adminRoles = null;
    protected ComponentContext componentCtx = null;

    @Activate
    public void activate(ComponentContext componentContext) throws Exception {
        logger.debug("Activating admin group loader");
        BundleContext bundleContext = componentContext.getBundleContext();
        this.adminUserName = StringUtils.trimToNull(bundleContext.getProperty("org.opencastproject.security.admin.user"));
        this.adminPassword = StringUtils.trimToNull(bundleContext.getProperty(OPT_ADMIN_PASSWORD));
        this.adminEmail = StringUtils.trimToNull(bundleContext.getProperty(OPT_ADMIN_EMAIL));
        this.adminRoles = StringUtils.trimToNull(bundleContext.getProperty(OPT_ADMIN_ROLES));
        if ("opencast".equals(this.adminPassword)) {
            logger.warn("\n######################################################\n#                                                    #\n# WARNING: Opencast still uses the default admin     #\n#          credentials. Never do this in production. #\n#                                                    #\n#          To change the password, edit the key      #\n#          org.opencastproject.security.admin.pass   #\n#          in custom.properties.                     #\n#                                                    #\n######################################################");
        }
        this.componentCtx = componentContext;
        Iterator it = this.organizationDirectoryService.getOrganizations().iterator();
        while (it.hasNext()) {
            createSystemAdministratorUserAndGroup((Organization) it.next());
        }
    }

    private JpaOrganization fromOrganization(Organization organization) {
        return organization instanceof JpaOrganization ? (JpaOrganization) organization : new JpaOrganization(organization.getId(), organization.getName(), organization.getServers(), organization.getAdminRole(), organization.getAnonymousRole(), organization.getProperties());
    }

    private void createSystemAdministratorUserAndGroup(Organization organization) {
        if (this.adminUserName == null || this.adminPassword == null) {
            logger.info("The administrator user and group loader is disabled.");
        } else {
            SecurityUtil.runAs(this.securityService, organization, SecurityUtil.createSystemUser(this.componentCtx, organization), () -> {
                try {
                    JpaOrganization fromOrganization = fromOrganization(this.organizationDirectoryService.getOrganization(organization.getId()));
                    boolean z = this.userAndRoleProvider.loadUser(this.adminUserName) != null;
                    JpaUser jpaUser = new JpaUser(this.adminUserName, this.adminPassword, fromOrganization, "Administrator", this.adminEmail, InMemoryUserAndRoleProvider.PROVIDER_NAME, false, (Set) Arrays.stream(StringUtils.split(Objects.toString(this.adminRoles, ""), ',')).map(StringUtils::trimToNull).filter((v0) -> {
                        return Objects.nonNull(v0);
                    }).map(str -> {
                        return new JpaRole(str, fromOrganization);
                    }).collect(Collectors.toSet()));
                    if (z) {
                        this.userAndRoleProvider.updateUser(jpaUser);
                        logger.info("Administrator user for '{}' updated", fromOrganization.getId());
                    } else {
                        this.userAndRoleProvider.addUser(jpaUser);
                        logger.info("Administrator user for '{}' created", fromOrganization.getId());
                    }
                    String concat = fromOrganization.getId().toUpperCase().concat(SYSTEM_ADMIN_GROUP_SUFFIX);
                    JpaGroup loadGroup = this.groupRoleProvider.loadGroup(concat, fromOrganization.getId());
                    HashSet hashSet = new HashSet();
                    HashSet hashSet2 = new HashSet();
                    for (String str2 : SecurityConstants.GLOBAL_SYSTEM_ROLES) {
                        hashSet.add(new JpaRole(str2, fromOrganization));
                        hashSet2.add(str2);
                    }
                    if (StringUtils.isNotBlank(fromOrganization.getAdminRole())) {
                        hashSet.add(new JpaRole(fromOrganization.getAdminRole(), fromOrganization));
                        hashSet2.add(fromOrganization.getAdminRole());
                    }
                    if (StringUtils.isNotBlank(fromOrganization.getAnonymousRole())) {
                        hashSet.add(new JpaRole(fromOrganization.getAnonymousRole(), fromOrganization));
                        hashSet2.add(fromOrganization.getAnonymousRole());
                    }
                    if (this.adminRoles != null) {
                        for (String str3 : StringUtils.split(this.adminRoles, ',')) {
                            String trimToNull = StringUtils.trimToNull(str3);
                            if (trimToNull != null) {
                                hashSet.add(new JpaRole(trimToNull, fromOrganization));
                                hashSet2.add(trimToNull);
                            }
                        }
                    }
                    HashSet hashSet3 = new HashSet();
                    hashSet3.add(this.adminUserName);
                    String concat2 = fromOrganization.getName().concat(" System Administrators");
                    String str4 = "System administrators of '" + fromOrganization.getName() + "'";
                    if (loadGroup == null) {
                        logger.info("Creating {}'s system administrator group", fromOrganization.getId());
                        JpaGroup jpaGroup = new JpaGroup(concat, fromOrganization, concat2, str4, hashSet);
                        jpaGroup.setMembers(hashSet3);
                        this.groupRoleProvider.addGroup(jpaGroup);
                    } else {
                        logger.info("Updating roles of {}'s system administrator group", fromOrganization.getId());
                        hashSet3.addAll(loadGroup.getMembers());
                        this.groupRoleProvider.updateGroup(concat, concat2, str4, StringUtils.join(hashSet2, ','), StringUtils.join(hashSet3, ','));
                    }
                } catch (Throwable th) {
                    logger.error("Unable to load system administrator group", th);
                }
            });
        }
    }

    public void organizationRegistered(Organization organization) {
        createSystemAdministratorUserAndGroup(organization);
    }

    public void organizationUnregistered(Organization organization) {
    }

    public void organizationUpdated(Organization organization) {
    }

    @Reference
    void setGroupRoleProvider(JpaGroupRoleProvider jpaGroupRoleProvider) {
        this.groupRoleProvider = jpaGroupRoleProvider;
    }

    @Reference
    void setUserAndRoleProvider(JpaUserAndRoleProvider jpaUserAndRoleProvider) {
        this.userAndRoleProvider = jpaUserAndRoleProvider;
    }

    @Reference
    void setOrganizationDirectoryService(OrganizationDirectoryService organizationDirectoryService) {
        this.organizationDirectoryService = organizationDirectoryService;
        this.organizationDirectoryService.addOrganizationDirectoryListener(this);
    }

    @Reference
    void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }
}
