package org.opencastproject.userdirectory;

import com.google.common.base.CharMatcher;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.lang3.BooleanUtils;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserDirectoryService;
import org.opencastproject.util.OsgiUtil;
import org.opencastproject.util.data.Option;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedService;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(property = {"service.description=Provides the user id role"}, immediate = true, service = {RoleProvider.class, UserIdRoleProvider.class, ManagedService.class})
/* loaded from: input_file:org/opencastproject/userdirectory/UserIdRoleProvider.class */
public class UserIdRoleProvider implements RoleProvider, ManagedService {
    private static final String ROLE_USER = "ROLE_USER";
    private static final String ROLE_USER_PREFIX_KEY = "role.user.prefix";
    private static final String SANITIZE_KEY = "sanitize";
    private static final boolean DEFAULT_SANITIZE = true;
    protected SecurityService securityService = null;
    protected UserDirectoryService userDirectoryService = null;
    private static final CharMatcher SAFE_USERNAME = CharMatcher.inRange('a', 'z').or(CharMatcher.inRange('A', 'Z')).or(CharMatcher.inRange('0', '9')).negate().precomputed();
    private static final Logger logger = LoggerFactory.getLogger(UserIdRoleProvider.class);
    private static final String DEFAULT_ROLE_USER_PREFIX = "ROLE_USER_";
    private static String userRolePrefix = DEFAULT_ROLE_USER_PREFIX;
    private static boolean sanitize = true;

    @Reference
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    @Reference
    public void setUserDirectoryService(UserDirectoryService userDirectoryService) {
        this.userDirectoryService = userDirectoryService;
    }

    public static String getUserIdRole(String str) {
        if (sanitize) {
            str = SAFE_USERNAME.replaceFrom(str, "_").toUpperCase();
        }
        return userRolePrefix.concat(str);
    }

    public List<Role> getRolesForUser(String str) {
        Organization organization = this.securityService.getOrganization();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JaxbRole(getUserIdRole(str), JaxbOrganization.fromOrganization(organization), "The user id role", Role.Type.SYSTEM));
        arrayList.add(new JaxbRole(ROLE_USER, JaxbOrganization.fromOrganization(organization), "The authenticated user role", Role.Type.SYSTEM));
        return Collections.unmodifiableList(arrayList);
    }

    public String getOrganization() {
        return "*";
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        if (target == Role.Target.USER) {
            return Collections.emptyIterator();
        }
        logger.debug("findRoles(query={} offset={} limit={})", new Object[]{str, Integer.valueOf(i), Integer.valueOf(i2)});
        HashSet hashSet = new HashSet();
        Organization organization = this.securityService.getOrganization();
        if (like(ROLE_USER, str)) {
            hashSet.add(new JaxbRole(ROLE_USER, JaxbOrganization.fromOrganization(organization), "The authenticated user role", Role.Type.SYSTEM));
        }
        if (!"%".equals(str) && !str.startsWith(userRolePrefix)) {
            return hashSet.iterator();
        }
        Iterator findUsers = this.userDirectoryService.findUsers(str.startsWith(userRolePrefix) ? str.substring(userRolePrefix.length()) : "%", i, i2);
        while (findUsers.hasNext()) {
            User user = (User) findUsers.next();
            if (!InMemoryUserAndRoleProvider.PROVIDER_NAME.equals(user.getProvider())) {
                hashSet.add(new JaxbRole(getUserIdRole(user.getUsername()), JaxbOrganization.fromOrganization(user.getOrganization()), "User id role", Role.Type.SYSTEM));
            }
        }
        return hashSet.iterator();
    }

    private static boolean like(String str, String str2) {
        if (str == null) {
            return false;
        }
        return Pattern.compile(str2.replace("_", ".").replace("%", ".*?"), 34).matcher(str).matches();
    }

    public void updated(Dictionary dictionary) throws ConfigurationException {
        Option optCfg = OsgiUtil.getOptCfg(dictionary, ROLE_USER_PREFIX_KEY);
        if (optCfg.isSome()) {
            userRolePrefix = (String) optCfg.get();
            logger.info("Using configured userRole prefix '{}'", userRolePrefix);
        } else {
            userRolePrefix = DEFAULT_ROLE_USER_PREFIX;
            logger.info("Using default userRole prefix '{}'", userRolePrefix);
        }
        Option optCfg2 = OsgiUtil.getOptCfg(dictionary, SANITIZE_KEY);
        if (optCfg2.isSome()) {
            sanitize = BooleanUtils.toBoolean((String) optCfg2.get());
            logger.info("Using configured will sanitize user names '{}'", Boolean.valueOf(sanitize));
        } else {
            sanitize = true;
            logger.info("Using default for sanitizing user names '{}'", Boolean.valueOf(sanitize));
        }
    }
}
