package org.opencastproject.userdirectory;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.persistence.EntityManagerFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.opencastproject.db.DBSession;
import org.opencastproject.db.DBSessionFactory;
import org.opencastproject.db.Queries;
import org.opencastproject.kernel.security.CustomPasswordEncoder;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.UnauthorizedException;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserProvider;
import org.opencastproject.security.impl.jpa.JpaOrganization;
import org.opencastproject.security.impl.jpa.JpaRole;
import org.opencastproject.security.impl.jpa.JpaUser;
import org.opencastproject.userdirectory.utils.UserDirectoryUtils;
import org.opencastproject.util.NotFoundException;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(property = {"service.description=Provides a user directory"}, immediate = true, service = {UserProvider.class, RoleProvider.class, JpaUserAndRoleProvider.class})
/* loaded from: input_file:org/opencastproject/userdirectory/JpaUserAndRoleProvider.class */
public class JpaUserAndRoleProvider implements UserProvider, RoleProvider {
    private static final Logger logger = LoggerFactory.getLogger(JpaUserAndRoleProvider.class);
    public static final String PERSISTENCE_UNIT = "org.opencastproject.common";
    public static final String PROVIDER_NAME = "opencast";
    public static final String USERNAME = "username";
    public static final String ROLES = "roles";
    public static final String ENCODING = "UTF-8";
    private static final String DELIMITER = ";==;";
    protected JpaGroupRoleProvider groupRoleProvider;
    protected DBSessionFactory dbSessionFactory;
    protected DBSession db;
    protected SecurityService securityService = null;
    private LoadingCache<String, Object> cache = null;
    protected Object nullToken = new Object();
    private CustomPasswordEncoder passwordEncoder = new CustomPasswordEncoder();
    protected EntityManagerFactory emf = null;

    @Reference(target = "(osgi.unit.name=org.opencastproject.common)")
    void setEntityManagerFactory(EntityManagerFactory entityManagerFactory) {
        this.emf = entityManagerFactory;
    }

    @Reference
    public void setDBSessionFactory(DBSessionFactory dBSessionFactory) {
        this.dbSessionFactory = dBSessionFactory;
    }

    @Reference
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    @Reference
    void setGroupRoleProvider(JpaGroupRoleProvider jpaGroupRoleProvider) {
        this.groupRoleProvider = jpaGroupRoleProvider;
    }

    @Activate
    public void activate(ComponentContext componentContext) {
        logger.debug("activate");
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(1L, TimeUnit.MINUTES).build(new CacheLoader<String, Object>() { // from class: org.opencastproject.userdirectory.JpaUserAndRoleProvider.1
            public Object load(String str) {
                String[] split = str.split(JpaUserAndRoleProvider.DELIMITER);
                JpaUserAndRoleProvider.logger.trace("Loading user '{}':'{}' from database", split[0], split[1]);
                User loadUser = JpaUserAndRoleProvider.this.loadUser(split[0], split[1]);
                return loadUser == null ? JpaUserAndRoleProvider.this.nullToken : loadUser;
            }
        });
        this.db = this.dbSessionFactory.createSession(this.emf);
    }

    public List<Role> getRolesForUser(String str) {
        ArrayList arrayList = new ArrayList();
        User loadUser = loadUser(str);
        if (loadUser == null) {
            return arrayList;
        }
        arrayList.addAll(loadUser.getRoles());
        return arrayList;
    }

    public Iterator<User> findUsers(String str, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        return ((List) ((List) this.db.exec(UserDirectoryPersistenceUtil.findUsersByQuery(this.securityService.getOrganization().getId(), str, i2, i))).stream().map(JpaUserAndRoleProvider::addProviderName).collect(Collectors.toList())).iterator();
    }

    public Iterator<User> findUsers(Collection<String> collection) {
        return ((List) ((List) this.db.exec(UserDirectoryPersistenceUtil.findUsersByUserNameQuery(collection, this.securityService.getOrganization().getId()))).stream().map(JpaUserAndRoleProvider::addProviderName).collect(Collectors.toList())).iterator();
    }

    public List<User> findInsecurePasswordHashes() {
        return (List) this.db.exec(Queries.namedQuery.findAll("User.findInsecureHash", User.class, new Object[]{Pair.of("org", this.securityService.getOrganization().getId())}));
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        return Collections.emptyIterator();
    }

    public User loadUser(String str) {
        Object unchecked = this.cache.getUnchecked(str.concat(DELIMITER).concat(this.securityService.getOrganization().getId()));
        if (unchecked == this.nullToken) {
            return null;
        }
        return (User) unchecked;
    }

    public Iterator<User> getUsers() {
        return ((List) ((List) this.db.exec(UserDirectoryPersistenceUtil.findUsersQuery(this.securityService.getOrganization().getId(), 0, 0))).stream().map(JpaUserAndRoleProvider::addProviderName).collect(Collectors.toList())).iterator();
    }

    public String getOrganization() {
        return "*";
    }

    public String toString() {
        return getClass().getName();
    }

    public User loadUser(String str, String str2) {
        return (User) ((Optional) this.db.exec(UserDirectoryPersistenceUtil.findUserQuery(str, str2))).map(JpaUserAndRoleProvider::addProviderName).orElse(null);
    }

    public User loadUser(long j, String str) {
        return (User) ((Optional) this.db.exec(UserDirectoryPersistenceUtil.findUserQuery(j, str))).map(JpaUserAndRoleProvider::addProviderName).orElse(null);
    }

    public void addUser(JpaUser jpaUser) throws UnauthorizedException {
        addUser(jpaUser, false);
    }

    public void addUser(JpaUser jpaUser, boolean z) throws UnauthorizedException {
        if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, jpaUser.getRoles())) {
            throw new UnauthorizedException("The user is not allowed to set the admin role on other users");
        }
        String password = z ? jpaUser.getPassword() : this.passwordEncoder.encodePassword(jpaUser.getPassword());
        this.db.execTx(entityManager -> {
            Set<JpaRole> apply = UserDirectoryPersistenceUtil.saveRolesQuery(filterRoles(jpaUser.getRoles())).apply(entityManager);
            JpaUser jpaUser2 = new JpaUser(jpaUser.getUsername(), password, UserDirectoryPersistenceUtil.saveOrganizationQuery(jpaUser.getOrganization()).apply(entityManager), jpaUser.getName(), jpaUser.getEmail(), jpaUser.getProvider(), jpaUser.isManageable(), apply);
            entityManager.persist(jpaUser2);
            this.cache.put(jpaUser.getUsername() + ";==;" + jpaUser.getOrganization().getId(), jpaUser2);
        });
        updateGroupMembership(jpaUser);
    }

    public User updateUser(JpaUser jpaUser) throws NotFoundException, UnauthorizedException {
        return updateUser(jpaUser, false);
    }

    public User updateUser(JpaUser jpaUser, boolean z) throws NotFoundException, UnauthorizedException {
        if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, jpaUser.getRoles())) {
            throw new UnauthorizedException("The user is not allowed to set the admin role on other users");
        }
        try {
            return (User) this.db.execTxChecked(entityManager -> {
                Optional<JpaUser> apply = UserDirectoryPersistenceUtil.findUserQuery(jpaUser.getUsername(), jpaUser.getOrganization().getId()).apply(entityManager);
                if (apply.isEmpty()) {
                    throw new NotFoundException("User " + jpaUser.getUsername() + " not found.");
                }
                logger.debug("updateUser({})", jpaUser.getUsername());
                if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, apply.get().getRoles())) {
                    throw new UnauthorizedException("The user is not allowed to update an admin user");
                }
                String password = StringUtils.isEmpty(jpaUser.getPassword()) ? apply.get().getPassword() : z ? jpaUser.getPassword() : this.passwordEncoder.encodePassword(jpaUser.getPassword());
                Set<JpaRole> apply2 = UserDirectoryPersistenceUtil.saveRolesQuery(filterRoles(jpaUser.getRoles())).apply(entityManager);
                JpaOrganization apply3 = UserDirectoryPersistenceUtil.saveOrganizationQuery(jpaUser.getOrganization()).apply(entityManager);
                JpaUser apply4 = UserDirectoryPersistenceUtil.saveUserQuery(new JpaUser(jpaUser.getUsername(), password, apply3, jpaUser.getName(), jpaUser.getEmail(), jpaUser.getProvider(), true, apply2)).apply(entityManager);
                this.cache.put(jpaUser.getUsername() + ";==;" + apply3.getId(), apply4);
                updateGroupMembership(jpaUser);
                return apply4;
            });
        } catch (Exception e) {
            throw new IllegalStateException(e);
        } catch (NotFoundException | UnauthorizedException | RuntimeException e2) {
            throw e2;
        }
    }

    private Set<JpaRole> filterRoles(Set<Role> set) {
        HashSet hashSet = new HashSet();
        Iterator<Role> it = set.iterator();
        while (it.hasNext()) {
            JpaRole jpaRole = (Role) it.next();
            if (Role.Type.INTERNAL.equals(jpaRole.getType()) && !jpaRole.getName().startsWith("ROLE_GROUP_")) {
                hashSet.add(jpaRole);
            }
        }
        return hashSet;
    }

    private void updateGroupMembership(JpaUser jpaUser) {
        logger.debug("updateGroupMembership({}, roles={})", jpaUser.getUsername(), Integer.valueOf(jpaUser.getRoles().size()));
        ArrayList arrayList = new ArrayList();
        for (Role role : jpaUser.getRoles()) {
            if (Role.Type.GROUP.equals(role.getType()) || (Role.Type.INTERNAL.equals(role.getType()) && role.getName().startsWith("ROLE_GROUP_"))) {
                arrayList.add(role.getName());
            }
        }
        this.groupRoleProvider.updateGroupMembershipFromRoles(jpaUser.getUsername(), jpaUser.getOrganization().getId(), arrayList);
    }

    public void deleteUser(String str, String str2) throws NotFoundException, UnauthorizedException, Exception {
        User loadUser = loadUser(str, str2);
        if (loadUser != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, loadUser.getRoles())) {
            throw new UnauthorizedException("The user is not allowed to delete an admin user");
        }
        this.groupRoleProvider.removeMemberFromAllGroups(str, str2);
        this.db.execTxChecked(UserDirectoryPersistenceUtil.deleteUserQuery(str, str2));
        this.cache.invalidate(str + ";==;" + str2);
    }

    public void addRole(JpaRole jpaRole) {
        HashSet hashSet = new HashSet();
        hashSet.add(jpaRole);
        this.db.execTx(UserDirectoryPersistenceUtil.saveRolesQuery(hashSet));
    }

    public String getName() {
        return PROVIDER_NAME;
    }

    private static User addProviderName(JpaUser jpaUser) {
        jpaUser.setProvider(PROVIDER_NAME);
        return jpaUser;
    }

    public long countUsers() {
        return ((Long) this.db.exec(UserDirectoryPersistenceUtil.countUsersQuery(this.securityService.getOrganization().getId()))).longValue();
    }

    public long countAllUsers() {
        return ((Long) this.db.exec(UserDirectoryPersistenceUtil.countUsersQuery())).longValue();
    }

    public void invalidate(String str) {
        this.cache.invalidate(str + ";==;" + this.securityService.getOrganization().getId());
    }
}
