package com.huawei.bigdata.om.web.api.controller;

import com.huawei.bigdata.om.acs.api.model.security.acs.OrderEnum;
import com.huawei.bigdata.om.acs.api.model.security.acs.Result;
import com.huawei.bigdata.om.acs.api.model.security.acs.ResultEnum;
import com.huawei.bigdata.om.acs.api.model.security.acs.group.ListUserGroupRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.group.ListUserGroupResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.group.UserGroup;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.GetKeytabResquest;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.ListPwdPolicyResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.MapPwdPolicyResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.PasswordPolicy;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.PwdPolicyRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.QueryPwdPolicyResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.AddUserRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.BatchExportRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.BatchNameRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.IsFirstLoginResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ListUserRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ListUserResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ModifyUserPwdRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ResetPasswordRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.UnlockUserRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.User;
import com.huawei.bigdata.om.aos.api.model.security.aos.permission.response.ResourceQueryResponse;
import com.huawei.bigdata.om.aos.api.model.security.aos.permission.response.ServiceQueryResponse;
import com.huawei.bigdata.om.aos.api.model.security.aos.permission.response.ViewQueryResponse;
import com.huawei.bigdata.om.aos.api.model.security.aos.plugin.DependPermissionQueryResponse;
import com.huawei.bigdata.om.aos.api.model.security.aos.role.RoleInformation;
import com.huawei.bigdata.om.aos.api.model.security.aos.role.request.RoleInforQueryRequest;
import com.huawei.bigdata.om.aos.api.model.security.aos.role.response.RoleInforQueryResponse;
import com.huawei.bigdata.om.client.Client;
import com.huawei.bigdata.om.common.utils.FileUtil;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.common.utils.ValidateUtil;
import com.huawei.bigdata.om.controller.api.common.conf.AdIntegrationConfigs;
import com.huawei.bigdata.om.controller.api.common.conf.MutualTrustConfigs;
import com.huawei.bigdata.om.controller.api.common.utils.EnvUtil;
import com.huawei.bigdata.om.controller.api.extern.monitor.ShellUtil;
import com.huawei.bigdata.om.controller.api.extern.monitor.script.ScriptExecutionResult;
import com.huawei.bigdata.om.northbound.ftp.CollectionUploadConstants;
import com.huawei.bigdata.om.web.api.converter.AuthModelConverter;
import com.huawei.bigdata.om.web.api.converter.OMSConverter;
import com.huawei.bigdata.om.web.api.converter.SessionConverter;
import com.huawei.bigdata.om.web.api.exception.InternalServerException;
import com.huawei.bigdata.om.web.api.exception.InvalidParameterException;
import com.huawei.bigdata.om.web.api.exception.ResourceNotFoundException;
import com.huawei.bigdata.om.web.api.model.APIAsyncResponse;
import com.huawei.bigdata.om.web.api.model.APIExportResponse;
import com.huawei.bigdata.om.web.api.model.auth.APIAuthDependPermission;
import com.huawei.bigdata.om.web.api.model.auth.APIAuthResourceModel;
import com.huawei.bigdata.om.web.api.model.auth.APIAuthResources;
import com.huawei.bigdata.om.web.api.model.auth.APIAuthServices;
import com.huawei.bigdata.om.web.api.model.auth.APIAuthViews;
import com.huawei.bigdata.om.web.api.model.auth.APIClusterId;
import com.huawei.bigdata.om.web.api.model.auth.APIUploadFileResponse;
import com.huawei.bigdata.om.web.api.model.auth.APIUser;
import com.huawei.bigdata.om.web.api.model.auth.APIUserGroup;
import com.huawei.bigdata.om.web.api.model.auth.APIUserGroupNames;
import com.huawei.bigdata.om.web.api.model.auth.APIUserGroups;
import com.huawei.bigdata.om.web.api.model.auth.APIUserNames;
import com.huawei.bigdata.om.web.api.model.auth.APIUserPwdModifyRequest;
import com.huawei.bigdata.om.web.api.model.auth.APIUserPwdPolicies;
import com.huawei.bigdata.om.web.api.model.auth.APIUserPwdPolicy;
import com.huawei.bigdata.om.web.api.model.auth.APIUserPwdPolicyUnAuth;
import com.huawei.bigdata.om.web.api.model.auth.APIUserPwdResetRequest;
import com.huawei.bigdata.om.web.api.model.auth.APIUserRole;
import com.huawei.bigdata.om.web.api.model.auth.APIUserRoleNames;
import com.huawei.bigdata.om.web.api.model.auth.APIUserRoles;
import com.huawei.bigdata.om.web.api.model.auth.APIUsers;
import com.huawei.bigdata.om.web.api.model.auth.ApiAdIntegrationConfig;
import com.huawei.bigdata.om.web.api.model.auth.ApiAdModel;
import com.huawei.bigdata.om.web.api.model.ui.APIIsFirstLoginResponse;
import com.huawei.bigdata.om.web.api.model.ui.APIMutualTrustConfig;
import com.huawei.bigdata.om.web.api.model.ui.ExtraPermissionRequest;
import com.huawei.bigdata.om.web.api.service.AuthorityResourceService;
import com.huawei.bigdata.om.web.api.service.DisasterClientProvider;
import com.huawei.bigdata.om.web.api.service.OMSResourceService;
import com.huawei.bigdata.om.web.api.service.SessionResourceService;
import com.huawei.bigdata.om.web.api.util.APIContextUtil;
import com.huawei.bigdata.om.web.api.util.APIUtils;
import com.huawei.bigdata.om.web.api.util.ValidateUtils;
import com.huawei.bigdata.om.web.model.proto.BatchOperateResponse;
import com.huawei.bigdata.om.web.model.proto.RESTResponse;
import com.huawei.bigdata.om.web.model.proto.Response;
import com.huawei.bigdata.om.web.model.security.CommandType;
import com.huawei.bigdata.om.web.model.security.role.AddRoleRequest;
import com.huawei.bigdata.om.web.model.security.role.CommandRequest;
import com.huawei.bigdata.om.web.model.security.role.ModifyRoleRequest;
import com.huawei.bigdata.om.web.security.ControllerHtttpClient;
import com.huawei.bigdata.om.web.security.iam.HeartbeatEventManager;
import com.huawei.bigdata.om.web.security.iam.util.IAMUtil;
import com.huawei.bigdata.om.web.util.ApplicationConfiguration;
import com.huawei.bigdata.om.web.util.CertUtil;
import com.huawei.bigdata.om.web.util.DownloadFileUtil;
import io.swagger.annotations.ApiParam;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.multipart.MultipartFile;

@RestController
/* loaded from: input_file:com/huawei/bigdata/om/web/api/controller/AuthorityController.class */
public class AuthorityController implements IAuthorityController {
    public static final String ENGLISH = "en-us";
    public static final String ENGLISH_SIMPLE = "en";
    public static final String CHINESE = "zh-cn";
    public static final String CHINESE_SIMPLE = "cn";
    public static final String USER_ROLE_TYPE = "ROLE";
    public static final String MANAGER_SERVER = "Manager";
    private static final int FILE_SIZE = 10485760;
    private static final String COMMON_USER = "1";
    private static final String DOMAIN_USER = "2";
    private static final String ALL_USER_TYPE = "";
    private static final String DEFAULT_POLICYNAME = "default";
    private static final String USER_ACTION_LOCKED = "1";
    private static final String USER_ACTION_DELETE = "3";
    private static final String INDEPDT_GROUP = "independent";
    private static final String MPPDB_SERVICE_NAME = "MPPDB";
    private static final String ELK_SERVICE_NAME = "Elk";
    private static final String AD_CERT_ALIAS = "AD_CERT";
    public static final String HUMAN_MACHINE_ACCOUNT_OLD = "0";
    private static final int ERROR_CODE_SYNCHRONIZE = -39;
    private static final String LOCK_POLICY = "lockpolicy";
    private static final String POLICYM_POLICY = "policym";
    private static final int ERROR_CODE_ADD_USER_SYNCHRONIZE = -601;
    private static final int ERROR_CODE_MODIFY_USER_SYNCHRONIZE = -602;
    private static final int ERROR_CODE_RESET_USER_PASSWORD_SYNCHRONIZE = -603;
    private static final int ERROR_CODE_REMOVE_USER_SYNCHRONIZE = -604;
    private static final int ERROR_CODE_ADD_USER_GROUP_SYNCHRONIZE = -605;
    private static final int ERROR_CODE_MODIFY_USER_GROUP_SYNCHRONIZE = -606;
    private static final int ERROR_CODE_REMOVE_USERS_SYNCHRONIZE = -609;
    private static final String AD_ALL_SYNCHROMODEL = "all";
    private static final String AD_STATUS_SEPARATOR = ",";
    private static final String PERM_SUFFIX = ".pem";
    private static final String CER_SUFFIX = ".cer";
    private static final String CRT_SUFFIX = ".crt";
    private static final String AD_CERT_NAME = "ad";
    private static final String USER_ADMIN = "admin";
    private static final String LAUNCHER_SCRIPT = "sbin/scriptLauncher.sh";
    private static final String HUMAN_COMPUTER_ACCOUNT = "HM";
    private static final int ERROR_CODE_ACCOUNT_LOCKED = -320;
    private static final String USER_LOCKED_ID = "660017";
    private static final String LOCKED_USER_ACTION_QUERY = "2";
    private static final String LOCKED_USER_ACTION_DELETE = "3";

    @Autowired
    private AuthorityResourceService authorityService;

    @Autowired
    private OMSResourceService omsResourceService;

    @Autowired
    DisasterClientProvider disasterClientProvider;

    @Autowired
    private Client controllerClient;

    @Autowired
    private HeartbeatEventManager heartbeatEventManager;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private SessionResourceService sessionService;
    private static final String CONTROLLER_HOME = "CONTROLLER_HOME";
    private static final String AD_CERT_PATH = System.getenv(CONTROLLER_HOME) + "/security/ad/";
    private static final String BIGDATA_DATA_HOME = EnvUtil.getBigdataDataHome();
    private static final String KEYTAB_DOWNLOAD_FOLDER = BIGDATA_DATA_HOME + File.separator + "Manager" + File.separator + "keytab" + File.separator + "downloaddir";
    private static final String EXPORT_USER_FILE_DOWNLOAD_FOLDER = BIGDATA_DATA_HOME + File.separator + "Manager" + File.separator + "user" + File.separator + "downloaddir" + File.separator + "userInfo";
    private static final String EXPORT_GROUP_FILE_DOWNLOAD_FOLDER = BIGDATA_DATA_HOME + File.separator + "Manager" + File.separator + "group" + File.separator + "downloaddir" + File.separator + "groupInfo";
    private static final String EXPORT_ROLE_FILE_DOWNLOAD_FOLDER = BIGDATA_DATA_HOME + File.separator + "Manager" + File.separator + "role" + File.separator + "downloaddir" + File.separator + "roleInfo";
    private static final Logger LOG = LoggerFactory.getLogger(AuthorityController.class);

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void addUser(@ApiParam(value = "用户信息", required = true) @RequestBody APIUser aPIUser) {
        ApiAdIntegrationConfig adIntegrationConfig = getAdIntegrationConfig();
        if (adIntegrationConfig != null && adIntegrationConfig.isEnable() && adIntegrationConfig.getSyncMode().equals("all")) {
            LOG.error("You integration AD server at all model,so can't create user account.");
            throw new InternalServerException("12-5000113", "RESID_OM_API_AUTHORITY_0182");
        }
        boolean isEncoded = APIContextUtil.getIsEncoded();
        if ("HM".equals(aPIUser.getUserType())) {
            this.authorityService.checkPassword(aPIUser.getPassword(), aPIUser.getUserName(), isEncoded);
            this.authorityService.checkWeakPassword(aPIUser.getPassword(), isEncoded);
        }
        this.authorityService.checkUserGroup(aPIUser.getUserGroups());
        AuthModelConverter.reConstructApiUser(aPIUser, isEncoded);
        User convert2AddUser = AuthModelConverter.convert2AddUser(aPIUser);
        AddUserRequest addUserRequest = new AddUserRequest(convert2AddUser);
        addUserRequest.setConfirmPassword(convert2AddUser.getPassword());
        Response addUser = APIContextUtil.getSecurityClient().addUser(addUserRequest, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != addUser.getErrorCode()) {
            LOG.error("add user faild : {} ", addUser.getErrorDescription());
            if (addUser.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                addUser.setErrorCode(ERROR_CODE_ADD_USER_SYNCHRONIZE);
            }
            this.authorityService.handleErrorCode(addUser.getErrorCode(), addUser.getErrorDescriptionRecoder().getRecoder());
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void modifyUser(@PathVariable @ApiParam(value = "用户名", required = true) String str, @ApiParam(value = "用户信息", required = true) @RequestBody APIUser aPIUser) {
        if (!str.equals(aPIUser.getUserName())) {
            LOG.error("User :{} is only allowed to modify its own.", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-5000011", "RESID_OM_API_AUTHORITY_0054");
        }
        boolean checkUserAndUserGroup = this.authorityService.checkUserAndUserGroup(str, aPIUser);
        boolean isEncoded = APIContextUtil.getIsEncoded();
        if (StringUtils.isNotEmpty(aPIUser.getPassword())) {
            this.authorityService.checkPassword(aPIUser.getPassword(), aPIUser.getUserName(), isEncoded);
        }
        User convert2ModifyUser = AuthModelConverter.convert2ModifyUser(aPIUser, checkUserAndUserGroup);
        reconstructUser(convert2ModifyUser, isEncoded);
        String currentLoginUsername = IAMUtil.getCurrentLoginUsername();
        String userPwdPolicyName = getUserPwdPolicyName(currentLoginUsername);
        if (currentLoginUsername.equals(convert2ModifyUser.getUserName()) && !userPwdPolicyName.equals(convert2ModifyUser.getPasswordPolicy())) {
            LOG.error("The binding relationship between the password policy and your account cannot be modified.userName:{}", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4000192", "RESID_OM_API_AUTHORITY_0192");
        }
        String userPwdPolicyName2 = getUserPwdPolicyName(str);
        if (LOCK_POLICY.equals(userPwdPolicyName2) && !userPwdPolicyName2.equals(convert2ModifyUser.getPasswordPolicy())) {
            LOG.error("The password policy cannot be modified because the user is locked.");
            throw new InternalServerException("12-4000195", "RESID_OM_API_AUTHORITY_0195");
        }
        new Response();
        Response modifyUser = APIContextUtil.getSecurityClient().modifyUser(convert2ModifyUser, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != modifyUser.getErrorCode()) {
            LOG.error("modify user faild : " + modifyUser.getErrorDescription());
            if (modifyUser.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                modifyUser.setErrorCode(ERROR_CODE_MODIFY_USER_SYNCHRONIZE);
            }
            this.authorityService.handleErrorCode(modifyUser.getErrorCode(), modifyUser.getErrorDescriptionRecoder().getRecoder());
        }
        this.heartbeatEventManager.recordModUserEvent(str);
    }

    private void reconstructUser(User user, boolean z) {
        if (z) {
            user.setPassword(SessionConverter.base64Decode(user.getPassword()));
        }
    }

    private String getUserPwdPolicyName(String str) {
        try {
            QueryPwdPolicyResponse queryPwdPolicyResponse = (QueryPwdPolicyResponse) this.restTemplate.getForObject(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/policy/querysecuritypolicy/" + str, QueryPwdPolicyResponse.class, new Object[0]);
            return (queryPwdPolicyResponse == null || queryPwdPolicyResponse.getPasswordPolicy() == null) ? "" : queryPwdPolicyResponse.getPasswordPolicy().getPolicyName();
        } catch (Exception e) {
            LOG.error("get currentUser password policy faild");
            throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void modifyAdUser(@PathVariable @ApiParam(value = "AD域用户名", required = true) String str, @ApiParam(value = "用户信息", required = true) @RequestBody APIUser aPIUser) {
        try {
            String decode = URLDecoder.decode(str, "UTF-8");
            if (!decode.equals(aPIUser.getUserName())) {
                LOG.error("userGroup :{} is only allowed to modify its own.", StringHelper.replaceBlank(decode));
                throw new ResourceNotFoundException("12-5000011", "RESID_OM_API_AUTHORITY_0054");
            }
            boolean checkAdUserAndUserGroup = this.authorityService.checkAdUserAndUserGroup(decode, aPIUser);
            boolean isEncoded = APIContextUtil.getIsEncoded();
            if (StringUtils.isNotEmpty(aPIUser.getPassword())) {
                this.authorityService.checkPassword(aPIUser.getPassword(), aPIUser.getUserName(), isEncoded);
            }
            User convert2ModifyUser = AuthModelConverter.convert2ModifyUser(aPIUser, checkAdUserAndUserGroup);
            reconstructUser(convert2ModifyUser, isEncoded);
            new Response();
            Response modifyAdUser = APIContextUtil.getSecurityClient().modifyAdUser(convert2ModifyUser, APIContextUtil.getLanguage());
            if (ResultEnum.SUCCESS.getResultCode() != modifyAdUser.getErrorCode()) {
                LOG.error("modify user faild : " + modifyAdUser.getErrorDescription());
                if (modifyAdUser.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                    modifyAdUser.setErrorCode(ERROR_CODE_MODIFY_USER_SYNCHRONIZE);
                }
                this.authorityService.handleErrorCode(modifyAdUser.getErrorCode(), modifyAdUser.getErrorDescriptionRecoder().getRecoder());
            }
            this.heartbeatEventManager.recordModUserEvent(decode);
        } catch (UnsupportedEncodingException e) {
            LOG.error("The user name is invalid.");
            throw new ResourceNotFoundException("12-5000010", "RESID_OM_API_AUTHORITY_0053");
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void synchroAdUsersByHand() {
        Response syschroAdUsersByHand = APIContextUtil.getSecurityClient().syschroAdUsersByHand();
        if (syschroAdUsersByHand.getErrorCode() == ResultEnum.SUCCESS.getResultCode()) {
            LOG.info("syschro ad users success.");
        } else {
            if (syschroAdUsersByHand.getErrorCode() == ResultEnum.ERR_SYNCHRO_AD_USERS_FAILED.getResultCode()) {
                throw new InternalServerException("12-5000116", "RESID_OM_API_AUTHORITY_0185");
            }
            LOG.warn("syschro ad users failed.");
            this.authorityService.handleErrorCode(syschroAdUsersByHand.getErrorCode(), syschroAdUsersByHand.getErrorDescriptionRecoder().getRecoder());
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void resetUserPassword(@PathVariable @ApiParam(value = "用户名", required = true) String str, @ApiParam(value = "密码重置请求", required = true) @RequestBody APIUserPwdResetRequest aPIUserPwdResetRequest) {
        if (APIUtils.isAdUser(str)) {
            LOG.info("modify password for ad user is not supported.");
            throw new InternalServerException("12-5000111", "RESID_OM_API_AUTHORITY_0180");
        }
        boolean isEncoded = APIContextUtil.getIsEncoded();
        this.authorityService.checkUserExist(str);
        this.authorityService.checkPassword(aPIUserPwdResetRequest.getNewPassword(), str, isEncoded);
        this.authorityService.checkWeakPassword(aPIUserPwdResetRequest.getNewPassword(), isEncoded);
        this.authorityService.operationAuthentication();
        this.authorityService.reConstructUserPassword(aPIUserPwdResetRequest, isEncoded);
        String username = IAMUtil.getUserDetails().getUsername();
        String language = APIContextUtil.getLanguage();
        if (((User) APIContextUtil.getSecurityClient().queryUserByName(str, language).getResObj().getUsers().get(0)).getGroupList().contains(INDEPDT_GROUP)) {
            LOG.error("You can not reset the password because the user is independent.");
            throw new InternalServerException("12-5000091", "RESID_OM_API_AUTHORITY_0134");
        }
        ResetPasswordRequest resetPasswordRequest = new ResetPasswordRequest(str, aPIUserPwdResetRequest.getNewPassword(), aPIUserPwdResetRequest.getNewPassword(), username);
        new Response();
        Response resetPassWord = APIContextUtil.getSecurityClient().resetPassWord(resetPasswordRequest, language);
        if (ResultEnum.SUCCESS.getResultCode() != resetPassWord.getErrorCode()) {
            LOG.error("reset user password faild : " + resetPassWord.getErrorDescription());
            if (resetPassWord.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                resetPassWord.setErrorCode(ERROR_CODE_RESET_USER_PASSWORD_SYNCHRONIZE);
            }
            this.authorityService.handleErrorCode(resetPassWord.getErrorCode(), resetPassWord.getErrorDescriptionRecoder().getRecoder());
        }
        this.heartbeatEventManager.recordModUserEvent(str);
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void removeUsers(@ApiParam(value = "用户名列表", required = true) @RequestBody APIUserNames aPIUserNames) {
        String language = APIContextUtil.getLanguage();
        if (aPIUserNames.getUserNames().size() == 1) {
            String str = (String) aPIUserNames.getUserNames().get(0);
            new Response();
            Response deleteUser = APIContextUtil.getSecurityClient().deleteUser(str, language);
            if (ResultEnum.SUCCESS.getResultCode() != deleteUser.getErrorCode()) {
                LOG.error("remove users faild : " + deleteUser.getErrorCode());
                if (deleteUser.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                    deleteUser.setErrorCode(ERROR_CODE_REMOVE_USER_SYNCHRONIZE);
                }
                this.authorityService.handleErrorCode(deleteUser.getErrorCode(), deleteUser.getErrorDescriptionRecoder().getRecoder());
            }
            ControllerHtttpClient.doExecute(str, "3");
            this.heartbeatEventManager.recordDelUserEvent(str);
            return;
        }
        BatchNameRequest batchNameRequest = new BatchNameRequest();
        batchNameRequest.setUserList(aPIUserNames.getUserNames());
        new BatchOperateResponse();
        BatchOperateResponse batchDeleteUser = APIContextUtil.getSecurityClient().batchDeleteUser(batchNameRequest, language);
        if (ResultEnum.SUCCESS.getResultCode() != batchDeleteUser.getErrorCode()) {
            LOG.error("remove users faild");
            if (batchDeleteUser.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                batchDeleteUser.setErrorCode(ERROR_CODE_REMOVE_USERS_SYNCHRONIZE);
                this.authorityService.handleErrorCode(batchDeleteUser.getErrorCode());
            }
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void removeAdUsers(@ApiParam(value = "AD用户", required = true) @RequestBody APIUserNames aPIUserNames) {
        LOG.info("enter the remove AD user.");
        try {
            String decode = URLDecoder.decode((String) aPIUserNames.getUserNames().get(0), "UTF-8");
            new Response();
            Response deleteAdUser = APIContextUtil.getSecurityClient().deleteAdUser(decode);
            if (ResultEnum.SUCCESS.getResultCode() != deleteAdUser.getErrorCode()) {
                LOG.error("remove users faild : " + deleteAdUser.getErrorCode());
                if (deleteAdUser.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                    deleteAdUser.setErrorCode(ERROR_CODE_REMOVE_USER_SYNCHRONIZE);
                }
                this.authorityService.handleErrorCode(deleteAdUser.getErrorCode(), deleteAdUser.getErrorDescriptionRecoder().getRecoder());
            }
            ControllerHtttpClient.doExecute((String) aPIUserNames.getUserNames().get(0), "3");
            this.heartbeatEventManager.recordDelUserEvent((String) aPIUserNames.getUserNames().get(0));
        } catch (UnsupportedEncodingException e) {
            LOG.error("The user name is invalid.");
            throw new ResourceNotFoundException("12-5000010", "RESID_OM_API_AUTHORITY_0053");
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUsers getUsers() {
        String language = APIContextUtil.getLanguage();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        int i = NumberUtils.toInt(httpServletRequest.getParameter("limit"), 10);
        int i2 = NumberUtils.toInt(httpServletRequest.getParameter("offset"), 0) * i;
        String parameter = httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("order");
        if (StringUtils.isEmpty(parameter2)) {
            parameter2 = OrderEnum.ASC.toString();
        }
        OrderEnum orderEnum = parameter2.equals(OrderEnum.ASC.toString()) ? OrderEnum.ASC : OrderEnum.DESC;
        String parameter3 = httpServletRequest.getParameter("order_by");
        new RESTResponse();
        ListUserRequest listUserRequest = new ListUserRequest(i2, i, "", "1");
        listUserRequest.setLan(language);
        listUserRequest.setOrder(orderEnum);
        listUserRequest.setOrderBy(parameter3);
        listUserRequest.setFilter(parameter);
        RESTResponse<ListUserResponse> queryUserList = APIContextUtil.getSecurityClient().queryUserList(listUserRequest);
        if (ResultEnum.SUCCESS.getResultCode() != queryUserList.getErrorCode()) {
            LOG.error("get users faild");
            this.authorityService.handleErrorCode(queryUserList.getErrorCode());
        }
        APIUsers aPIUsers = new APIUsers();
        aPIUsers.setTotalCount(queryUserList.getResObj().getTotal());
        List<User> users = queryUserList.getResObj().getUsers();
        String indepdtInConfig = APIContextUtil.getSecurityClient().getIndepdtInConfig();
        ArrayList arrayList = new ArrayList();
        if (ValidateUtil.isNull(new Object[]{users}) || users.size() <= 0) {
            aPIUsers.setUsers(new ArrayList());
            aPIUsers.setTotalCount(0);
        } else {
            List<APIUser> arrayList2 = new ArrayList();
            for (User user : users) {
                arrayList2.add(AuthModelConverter.convert2APIUser(user, indepdtInConfig));
                if (user.getUserType().equals("0")) {
                    arrayList.add(user.getUserName());
                }
            }
            if (!arrayList.isEmpty()) {
                arrayList2 = setUserPwdPolicy(arrayList2, arrayList);
            }
            aPIUsers.setUsers(arrayList2);
        }
        return aPIUsers;
    }

    private List<APIUser> setUserPwdPolicy(List<APIUser> list, List<String> list2) {
        RESTResponse<MapPwdPolicyResponse> queryPasswordPolicyByUserNameList = APIContextUtil.getSecurityClient().queryPasswordPolicyByUserNameList(new PwdPolicyRequest(list2));
        if (ResultEnum.SUCCESS.getResultCode() != queryPasswordPolicyByUserNameList.getErrorCode()) {
            LOG.error("queryPasswordPolicyByUserNameList faild");
            this.authorityService.handleErrorCode(queryPasswordPolicyByUserNameList.getErrorCode());
        }
        Map passwordPolicyMap = queryPasswordPolicyByUserNameList.getResObj().getPasswordPolicyMap();
        for (APIUser aPIUser : list) {
            aPIUser.setPwdPolicy((String) passwordPolicyMap.get(aPIUser.getUserName()));
        }
        return list;
    }

    /* JADX WARN: Removed duplicated region for block: B:28:0x0194  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x01a4  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x01b4  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x01c4  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x01d4  */
    @org.springframework.web.bind.annotation.ResponseStatus(org.springframework.http.HttpStatus.OK)
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.huawei.bigdata.om.web.api.model.auth.APIUsers getAdUsers() {
        /*
            Method dump skipped, instructions count: 709
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.bigdata.om.web.api.controller.AuthorityController.getAdUsers():com.huawei.bigdata.om.web.api.model.auth.APIUsers");
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUser getUser(@PathVariable @ApiParam(value = "用户名", required = true) String str) {
        RESTResponse<ListUserResponse> queryUserByName = APIContextUtil.getSecurityClient().queryUserByName(str, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != queryUserByName.getErrorCode()) {
            LOG.error("get user faild");
            this.authorityService.handleErrorCode(queryUserByName.getErrorCode());
        }
        if (queryUserByName.getResObj().getTotal() == 0) {
            LOG.error("user :{} is not exist", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4040001", "RESID_OM_API_AUTHORITY_0039");
        }
        APIUser convert2APIUser = AuthModelConverter.convert2APIUser((User) queryUserByName.getResObj().getUsers().get(0), APIContextUtil.getSecurityClient().getIndepdtInConfig());
        convert2APIUser.setPwdPolicy(getUserPwdPolicyName(str));
        return convert2APIUser;
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUser getAdUser(@PathVariable @ApiParam(value = "AD用户名", required = true) String str) {
        LOG.info("enter getAdUser,the user_name is :{}", str);
        try {
            String decode = URLDecoder.decode(str, "UTF-8");
            APIContextUtil.getLanguage();
            RESTResponse<ListUserResponse> queryAdUserByName = APIContextUtil.getSecurityClient().queryAdUserByName(decode);
            if (ResultEnum.SUCCESS.getResultCode() != queryAdUserByName.getErrorCode()) {
                LOG.error("get ad user faild");
                this.authorityService.handleErrorCode(queryAdUserByName.getErrorCode());
            }
            if (queryAdUserByName.getResObj().getTotal() != 0) {
                return AuthModelConverter.convert2APIUser((User) queryAdUserByName.getResObj().getUsers().get(0), APIContextUtil.getSecurityClient().getIndepdtInConfig());
            }
            LOG.error("ad user :{} is not exist", StringHelper.replaceBlank(decode));
            throw new ResourceNotFoundException("12-4040001", "RESID_OM_API_AUTHORITY_0039");
        } catch (UnsupportedEncodingException e) {
            LOG.error("The user name is invalid.");
            throw new ResourceNotFoundException("12-5000010", "RESID_OM_API_AUTHORITY_0053");
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void lockUser(@PathVariable @ApiParam(value = "用户名", required = true) String str) {
        this.authorityService.checkUserExistAndUserType(str);
        Response lockUser = APIContextUtil.getSecurityClient().lockUser(str);
        if (ResultEnum.SUCCESS.getResultCode() != lockUser.getErrorCode()) {
            LOG.error("lock user faild");
            this.authorityService.handleErrorCode(lockUser.getErrorCode());
        }
        ControllerHtttpClient.doExecute(str, "1");
        this.heartbeatEventManager.recordModUserEvent(str);
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void unlockUser(@PathVariable @ApiParam(value = "用户名", required = true) String str) {
        this.authorityService.checkUserExist(str);
        String language = APIContextUtil.getLanguage();
        if (StringUtils.equals(str, IAMUtil.getCurrentLoginUsername())) {
            LOG.error("Users cannot unlock themselves.");
            throw new InternalServerException("12-5000117", "RESID_OM_API_AUTHORITY_0188");
        }
        Response unlock = APIContextUtil.getSecurityClient().unlock(new UnlockUserRequest(str), language);
        if (ResultEnum.SUCCESS.getResultCode() != unlock.getErrorCode()) {
            LOG.error("unlock user faild");
            this.authorityService.handleErrorCode(unlock.getErrorCode());
        }
        ControllerHtttpClient.doExecute(str, "3");
    }

    @ResponseStatus(HttpStatus.OK)
    public APIExportResponse getUserKeytab(@PathVariable @ApiParam(value = "用户名", required = true) String str, @ApiParam(value = "集群ID", required = false) @RequestBody(required = false) APIClusterId aPIClusterId) {
        APIExportResponse aPIExportResponse = new APIExportResponse();
        this.authorityService.checkUserExist(str);
        List userList = APIContextUtil.getSecurityClient().queryGroupByName(INDEPDT_GROUP, APIContextUtil.getLanguage()).getResObj().get(0).getUserList();
        String username = this.authorityService.getUserDetails().getUsername();
        if (userList.contains(str) && !username.equals(str)) {
            LOG.error("You can not get the authentication credentials because the user is independent.");
            throw new InternalServerException("12-5000092", "RESID_OM_API_AUTHORITY_0135");
        }
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        GetKeytabResquest convert2GetKeytabResquest = AuthModelConverter.convert2GetKeytabResquest(str);
        if (null != aPIClusterId) {
            convert2GetKeytabResquest.setClusterId(aPIClusterId.getClusterId());
        } else {
            convert2GetKeytabResquest.setClusterId(1);
        }
        new RESTResponse();
        RESTResponse<String> userKeytab = APIContextUtil.getSecurityClient().getUserKeytab(APIContextUtil.getSecurityClient(), convert2GetKeytabResquest, httpServletRequest);
        if (ResultEnum.SUCCESS.getResultCode() != userKeytab.getErrorCode()) {
            LOG.error("Get user keytab faild.");
            this.authorityService.handleErrorCode(userKeytab.getErrorCode());
        }
        aPIExportResponse.setFileName(userKeytab.getResObj());
        return aPIExportResponse;
    }

    @ResponseStatus(HttpStatus.OK)
    public APIExportResponse getUsersKeytab(@ApiParam(value = "用户名列表", required = true) @RequestBody APIUserNames aPIUserNames) {
        APIExportResponse aPIExportResponse = new APIExportResponse();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        List userList = APIContextUtil.getSecurityClient().queryGroupByName(INDEPDT_GROUP, APIContextUtil.getLanguage()).getResObj().get(0).getUserList();
        for (String str : aPIUserNames.getUserNames()) {
            if (userList.contains(str)) {
                LOG.error("Failed to get the authentication credentials,beause the user {} is independent", str);
                throw new InternalServerException("12-5000092", "RESID_OM_API_AUTHORITY_0135");
            }
        }
        GetKeytabResquest convert2GetKeytabResquest = AuthModelConverter.convert2GetKeytabResquest(aPIUserNames);
        convert2GetKeytabResquest.setClusterId(aPIUserNames.getClusterId());
        new RESTResponse();
        RESTResponse<String> userKeytab = APIContextUtil.getSecurityClient().getUserKeytab(APIContextUtil.getSecurityClient(), convert2GetKeytabResquest, httpServletRequest);
        if (ResultEnum.SUCCESS.getResultCode() != userKeytab.getErrorCode()) {
            LOG.error("get users keytab faild");
            this.authorityService.handleErrorCode(userKeytab.getErrorCode());
        }
        aPIExportResponse.setFileName(userKeytab.getResObj());
        return aPIExportResponse;
    }

    @ResponseStatus(HttpStatus.OK)
    public void downloadUserKeytab() {
        String parameter = APIContextUtil.getHttpServletRequest().getParameter("file_name");
        if (DownloadFileUtil.downloadFile(APIContextUtil.getHttpServletResponse(), KEYTAB_DOWNLOAD_FOLDER + File.separator + parameter, parameter, false)) {
            return;
        }
        LOG.error("Download user keytab faild.");
        throw new InternalServerException("12-5000002", "RESID_OM_API_AUTHORITY_0045");
    }

    @ResponseStatus(HttpStatus.OK)
    public APIExportResponse exportUsers() {
        APIExportResponse aPIExportResponse = new APIExportResponse();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        String parameter = StringUtils.isEmpty(httpServletRequest.getParameter("filter")) ? "" : httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("format");
        List<String> allUserNames = APIContextUtil.getSecurityClient().getAllUserNames(parameter);
        if (allUserNames == null) {
            LOG.error("Export users faild when getting all user names.");
            throw new InternalServerException("12-5000006", "RESID_OM_API_AUTHORITY_0049");
        }
        BatchExportRequest batchExportRequest = new BatchExportRequest();
        batchExportRequest.setFormat(parameter2);
        batchExportRequest.setUserList(allUserNames);
        this.authorityService.cleanTemporaryFiles(EXPORT_USER_FILE_DOWNLOAD_FOLDER);
        new RESTResponse();
        RESTResponse<String> exportUser = APIContextUtil.getSecurityClient().exportUser(batchExportRequest, httpServletRequest);
        if (ResultEnum.SUCCESS.getResultCode() != exportUser.getErrorCode()) {
            LOG.error("Export users faild.");
            this.authorityService.handleErrorCode(exportUser.getErrorCode());
        }
        aPIExportResponse.setFileName(exportUser.getResObj());
        return aPIExportResponse;
    }

    @ResponseStatus(HttpStatus.OK)
    public void downloadUsers() {
        if (APIContextUtil.getSecurityClient().downloadInfo(APIContextUtil.getHttpServletResponse(), EXPORT_USER_FILE_DOWNLOAD_FOLDER + File.separator + APIContextUtil.getHttpServletRequest().getParameter("file_name"))) {
            return;
        }
        LOG.error("Download users faild.");
        throw new InternalServerException("12-5000003", "RESID_OM_API_AUTHORITY_0046");
    }

    @ResponseStatus(HttpStatus.OK)
    public void downloadUserGroups() {
        if (APIContextUtil.getSecurityClient().downloadInfo(APIContextUtil.getHttpServletResponse(), EXPORT_GROUP_FILE_DOWNLOAD_FOLDER + File.separator + APIContextUtil.getHttpServletRequest().getParameter("file_name"))) {
            return;
        }
        LOG.error("Download user groups faild.");
        throw new InternalServerException("12-5000004", "RESID_OM_API_AUTHORITY_0047");
    }

    @ResponseStatus(HttpStatus.OK)
    public void downloadUserRoles() {
        if (APIContextUtil.getSecurityClient().downloadInfo(APIContextUtil.getHttpServletResponse(), EXPORT_ROLE_FILE_DOWNLOAD_FOLDER + File.separator + APIContextUtil.getHttpServletRequest().getParameter("file_name"))) {
            return;
        }
        LOG.error("Download user roles faild.");
        throw new InternalServerException("12-5000005", "RESID_OM_API_AUTHORITY_0048");
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUserPwdPolicyUnAuth getUserPwdPolicy() {
        String parameter = APIContextUtil.getHttpServletRequest().getParameter("user_name");
        try {
            AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class});
            String str = StringUtils.isEmpty(parameter) ? annotationConfigApplicationContext.getEnvironment().getProperty("acs.rest.server.url") + "/policy/getsecuritypolicy" : annotationConfigApplicationContext.getEnvironment().getProperty("acs.rest.server.url") + "/policy/querysecuritypolicy/" + parameter;
            LOG.info("url:{}", str);
            QueryPwdPolicyResponse queryPwdPolicyResponse = (QueryPwdPolicyResponse) this.restTemplate.getForObject(str, QueryPwdPolicyResponse.class, new Object[0]);
            if (queryPwdPolicyResponse == null || queryPwdPolicyResponse.getPasswordPolicy() == null) {
                LOG.error("get user password policy faild");
                throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
            }
            if (ResultEnum.SUCCESS.getResultCode() != queryPwdPolicyResponse.getResultCode()) {
                LOG.error("get user password policy faild");
                this.authorityService.handleErrorCode(queryPwdPolicyResponse.getResultCode());
            }
            if (ResultEnum.SUCCESS.getResultCode() != queryPwdPolicyResponse.getResultCode()) {
                LOG.error("get user password policy faild");
                this.authorityService.handleErrorCode(queryPwdPolicyResponse.getResultCode());
            }
            return AuthModelConverter.convert2APIUserPwdPolicyUnAuth(queryPwdPolicyResponse.getPasswordPolicy());
        } catch (Exception e) {
            LOG.error("get user password policy faild");
            throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUserPwdPolicy getUserPwdPolicyforAuthUser() {
        try {
            QueryPwdPolicyResponse queryPwdPolicyResponse = (QueryPwdPolicyResponse) this.restTemplate.getForObject(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/policy/getsecuritypolicy", QueryPwdPolicyResponse.class, new Object[0]);
            if (queryPwdPolicyResponse == null || queryPwdPolicyResponse.getPasswordPolicy() == null) {
                LOG.error("get user password policy faild");
                throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
            }
            if (ResultEnum.SUCCESS.getResultCode() != queryPwdPolicyResponse.getResultCode()) {
                LOG.error("get user password policy faild");
                this.authorityService.handleErrorCode(queryPwdPolicyResponse.getResultCode());
            }
            if (ResultEnum.SUCCESS.getResultCode() != queryPwdPolicyResponse.getResultCode()) {
                LOG.error("get user password policy faild");
                this.authorityService.handleErrorCode(queryPwdPolicyResponse.getResultCode());
            }
            return AuthModelConverter.convert2APIUserPwdPolicy(queryPwdPolicyResponse.getPasswordPolicy());
        } catch (Exception e) {
            LOG.error("get user password policy faild");
            throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void modifyUserPwdPolicy(@ApiParam(value = "密码策略", required = true) @RequestBody APIUserPwdPolicy aPIUserPwdPolicy) {
        Response modifyPasswordPolicy = APIContextUtil.getSecurityClient().modifyPasswordPolicy(AuthModelConverter.convert2PasswordPolicy(aPIUserPwdPolicy), DEFAULT_POLICYNAME);
        if (ResultEnum.SUCCESS.getResultCode() != modifyPasswordPolicy.getErrorCode()) {
            LOG.error("modify user password policy faild");
            this.authorityService.handleErrorCode(modifyPasswordPolicy.getErrorCode());
        }
    }

    public void modifyPwdPolicyByPolicyName(APIUserPwdPolicy aPIUserPwdPolicy, String str) {
        String currentLoginUsername = IAMUtil.getCurrentLoginUsername();
        if (!USER_ADMIN.equals(currentLoginUsername)) {
            try {
                QueryPwdPolicyResponse queryPwdPolicyResponse = (QueryPwdPolicyResponse) this.restTemplate.getForObject(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/policy/querysecuritypolicy/" + currentLoginUsername, QueryPwdPolicyResponse.class, new Object[0]);
                if (queryPwdPolicyResponse != null && queryPwdPolicyResponse.getPasswordPolicy() != null && str.equals(queryPwdPolicyResponse.getPasswordPolicy().getPolicyName())) {
                    LOG.error("get currentUser password policy faild");
                    throw new InternalServerException("12-4000191", "RESID_OM_API_AUTHORITY_0191");
                }
            } catch (Exception e) {
                LOG.error("get currentUser password policy faild");
                throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
            }
        }
        PasswordPolicy convert2PasswordPolicy = AuthModelConverter.convert2PasswordPolicy(aPIUserPwdPolicy);
        convert2PasswordPolicy.setPolicyName(str);
        Response modifyPasswordPolicy = APIContextUtil.getSecurityClient().modifyPasswordPolicy(convert2PasswordPolicy, str);
        if (ResultEnum.SUCCESS.getResultCode() != modifyPasswordPolicy.getErrorCode()) {
            LOG.error("modify user password policy faild");
            this.authorityService.handleErrorCode(modifyPasswordPolicy.getErrorCode());
        }
    }

    public void addPwdPolicy(APIUserPwdPolicy aPIUserPwdPolicy) {
        Response addPasswordPolicy = APIContextUtil.getSecurityClient().addPasswordPolicy(AuthModelConverter.convert2PasswordPolicy(aPIUserPwdPolicy));
        if (ResultEnum.SUCCESS.getResultCode() != addPasswordPolicy.getErrorCode()) {
            LOG.error("add  password policy faild");
            this.authorityService.handleErrorCode(addPasswordPolicy.getErrorCode());
        }
    }

    public void removePwdPolicy(String str) {
        if (DEFAULT_POLICYNAME.equalsIgnoreCase(str) || LOCK_POLICY.equalsIgnoreCase(str) || POLICYM_POLICY.equalsIgnoreCase(str)) {
            LOG.error("The default password policy cannot be deleted.");
            throw new InternalServerException("12-4000193", "RESID_OM_API_AUTHORITY_0193");
        }
        Response removePasswordPolicy = APIContextUtil.getSecurityClient().removePasswordPolicy(str);
        if (ResultEnum.SUCCESS.getResultCode() != removePasswordPolicy.getErrorCode()) {
            LOG.error("remove  password policy faild");
            this.authorityService.handleErrorCode(removePasswordPolicy.getErrorCode());
        }
    }

    public APIUserPwdPolicy getPwdPolicy(String str) {
        RESTResponse<PasswordPolicy> passwordPolicy = APIContextUtil.getSecurityClient().getPasswordPolicy(str);
        if (ResultEnum.SUCCESS.getResultCode() != passwordPolicy.getErrorCode()) {
            LOG.error("query  password policy faild");
            this.authorityService.handleErrorCode(passwordPolicy.getErrorCode());
        }
        if (passwordPolicy.getResObj() != null) {
            return AuthModelConverter.convert2APIUserPwdPolicy(passwordPolicy.getResObj());
        }
        LOG.error("policyName :{} is not exist", StringHelper.replaceBlank(str));
        throw new ResourceNotFoundException("12-4000194", "RESID_OM_API_AUTHORITY_0194");
    }

    public APIUserPwdPolicies getAllPwdPolicy() {
        APIUserPwdPolicies aPIUserPwdPolicies = new APIUserPwdPolicies();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        int i = NumberUtils.toInt(httpServletRequest.getParameter("limit"), 10);
        RESTResponse<ListPwdPolicyResponse> allPasswordPolicy = APIContextUtil.getSecurityClient().getAllPasswordPolicy(new PwdPolicyRequest(NumberUtils.toInt(httpServletRequest.getParameter("offset"), 0) * i, i, httpServletRequest.getParameter("filter")));
        if (ResultEnum.SUCCESS.getResultCode() != allPasswordPolicy.getErrorCode()) {
            LOG.error("query  password policy faild");
            this.authorityService.handleErrorCode(allPasswordPolicy.getErrorCode());
        }
        if (allPasswordPolicy.getResObj() == null) {
            LOG.error("ListPwdPolicyResponse is null");
            throw new ResourceNotFoundException("12-4000194", "RESID_OM_API_AUTHORITY_0194");
        }
        ListPwdPolicyResponse resObj = allPasswordPolicy.getResObj();
        if (resObj.getPasswordPolicyList() == null) {
            aPIUserPwdPolicies.setTotalCount(0);
            aPIUserPwdPolicies.setApiUserPwdPolicies(new ArrayList());
            return aPIUserPwdPolicies;
        }
        List passwordPolicyList = resObj.getPasswordPolicyList();
        ArrayList arrayList = new ArrayList();
        Iterator it = passwordPolicyList.iterator();
        while (it.hasNext()) {
            arrayList.add(AuthModelConverter.convert2APIUserPwdPolicy((PasswordPolicy) it.next()));
        }
        aPIUserPwdPolicies.setTotalCount(resObj.getTotal());
        aPIUserPwdPolicies.setApiUserPwdPolicies(arrayList);
        return aPIUserPwdPolicies;
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void addRole(@ApiParam(value = "角色信息", required = true) @RequestBody APIUserRole aPIUserRole) {
        this.authorityService.buildUserRoleSource(aPIUserRole);
        Response addRole = APIContextUtil.getSecurityClient().addRole(AuthModelConverter.convert2Role(aPIUserRole), true, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != addRole.getErrorCode()) {
            LOG.error("add user role faild");
            this.authorityService.handleErrorCode(addRole.getErrorCode(), addRole.getErrorDescriptionRecoder().getRecoder());
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void removeUserRole(@ApiParam(value = "角色名列表", required = true) @RequestBody APIUserRoleNames aPIUserRoleNames) {
        String language = APIContextUtil.getLanguage();
        if (aPIUserRoleNames.getUserRoleNames().size() == 1) {
            String str = (String) aPIUserRoleNames.getUserRoleNames().get(0);
            new Response();
            Response deleteRole = APIContextUtil.getSecurityClient().deleteRole(str, language);
            if (ResultEnum.SUCCESS.getResultCode() != deleteRole.getErrorCode()) {
                LOG.error("remove user role faild");
                this.authorityService.handleErrorCode(deleteRole.getErrorCode());
                return;
            }
            return;
        }
        BatchNameRequest batchNameRequest = new BatchNameRequest();
        batchNameRequest.setRoleList(aPIUserRoleNames.getUserRoleNames());
        new RESTResponse();
        RESTResponse<Object> batchDeleteRole = APIContextUtil.getSecurityClient().batchDeleteRole(batchNameRequest, language);
        if (ResultEnum.SUCCESS.getResultCode() != batchDeleteRole.getErrorCode()) {
            LOG.error("remove user role faild");
            this.authorityService.handleErrorCode(batchDeleteRole.getErrorCode());
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void modifyUserRole(@PathVariable @ApiParam(value = "角色名", required = true) String str, @ApiParam(value = "角色信息", required = true) @RequestBody APIUserRole aPIUserRole) {
        this.authorityService.checkUserRoleExist(str);
        if (!str.equals(aPIUserRole.getName())) {
            LOG.error("User role :{} is only allowed to modify its own.", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-5000011", "RESID_OM_API_AUTHORITY_0054");
        }
        AddRoleRequest convert2Role = AuthModelConverter.convert2Role(aPIUserRole);
        ModifyRoleRequest modifyRoleRequest = new ModifyRoleRequest();
        modifyRoleRequest.setRoleInfo(convert2Role.getRoleInfo());
        modifyRoleRequest.setRolePerm(convert2Role.getRolePerm());
        new Response();
        String language = APIContextUtil.getLanguage();
        Response modifyRole = APIContextUtil.getSecurityClient().modifyRole(modifyRoleRequest, true, language);
        if (ResultEnum.SUCCESS.getResultCode() != modifyRole.getErrorCode()) {
            LOG.error("modify user role faild");
            this.authorityService.handleErrorCode(modifyRole.getErrorCode(), modifyRole.getErrorDescriptionRecoder().getRecoder());
        }
        Iterator<String> it = APIContextUtil.getSecurityClient().getUserListByRoleName(str, language).iterator();
        while (it.hasNext()) {
            this.heartbeatEventManager.recordModUserEvent(it.next());
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUserRole getUserRole(@PathVariable @ApiParam(value = "角色名", required = true) String str) {
        RESTResponse<RoleInforQueryResponse> queryRoleByName = APIContextUtil.getSecurityClient().queryRoleByName(str, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != queryRoleByName.getErrorCode()) {
            LOG.error("Get user role faild");
            this.authorityService.handleErrorCode(queryRoleByName.getErrorCode());
        }
        if (queryRoleByName.getResObj().getTotalCount() != 0) {
            return AuthModelConverter.convert2APIUserRole((RoleInformation) queryRoleByName.getResObj().getRoleInformations().get(0));
        }
        LOG.error("User role :{} is not exist", StringHelper.replaceBlank(str));
        throw new ResourceNotFoundException("12-4040003", "RESID_OM_API_AUTHORITY_0041");
    }

    @ResponseStatus(HttpStatus.OK)
    public APIAuthServices getAuthSupportedServices(@PathVariable @ApiParam(value = "集群ID", required = true) int i) {
        this.authorityService.checkClusterExist(i);
        String parameter = APIContextUtil.getHttpServletRequest().getParameter("user_role_name");
        String str = APIContextUtil.getLanguage().equals("zh-cn") ? CHINESE_SIMPLE : "en";
        new RESTResponse();
        RESTResponse<ServiceQueryResponse> service = APIContextUtil.getSecurityClient().getService(i, str, parameter);
        if (ResultEnum.SUCCESS.getResultCode() != service.getErrorCode()) {
            LOG.error("get auth supported services faild");
            this.authorityService.handleErrorCode(service.getErrorCode());
        }
        return AuthModelConverter.convert2AuthServices(service.getResObj());
    }

    @ResponseStatus(HttpStatus.OK)
    public APIAuthViews getAuthViews(@PathVariable @ApiParam(value = "集群ID", required = true) int i, @PathVariable @ApiParam(value = "服务名称", required = true) String str) {
        LOG.info("Begin to get view of service {} in cluster {}", str, String.valueOf(i));
        this.authorityService.checkClusterExist(i);
        RESTResponse<ViewQueryResponse> view = APIContextUtil.getSecurityClient().getView(i, str, APIContextUtil.getLanguage().equals("zh-cn") ? CHINESE_SIMPLE : "en", APIContextUtil.getHttpServletRequest().getParameter("user_role_name"));
        if (ResultEnum.SUCCESS.getResultCode() != view.getErrorCode()) {
            LOG.error("get auth views faild");
            this.authorityService.handleErrorCode(view.getErrorCode());
        }
        if (view.getResObj().getTotalViewCount() == 0) {
            LOG.error("auth views is not exist");
            throw new ResourceNotFoundException("12-4040004", "RESID_OM_API_AUTHORITY_0042");
        }
        List views = view.getResObj().getViews();
        if (views != null) {
            return AuthModelConverter.convert2APIAuthViews(views);
        }
        LOG.info("The views is null.");
        return null;
    }

    @ResponseStatus(HttpStatus.OK)
    public APIAuthViews getAuthViews() {
        RESTResponse<ViewQueryResponse> view = APIContextUtil.getSecurityClient().getView(1, "Manager", APIContextUtil.getLanguage().equals("zh-cn") ? CHINESE_SIMPLE : "en", APIContextUtil.getHttpServletRequest().getParameter("user_role_name"));
        if (ResultEnum.SUCCESS.getResultCode() != view.getErrorCode()) {
            LOG.error("get auth views faild");
            this.authorityService.handleErrorCode(view.getErrorCode());
        }
        if (view.getResObj().getTotalViewCount() != 0) {
            return AuthModelConverter.convert2APIAuthViews(view.getResObj().getViews());
        }
        LOG.error("auth views is not exist");
        throw new ResourceNotFoundException("12-4040004", "RESID_OM_API_AUTHORITY_0042");
    }

    @ResponseStatus(HttpStatus.OK)
    public APIAuthDependPermission getDependPermission(@PathVariable @ApiParam(value = "集群ID", required = true) int i, @PathVariable @ApiParam(value = "服务名称", required = true) String str, @ApiParam(value = "资源权限", required = true) @RequestBody APIAuthResourceModel aPIAuthResourceModel) {
        this.authorityService.checkClusterExist(i);
        RESTResponse<DependPermissionQueryResponse> dependPermission = APIContextUtil.getSecurityClient().getDependPermission(i, AuthModelConverter.convert2ServicePermission(aPIAuthResourceModel));
        if (ResultEnum.SUCCESS.getResultCode() != dependPermission.getErrorCode()) {
            LOG.error("get auth views faild");
            this.authorityService.handleErrorCode(dependPermission.getErrorCode());
        }
        return AuthModelConverter.convert2APIAuthDependPermission(dependPermission.getResObj());
    }

    @ResponseStatus(HttpStatus.OK)
    public APIAuthResources getAuthResources(@PathVariable @ApiParam(value = "集群ID", required = true) int i, @PathVariable @ApiParam(value = "服务名称", required = true) String str, @PathVariable @ApiParam(value = "视图名称", required = true) String str2) {
        this.authorityService.checkClusterExist(i);
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        int i2 = NumberUtils.toInt(httpServletRequest.getParameter("limit"), 10);
        int i3 = NumberUtils.toInt(httpServletRequest.getParameter("offset"), 0);
        String parameter = httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("path") == null ? "" : httpServletRequest.getParameter("path");
        String parameter3 = StringUtils.isEmpty(httpServletRequest.getParameter("user_role_type")) ? USER_ROLE_TYPE : httpServletRequest.getParameter("user_role_type");
        String parameter4 = httpServletRequest.getParameter("user_role_name") == null ? "" : httpServletRequest.getParameter("user_role_name");
        String parameter5 = httpServletRequest.getParameter("resource_name") == null ? "" : httpServletRequest.getParameter("resource_name");
        String parameter6 = httpServletRequest.getParameter("resource_type") == null ? "" : httpServletRequest.getParameter("resource_type");
        String str3 = APIContextUtil.getLanguage().equals("zh-cn") ? CHINESE_SIMPLE : "en";
        RESTResponse<ResourceQueryResponse> resource = parameter3.equals(USER_ROLE_TYPE) ? APIContextUtil.getSecurityClient().getResource(i, str, str2, parameter5, parameter2, parameter6, i3, i2, str3, parameter4, parameter) : APIContextUtil.getSecurityClient().getResourcebyUser(i, str, str2, parameter5, parameter2, parameter6, i3, i2, str3, parameter4, parameter);
        if (ResultEnum.SUCCESS.getResultCode() != resource.getErrorCode()) {
            LOG.error("get resources faild");
            this.authorityService.handleErrorCode(resource.getErrorCode());
        }
        return AuthModelConverter.convert2APIAuthResources(resource.getResObj());
    }

    public APIAuthResources getAuthResources(@PathVariable @ApiParam(value = "视图名称", required = true) String str) {
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        int i = NumberUtils.toInt(httpServletRequest.getParameter("limit"), 10);
        int i2 = NumberUtils.toInt(httpServletRequest.getParameter("offset"), 0);
        String parameter = httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("path") == null ? "" : httpServletRequest.getParameter("path");
        String parameter3 = httpServletRequest.getParameter("user_role_name") == null ? "" : httpServletRequest.getParameter("user_role_name");
        String parameter4 = StringUtils.isEmpty(httpServletRequest.getParameter("user_role_type")) ? USER_ROLE_TYPE : httpServletRequest.getParameter("user_role_type");
        String parameter5 = httpServletRequest.getParameter("resource_name") == null ? "" : httpServletRequest.getParameter("resource_name");
        String parameter6 = httpServletRequest.getParameter("resource_type") == null ? "" : httpServletRequest.getParameter("resource_type");
        String str2 = APIContextUtil.getLanguage().equals("zh-cn") ? CHINESE_SIMPLE : "en";
        RESTResponse<ResourceQueryResponse> rESTResponse = null;
        if (parameter4.equals(USER_ROLE_TYPE)) {
            rESTResponse = APIContextUtil.getSecurityClient().getResource(1, "Manager", str, parameter5, parameter2, parameter6, i2, i, str2, parameter3, parameter);
        }
        if (rESTResponse != null && ResultEnum.SUCCESS.getResultCode() != rESTResponse.getErrorCode()) {
            LOG.error("get resources faild");
            this.authorityService.handleErrorCode(rESTResponse.getErrorCode());
        } else if (rESTResponse == null) {
            LOG.error("get resources faild");
            this.authorityService.handleErrorCode(-500);
        }
        return AuthModelConverter.convert2APIAuthResources(rESTResponse.getResObj());
    }

    @ResponseStatus(HttpStatus.OK)
    public APIExportResponse exportUserRoles() {
        APIExportResponse aPIExportResponse = new APIExportResponse();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        String language = APIContextUtil.getLanguage();
        String parameter = httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("format");
        List<String> allUserRoleNames = APIContextUtil.getSecurityClient().getAllUserRoleNames(parameter, language);
        if (allUserRoleNames == null) {
            LOG.error("Export users faild when getting all user role names.");
            throw new InternalServerException("12-5000008", "RESID_OM_API_AUTHORITY_0051");
        }
        BatchExportRequest batchExportRequest = new BatchExportRequest();
        batchExportRequest.setFormat(parameter2);
        batchExportRequest.setRoleList(allUserRoleNames);
        this.authorityService.cleanTemporaryFiles(EXPORT_ROLE_FILE_DOWNLOAD_FOLDER);
        new RESTResponse();
        RESTResponse<String> exportRole = APIContextUtil.getSecurityClient().exportRole(batchExportRequest, httpServletRequest);
        if (ResultEnum.SUCCESS.getResultCode() != exportRole.getErrorCode()) {
            LOG.error("Export users faild.");
            this.authorityService.handleErrorCode(exportRole.getErrorCode());
        }
        aPIExportResponse.setFileName(exportRole.getResObj());
        return aPIExportResponse;
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void addUserGroup(@ApiParam(value = "用户组信息", required = true) @RequestBody APIUserGroup aPIUserGroup) {
        Response addGroup = APIContextUtil.getSecurityClient().addGroup(AuthModelConverter.convert2UserGroupRequest(aPIUserGroup), APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != addGroup.getErrorCode()) {
            LOG.error("add user group faild : " + addGroup.getErrorDescription());
            if (addGroup.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                addGroup.setErrorCode(ERROR_CODE_ADD_USER_GROUP_SYNCHRONIZE);
            }
            this.authorityService.handleErrorCode(addGroup.getErrorCode(), addGroup.getErrorDescriptionRecoder().getRecoder());
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void removeUserGroup(@ApiParam(value = "用户组名列表", required = true) @RequestBody APIUserGroupNames aPIUserGroupNames) {
        String language = APIContextUtil.getLanguage();
        if (aPIUserGroupNames.getUserGroupNames().size() == 1) {
            new Response();
            Response deleteGroup = APIContextUtil.getSecurityClient().deleteGroup((String) aPIUserGroupNames.getUserGroupNames().get(0));
            if (ResultEnum.SUCCESS.getResultCode() != deleteGroup.getErrorCode()) {
                LOG.error("remove user group faild");
                this.authorityService.handleErrorCode(deleteGroup.getErrorCode());
                return;
            }
            return;
        }
        BatchNameRequest batchNameRequest = new BatchNameRequest();
        batchNameRequest.setGroupList(aPIUserGroupNames.getUserGroupNames());
        new BatchOperateResponse();
        BatchOperateResponse batchDeleteGroup = APIContextUtil.getSecurityClient().batchDeleteGroup(batchNameRequest, language);
        if (ResultEnum.SUCCESS.getResultCode() != batchDeleteGroup.getErrorCode()) {
            LOG.error("remove user group faild");
            this.authorityService.handleErrorCode(batchDeleteGroup.getErrorCode());
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void modifyUserGroup(@PathVariable @ApiParam(value = "用户组名称", required = true) String str, @ApiParam(value = "用户组信息", required = true) @RequestBody APIUserGroup aPIUserGroup) {
        this.authorityService.checkUserGroupExist(str, aPIUserGroup);
        if (!str.equals(aPIUserGroup.getName())) {
            LOG.error("userGroup :{} is only allowed to modify its own.", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-5000011", "RESID_OM_API_AUTHORITY_0054");
        }
        new Response();
        Response modifyGroup = APIContextUtil.getSecurityClient().modifyGroup(AuthModelConverter.convert2UserGroupRequest(aPIUserGroup), APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != modifyGroup.getErrorCode()) {
            LOG.error("modify user group faild : " + modifyGroup.getErrorDescription());
            if (modifyGroup.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                modifyGroup.setErrorCode(ERROR_CODE_MODIFY_USER_GROUP_SYNCHRONIZE);
            }
            this.authorityService.handleErrorCode(modifyGroup.getErrorCode(), modifyGroup.getErrorDescriptionRecoder().getRecoder());
        }
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        hashMap.put(str, str);
        APIContextUtil.getSecurityClient().getUserByGroup(arrayList, hashMap);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            this.heartbeatEventManager.recordModUserEvent((String) it.next());
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUserGroup getUserGroup(@PathVariable @ApiParam(value = "用户组名称", required = true) String str) {
        RESTResponse<List<UserGroup>> queryGroupByName = APIContextUtil.getSecurityClient().queryGroupByName(str, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != queryGroupByName.getErrorCode()) {
            LOG.error("get user group faild");
            this.authorityService.handleErrorCode(queryGroupByName.getErrorCode());
        }
        if (!ValidateUtil.isNull(new Object[]{queryGroupByName.getResObj().get(0)})) {
            return AuthModelConverter.convert2APIUserGroup(queryGroupByName.getResObj().get(0));
        }
        LOG.error("user group :{} is not exist", StringHelper.replaceBlank(str));
        throw new ResourceNotFoundException("12-4040002", "RESID_OM_API_AUTHORITY_0040");
    }

    @ResponseStatus(HttpStatus.OK)
    public APIExportResponse exportUserGroups() {
        APIExportResponse aPIExportResponse = new APIExportResponse();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        String parameter = httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("format");
        List<String> allUserGroupNames = APIContextUtil.getSecurityClient().getAllUserGroupNames(parameter);
        if (allUserGroupNames == null) {
            LOG.error("Export users faild when getting all user group names.");
            throw new InternalServerException("12-5000007", "RESID_OM_API_AUTHORITY_0050");
        }
        BatchExportRequest batchExportRequest = new BatchExportRequest();
        batchExportRequest.setFormat(parameter2);
        batchExportRequest.setGroupList(allUserGroupNames);
        this.authorityService.cleanTemporaryFiles(EXPORT_GROUP_FILE_DOWNLOAD_FOLDER);
        new RESTResponse();
        RESTResponse<String> exportGroup = APIContextUtil.getSecurityClient().exportGroup(batchExportRequest, httpServletRequest);
        if (ResultEnum.SUCCESS.getResultCode() != exportGroup.getErrorCode()) {
            LOG.error("Export users faild.");
            this.authorityService.handleErrorCode(exportGroup.getErrorCode());
        }
        aPIExportResponse.setFileName(exportGroup.getResObj());
        return aPIExportResponse;
    }

    private boolean isAdUser(String str) {
        try {
            ListUserResponse listUserResponse = (ListUserResponse) this.restTemplate.getForObject(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/user/xml/queryaduser?username=" + URLEncoder.encode(str, "UTF-8"), ListUserResponse.class, new Object[0]);
            return null != listUserResponse && listUserResponse.getTotal() > 0;
        } catch (Exception e) {
            LOG.warn("query ad faild {}", e);
            return false;
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void modifyUserPassword(@PathVariable @ApiParam(value = "用户名", required = true) String str, @ApiParam(value = "密码修改请求", required = true) @RequestBody APIUserPwdModifyRequest aPIUserPwdModifyRequest) {
        this.authorityService.checkUserExist(str);
        boolean isEncoded = APIContextUtil.getIsEncoded();
        this.authorityService.checkPassword(aPIUserPwdModifyRequest.getNewPassword(), str, isEncoded);
        this.authorityService.checkWeakPassword(aPIUserPwdModifyRequest.getNewPassword(), isEncoded);
        LOG.info("Enter modify user password.");
        ModifyUserPwdRequest convert2ModifyUserPwdRequest = AuthModelConverter.convert2ModifyUserPwdRequest(str, aPIUserPwdModifyRequest, isEncoded);
        new HttpHeaders().setContentType(MediaType.APPLICATION_JSON);
        try {
            ResponseEntity postForEntity = this.restTemplate.postForEntity(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/user/xml/modifypassword", convert2ModifyUserPwdRequest, Result.class, new Object[0]);
            if (postForEntity == null || postForEntity.getBody() == null) {
                LOG.error("modify user password faild");
                throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
            }
            if (ResultEnum.SUCCESS.getResultCode() != ((Result) postForEntity.getBody()).getResultCode()) {
                LOG.error("modify user password faild");
                if (((Result) postForEntity.getBody()).getResultCode() == ERROR_CODE_ACCOUNT_LOCKED) {
                    HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
                    this.sessionService.lockedUser(str, ValidateUtil.isNull(new Object[]{httpServletRequest}) ? "" : httpServletRequest.getRemoteAddr(), USER_LOCKED_ID);
                } else if (!StringUtils.isEmpty(ControllerHtttpClient.doExecute(str, "2"))) {
                    ControllerHtttpClient.doExecute(str, "3");
                }
                this.authorityService.handleErrorCode(((Result) postForEntity.getBody()).getResultCode());
            }
        } catch (Exception e) {
            LOG.error("modify user password faild");
            throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUserRoles getUserRoles() {
        String language = APIContextUtil.getLanguage();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        int i = NumberUtils.toInt(httpServletRequest.getParameter("limit"), 10);
        int i2 = NumberUtils.toInt(httpServletRequest.getParameter("offset"), 0) * i;
        String parameter = httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("source_filter");
        com.huawei.bigdata.om.aos.api.model.security.aos.role.OrderEnum orderEnum = StringUtils.equals(httpServletRequest.getParameter("order"), com.huawei.bigdata.om.aos.api.model.security.aos.role.OrderEnum.DESC.toString()) ? com.huawei.bigdata.om.aos.api.model.security.aos.role.OrderEnum.DESC : com.huawei.bigdata.om.aos.api.model.security.aos.role.OrderEnum.ASC;
        String parameter3 = httpServletRequest.getParameter("order_by");
        RoleInforQueryRequest roleInforQueryRequest = new RoleInforQueryRequest(i2, i, language, parameter, parameter2);
        roleInforQueryRequest.setOrder(orderEnum);
        roleInforQueryRequest.setOrderBy(parameter3);
        RESTResponse<RoleInforQueryResponse> queryRoleList = APIContextUtil.getSecurityClient().queryRoleList(roleInforQueryRequest);
        if (ResultEnum.SUCCESS.getResultCode() != queryRoleList.getErrorCode()) {
            LOG.error("Get user roles faild");
            this.authorityService.handleErrorCode(queryRoleList.getErrorCode());
        }
        APIUserRoles aPIUserRoles = new APIUserRoles();
        aPIUserRoles.setTotalCount(queryRoleList.getResObj().getTotalCount());
        List roleInformations = queryRoleList.getResObj().getRoleInformations();
        if (!ValidateUtil.isNull(new Object[]{roleInformations}) && roleInformations.size() > 0) {
            ArrayList arrayList = new ArrayList();
            Iterator it = roleInformations.iterator();
            while (it.hasNext()) {
                arrayList.add(AuthModelConverter.convert2APIUserRole((RoleInformation) it.next()));
            }
            aPIUserRoles.setUserRoles(arrayList);
        }
        return aPIUserRoles;
    }

    @ResponseStatus(HttpStatus.OK)
    public APIUserGroups getUserGroups() {
        String language = APIContextUtil.getLanguage();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        int i = NumberUtils.toInt(httpServletRequest.getParameter("limit"), 10);
        int i2 = NumberUtils.toInt(httpServletRequest.getParameter("offset"), 0) * i;
        String parameter = httpServletRequest.getParameter("filter");
        String parameter2 = httpServletRequest.getParameter("source_filter");
        String parameter3 = httpServletRequest.getParameter("service_filter");
        String parameter4 = httpServletRequest.getParameter("order");
        if (StringUtils.isEmpty(parameter4)) {
            parameter4 = OrderEnum.ASC.toString();
        }
        OrderEnum orderEnum = parameter4.equals(OrderEnum.ASC.toString()) ? OrderEnum.ASC : OrderEnum.DESC;
        String parameter5 = httpServletRequest.getParameter("order_by");
        String parameter6 = httpServletRequest.getParameter("group_source");
        new RESTResponse();
        ListUserGroupRequest listUserGroupRequest = new ListUserGroupRequest(i2, i, language, parameter, parameter2, parameter3);
        listUserGroupRequest.setOrder(orderEnum);
        listUserGroupRequest.setOrderBy(parameter5);
        listUserGroupRequest.setGroupSource(parameter6);
        RESTResponse<ListUserGroupResponse> queryGroupList = APIContextUtil.getSecurityClient().queryGroupList(listUserGroupRequest);
        if (ResultEnum.SUCCESS.getResultCode() != queryGroupList.getErrorCode()) {
            LOG.error("get user groups faild");
            this.authorityService.handleErrorCode(queryGroupList.getErrorCode());
        }
        return this.authorityService.getApiUserGroups(queryGroupList.getResObj());
    }

    @ResponseStatus(HttpStatus.OK)
    public APIIsFirstLoginResponse isFirstLogin() {
        APIIsFirstLoginResponse aPIIsFirstLoginResponse = new APIIsFirstLoginResponse();
        String parameter = APIContextUtil.getHttpServletRequest().getParameter("user_name");
        new IsFirstLoginResponse();
        IsFirstLoginResponse isFirstLogin = this.authorityService.isFirstLogin(parameter);
        if (ResultEnum.SUCCESS.getResultCode() != isFirstLogin.getResultCode()) {
            LOG.error("do isFirstLogin faild");
            this.authorityService.handleErrorCode(isFirstLogin.getResultCode());
        }
        aPIIsFirstLoginResponse.setFirstLogin(isFirstLogin.isFirstLogin());
        return aPIIsFirstLoginResponse;
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void addExtraPermission(@PathVariable("cluster_id") @ApiParam(value = "集群ID", required = true) int i, @PathVariable("service_name") @ApiParam(value = "服务名称", required = true) String str, @PathVariable("user_name") @ApiParam(value = "用户名称", required = true) String str2, @ApiParam(value = "请求命令", required = true) @RequestBody ExtraPermissionRequest extraPermissionRequest) {
        new Response();
        String language = APIContextUtil.getLanguage();
        CommandRequest convert2CommandRequest = AuthModelConverter.convert2CommandRequest(extraPermissionRequest);
        boolean z = false;
        String commandType = convert2CommandRequest.getCommandType();
        for (CommandType commandType2 : CommandType.values()) {
            if (commandType.equals(commandType2.toString())) {
                z = true;
            }
        }
        if (!z) {
            throw new InvalidParameterException("12-4000039", "RESID_OM_API_AUTHORITY_0151");
        }
        Response executeCommand = APIContextUtil.getSecurityClient().executeCommand(i, str, convert2CommandRequest, language);
        if (ResultEnum.SUCCESS.getResultCode() != executeCommand.getErrorCode()) {
            LOG.error("add Extra Permission failed");
            this.authorityService.handleErrorCode(executeCommand.getErrorCode());
        }
    }

    @ResponseStatus(HttpStatus.ACCEPTED)
    public APIAsyncResponse modifyMutualTrustConfig(@ApiParam(value = "集群配置", required = true) @RequestBody APIMutualTrustConfig aPIMutualTrustConfig) {
        try {
            if (!ValidateUtils.isValidRealmConfig(getAdIntegrationConfig(), aPIMutualTrustConfig, false, this.controllerClient.getOMSStatusInfo().getIpModel())) {
                throw new InternalServerException("12-5000009", "RESID_OM_API_AUTHORITY_0052");
            }
            int isDisasterCluster = this.authorityService.isDisasterCluster();
            LOG.error("");
            if (isDisasterCluster > 0) {
                if (!StringUtils.equals(aPIMutualTrustConfig.getDefaultRealm(), this.controllerClient.getMutualTrustConfig().getDefaultRealm())) {
                    throw new InternalServerException("28-5000059", "RESID_OM_API_DISASTER_0091");
                }
                String peerClusterDomain = this.disasterClientProvider.getDisasterClient().getPeerClusterDomain();
                if (!StringUtils.equals(aPIMutualTrustConfig.getPeerRealm(), peerClusterDomain) && (aPIMutualTrustConfig.getPeerRealms() == null || !StringUtils.contains(aPIMutualTrustConfig.getPeerRealms(), peerClusterDomain))) {
                    throw new InternalServerException("28-5000060", "RESID_OM_API_DISASTER_0092");
                }
            }
            try {
                long modifyMutualTrustConfigs = this.controllerClient.modifyMutualTrustConfigs(OMSConverter.convert2MutualTrustConfigs(aPIMutualTrustConfig), true);
                this.omsResourceService.processCommandId(modifyMutualTrustConfigs);
                APIAsyncResponse aPIAsyncResponse = new APIAsyncResponse();
                aPIAsyncResponse.setCommandId(modifyMutualTrustConfigs);
                return aPIAsyncResponse;
            } catch (InternalServerException e) {
                LOG.error("", e);
                throw new InternalServerException("06-5000029", "RESID_OM_API_OMS_0047");
            }
        } catch (Exception e2) {
            LOG.error("Error exists.", e2);
            throw new InternalServerException("06-5000001", "RESID_OM_API_OMS_0014");
        }
    }

    @ResponseStatus(HttpStatus.ACCEPTED)
    public APIAsyncResponse modifyAdIntegrationConfig(@ApiParam(value = "集群配置", required = true) @RequestBody ApiAdIntegrationConfig apiAdIntegrationConfig) {
        boolean isEncoded = APIContextUtil.getIsEncoded();
        if (apiAdIntegrationConfig.isEnable()) {
            if (StringUtils.isNotEmpty(apiAdIntegrationConfig.getTrustpasswd())) {
                String base64Decode = isEncoded ? SessionConverter.base64Decode(apiAdIntegrationConfig.getTrustpasswd()) : apiAdIntegrationConfig.getTrustpasswd();
                this.authorityService.checkBasicPassword(base64Decode, false);
                apiAdIntegrationConfig.setTrustpasswd(base64Decode);
            }
            if (StringUtils.isNotEmpty(apiAdIntegrationConfig.getAdPasswd())) {
                String base64Decode2 = isEncoded ? SessionConverter.base64Decode(apiAdIntegrationConfig.getAdPasswd()) : apiAdIntegrationConfig.getAdPasswd();
                this.authorityService.checkBasicPassword(base64Decode2, false);
                apiAdIntegrationConfig.setAdPasswd(base64Decode2);
            }
        }
        if (!ValidateUtils.isValidRealmConfig(apiAdIntegrationConfig, getMutualTrustConfig(), true, null)) {
            throw new InternalServerException("12-5000009", "RESID_OM_API_AUTHORITY_0052");
        }
        try {
            if (apiAdIntegrationConfig.isEnableSsl()) {
                CertUtil.importCertificateToJre(apiAdIntegrationConfig.getAdCertName(), System.getenv(CONTROLLER_HOME) + "/security/ad/", AD_CERT_ALIAS);
            }
            long modifyAdIntegrationConfigs = this.controllerClient.modifyAdIntegrationConfigs(OMSConverter.convert2AdIntegrationConfigs(apiAdIntegrationConfig), true);
            this.omsResourceService.processCommandId(modifyAdIntegrationConfigs);
            APIAsyncResponse aPIAsyncResponse = new APIAsyncResponse();
            aPIAsyncResponse.setCommandId(modifyAdIntegrationConfigs);
            return aPIAsyncResponse;
        } catch (InternalServerException e) {
            LOG.error("", e);
            throw new InternalServerException("06-5000031", "RESID_OM_API_OMS_0049");
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public APIMutualTrustConfig getMutualTrustConfig() {
        try {
            MutualTrustConfigs mutualTrustConfig = this.controllerClient.getMutualTrustConfig();
            if (mutualTrustConfig == null) {
                throw new InternalServerException("06-5000004", "RESID_OM_API_OMS_0017");
            }
            return OMSConverter.convertToApiMutualTrustConfig(mutualTrustConfig);
        } catch (InternalServerException e) {
            LOG.error("Error exists.", e);
            throw new InternalServerException("06-5000003", "RESID_OM_API_OMS_0016");
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public ApiAdIntegrationConfig getAdIntegrationConfig() {
        try {
            AdIntegrationConfigs adIntegrationConfig = this.controllerClient.getAdIntegrationConfig();
            if (adIntegrationConfig == null) {
                throw new InternalServerException("06-5000004", "RESID_OM_API_OMS_0017");
            }
            return OMSConverter.convertToApiAdIntegrationConfigs(adIntegrationConfig);
        } catch (InternalServerException e) {
            LOG.error("Error exists.", e);
            throw new InternalServerException("06-5000003", "RESID_OM_API_OMS_0016");
        }
    }

    public APIUploadFileResponse uploadFile(@RequestParam("file") @ApiParam(value = "证书文件", required = true) MultipartFile multipartFile) {
        if (multipartFile == null) {
            LOG.error("Upload file failed ,paramater is null.");
            throw new InvalidParameterException("06-5000023", "RESID_OM_API_OMS_0038");
        }
        LOG.info("Start to upload File file [{}].", StringHelper.replaceBlank(multipartFile.getOriginalFilename()));
        if (multipartFile.getSize() > 10485760) {
            LOG.error("Input file to large[{}].", Long.valueOf(multipartFile.getSize()));
            throw new InvalidParameterException("06-5000025", "RESID_OM_API_OMS_0040");
        }
        if (!StringUtils.endsWith(multipartFile.getOriginalFilename(), PERM_SUFFIX) && !StringUtils.endsWith(multipartFile.getOriginalFilename(), CER_SUFFIX) && !StringUtils.endsWith(multipartFile.getOriginalFilename(), CRT_SUFFIX)) {
            LOG.error("Input file name is invalid.");
            throw new InvalidParameterException("23-4000003", "RESID_OM_API_CERT_0003");
        }
        try {
            File file = new File(AD_CERT_PATH);
            if (!file.exists() && !file.mkdir()) {
                LOG.error("creat ad cert dir failed.");
                throw new InternalServerException("06-4040001", "RESID_OM_API_OMS_0042");
            }
            byte[] bytes = multipartFile.getBytes();
            String str = AD_CERT_PATH + renameCertFile(multipartFile.getOriginalFilename());
            String str2 = AD_CERT_PATH + renameCertFile(multipartFile.getOriginalFilename()) + ".bak";
            File file2 = new File(str);
            if (file2.exists()) {
                FileUtil.copyFile(str, str2);
                if (!file2.delete()) {
                    LOG.error("Failed to delete {}.", file2.getName());
                }
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            fileOutputStream.write(bytes);
            fileOutputStream.flush();
            fileOutputStream.close();
            String[] buildCertVerificationCmd = buildCertVerificationCmd(renameCertFile(multipartFile.getOriginalFilename()));
            if (buildCertVerificationCmd != null) {
                LOG.info("Verify ad cert, begin to execute command");
                ScriptExecutionResult executeShellScript = ShellUtil.executeShellScript(buildCertVerificationCmd);
                if (executeShellScript.getExitCode() != 0) {
                    LOG.error("Verify failed info: {}", executeShellScript);
                    if (file2.exists() && !file2.delete()) {
                        LOG.error("Delete sso file faild");
                    }
                    throw new InternalServerException("06-4040002", "RESID_OM_API_OMS_0063");
                }
                LOG.info("Verify ad cert successfully.");
            }
            APIUploadFileResponse aPIUploadFileResponse = new APIUploadFileResponse();
            aPIUploadFileResponse.setFileName(multipartFile.getOriginalFilename());
            return aPIUploadFileResponse;
        } catch (IOException e) {
            LOG.error("File getBytes error, upload file failed.");
            throw new InternalServerException("06-5000030", "RESID_OM_API_OMS_0048");
        }
    }

    private String[] buildCertVerificationCmd(String str) {
        String str2 = System.getenv(CONTROLLER_HOME);
        if (StringUtils.isEmpty(str2)) {
            LOG.error("Get controller home from env failed.");
            return null;
        }
        String str3 = str2 + File.separator + "security/cert/conf" + File.separator + "ad_cert_verify.sh " + str;
        LOG.info("verify ad cert file: verificationCmd={}", str3);
        ArrayList arrayList = new ArrayList();
        arrayList.add(str2 + File.separator + LAUNCHER_SCRIPT);
        arrayList.add(str3);
        return (String[]) arrayList.toArray(new String[0]);
    }

    public ApiAdModel getAdIntegrationModel() {
        LOG.info("enter AuthorityControoler getAdIntegrationModel.");
        ApiAdModel apiAdModel = new ApiAdModel();
        String queryAdIntegrationModel = APIContextUtil.getSecurityClient().queryAdIntegrationModel();
        if (!StringUtils.isEmpty(queryAdIntegrationModel)) {
            boolean z = -1;
            switch (queryAdIntegrationModel.hashCode()) {
                case 96673:
                    if (queryAdIntegrationModel.equals("all")) {
                        z = false;
                        break;
                    }
                    break;
                case 3387192:
                    if (queryAdIntegrationModel.equals(CollectionUploadConstants.EMPTY_AUDIT_NONE)) {
                        z = 3;
                        break;
                    }
                    break;
                case 94756344:
                    if (queryAdIntegrationModel.equals("close")) {
                        z = 2;
                        break;
                    }
                    break;
                case 1970241253:
                    if (queryAdIntegrationModel.equals("section")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    apiAdModel.setAdIntegrationModel(ApiAdModel.AdSynchroModel.ALL);
                    break;
                case true:
                    apiAdModel.setAdIntegrationModel(ApiAdModel.AdSynchroModel.SECTION);
                    break;
                case true:
                    apiAdModel.setAdIntegrationModel(ApiAdModel.AdSynchroModel.CLOSE);
                    break;
                case true:
                    apiAdModel.setAdIntegrationModel(ApiAdModel.AdSynchroModel.NONE);
                    break;
                default:
                    apiAdModel.setAdIntegrationModel(ApiAdModel.AdSynchroModel.NONE);
                    break;
            }
        } else {
            apiAdModel.setAdIntegrationModel(ApiAdModel.AdSynchroModel.NONE);
        }
        return apiAdModel;
    }

    private String renameCertFile(String str) {
        return StringUtils.endsWith(str, CER_SUFFIX) ? "ad.cer" : StringUtils.endsWith(str, CRT_SUFFIX) ? "ad.crt" : "ad.pem";
    }
}
