package org.opencastproject.userdirectory;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.EntityTransaction;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.text.WordUtils;
import org.opencastproject.message.broker.api.MessageReceiver;
import org.opencastproject.message.broker.api.MessageSender;
import org.opencastproject.message.broker.api.group.GroupItem;
import org.opencastproject.message.broker.api.index.AbstractIndexProducer;
import org.opencastproject.message.broker.api.index.IndexRecreateObject;
import org.opencastproject.security.api.DefaultOrganization;
import org.opencastproject.security.api.Group;
import org.opencastproject.security.api.GroupProvider;
import org.opencastproject.security.api.JaxbGroup;
import org.opencastproject.security.api.JaxbGroupList;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.OrganizationDirectoryService;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.UnauthorizedException;
import org.opencastproject.security.api.UserDirectoryService;
import org.opencastproject.security.impl.jpa.JpaGroup;
import org.opencastproject.security.impl.jpa.JpaOrganization;
import org.opencastproject.security.impl.jpa.JpaRole;
import org.opencastproject.security.util.SecurityUtil;
import org.opencastproject.userdirectory.utils.UserDirectoryUtils;
import org.opencastproject.util.NotFoundException;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencastproject/userdirectory/JpaGroupRoleProvider.class */
public class JpaGroupRoleProvider extends AbstractIndexProducer implements RoleProvider, GroupProvider {
    private static final Logger logger = LoggerFactory.getLogger(JpaGroupRoleProvider.class);
    public static final String PERSISTENCE_UNIT = "org.opencastproject.common";
    protected MessageSender messageSender;
    protected MessageReceiver messageReceiver;
    protected OrganizationDirectoryService organizationDirectoryService;
    private ComponentContext cc;
    protected SecurityService securityService = null;
    protected EntityManagerFactory emf = null;
    protected UserDirectoryService userDirectoryService = null;

    public void setEntityManagerFactory(EntityManagerFactory entityManagerFactory) {
        this.emf = entityManagerFactory;
    }

    public void setUserDirectoryService(UserDirectoryService userDirectoryService) {
        this.userDirectoryService = userDirectoryService;
    }

    public void setMessageSender(MessageSender messageSender) {
        this.messageSender = messageSender;
    }

    public void setMessageReceiver(MessageReceiver messageReceiver) {
        this.messageReceiver = messageReceiver;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public void setOrganizationDirectoryService(OrganizationDirectoryService organizationDirectoryService) {
        this.organizationDirectoryService = organizationDirectoryService;
    }

    public void activate(ComponentContext componentContext) {
        logger.debug("Activate group role provider");
        this.cc = componentContext;
        super.activate();
    }

    public Iterator<Role> getRoles() {
        return getGroupsRoles(UserDirectoryPersistenceUtil.findGroups(this.securityService.getOrganization().getId(), 0, 0, this.emf)).iterator();
    }

    public List<Role> getRolesForUser(String str) {
        return getGroupsRoles(UserDirectoryPersistenceUtil.findGroupsByUser(str, this.securityService.getOrganization().getId(), this.emf));
    }

    public List<Role> getRolesForGroup(String str) {
        ArrayList arrayList = new ArrayList();
        JpaGroup findGroupByRole = UserDirectoryPersistenceUtil.findGroupByRole(str, this.securityService.getOrganization().getId(), this.emf);
        if (findGroupByRole != null) {
            for (Role role : findGroupByRole.getRoles()) {
                arrayList.add(new JaxbRole(role.getName(), role.getOrganizationId(), role.getDescription(), Role.Type.DERIVED));
            }
        } else {
            logger.warn("Group {} not found", str);
        }
        return arrayList;
    }

    public String getOrganization() {
        return "*";
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        List<JpaGroup> findGroups = UserDirectoryPersistenceUtil.findGroups(this.securityService.getOrganization().getId(), 0, 0, this.emf);
        ArrayList<Role> arrayList = new ArrayList();
        for (JpaGroup jpaGroup : findGroups) {
            if (like(jpaGroup.getRole(), str)) {
                arrayList.add(new JaxbRole(jpaGroup.getRole(), JaxbOrganization.fromOrganization(jpaGroup.getOrganization()), "", Role.Type.GROUP));
            }
        }
        HashSet hashSet = new HashSet();
        int i3 = 0;
        for (Role role : arrayList) {
            if (i2 != 0 && hashSet.size() >= i2) {
                break;
            }
            if (i3 >= i) {
                hashSet.add(role);
            }
            i3++;
        }
        return hashSet.iterator();
    }

    public void updateGroupMembershipFromRoles(String str, String str2, List<String> list) {
        logger.debug("updateGroupMembershipFromRoles({}, size={})", str, Integer.valueOf(list.size()));
        HashSet hashSet = new HashSet();
        for (JpaGroup jpaGroup : UserDirectoryPersistenceUtil.findGroupsByUser(str, str2, this.emf)) {
            try {
                if (list.contains(jpaGroup.getRole())) {
                    hashSet.add(jpaGroup.getRole());
                } else {
                    logger.debug("Removing user {} from group {}", str, jpaGroup.getRole());
                    jpaGroup.getMembers().remove(str);
                    addGroup(jpaGroup);
                }
            } catch (UnauthorizedException e) {
                logger.warn("Unable to add or remove user {} from group {} - unauthorized", str, jpaGroup.getRole());
            }
        }
        for (String str3 : list) {
            if (!hashSet.contains(str3)) {
                JpaGroup findGroupByRole = UserDirectoryPersistenceUtil.findGroupByRole(str3, str2, this.emf);
                if (findGroupByRole != null) {
                    try {
                        logger.debug("Adding user {} to group {}", str, str3);
                        findGroupByRole.getMembers().add(str);
                        addGroup(findGroupByRole);
                    } catch (UnauthorizedException e2) {
                        logger.warn("Unable to add user {} to group {} - unauthorized", str, findGroupByRole.getRole());
                    }
                } else {
                    logger.warn("Cannot add user {} to group {} - no group found with that role", str, str3);
                }
            }
        }
    }

    public Group loadGroup(String str, String str2) {
        return UserDirectoryPersistenceUtil.findGroup(str, str2, this.emf);
    }

    public void addGroup(JpaGroup jpaGroup) throws UnauthorizedException {
        if (jpaGroup != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, jpaGroup.getRoles())) {
            throw new UnauthorizedException("The user is not allowed to add or update a group with the admin role");
        }
        Group loadGroup = loadGroup(jpaGroup.getGroupId(), jpaGroup.getOrganization().getId());
        if (loadGroup != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, loadGroup.getRoles())) {
            throw new UnauthorizedException("The user is not allowed to update a group with the admin role");
        }
        Set<JpaRole> saveRoles = UserDirectoryPersistenceUtil.saveRoles(jpaGroup.getRoles(), this.emf);
        JpaGroup jpaGroup2 = new JpaGroup(jpaGroup.getGroupId(), UserDirectoryPersistenceUtil.saveOrganization(jpaGroup.getOrganization(), this.emf), jpaGroup.getName(), jpaGroup.getDescription(), saveRoles, jpaGroup.getMembers());
        EntityManager entityManager = null;
        EntityTransaction entityTransaction = null;
        try {
            entityManager = this.emf.createEntityManager();
            entityTransaction = entityManager.getTransaction();
            entityTransaction.begin();
            JpaGroup findGroup = UserDirectoryPersistenceUtil.findGroup(jpaGroup2.getGroupId(), jpaGroup2.getOrganization().getId(), this.emf);
            if (findGroup == null) {
                entityManager.persist(jpaGroup2);
            } else {
                findGroup.setName(jpaGroup2.getName());
                findGroup.setDescription(jpaGroup2.getDescription());
                findGroup.setMembers(jpaGroup2.getMembers());
                findGroup.setRoles(saveRoles);
                entityManager.merge(findGroup);
            }
            entityTransaction.commit();
            this.messageSender.sendObjectMessage("GROUP.QUEUE", MessageSender.DestinationType.Queue, GroupItem.update(JaxbGroup.fromGroup(jpaGroup2)));
            if (entityTransaction.isActive()) {
                entityTransaction.rollback();
            }
            if (entityManager != null) {
                entityManager.close();
            }
        } catch (Throwable th) {
            if (entityTransaction.isActive()) {
                entityTransaction.rollback();
            }
            if (entityManager != null) {
                entityManager.close();
            }
            throw th;
        }
    }

    private void removeGroup(String str, String str2) throws NotFoundException, UnauthorizedException, Exception {
        Group loadGroup = loadGroup(str, str2);
        if (loadGroup != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(this.securityService, loadGroup.getRoles())) {
            throw new UnauthorizedException("The user is not allowed to delete a group with the admin role");
        }
        UserDirectoryPersistenceUtil.removeGroup(str, str2, this.emf);
        this.messageSender.sendObjectMessage("GROUP.QUEUE", MessageSender.DestinationType.Queue, GroupItem.delete(str));
    }

    private List<Role> getGroupsRoles(List<JpaGroup> list) {
        ArrayList arrayList = new ArrayList();
        for (Group group : list) {
            arrayList.add(new JaxbRole(group.getRole(), JaxbOrganization.fromOrganization(group.getOrganization()), "", Role.Type.GROUP));
            for (Role role : group.getRoles()) {
                arrayList.add(new JaxbRole(role.getName(), role.getOrganizationId(), role.getDescription(), Role.Type.DERIVED));
            }
        }
        return arrayList;
    }

    public Iterator<Group> getGroups() {
        return new ArrayList(UserDirectoryPersistenceUtil.findGroups(this.securityService.getOrganization().getId(), 0, 0, this.emf)).iterator();
    }

    private boolean like(String str, String str2) {
        if (str == null) {
            return false;
        }
        return Pattern.compile(str2.replace("_", ".").replace("%", ".*?"), 34).matcher(str).matches();
    }

    public JaxbGroupList getGroupsAsJson(int i, int i2) throws IOException {
        return getGroupsAsXml(i, i2);
    }

    public JaxbGroupList getGroupsAsXml(int i, int i2) throws IOException {
        if (i < 1) {
            i = 100;
        }
        String id = this.securityService.getOrganization().getId();
        JaxbGroupList jaxbGroupList = new JaxbGroupList();
        Iterator<JpaGroup> it = UserDirectoryPersistenceUtil.findGroups(id, i, i2, this.emf).iterator();
        while (it.hasNext()) {
            jaxbGroupList.add(it.next());
        }
        return jaxbGroupList;
    }

    public void removeGroup(String str) throws NotFoundException, UnauthorizedException, Exception {
        removeGroup(str, this.securityService.getOrganization().getId());
    }

    public void createGroup(String str, String str2, String str3, String str4) throws IllegalArgumentException, UnauthorizedException, ConflictException {
        JpaOrganization organization = this.securityService.getOrganization();
        HashSet hashSet = new HashSet();
        if (str3 != null) {
            for (String str5 : StringUtils.split(str3, ",")) {
                hashSet.add(new JpaRole(StringUtils.trim(str5), organization));
            }
        }
        HashSet hashSet2 = new HashSet();
        if (str4 != null) {
            for (String str6 : StringUtils.split(str4, ",")) {
                hashSet2.add(StringUtils.trim(str6));
            }
        }
        String replaceAll = str.toLowerCase().replaceAll("\\W", "_");
        if (UserDirectoryPersistenceUtil.findGroup(replaceAll, organization.getId(), this.emf) != null) {
            throw new ConflictException("group already exists");
        }
        addGroup(new JpaGroup(replaceAll, organization, str, str2, hashSet, hashSet2));
    }

    public void updateGroup(String str, String str2, String str3, String str4, String str5) throws NotFoundException, UnauthorizedException {
        JpaOrganization organization = this.securityService.getOrganization();
        JpaGroup findGroup = UserDirectoryPersistenceUtil.findGroup(str, organization.getId(), this.emf);
        if (findGroup == null) {
            throw new NotFoundException();
        }
        if (StringUtils.isNotBlank(str2)) {
            findGroup.setName(StringUtils.trim(str2));
        }
        if (StringUtils.isNotBlank(str3)) {
            findGroup.setDescription(StringUtils.trim(str3));
        }
        if (StringUtils.isNotBlank(str4)) {
            HashSet hashSet = new HashSet();
            for (String str6 : StringUtils.split(str4, ",")) {
                hashSet.add(new JpaRole(StringUtils.trim(str6), organization));
            }
            findGroup.setRoles(hashSet);
        } else {
            findGroup.setRoles(new HashSet());
        }
        if (str5 != null) {
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            Set<String> members = findGroup.getMembers();
            for (String str7 : StringUtils.split(str5, ",")) {
                String trim = StringUtils.trim(str7);
                hashSet2.add(trim);
                if (!members.contains(trim)) {
                    hashSet3.add(trim);
                }
            }
            for (String str8 : members) {
                if (!hashSet2.contains(str8)) {
                    hashSet3.add(str8);
                }
            }
            findGroup.setMembers(hashSet2);
            Iterator it = hashSet3.iterator();
            while (it.hasNext()) {
                this.userDirectoryService.invalidate((String) it.next());
            }
        }
        addGroup(findGroup);
    }

    public void repopulate(String str) {
        String str2 = "GROUP." + WordUtils.capitalize(str);
        for (Organization organization : this.organizationDirectoryService.getOrganizations()) {
            SecurityUtil.runAs(this.securityService, organization, SecurityUtil.createSystemUser(this.cc, organization), () -> {
                List<JpaGroup> findGroups = UserDirectoryPersistenceUtil.findGroups(organization.getId(), 0, 0, this.emf);
                int size = findGroups.size();
                int i = size < 100 ? 1 : size / 100;
                int i2 = 1;
                logger.info("Re-populating index '{}' with groups of organization {}. There are {} group(s) to add to the index.", new Object[]{str, this.securityService.getOrganization().getId(), Integer.valueOf(size)});
                Iterator<JpaGroup> it = findGroups.iterator();
                while (it.hasNext()) {
                    this.messageSender.sendObjectMessage(str2, MessageSender.DestinationType.Queue, GroupItem.update(JaxbGroup.fromGroup(it.next())));
                    if (i2 % i == 0 || i2 == size) {
                        this.messageSender.sendObjectMessage("INDEX_RESPONSE.QUEUE", MessageSender.DestinationType.Queue, IndexRecreateObject.update(str, IndexRecreateObject.Service.Groups, size, i2));
                    }
                    i2++;
                }
            });
        }
        DefaultOrganization defaultOrganization = new DefaultOrganization();
        SecurityUtil.runAs(this.securityService, defaultOrganization, SecurityUtil.createSystemUser(this.cc, defaultOrganization), () -> {
            this.messageSender.sendObjectMessage("INDEX_RESPONSE.QUEUE", MessageSender.DestinationType.Queue, IndexRecreateObject.end(str, IndexRecreateObject.Service.Groups));
        });
    }

    public MessageReceiver getMessageReceiver() {
        return this.messageReceiver;
    }

    public IndexRecreateObject.Service getService() {
        return IndexRecreateObject.Service.Groups;
    }

    public String getClassName() {
        return JpaGroupRoleProvider.class.getName();
    }

    public MessageSender getMessageSender() {
        return this.messageSender;
    }

    public SecurityService getSecurityService() {
        return this.securityService;
    }

    public String getSystemUserName() {
        return SecurityUtil.getSystemUserName(this.cc);
    }
}
