package org.apache.ambari.server.security.authorization;

import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import com.google.inject.persist.Transactional;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import javax.persistence.EntityManager;
import javax.persistence.OptimisticLockException;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.hooks.HookContextFactory;
import org.apache.ambari.server.hooks.HookService;
import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
import org.apache.ambari.server.ldap.service.AmbariLdapConfigurationProvider;
import org.apache.ambari.server.orm.DBAccessorImpl;
import org.apache.ambari.server.orm.dao.GroupDAO;
import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PermissionDAO;
import org.apache.ambari.server.orm.dao.PrincipalDAO;
import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.ResourceDAO;
import org.apache.ambari.server.orm.dao.UserAuthenticationDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.authentication.AccountDisabledException;
import org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
import org.apache.ambari.server.security.authentication.UserNotFoundException;
import org.apache.ambari.server.security.ldap.LdapBatchDto;
import org.apache.ambari.server.security.ldap.LdapGroupDto;
import org.apache.ambari.server.security.ldap.LdapUserDto;
import org.apache.ambari.server.security.ldap.LdapUserGroupMemberDto;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.password.PasswordEncoder;

@Singleton
/* loaded from: input_file:org/apache/ambari/server/security/authorization/Users.class */
public class Users {
    private static final Logger LOG = LoggerFactory.getLogger(Users.class);
    private static final int MAX_RETRIES = 10;

    @Inject
    private Provider<EntityManager> entityManagerProvider;

    @Inject
    private UserDAO userDAO;

    @Inject
    private UserAuthenticationDAO userAuthenticationDAO;

    @Inject
    private GroupDAO groupDAO;

    @Inject
    private MemberDAO memberDAO;

    @Inject
    private PrincipalDAO principalDAO;

    @Inject
    private PermissionDAO permissionDAO;

    @Inject
    private PrivilegeDAO privilegeDAO;

    @Inject
    private ResourceDAO resourceDAO;

    @Inject
    private PrincipalTypeDAO principalTypeDAO;

    @Inject
    private PasswordEncoder passwordEncoder;

    @Inject
    protected AmbariLdapConfigurationProvider ldapConfigurationProvider;

    @Inject
    protected Configuration configuration;

    @Inject
    private Provider<HookService> hookServiceProvider;

    @Inject
    private HookContextFactory hookContextFactory;

    /* renamed from: org.apache.ambari.server.security.authorization.Users$9, reason: invalid class name */
    /* loaded from: input_file:org/apache/ambari/server/security/authorization/Users$9.class */
    static /* synthetic */ class AnonymousClass9 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$ambari$server$security$authorization$UserAuthenticationType = new int[UserAuthenticationType.values().length];

        static {
            try {
                $SwitchMap$org$apache$ambari$server$security$authorization$UserAuthenticationType[UserAuthenticationType.LOCAL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$ambari$server$security$authorization$UserAuthenticationType[UserAuthenticationType.LDAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$ambari$server$security$authorization$UserAuthenticationType[UserAuthenticationType.JWT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$ambari$server$security$authorization$UserAuthenticationType[UserAuthenticationType.PAM.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$ambari$server$security$authorization$UserAuthenticationType[UserAuthenticationType.KERBEROS.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/apache/ambari/server/security/authorization/Users$Command.class */
    public interface Command {
        void perform(UserEntity userEntity);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ambari/server/security/authorization/Users$Validator.class */
    public interface Validator {
        void validate(UserEntity userEntity, String str) throws AmbariException;
    }

    public List<User> getAllUsers() {
        List<UserEntity> findAll = this.userDAO.findAll();
        ArrayList arrayList = new ArrayList(findAll.size());
        Iterator<UserEntity> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(new User(it.next()));
        }
        return arrayList;
    }

    public List<UserEntity> getAllUserEntities() {
        return this.userDAO.findAll();
    }

    public UserEntity getUserEntity(String str) {
        if (str == null) {
            return null;
        }
        return this.userDAO.findUserByName(str);
    }

    public UserEntity getUserEntity(Integer num) {
        if (num == null) {
            return null;
        }
        return this.userDAO.findByPK(num);
    }

    public User getUser(UserEntity userEntity) {
        if (null == userEntity) {
            return null;
        }
        return new User(userEntity);
    }

    public User getUser(Integer num) {
        return getUser(getUserEntity(num));
    }

    public User getUser(String str) {
        return getUser(getUserEntity(str));
    }

    public synchronized void setUserActive(String str, boolean z) throws AmbariException {
        UserEntity findUserByName = this.userDAO.findUserByName(str);
        if (findUserByName == null) {
            throw new AmbariException("User " + str + " doesn't exist");
        }
        setUserActive(findUserByName, z);
    }

    public synchronized void setUserActive(UserEntity userEntity, final boolean z) throws AmbariException {
        if (userEntity != null) {
            safelyUpdateUserEntity(userEntity, new Command() { // from class: org.apache.ambari.server.security.authorization.Users.1
                @Override // org.apache.ambari.server.security.authorization.Users.Command
                public void perform(UserEntity userEntity2) {
                    userEntity2.setActive(Boolean.valueOf(z));
                }
            }, MAX_RETRIES);
        }
    }

    public void validateLogin(UserEntity userEntity, String str) {
        if (userEntity == null) {
            LOG.info("User not found");
            throw new UserNotFoundException(str);
        }
        if (!userEntity.getActive().booleanValue()) {
            LOG.info("User account is disabled: {}", str);
            throw new AccountDisabledException(str);
        }
        int maxAuthenticationFailures = this.configuration.getMaxAuthenticationFailures();
        if (maxAuthenticationFailures <= 0 || userEntity.getConsecutiveFailures().intValue() < maxAuthenticationFailures) {
            return;
        }
        LOG.info("User account is locked out due to too many authentication failures ({}/{}): {}", new Object[]{userEntity.getConsecutiveFailures(), Integer.valueOf(maxAuthenticationFailures), str});
        throw new TooManyLoginFailuresException(str);
    }

    public synchronized void setGroupLdap(String str) throws AmbariException {
        GroupEntity findGroupByName = this.groupDAO.findGroupByName(str);
        if (findGroupByName == null) {
            throw new AmbariException("Group " + str + " doesn't exist");
        }
        findGroupByName.setGroupType(GroupType.LDAP);
        this.groupDAO.merge(findGroupByName);
    }

    public UserEntity createUser(String str, String str2, String str3) throws AmbariException {
        return createUser(str, str2, str3, true);
    }

    @Transactional
    public synchronized UserEntity createUser(String str, String str2, String str3, Boolean bool) throws AmbariException {
        String userName = UserName.fromString(str).toString();
        String userName2 = StringUtils.isEmpty(str3) ? userName : UserName.fromString(str3).toString();
        String userName3 = StringUtils.isEmpty(str2) ? userName : UserName.fromString(str2).toString();
        if (this.userDAO.findUserByName(userName) != null) {
            throw new AmbariException("User already exists");
        }
        PrincipalTypeEntity findById = this.principalTypeDAO.findById(1);
        if (findById == null) {
            findById = new PrincipalTypeEntity();
            findById.setId(1);
            findById.setName(PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME);
            this.principalTypeDAO.create(findById);
        }
        PrincipalEntity principalEntity = new PrincipalEntity();
        principalEntity.setPrincipalType(findById);
        this.principalDAO.create(principalEntity);
        UserEntity userEntity = new UserEntity();
        userEntity.setUserName(userName);
        userEntity.setDisplayName(userName2);
        userEntity.setLocalUsername(userName3);
        userEntity.setPrincipal(principalEntity);
        if (bool != null) {
            userEntity.setActive(bool);
        }
        this.userDAO.create(userEntity);
        ((HookService) this.hookServiceProvider.get()).execute(this.hookContextFactory.createUserHookContext(userName));
        return userEntity;
    }

    @Transactional
    public synchronized void removeUser(User user) throws AmbariException {
        UserEntity findByPK = this.userDAO.findByPK(Integer.valueOf(user.getUserId()));
        if (findByPK == null) {
            throw new AmbariException("User " + user + " doesn't exist");
        }
        removeUser(findByPK);
    }

    @Transactional
    public synchronized void removeUser(UserEntity userEntity) throws AmbariException {
        if (userEntity != null) {
            if (!isUserCanBeRemoved(userEntity)) {
                throw new AmbariException("Could not remove user " + userEntity.getUserName() + ". System should have at least one administrator.");
            }
            this.userDAO.remove(userEntity);
        }
    }

    public Group getGroup(String str) {
        GroupEntity findGroupByName = this.groupDAO.findGroupByName(str);
        if (null == findGroupByName) {
            return null;
        }
        return new Group(findGroupByName);
    }

    public Group getGroup(String str, GroupType groupType) {
        GroupEntity groupEntity = getGroupEntity(str, groupType);
        if (null == groupEntity) {
            return null;
        }
        return new Group(groupEntity);
    }

    public GroupEntity getGroupEntity(String str, GroupType groupType) {
        return this.groupDAO.findGroupByNameAndType(str, groupType);
    }

    public Collection<User> getGroupMembers(String str) {
        GroupEntity findGroupByName = this.groupDAO.findGroupByName(str);
        if (findGroupByName == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (MemberEntity memberEntity : findGroupByName.getMemberEntities()) {
            if (memberEntity.getUser() != null) {
                hashSet.add(new User(memberEntity.getUser()));
            } else {
                LOG.error("Wrong state, not found user for member '{}' (group: '{}')", memberEntity.getMemberId(), memberEntity.getGroup().getGroupName());
            }
        }
        return hashSet;
    }

    @Transactional
    public synchronized GroupEntity createGroup(String str, GroupType groupType) {
        PrincipalTypeEntity findById = this.principalTypeDAO.findById(2);
        if (findById == null) {
            findById = new PrincipalTypeEntity();
            findById.setId(2);
            findById.setName(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME);
            this.principalTypeDAO.create(findById);
        }
        PrincipalEntity principalEntity = new PrincipalEntity();
        principalEntity.setPrincipalType(findById);
        this.principalDAO.create(principalEntity);
        GroupEntity groupEntity = new GroupEntity();
        groupEntity.setGroupName(str);
        groupEntity.setPrincipal(principalEntity);
        groupEntity.setGroupType(groupType);
        this.groupDAO.create(groupEntity);
        return groupEntity;
    }

    public List<Group> getAllGroups() {
        List<GroupEntity> findAll = this.groupDAO.findAll();
        ArrayList arrayList = new ArrayList(findAll.size());
        Iterator<GroupEntity> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(new Group(it.next()));
        }
        return arrayList;
    }

    public List<String> getAllMembers(String str) throws AmbariException {
        ArrayList arrayList = new ArrayList();
        GroupEntity findGroupByName = this.groupDAO.findGroupByName(str);
        if (findGroupByName == null) {
            throw new AmbariException("Group " + str + " doesn't exist");
        }
        Iterator<MemberEntity> it = findGroupByName.getMemberEntities().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getUser().getUserName());
        }
        return arrayList;
    }

    @Transactional
    public synchronized void removeGroup(Group group) throws AmbariException {
        GroupEntity findByPK = this.groupDAO.findByPK(Integer.valueOf(group.getGroupId()));
        if (findByPK == null) {
            throw new AmbariException("Group " + group + " doesn't exist");
        }
        this.groupDAO.remove(findByPK);
    }

    public synchronized boolean hasAdminPrivilege(UserEntity userEntity) {
        Set<PrivilegeEntity> privileges;
        PrincipalEntity principal = userEntity.getPrincipal();
        if (principal == null || (privileges = principal.getPrivileges()) == null) {
            return false;
        }
        PermissionEntity findAmbariAdminPermission = this.permissionDAO.findAmbariAdminPermission();
        Integer id = findAmbariAdminPermission == null ? null : findAmbariAdminPermission.getId();
        if (id == null) {
            return false;
        }
        Iterator<PrivilegeEntity> it = privileges.iterator();
        while (it.hasNext()) {
            PermissionEntity permission = it.next().getPermission();
            if (permission != null && id.equals(permission.getId())) {
                return true;
            }
        }
        return false;
    }

    public synchronized void grantAdminPrivilege(Integer num) {
        grantAdminPrivilege(this.userDAO.findByPK(num));
    }

    public synchronized void grantAdminPrivilege(UserEntity userEntity) {
        PrivilegeEntity privilegeEntity = new PrivilegeEntity();
        privilegeEntity.setPermission(this.permissionDAO.findAmbariAdminPermission());
        privilegeEntity.setPrincipal(userEntity.getPrincipal());
        privilegeEntity.setResource(this.resourceDAO.findAmbariResource());
        if (userEntity.getPrincipal().getPrivileges().contains(privilegeEntity)) {
            return;
        }
        this.privilegeDAO.create(privilegeEntity);
        userEntity.getPrincipal().getPrivileges().add(privilegeEntity);
        this.principalDAO.merge(userEntity.getPrincipal());
        this.userDAO.merge(userEntity);
    }

    public synchronized void grantPrivilegeToGroup(Integer num, Long l, ResourceType resourceType, String str) {
        GroupEntity findByPK = this.groupDAO.findByPK(num);
        PrivilegeEntity privilegeEntity = new PrivilegeEntity();
        ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
        resourceTypeEntity.setId(Integer.valueOf(resourceType.getId()));
        resourceTypeEntity.setName(resourceType.name());
        privilegeEntity.setPermission(this.permissionDAO.findPermissionByNameAndType(str, resourceTypeEntity));
        privilegeEntity.setPrincipal(findByPK.getPrincipal());
        privilegeEntity.setResource(this.resourceDAO.findById(l));
        if (findByPK.getPrincipal().getPrivileges().contains(privilegeEntity)) {
            return;
        }
        this.privilegeDAO.create(privilegeEntity);
        findByPK.getPrincipal().getPrivileges().add(privilegeEntity);
        this.principalDAO.merge(findByPK.getPrincipal());
        this.groupDAO.merge(findByPK);
        this.privilegeDAO.merge(privilegeEntity);
    }

    public synchronized void revokeAdminPrivilege(Integer num) {
        revokeAdminPrivilege(this.userDAO.findByPK(num));
    }

    public synchronized void revokeAdminPrivilege(UserEntity userEntity) {
        for (PrivilegeEntity privilegeEntity : userEntity.getPrincipal().getPrivileges()) {
            if (privilegeEntity.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME)) {
                userEntity.getPrincipal().getPrivileges().remove(privilegeEntity);
                this.principalDAO.merge(userEntity.getPrincipal());
                this.userDAO.merge(userEntity);
                this.privilegeDAO.remove(privilegeEntity);
                return;
            }
        }
    }

    @Transactional
    public synchronized void addMemberToGroup(String str, String str2) throws AmbariException {
        GroupEntity findGroupByName = this.groupDAO.findGroupByName(str);
        if (findGroupByName == null) {
            throw new AmbariException("Group " + str + " doesn't exist");
        }
        UserEntity findUserByName = this.userDAO.findUserByName(str2);
        if (findUserByName == null) {
            throw new AmbariException("User " + str2 + " doesn't exist");
        }
        addMemberToGroup(findGroupByName, findUserByName);
    }

    @Transactional
    public synchronized void addMemberToGroup(GroupEntity groupEntity, UserEntity userEntity) throws AmbariException {
        if (groupEntity == null) {
            throw new NullPointerException();
        }
        if (userEntity == null) {
            throw new NullPointerException();
        }
        if (isUserInGroup(userEntity, groupEntity)) {
            return;
        }
        MemberEntity memberEntity = new MemberEntity();
        memberEntity.setGroup(groupEntity);
        memberEntity.setUser(userEntity);
        userEntity.getMemberEntities().add(memberEntity);
        groupEntity.getMemberEntities().add(memberEntity);
        this.memberDAO.create(memberEntity);
        this.userDAO.merge(userEntity);
        this.groupDAO.merge(groupEntity);
    }

    @Transactional
    public synchronized void removeMemberFromGroup(String str, String str2) throws AmbariException {
        GroupEntity findGroupByName = this.groupDAO.findGroupByName(str);
        if (findGroupByName == null) {
            throw new AmbariException("Group " + str + " doesn't exist");
        }
        UserEntity findUserByName = this.userDAO.findUserByName(str2);
        if (findUserByName == null) {
            throw new AmbariException("User " + str2 + " doesn't exist");
        }
        removeMemberFromGroup(findGroupByName, findUserByName);
    }

    @Transactional
    public synchronized void removeMemberFromGroup(GroupEntity groupEntity, UserEntity userEntity) throws AmbariException {
        if (isUserInGroup(userEntity, groupEntity)) {
            MemberEntity memberEntity = null;
            Iterator<MemberEntity> it = userEntity.getMemberEntities().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                MemberEntity next = it.next();
                if (next.getGroup().equals(groupEntity)) {
                    memberEntity = next;
                    break;
                }
            }
            userEntity.getMemberEntities().remove(memberEntity);
            groupEntity.getMemberEntities().remove(memberEntity);
            this.userDAO.merge(userEntity);
            this.groupDAO.merge(groupEntity);
            this.memberDAO.remove(memberEntity);
        }
    }

    public synchronized boolean isUserCanBeRemoved(UserEntity userEntity) {
        HashSet hashSet = new HashSet(this.userDAO.findUsersByPrincipal(this.principalDAO.findByPermissionId(1)));
        return !hashSet.contains(userEntity) || hashSet.size() >= 2;
    }

    public boolean isUserInGroup(UserEntity userEntity, GroupEntity groupEntity) {
        Iterator<MemberEntity> it = userEntity.getMemberEntities().iterator();
        while (it.hasNext()) {
            if (it.next().getGroup().equals(groupEntity)) {
                return true;
            }
        }
        return false;
    }

    public void processLdapSync(LdapBatchDto ldapBatchDto) {
        UserEntity userEntity;
        List<UserAuthenticationEntity> authenticationEntities;
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (UserEntity userEntity2 : this.userDAO.findAll()) {
            hashMap.put(userEntity2.getUserName(), userEntity2);
        }
        for (GroupEntity groupEntity : this.groupDAO.findAll()) {
            hashMap2.put(groupEntity.getGroupName(), groupEntity);
        }
        PrincipalTypeEntity ensurePrincipalTypeCreated = this.principalTypeDAO.ensurePrincipalTypeCreated(2);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (LdapUserDto ldapUserDto : ldapBatchDto.getUsersToBeRemoved()) {
            UserEntity findUserByName = this.userDAO.findUserByName(ldapUserDto.getUserName());
            if (findUserByName != null) {
                List<UserAuthenticationEntity> findByUser = this.userAuthenticationDAO.findByUser(findUserByName);
                Iterator<UserAuthenticationEntity> it = findByUser.iterator();
                while (it.hasNext()) {
                    UserAuthenticationEntity next = it.next();
                    if (next.getAuthenticationType() == UserAuthenticationType.LDAP) {
                        String dn = ldapUserDto.getDn();
                        String authenticationKey = next.getAuthenticationKey();
                        if (StringUtils.isEmpty(dn) || StringUtils.isEmpty(authenticationKey) || dn.equalsIgnoreCase(authenticationKey)) {
                            hashSet2.add(next);
                        }
                        it.remove();
                    }
                }
                if (findByUser.isEmpty()) {
                    hashMap.remove(findUserByName.getUserName());
                    hashSet.add(findUserByName);
                }
            }
        }
        this.userAuthenticationDAO.remove(hashSet2);
        this.userDAO.remove(hashSet);
        HashSet hashSet3 = new HashSet();
        Iterator<LdapGroupDto> it2 = ldapBatchDto.getGroupsToBeRemoved().iterator();
        while (it2.hasNext()) {
            GroupEntity findGroupByName = this.groupDAO.findGroupByName(it2.next().getGroupName());
            hashMap2.remove(findGroupByName.getGroupName());
            hashSet3.add(findGroupByName);
        }
        this.groupDAO.remove(hashSet3);
        HashSet hashSet4 = new HashSet();
        for (LdapUserDto ldapUserDto2 : ldapBatchDto.getUsersToBecomeLdap()) {
            String userName = ldapUserDto2.getUserName();
            UserEntity findUserByName2 = this.userDAO.findUserByName(userName);
            if (findUserByName2 != null) {
                LOG.trace("Enabling LDAP authentication for the user account with the username {}.", userName);
                if (this.configuration.getLdapSyncCollisionHandlingBehavior() == Configuration.LdapUsernameCollisionHandlingBehavior.CONVERT && (authenticationEntities = findUserByName2.getAuthenticationEntities()) != null) {
                    Iterator<UserAuthenticationEntity> it3 = authenticationEntities.iterator();
                    while (it3.hasNext()) {
                        UserAuthenticationEntity next2 = it3.next();
                        if (next2.getAuthenticationType() != UserAuthenticationType.LDAP) {
                            removeAuthentication(findUserByName2, next2.getUserAuthenticationId());
                            it3.remove();
                        }
                    }
                }
                try {
                    addLdapAuthentication(findUserByName2, ldapUserDto2.getDn(), false);
                    hashSet4.add(findUserByName2);
                } catch (AmbariException e) {
                    LOG.warn(String.format("Failed to enable LDAP authentication for the user account with the username %s: %s", userName, e.getLocalizedMessage()), e);
                }
            } else {
                LOG.warn("Failed to find user account for {} while enabling LDAP authentication for the user.", userName);
            }
        }
        this.userDAO.merge(hashSet4);
        HashSet hashSet5 = new HashSet();
        Iterator<LdapGroupDto> it4 = ldapBatchDto.getGroupsToBecomeLdap().iterator();
        while (it4.hasNext()) {
            GroupEntity findGroupByName2 = this.groupDAO.findGroupByName(it4.next().getGroupName());
            findGroupByName2.setGroupType(GroupType.LDAP);
            hashMap2.put(findGroupByName2.getGroupName(), findGroupByName2);
            hashSet5.add(findGroupByName2);
        }
        this.groupDAO.merge(hashSet5);
        ArrayList arrayList = new ArrayList();
        for (LdapUserDto ldapUserDto3 : ldapBatchDto.getUsersToBeCreated()) {
            String userName2 = ldapUserDto3.getUserName();
            try {
                userEntity = createUser(userName2, userName2, userName2, true);
            } catch (AmbariException e2) {
                LOG.error(String.format("Failed to create new user: %s", userName2), e2);
                userEntity = null;
            }
            if (userEntity != null) {
                LOG.trace("Enabling LDAP authentication for the user account with the username {}.", userName2);
                try {
                    addLdapAuthentication(userEntity, ldapUserDto3.getDn(), false);
                } catch (AmbariException e3) {
                    LOG.warn(String.format("Failed to enable LDAP authentication for the user account with the username %s: %s", userName2, e3.getLocalizedMessage()), e3);
                }
                this.userDAO.merge(userEntity);
                hashMap.put(userEntity.getUserName(), userEntity);
            }
        }
        HashSet hashSet6 = new HashSet();
        for (LdapGroupDto ldapGroupDto : ldapBatchDto.getGroupsToBeCreated()) {
            PrincipalEntity principalEntity = new PrincipalEntity();
            principalEntity.setPrincipalType(ensurePrincipalTypeCreated);
            arrayList.add(principalEntity);
            GroupEntity groupEntity2 = new GroupEntity();
            groupEntity2.setGroupName(ldapGroupDto.getGroupName());
            groupEntity2.setPrincipal(principalEntity);
            groupEntity2.setGroupType(GroupType.LDAP);
            hashMap2.put(groupEntity2.getGroupName(), groupEntity2);
            hashSet6.add(groupEntity2);
        }
        this.principalDAO.create(arrayList);
        this.groupDAO.create(hashSet6);
        HashSet hashSet7 = new HashSet();
        HashSet hashSet8 = new HashSet();
        for (LdapUserGroupMemberDto ldapUserGroupMemberDto : ldapBatchDto.getMembershipToAdd()) {
            MemberEntity memberEntity = new MemberEntity();
            GroupEntity groupEntity3 = (GroupEntity) hashMap2.get(ldapUserGroupMemberDto.getGroupName());
            memberEntity.setGroup(groupEntity3);
            memberEntity.setUser((UserEntity) hashMap.get(ldapUserGroupMemberDto.getUserName()));
            groupEntity3.getMemberEntities().add(memberEntity);
            hashSet8.add(groupEntity3);
            hashSet7.add(memberEntity);
        }
        processLdapAdminGroupMappingRules(hashSet7);
        this.memberDAO.create(hashSet7);
        this.groupDAO.merge(hashSet8);
        HashSet hashSet9 = new HashSet();
        for (LdapUserGroupMemberDto ldapUserGroupMemberDto2 : ldapBatchDto.getMembershipToRemove()) {
            MemberEntity findByUserAndGroup = this.memberDAO.findByUserAndGroup(ldapUserGroupMemberDto2.getUserName(), ldapUserGroupMemberDto2.getGroupName());
            if (findByUserAndGroup != null) {
                hashSet9.add(findByUserAndGroup);
            }
        }
        this.memberDAO.remove(hashSet9);
        ((EntityManager) this.entityManagerProvider.get()).getEntityManagerFactory().getCache().evictAll();
    }

    private void processLdapAdminGroupMappingRules(Set<MemberEntity> set) {
        if (set.isEmpty()) {
            LOG.debug("There are no new memberships for which to process administrator group mapping rules.");
            return;
        }
        AmbariLdapConfiguration ambariLdapConfiguration = this.ldapConfigurationProvider.m156get();
        if (ambariLdapConfiguration == null) {
            LOG.warn("The LDAP configuration is not available - no administrator group mappings will be processed.");
            return;
        }
        String groupMappingRules = ambariLdapConfiguration.groupMappingRules();
        if (Strings.isNullOrEmpty(groupMappingRules)) {
            LOG.debug("There are no administrator group mappings to be processed.");
            return;
        }
        LOG.info("Processing admin group mapping rules [{}]. Membership entry count: [{}]", groupMappingRules, Integer.valueOf(set.size()));
        HashSet newHashSet = Sets.newHashSet(groupMappingRules.split(","));
        HashSet<UserEntity> newHashSet2 = Sets.newHashSet();
        for (MemberEntity memberEntity : set) {
            if (newHashSet.contains(memberEntity.getGroup().getGroupName())) {
                LOG.debug("Ambari admin user prospect: [{}] ", memberEntity.getUser().getUserName());
                newHashSet2.add(memberEntity.getUser());
            }
        }
        for (UserEntity userEntity : newHashSet2) {
            LOG.info("Granting ambari admin roles to the user: {}", userEntity.getUserName());
            grantAdminPrivilege(userEntity.getUserId());
        }
    }

    private Map<String, Set<String>> getUsersToGroupMap(Set<UserEntity> set) {
        HashMap hashMap = new HashMap();
        Iterator<UserEntity> it = set.iterator();
        while (it.hasNext()) {
            UserEntity findByPK = this.userDAO.findByPK(it.next().getUserId());
            hashMap.put(findByPK.getUserName(), new HashSet());
            Iterator<MemberEntity> it2 = findByPK.getMemberEntities().iterator();
            while (it2.hasNext()) {
                ((Set) hashMap.get(findByPK.getUserName())).add(it2.next().getGroup().getGroupName());
            }
        }
        return hashMap;
    }

    public Collection<PrivilegeEntity> getUserPrivileges(UserEntity userEntity) {
        List linkedList;
        if (userEntity == null) {
            return Collections.emptyList();
        }
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(userEntity.getPrincipal());
        Iterator<MemberEntity> it = this.memberDAO.findAllMembersByUser(userEntity).iterator();
        while (it.hasNext()) {
            linkedList2.add(it.next().getGroup().getPrincipal());
        }
        List<PrivilegeEntity> findAllByPrincipal = this.privilegeDAO.findAllByPrincipal(linkedList2);
        List<PrivilegeEntity> implicitPrivileges = getImplicitPrivileges(findAllByPrincipal);
        if (implicitPrivileges.isEmpty()) {
            linkedList = findAllByPrincipal;
        } else {
            linkedList = new LinkedList();
            linkedList.addAll(findAllByPrincipal);
            linkedList.addAll(implicitPrivileges);
        }
        return linkedList;
    }

    public Collection<PrivilegeEntity> getGroupPrivileges(GroupEntity groupEntity) {
        List linkedList;
        if (groupEntity == null) {
            return Collections.emptyList();
        }
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(groupEntity.getPrincipal());
        List<PrivilegeEntity> findAllByPrincipal = this.privilegeDAO.findAllByPrincipal(linkedList2);
        List<PrivilegeEntity> implicitPrivileges = getImplicitPrivileges(findAllByPrincipal);
        if (implicitPrivileges.isEmpty()) {
            linkedList = findAllByPrincipal;
        } else {
            linkedList = new LinkedList();
            linkedList.addAll(findAllByPrincipal);
            linkedList.addAll(implicitPrivileges);
        }
        return linkedList;
    }

    public Collection<AmbariGrantedAuthority> getUserAuthorities(String str) {
        return getUserAuthorities(getUserEntity(str));
    }

    public Collection<AmbariGrantedAuthority> getUserAuthorities(UserEntity userEntity) {
        if (userEntity == null) {
            return Collections.emptyList();
        }
        Collection<PrivilegeEntity> userPrivileges = getUserPrivileges(userEntity);
        HashSet hashSet = new HashSet(userPrivileges.size());
        Iterator<PrivilegeEntity> it = userPrivileges.iterator();
        while (it.hasNext()) {
            hashSet.add(new AmbariGrantedAuthority(it.next()));
        }
        return hashSet;
    }

    private List<PrivilegeEntity> getImplicitPrivileges(List<PrivilegeEntity> list) {
        if (list == null || list.isEmpty()) {
            return Collections.emptyList();
        }
        LinkedList linkedList = new LinkedList();
        ArrayList arrayList = new ArrayList();
        Iterator<PrivilegeEntity> it = list.iterator();
        while (it.hasNext()) {
            PrincipalEntity principal = it.next().getPermission().getPrincipal();
            if (principal != null) {
                arrayList.add(principal);
            }
        }
        if (!arrayList.isEmpty()) {
            linkedList.addAll(this.privilegeDAO.findAllByPrincipal(arrayList));
        }
        return linkedList;
    }

    public Collection<UserAuthenticationEntity> getUserAuthenticationEntities(String str, UserAuthenticationType userAuthenticationType) {
        UserEntity userEntity;
        if (StringUtils.isEmpty(str)) {
            userEntity = null;
        } else {
            userEntity = this.userDAO.findUserByName(str);
            if (userEntity == null) {
                return null;
            }
        }
        return getUserAuthenticationEntities(userEntity, userAuthenticationType);
    }

    public Collection<UserAuthenticationEntity> getUserAuthenticationEntities(UserEntity userEntity, UserAuthenticationType userAuthenticationType) {
        if (userEntity == null) {
            return userAuthenticationType == null ? this.userAuthenticationDAO.findAll() : this.userAuthenticationDAO.findByType(userAuthenticationType);
        }
        List<UserAuthenticationEntity> findByUser = this.userAuthenticationDAO.findByUser(userEntity);
        if (userAuthenticationType == null) {
            return findByUser;
        }
        ArrayList arrayList = new ArrayList();
        for (UserAuthenticationEntity userAuthenticationEntity : findByUser) {
            if (userAuthenticationEntity.getAuthenticationType() == userAuthenticationType) {
                arrayList.add(userAuthenticationEntity);
            }
        }
        return arrayList;
    }

    public Collection<UserAuthenticationEntity> getUserAuthenticationEntities(UserAuthenticationType userAuthenticationType, String str) {
        return this.userAuthenticationDAO.findByTypeAndKey(userAuthenticationType, str);
    }

    @Transactional
    public synchronized void modifyAuthentication(UserAuthenticationEntity userAuthenticationEntity, String str, String str2, boolean z) throws AmbariException {
        if (userAuthenticationEntity != null) {
            if (userAuthenticationEntity.getAuthenticationType() == UserAuthenticationType.LOCAL) {
                String authenticationKey = z ? userAuthenticationEntity.getAuthenticationKey() : getAuthenticatedUserLocalAuthenticationMethod().orElseThrow(() -> {
                    return new AmbariException("Authentication error");
                }).getAuthenticationKey();
                if (StringUtils.isEmpty(str) || !this.passwordEncoder.matches(str, authenticationKey)) {
                    throw new AmbariException("Wrong current password provided");
                }
                validatePassword(str2);
                userAuthenticationEntity.setAuthenticationKey(this.passwordEncoder.encode(str2));
            } else {
                userAuthenticationEntity.setAuthenticationKey(str2);
            }
            this.userAuthenticationDAO.merge(userAuthenticationEntity);
        }
    }

    private Optional<AuthenticationMethod> getAuthenticatedUserLocalAuthenticationMethod() {
        return getUser(Integer.valueOf(AuthorizationHelper.getAuthenticatedId())).getAuthenticationMethods().stream().filter(authenticationMethod -> {
            return UserAuthenticationType.LOCAL.equals(authenticationMethod.getAuthenticationType());
        }).findAny();
    }

    public void removeAuthentication(String str, Long l) {
        removeAuthentication(getUserEntity(str), l);
    }

    @Transactional
    public void removeAuthentication(UserEntity userEntity, Long l) {
        if (userEntity == null || l == null) {
            return;
        }
        boolean z = false;
        UserEntity findByPK = this.userDAO.findByPK(userEntity.getUserId());
        Iterator<UserAuthenticationEntity> it = findByPK.getAuthenticationEntities().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            UserAuthenticationEntity next = it.next();
            if (l.equals(next.getUserAuthenticationId())) {
                this.userAuthenticationDAO.remove(next);
                it.remove();
                z = true;
                break;
            }
        }
        if (z) {
            this.userDAO.merge(findByPK);
        }
    }

    public void addAuthentication(UserEntity userEntity, UserAuthenticationType userAuthenticationType, String str) throws AmbariException {
        switch (AnonymousClass9.$SwitchMap$org$apache$ambari$server$security$authorization$UserAuthenticationType[userAuthenticationType.ordinal()]) {
            case 1:
                addLocalAuthentication(userEntity, str);
                return;
            case 2:
                addLdapAuthentication(userEntity, str);
                return;
            case 3:
                addJWTAuthentication(userEntity, str);
                return;
            case PermissionEntity.VIEW_USER_PERMISSION /* 4 */:
                addPamAuthentication(userEntity, str);
                return;
            case DBAccessorImpl.SUPPORT_CONNECTOR_VERSION /* 5 */:
                addKerberosAuthentication(userEntity, str);
                return;
            default:
                throw new AmbariException("Unexpected user authentication type");
        }
    }

    public void addJWTAuthentication(UserEntity userEntity, String str) throws AmbariException {
        addJWTAuthentication(userEntity, str, true);
    }

    public void addJWTAuthentication(UserEntity userEntity, String str, boolean z) throws AmbariException {
        addAuthentication(userEntity, UserAuthenticationType.JWT, str, new Validator() { // from class: org.apache.ambari.server.security.authorization.Users.2
            @Override // org.apache.ambari.server.security.authorization.Users.Validator
            public void validate(UserEntity userEntity2, String str2) throws AmbariException {
                for (UserAuthenticationEntity userAuthenticationEntity : userEntity2.getAuthenticationEntities()) {
                    if (userAuthenticationEntity.getAuthenticationType() == UserAuthenticationType.JWT) {
                        if (str2 == null) {
                            if (userAuthenticationEntity.getAuthenticationKey() == null) {
                                throw new AmbariException("The authentication type already exists for this user");
                            }
                        } else if (str2.equals(userAuthenticationEntity.getAuthenticationKey())) {
                            throw new AmbariException("The authentication type already exists for this user");
                        }
                    }
                }
            }
        }, z);
    }

    public void addKerberosAuthentication(UserEntity userEntity, String str) throws AmbariException {
        addKerberosAuthentication(userEntity, str, true);
    }

    public void addKerberosAuthentication(UserEntity userEntity, String str, boolean z) throws AmbariException {
        addAuthentication(userEntity, UserAuthenticationType.KERBEROS, str, new Validator() { // from class: org.apache.ambari.server.security.authorization.Users.3
            @Override // org.apache.ambari.server.security.authorization.Users.Validator
            public void validate(UserEntity userEntity2, String str2) throws AmbariException {
                if (!CollectionUtils.isEmpty(Users.this.userAuthenticationDAO.findByTypeAndKey(UserAuthenticationType.KERBEROS, str2))) {
                    throw new AmbariException("The authentication type already exists for this principal");
                }
            }
        }, z);
    }

    public void addLocalAuthentication(UserEntity userEntity, String str) throws AmbariException {
        addLocalAuthentication(userEntity, str, true);
    }

    public void addLocalAuthentication(UserEntity userEntity, String str, boolean z) throws AmbariException {
        validatePassword(str);
        addAuthentication(userEntity, UserAuthenticationType.LOCAL, this.passwordEncoder.encode(str), new Validator() { // from class: org.apache.ambari.server.security.authorization.Users.4
            @Override // org.apache.ambari.server.security.authorization.Users.Validator
            public void validate(UserEntity userEntity2, String str2) throws AmbariException {
                Iterator<UserAuthenticationEntity> it = userEntity2.getAuthenticationEntities().iterator();
                while (it.hasNext()) {
                    if (it.next().getAuthenticationType() == UserAuthenticationType.LOCAL) {
                        throw new AmbariException("The authentication type already exists for this user");
                    }
                }
            }
        }, z);
    }

    public void addPamAuthentication(UserEntity userEntity, String str) throws AmbariException {
        addPamAuthentication(userEntity, str, true);
    }

    public void addPamAuthentication(UserEntity userEntity, String str, boolean z) throws AmbariException {
        addAuthentication(userEntity, UserAuthenticationType.PAM, str, new Validator() { // from class: org.apache.ambari.server.security.authorization.Users.5
            @Override // org.apache.ambari.server.security.authorization.Users.Validator
            public void validate(UserEntity userEntity2, String str2) throws AmbariException {
                Iterator<UserAuthenticationEntity> it = userEntity2.getAuthenticationEntities().iterator();
                while (it.hasNext()) {
                    if (it.next().getAuthenticationType() == UserAuthenticationType.PAM) {
                        throw new AmbariException("The authentication type already exists for this user");
                    }
                }
            }
        }, z);
    }

    public void addLdapAuthentication(UserEntity userEntity, String str) throws AmbariException {
        addLdapAuthentication(userEntity, str, true);
    }

    public void addLdapAuthentication(UserEntity userEntity, String str, boolean z) throws AmbariException {
        addAuthentication(userEntity, UserAuthenticationType.LDAP, StringUtils.lowerCase(str), new Validator() { // from class: org.apache.ambari.server.security.authorization.Users.6
            @Override // org.apache.ambari.server.security.authorization.Users.Validator
            public void validate(UserEntity userEntity2, String str2) throws AmbariException {
                for (UserAuthenticationEntity userAuthenticationEntity : userEntity2.getAuthenticationEntities()) {
                    if (userAuthenticationEntity.getAuthenticationType() == UserAuthenticationType.LDAP) {
                        if (str2 == null) {
                            if (userAuthenticationEntity.getAuthenticationKey() == null) {
                                throw new AmbariException("The authentication type already exists for this user");
                            }
                        } else if (str2.equalsIgnoreCase(userAuthenticationEntity.getAuthenticationKey())) {
                            throw new AmbariException("The authentication type already exists for this user");
                        }
                    }
                }
            }
        }, z);
    }

    private void addAuthentication(UserEntity userEntity, UserAuthenticationType userAuthenticationType, String str, Validator validator, boolean z) throws AmbariException {
        if (userEntity == null) {
            throw new AmbariException("Missing user");
        }
        validator.validate(userEntity, str);
        List<UserAuthenticationEntity> findByUser = this.userAuthenticationDAO.findByUser(userEntity);
        UserAuthenticationEntity userAuthenticationEntity = new UserAuthenticationEntity();
        userAuthenticationEntity.setUser(userEntity);
        userAuthenticationEntity.setAuthenticationType(userAuthenticationType);
        userAuthenticationEntity.setAuthenticationKey(str);
        findByUser.add(userAuthenticationEntity);
        userEntity.setAuthenticationEntities(findByUser);
        if (z) {
            this.userDAO.merge(userEntity);
        }
    }

    public Integer incrementConsecutiveAuthenticationFailures(String str) {
        return incrementConsecutiveAuthenticationFailures(getUserEntity(str));
    }

    public Integer incrementConsecutiveAuthenticationFailures(UserEntity userEntity) {
        if (userEntity != null) {
            userEntity = safelyUpdateUserEntity(userEntity, new Command() { // from class: org.apache.ambari.server.security.authorization.Users.7
                @Override // org.apache.ambari.server.security.authorization.Users.Command
                public void perform(UserEntity userEntity2) {
                    userEntity2.incrementConsecutiveFailures();
                }
            }, MAX_RETRIES);
        }
        if (userEntity == null) {
            return null;
        }
        return userEntity.getConsecutiveFailures();
    }

    public void clearConsecutiveAuthenticationFailures(String str) {
        clearConsecutiveAuthenticationFailures(getUserEntity(str));
    }

    public void clearConsecutiveAuthenticationFailures(UserEntity userEntity) {
        if (userEntity == null || userEntity.getConsecutiveFailures().intValue() == 0) {
            return;
        }
        safelyUpdateUserEntity(userEntity, new Command() { // from class: org.apache.ambari.server.security.authorization.Users.8
            @Override // org.apache.ambari.server.security.authorization.Users.Command
            public void perform(UserEntity userEntity2) {
                userEntity2.setConsecutiveFailures(0);
            }
        }, MAX_RETRIES);
    }

    public UserEntity safelyUpdateUserEntity(UserEntity userEntity, Command command) {
        return safelyUpdateUserEntity(userEntity, command, MAX_RETRIES);
    }

    public UserEntity safelyUpdateUserEntity(UserEntity userEntity, Command command, int i) {
        int i2 = i;
        do {
            try {
                command.perform(userEntity);
                this.userDAO.merge(userEntity);
                return userEntity;
            } catch (Throwable th) {
                Throwable th2 = th;
                int i3 = 50;
                while (true) {
                    if (!(th2 instanceof OptimisticLockException)) {
                        th2 = th2.getCause();
                        i3--;
                        if (th2 == null || th2 == th || i3 <= 0) {
                            break;
                        }
                    } else {
                        Integer userId = userEntity.getUserId();
                        userEntity = this.userDAO.findByPK(userId);
                        if (userEntity == null) {
                            LOG.warn("Failed to find user with user id of {}.  The user may have been removed. Aborting.", userId);
                            return null;
                        }
                        i2--;
                        if (i2 == 0) {
                            LOG.error("Failed to update the user's ({}) consecutive failures value due to an OptimisticLockException.  Aborting.", userEntity.getUserName());
                            throw th;
                        }
                        LOG.warn("Failed to update the user's ({}) consecutive failures value due to an OptimisticLockException.  {} retries left, retrying...", userEntity.getUserName(), Integer.valueOf(i2));
                    }
                }
                if (th2 == null || th2 == th || i3 == 0) {
                    throw th;
                }
            }
        } while (i2 > 0);
        return userEntity;
    }

    public void validatePassword(String str) {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("The password does not meet the password policy requirements");
        }
        String passwordPolicyRegexp = this.configuration.getPasswordPolicyRegexp();
        if (!StringUtils.isEmpty(passwordPolicyRegexp) && !Pattern.matches(passwordPolicyRegexp, str)) {
            throw new IllegalArgumentException("The password does not meet the Ambari user password policy : " + this.configuration.getPasswordPolicyDescription());
        }
    }
}
