package org.opencastproject.userdirectory;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.TypedQuery;
import org.apache.commons.lang3.tuple.Pair;
import org.opencastproject.db.DBSession;
import org.opencastproject.db.DBSessionFactory;
import org.opencastproject.db.Queries;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.UnauthorizedException;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserProvider;
import org.opencastproject.security.impl.jpa.JpaRole;
import org.opencastproject.security.impl.jpa.JpaUserReference;
import org.opencastproject.userdirectory.api.AAIRoleProvider;
import org.opencastproject.userdirectory.api.UserReferenceProvider;
import org.opencastproject.userdirectory.utils.UserDirectoryUtils;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.function.ThrowingConsumer;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(property = {"service.description=Provides a user reference directory"}, immediate = true, service = {UserProvider.class, RoleProvider.class, UserReferenceProvider.class, JpaUserReferenceProvider.class})
/* loaded from: input_file:org/opencastproject/userdirectory/JpaUserReferenceProvider.class */
public class JpaUserReferenceProvider implements UserReferenceProvider, UserProvider, RoleProvider {
    private static final Logger logger = LoggerFactory.getLogger(JpaUserReferenceProvider.class);
    public static final String PROVIDER_NAME = "matterhorn-reference";
    public static final String USERNAME = "username";
    public static final String ROLES = "roles";
    public static final String ENCODING = "UTF-8";
    protected JpaGroupRoleProvider groupRoleProvider;
    protected AAIRoleProvider roleProvider;
    private static final String DELIMITER = ";==;";
    protected DBSessionFactory dbSessionFactory;
    protected DBSession db;
    protected SecurityService securityService = null;
    private LoadingCache<String, Object> cache = null;
    protected final Object nullToken = new Object();
    protected EntityManagerFactory emf = null;

    @Reference(target = "(osgi.unit.name=org.opencastproject.common)")
    void setEntityManagerFactory(EntityManagerFactory entityManagerFactory) {
        this.emf = entityManagerFactory;
    }

    @Reference
    public void setDBSessionFactory(DBSessionFactory dBSessionFactory) {
        this.dbSessionFactory = dBSessionFactory;
    }

    @Reference
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    @Reference
    public void setGroupRoleProvider(JpaGroupRoleProvider jpaGroupRoleProvider) {
        this.groupRoleProvider = jpaGroupRoleProvider;
    }

    @Activate
    public void activate(ComponentContext componentContext) {
        logger.debug("activate");
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(1L, TimeUnit.MINUTES).build(new CacheLoader<String, Object>() { // from class: org.opencastproject.userdirectory.JpaUserReferenceProvider.1
            public Object load(String str) {
                String[] split = str.split(JpaUserReferenceProvider.DELIMITER);
                JpaUserReferenceProvider.logger.trace("Loading user '{}':'{}' from reference database", split[0], split[1]);
                User loadUserFromDB = JpaUserReferenceProvider.this.loadUserFromDB(split[0], split[1]);
                return loadUserFromDB == null ? JpaUserReferenceProvider.this.nullToken : loadUserFromDB;
            }
        });
        this.db = this.dbSessionFactory.createSession(this.emf);
    }

    public String getName() {
        return PROVIDER_NAME;
    }

    public String toString() {
        return getClass().getName();
    }

    public List<Role> getRolesForUser(String str) {
        if (this.roleProvider != null) {
            return this.roleProvider.getRolesForUser(str);
        }
        ArrayList arrayList = new ArrayList();
        User loadUser = loadUser(str);
        if (loadUser != null) {
            arrayList.addAll(loadUser.getRoles());
        }
        return arrayList;
    }

    public Iterator<User> findUsers(String str, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        return ((List) ((List) this.db.exec(findUserReferencesByQueryQuery(this.securityService.getOrganization().getId(), str, i2, i))).stream().map(jpaUserReference -> {
            return jpaUserReference.toUser(PROVIDER_NAME);
        }).collect(Collectors.toList())).iterator();
    }

    public Iterator<User> findUsers(Collection<String> collection) {
        return ((List) ((List) this.db.exec(findUsersByUserNameQuery(this.securityService.getOrganization().getId(), collection))).stream().map(jpaUserReference -> {
            return jpaUserReference.toUser(PROVIDER_NAME);
        }).collect(Collectors.toList())).iterator();
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        return this.roleProvider == null ? Collections.emptyIterator() : this.roleProvider.findRoles(str, target, i, i2);
    }

    @Override // org.opencastproject.userdirectory.api.UserReferenceProvider
    public User loadUser(String str) {
        return loadUserFromCache(str, this.securityService.getOrganization().getId());
    }

    private User loadUserFromDB(String str, String str2) {
        return (User) ((Optional) this.db.exec(findUserReferenceQuery(str, str2))).map(jpaUserReference -> {
            return jpaUserReference.toUser(PROVIDER_NAME);
        }).orElse(null);
    }

    private User loadUserFromCache(String str, String str2) {
        Object unchecked = this.cache.getUnchecked(str.concat(DELIMITER).concat(str2));
        if (unchecked == this.nullToken) {
            return null;
        }
        return (User) unchecked;
    }

    public Iterator<User> getUsers() {
        return ((List) ((List) this.db.exec(findUserReferences(this.securityService.getOrganization().getId(), 0, 0))).stream().map(jpaUserReference -> {
            return jpaUserReference.toUser(PROVIDER_NAME);
        }).collect(Collectors.toList())).iterator();
    }

    public Iterator<Role> getRoles() {
        return this.roleProvider == null ? Collections.emptyIterator() : this.roleProvider.getRoles();
    }

    public String getOrganization() {
        return "*";
    }

    @Override // org.opencastproject.userdirectory.api.UserReferenceProvider
    public void addUserReference(JpaUserReference jpaUserReference, String str) {
        this.db.execTx(entityManager -> {
            Set<JpaRole> apply = UserDirectoryPersistenceUtil.saveRolesQuery(jpaUserReference.getRoles()).apply(entityManager);
            JpaUserReference jpaUserReference2 = new JpaUserReference(jpaUserReference.getUsername(), jpaUserReference.getName(), jpaUserReference.getEmail(), str, jpaUserReference.getLastLogin(), UserDirectoryPersistenceUtil.saveOrganizationQuery(jpaUserReference.getOrganization()).apply(entityManager), apply);
            if (findUserReferenceQuery(jpaUserReference.getUsername(), jpaUserReference.getOrganization().getId()).apply(entityManager).isPresent()) {
                throw new IllegalStateException("User '" + jpaUserReference.getUsername() + "' already exists");
            }
            entityManager.persist(jpaUserReference2);
        });
        this.cache.put(jpaUserReference.getUsername() + ";==;" + jpaUserReference.getOrganization().getId(), jpaUserReference.toUser(PROVIDER_NAME));
        updateGroupMembership(jpaUserReference);
    }

    @Override // org.opencastproject.userdirectory.api.UserReferenceProvider
    public void updateUserReference(JpaUserReference jpaUserReference) {
        this.db.execTx(entityManager -> {
            Optional<JpaUserReference> apply = findUserReferenceQuery(jpaUserReference.getUsername(), jpaUserReference.getOrganization().getId()).apply(entityManager);
            if (apply.isEmpty()) {
                throw new IllegalStateException("User '" + jpaUserReference.getUsername() + "' does not exist");
            }
            apply.get().setName(jpaUserReference.getName());
            apply.get().setEmail(jpaUserReference.getEmail());
            apply.get().setLastLogin(jpaUserReference.getLastLogin());
            apply.get().setRoles(UserDirectoryPersistenceUtil.saveRolesQuery(jpaUserReference.getRoles()).apply(entityManager));
            entityManager.merge(apply.get());
        });
        this.cache.put(jpaUserReference.getUsername() + ";==;" + jpaUserReference.getOrganization().getId(), jpaUserReference.toUser(PROVIDER_NAME));
        updateGroupMembership(jpaUserReference);
    }

    private void updateGroupMembership(JpaUserReference jpaUserReference) {
        logger.debug("updateGroupMembership({}, roles={})", jpaUserReference.getUsername(), Integer.valueOf(jpaUserReference.getRoles().size()));
        ArrayList arrayList = new ArrayList();
        for (Role role : jpaUserReference.getRoles()) {
            if (Role.Type.GROUP.equals(role.getType()) || (Role.Type.INTERNAL.equals(role.getType()) && role.getName().startsWith("ROLE_GROUP_"))) {
                arrayList.add(role.getName());
            }
        }
        this.groupRoleProvider.updateGroupMembershipFromRoles(jpaUserReference.getUsername(), jpaUserReference.getOrganization().getId(), arrayList);
    }

    @Override // org.opencastproject.userdirectory.api.UserReferenceProvider
    public JpaUserReference findUserReference(String str, String str2) {
        return (JpaUserReference) ((Optional) this.db.exec(findUserReferenceQuery(str, str2))).orElse(null);
    }

    private Function<EntityManager, Optional<JpaUserReference>> findUserReferenceQuery(String str, String str2) {
        return Queries.namedQuery.findOpt("UserReference.findByUsername", JpaUserReference.class, new Object[]{Pair.of("u", str), Pair.of("org", str2)});
    }

    private Function<EntityManager, List<JpaUserReference>> findUserReferencesByQueryQuery(String str, String str2, int i, int i2) {
        return entityManager -> {
            TypedQuery firstResult = entityManager.createNamedQuery("UserReference.findByQuery", JpaUserReference.class).setMaxResults(i).setFirstResult(i2);
            firstResult.setParameter("query", str2.toUpperCase());
            firstResult.setParameter("org", str);
            return firstResult.getResultList();
        };
    }

    private Function<EntityManager, List<JpaUserReference>> findUsersByUserNameQuery(String str, Collection<String> collection) {
        return entityManager -> {
            if (collection.isEmpty()) {
                return Collections.emptyList();
            }
            TypedQuery createNamedQuery = entityManager.createNamedQuery("UserReference.findAllByUserNames", JpaUserReference.class);
            createNamedQuery.setParameter("org", str);
            createNamedQuery.setParameter("names", collection);
            return createNamedQuery.getResultList();
        };
    }

    private Function<EntityManager, List<JpaUserReference>> findUserReferences(String str, int i, int i2) {
        return entityManager -> {
            TypedQuery firstResult = entityManager.createNamedQuery("UserReference.findAll", JpaUserReference.class).setMaxResults(i).setFirstResult(i2);
            firstResult.setParameter("org", str);
            return firstResult.getResultList();
        };
    }

    public long countUsers() {
        return ((Number) this.db.exec(Queries.namedQuery.find("UserReference.countAll", Number.class, new Object[]{Pair.of("org", this.securityService.getOrganization().getId())}))).longValue();
    }

    public void invalidate(String str) {
        this.cache.invalidate(str.concat(DELIMITER).concat(this.securityService.getOrganization().getId()));
    }

    public void deleteUser(String str, String str2) throws NotFoundException, UnauthorizedException, Exception {
        User loadUser = loadUser(str);
        if (loadUser != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, loadUser.getRoles())) {
            throw new UnauthorizedException("The user is not allowed to delete an admin user");
        }
        this.groupRoleProvider.removeMemberFromAllGroups(str, str2);
        this.db.execTxChecked(deleteUserQuery(str, str2));
        this.cache.invalidate(str + ";==;" + str2);
    }

    private ThrowingConsumer<EntityManager, NotFoundException> deleteUserQuery(String str, String str2) {
        return entityManager -> {
            Optional<JpaUserReference> apply = findUserReferenceQuery(str, str2).apply(entityManager);
            if (apply.isEmpty()) {
                throw new NotFoundException("User with name " + str + " does not exist");
            }
            entityManager.remove(entityManager.merge(apply.get()));
        };
    }

    @Override // org.opencastproject.userdirectory.api.UserReferenceProvider
    public void setRoleProvider(RoleProvider roleProvider) {
        this.roleProvider = (AAIRoleProvider) roleProvider;
    }
}
