package org.opencastproject.userdirectory;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.GroupProvider;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.JaxbUser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleDirectoryService;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserDirectoryService;
import org.opencastproject.security.api.UserProvider;
import org.opencastproject.util.data.Collections;
import org.opencastproject.util.data.Tuple;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/opencastproject/userdirectory/UserAndRoleDirectoryServiceImpl.class */
public class UserAndRoleDirectoryServiceImpl implements UserDirectoryService, UserDetailsService, RoleDirectoryService {
    private static final Logger logger = LoggerFactory.getLogger(UserAndRoleDirectoryServiceImpl.class);
    private static final String DEFAULT_PASSWORD = "4b3e4b30-718c-11e2-bcfd-0800200c9a66";
    public static final String USER_CACHE_SIZE_KEY = "org.opencastproject.userdirectory.cache.size";
    public static final String USER_CACHE_EXPIRY_KEY = "org.opencastproject.userdirectory.cache.expiry";
    private LoadingCache<Tuple<String, String>, Object> cache;
    protected List<UserProvider> userProviders = new CopyOnWriteArrayList();
    protected List<RoleProvider> roleProviders = new CopyOnWriteArrayList();
    protected SecurityService securityService = null;
    private Object nullToken = new Object();
    private final CacheLoader<Tuple<String, String>, Object> userLoader = new CacheLoader<Tuple<String, String>, Object>() { // from class: org.opencastproject.userdirectory.UserAndRoleDirectoryServiceImpl.1
        public Object load(Tuple<String, String> tuple) {
            User loadUser = UserAndRoleDirectoryServiceImpl.this.loadUser(tuple);
            return loadUser == null ? UserAndRoleDirectoryServiceImpl.this.nullToken : loadUser;
        }
    };
    private int cacheSize = 200;
    private int cacheExpiryTimeInMinutes = 1;

    protected void activate(ComponentContext componentContext) {
        if (componentContext != null) {
            String property = componentContext.getBundleContext().getProperty(USER_CACHE_SIZE_KEY);
            if (StringUtils.isNotEmpty(property)) {
                try {
                    this.cacheSize = Integer.parseInt(StringUtils.trimToNull(property));
                } catch (Exception e) {
                    logger.warn("Ignoring invalid value {} for user cache size", property);
                }
            } else {
                logger.info("Using default value {} for user cache size", Integer.valueOf(this.cacheSize));
            }
            String property2 = componentContext.getBundleContext().getProperty(USER_CACHE_EXPIRY_KEY);
            if (StringUtils.isNotBlank(property2)) {
                try {
                    this.cacheExpiryTimeInMinutes = Integer.parseInt(StringUtils.trimToNull(property2));
                } catch (Exception e2) {
                    logger.warn("Ignoring invalid value {} for user cache expiry time", property2);
                }
            } else {
                logger.info("Using default value {} for user cache expiry time", Integer.valueOf(this.cacheExpiryTimeInMinutes));
            }
        }
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(this.cacheExpiryTimeInMinutes, TimeUnit.MINUTES).maximumSize(this.cacheSize).build(this.userLoader);
        logger.info("Activated UserAndRoleDirectoryService with user cache of size {}, expiry time {} minutes", Integer.valueOf(this.cacheSize), Integer.valueOf(this.cacheExpiryTimeInMinutes));
    }

    protected synchronized void addUserProvider(UserProvider userProvider) {
        logger.debug("Adding {} to the list of user providers", userProvider);
        if (InMemoryUserAndRoleProvider.PROVIDER_NAME.equals(userProvider.getName())) {
            this.userProviders.add(0, userProvider);
        } else {
            this.userProviders.add(userProvider);
        }
    }

    protected synchronized void removeUserProvider(UserProvider userProvider) {
        logger.debug("Removing {} from the list of user providers", userProvider);
        this.userProviders.remove(userProvider);
    }

    protected synchronized void addRoleProvider(RoleProvider roleProvider) {
        logger.debug("Adding {} to the list of role providers", roleProvider);
        this.roleProviders.add(roleProvider);
    }

    protected synchronized void removeRoleProvider(RoleProvider roleProvider) {
        logger.debug("Removing {} from the list of role providers", roleProvider);
        this.roleProviders.remove(roleProvider);
    }

    public Iterator<User> getUsers() {
        Organization organization = this.securityService.getOrganization();
        if (organization == null) {
            throw new IllegalStateException("No organization is set");
        }
        ArrayList arrayList = new ArrayList();
        for (UserProvider userProvider : this.userProviders) {
            String organization2 = userProvider.getOrganization();
            if ("*".equals(organization2) || organization.getId().equals(organization2)) {
                Iterator users = userProvider.getUsers();
                arrayList.getClass();
                users.forEachRemaining((v1) -> {
                    r1.add(v1);
                });
            }
        }
        return arrayList.stream().sorted(Comparator.comparing((v0) -> {
            return v0.getUsername();
        })).iterator();
    }

    public Iterator<Role> getRoles() {
        Organization organization = this.securityService.getOrganization();
        if (organization == null) {
            throw new IllegalStateException("No organization is set");
        }
        ArrayList arrayList = new ArrayList();
        for (RoleProvider roleProvider : this.roleProviders) {
            String organization2 = roleProvider.getOrganization();
            if ("*".equals(organization2) || organization.getId().equals(organization2)) {
                Iterator roles = roleProvider.getRoles();
                arrayList.getClass();
                roles.forEachRemaining((v1) -> {
                    r1.add(v1);
                });
            }
        }
        return arrayList.stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).iterator();
    }

    public User loadUser(String str) throws IllegalStateException {
        Organization organization = this.securityService.getOrganization();
        if (organization == null) {
            throw new IllegalStateException("No organization is set");
        }
        Object unchecked = this.cache.getUnchecked(Tuple.tuple(organization.getId(), str));
        if (unchecked != this.nullToken) {
            return (User) unchecked;
        }
        this.cache.invalidate(Tuple.tuple(organization.getId(), str));
        return null;
    }

    public Iterator<User> loadUsers(Collection<String> collection) {
        Organization organization = this.securityService.getOrganization();
        HashMap hashMap = new HashMap(collection.size());
        HashSet hashSet = new HashSet(collection);
        for (UserProvider userProvider : this.userProviders) {
            String organization2 = userProvider.getOrganization();
            if ("*".equals(organization2) || organization.getId().equals(organization2)) {
                Iterator findUsers = userProvider.findUsers(hashSet);
                while (findUsers.hasNext()) {
                    User user = (User) findUsers.next();
                    User user2 = (User) hashMap.get(user.getUsername());
                    if (user2 != null) {
                        hashMap.put(user.getUsername(), mergeUsers(user2, user));
                    } else {
                        hashMap.put(user.getUsername(), user);
                    }
                    if (InMemoryUserAndRoleProvider.PROVIDER_NAME.equals(userProvider.getName())) {
                        hashSet.remove(user.getUsername());
                    }
                }
            }
        }
        return hashMap.values().iterator();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public User loadUser(Tuple<String, String> tuple) {
        User user = null;
        Iterator<UserProvider> it = this.userProviders.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            UserProvider next = it.next();
            String organization = next.getOrganization();
            if ("*".equals(organization) || ((String) tuple.getA()).equals(organization)) {
                User loadUser = next.loadUser((String) tuple.getB());
                if (loadUser != null) {
                    User fromUser = JaxbUser.fromUser(loadUser);
                    user = user == null ? fromUser : mergeUsers(user, fromUser);
                    if (InMemoryUserAndRoleProvider.PROVIDER_NAME.equals(next.getName())) {
                        user = fromUser;
                        break;
                    }
                } else {
                    continue;
                }
            }
        }
        if (user == null) {
            return null;
        }
        HashSet<Role> hashSet = new HashSet();
        Iterator it2 = user.getRoles().iterator();
        while (it2.hasNext()) {
            hashSet.add(JaxbRole.fromRole((Role) it2.next()));
        }
        if (!InMemoryUserAndRoleProvider.PROVIDER_NAME.equals(user.getProvider())) {
            Iterator<RoleProvider> it3 = this.roleProviders.iterator();
            while (it3.hasNext()) {
                Iterator it4 = it3.next().getRolesForUser(user.getUsername()).iterator();
                while (it4.hasNext()) {
                    hashSet.add(JaxbRole.fromRole((Role) it4.next()));
                }
            }
        }
        HashSet hashSet2 = new HashSet();
        for (Role role : hashSet) {
            if (Role.Type.EXTERNAL_GROUP.equals(role.getType())) {
                logger.debug("Resolving transitive roles for user {} from external group {}", user.getUsername(), role.getName());
                Iterator<RoleProvider> it5 = this.roleProviders.iterator();
                while (it5.hasNext()) {
                    GroupProvider groupProvider = (RoleProvider) it5.next();
                    if (groupProvider instanceof GroupProvider) {
                        List rolesForGroup = groupProvider.getRolesForGroup(role.getName());
                        if (rolesForGroup != null) {
                            Iterator it6 = rolesForGroup.iterator();
                            while (it6.hasNext()) {
                                hashSet2.add(JaxbRole.fromRole((Role) it6.next()));
                            }
                            logger.debug("Adding {} derived role(s) for user {} from internal group {}", new Object[]{Integer.valueOf(hashSet2.size()), user.getUsername(), role.getName()});
                        } else {
                            logger.warn("Cannot resolve externallly provided group reference for user {} to internal group {}", user.getUsername(), role.getName());
                        }
                    }
                }
            }
        }
        hashSet.addAll(hashSet2);
        JaxbUser jaxbUser = new JaxbUser(user.getUsername(), user.getPassword(), user.getName(), user.getEmail(), user.getProvider(), user.canLogin(), JaxbOrganization.fromOrganization(user.getOrganization()), hashSet);
        jaxbUser.setManageable(user.isManageable());
        return jaxbUser;
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        User loadUser = loadUser(str);
        if (loadUser == null) {
            throw new UsernameNotFoundException(str);
        }
        this.securityService.setUser(loadUser);
        HashSet hashSet = new HashSet();
        Iterator it = loadUser.getRoles().iterator();
        while (it.hasNext()) {
            hashSet.add(new SimpleGrantedAuthority(((Role) it.next()).getName()));
        }
        if (!InMemoryUserAndRoleProvider.PROVIDER_NAME.equals(loadUser.getProvider())) {
            Iterator<RoleProvider> it2 = this.roleProviders.iterator();
            while (it2.hasNext()) {
                Iterator it3 = it2.next().getRolesForUser(str).iterator();
                while (it3.hasNext()) {
                    hashSet.add(new SimpleGrantedAuthority(((Role) it3.next()).getName()));
                }
            }
        }
        hashSet.add(new SimpleGrantedAuthority(this.securityService.getOrganization().getAnonymousRole()));
        return new org.springframework.security.core.userdetails.User(loadUser.getUsername(), loadUser.getPassword() == null ? DEFAULT_PASSWORD : loadUser.getPassword(), loadUser.canLogin(), true, true, true, hashSet);
    }

    private User mergeUsers(User user, User user2) {
        Set set = (Set) Stream.of((Object[]) new User[]{user, user2}).flatMap(user3 -> {
            return user3.getRoles().stream();
        }).map(JaxbRole::fromRole).collect(Collectors.toSet());
        String str = (String) StringUtils.defaultIfBlank(user.getName(), user2.getName());
        String str2 = (String) StringUtils.defaultIfBlank(user.getEmail(), user2.getEmail());
        String defaultString = StringUtils.defaultString(user.getPassword(), user2.getPassword());
        boolean z = user.isManageable() || user2.isManageable();
        JaxbUser jaxbUser = new JaxbUser(user.getUsername(), defaultString, str, str2, StringUtils.join(Collections.nonNullList(new String[]{user.getProvider(), user2.getProvider()}), ","), JaxbOrganization.fromOrganization(user.getOrganization()), set);
        jaxbUser.setManageable(z);
        return jaxbUser;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public Iterator<User> findUsers(String str, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        Organization organization = this.securityService.getOrganization();
        if (organization == null) {
            throw new IllegalStateException("No organization is set");
        }
        ArrayList arrayList = new ArrayList();
        for (UserProvider userProvider : this.userProviders) {
            String organization2 = userProvider.getOrganization();
            if ("*".equals(organization2) || organization.getId().equals(organization2)) {
                Iterator findUsers = userProvider.findUsers(str, 0, 0);
                arrayList.getClass();
                findUsers.forEachRemaining((v1) -> {
                    r1.add(v1);
                });
            }
        }
        Stream skip = arrayList.stream().sorted(Comparator.comparing((v0) -> {
            return v0.getUsername();
        })).skip(i);
        return i2 > 0 ? skip.limit(i2).iterator() : skip.iterator();
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        Organization organization = this.securityService.getOrganization();
        if (organization == null) {
            throw new IllegalStateException("No organization is set");
        }
        ArrayList arrayList = new ArrayList();
        for (RoleProvider roleProvider : this.roleProviders) {
            String organization2 = roleProvider.getOrganization();
            if ("*".equals(organization2) || organization.getId().equals(organization2)) {
                Iterator findRoles = roleProvider.findRoles(str, target, 0, 0);
                arrayList.getClass();
                findRoles.forEachRemaining((v1) -> {
                    r1.add(v1);
                });
            }
        }
        Stream skip = arrayList.stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).skip(i);
        return i2 > 0 ? skip.limit(i2).iterator() : skip.iterator();
    }

    public long countUsers() {
        return this.userProviders.stream().mapToLong((v0) -> {
            return v0.countUsers();
        }).sum();
    }

    public void invalidate(String str) {
        Iterator<UserProvider> it = this.userProviders.iterator();
        while (it.hasNext()) {
            it.next().invalidate(str);
        }
        Organization organization = this.securityService.getOrganization();
        if (organization == null) {
            throw new IllegalStateException("No organization is set");
        }
        this.cache.invalidate(Tuple.tuple(organization.getId(), str));
        logger.trace("Invalidated user {} from user directories", str);
    }
}
