package com.huawei.bigdata.om.web.api.service;

import com.huawei.bigdata.om.acs.api.model.security.acs.ResultEnum;
import com.huawei.bigdata.om.acs.api.model.security.acs.group.ListUserGroupResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.group.UserGroup;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.IsFirstLoginResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ListUserResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.User;
import com.huawei.bigdata.om.aos.api.model.security.aos.role.RoleInformation;
import com.huawei.bigdata.om.aos.api.model.security.aos.role.response.RoleInforQueryResponse;
import com.huawei.bigdata.om.common.utils.FileUtil;
import com.huawei.bigdata.om.common.utils.FilesUtil;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.common.utils.ValidateUtil;
import com.huawei.bigdata.om.controller.api.model.Cluster;
import com.huawei.bigdata.om.web.api.converter.AuthModelConverter;
import com.huawei.bigdata.om.web.api.converter.AuthResultConvertMap;
import com.huawei.bigdata.om.web.api.converter.SessionConverter;
import com.huawei.bigdata.om.web.api.exception.InternalServerException;
import com.huawei.bigdata.om.web.api.exception.ResourceNotFoundException;
import com.huawei.bigdata.om.web.api.model.auth.APIAuthResourceModel;
import com.huawei.bigdata.om.web.api.model.auth.APIUser;
import com.huawei.bigdata.om.web.api.model.auth.APIUserGroup;
import com.huawei.bigdata.om.web.api.model.auth.APIUserGroups;
import com.huawei.bigdata.om.web.api.model.auth.APIUserPwdResetRequest;
import com.huawei.bigdata.om.web.api.model.auth.APIUserRole;
import com.huawei.bigdata.om.web.api.util.APIContextUtil;
import com.huawei.bigdata.om.web.model.proto.RESTResponse;
import com.huawei.bigdata.om.web.util.ApplicationConfiguration;
import com.huawei.bigdata.om.web.util.DownloadFileUtil;
import java.io.File;
import java.io.FilenameFilter;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

@Service
/* loaded from: input_file:com/huawei/bigdata/om/web/api/service/AuthorityResourceService.class */
public class AuthorityResourceService extends BaseResourceService {
    private static final long TEMP_EXPORT_FILEOUTOFDATE_TIME = 10800000;
    private static final String UNDER_LINE = "_";
    private static final String TEMP_EXPORT_FILE_SUFFIX = ".zip";
    private static final int GET_USER_GROUP_FAILED_CODE = -306;
    private static final int GET_USER_ROLE_FAILED_CODE = -104;
    private static final int INNER_ERROR_CODE = -2;
    private static final String DEFAULT_SUPER_GROUP = "supergroup";
    private static final String INDEPDT_GROUP = "independent";
    private static final String HUMAN_MACHINE_ACCOUNT_OLD = "0";
    private static final String HUMAN_MACHINE_ACCOUNT_NEW = "HM";
    private static final String MACHINE_MACHINE_ACCOUNT_OLD = "1";
    private static final String SYSTEM_ADMINISTRATOR_ROLE_NAME = "System_administrator";
    private static final String SERVICE_MANAGER = "Manager";
    private static final String SPECIAL_CHAR = "\"";
    private static final int MIN_MINLENGTH = 8;
    public static final int MIN_MINCLASSES = 4;
    private static final String DEFAULT_PASSWORD_FORMAT_RULE = "^[ \\~\\`\\!\\?\\@\\#\\$\\%\\^\\&\\(\\)\\[\\]\\{\\}\\|\\<\\>\\:\\;\\+\\-\\*\\,\\.\\_\\'\\=////a-zA-Z0-9]+$";
    private static final int MAX_PWD_LENGTH = 64;
    private static final long MAX_TEMP_FILE_NUM = 10;
    private static final Logger LOG = LoggerFactory.getLogger(AuthorityResourceService.class);
    private static final List<String> SUPERGROUPCLUB = Arrays.asList("HD", "Management", "DAYU");

    public void checkUserExist(String str) {
        if (getUserByName(str).getTotal() == 0) {
            LOG.error("User :{} is not exist", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4040001", "RESID_OM_API_AUTHORITY_0039");
        }
    }

    public void checkUserExistAndUserType(String str) {
        ListUserResponse userByName = getUserByName(str);
        if (userByName.getTotal() == 0) {
            LOG.error("User :{} is not exist", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4040001", "RESID_OM_API_AUTHORITY_0039");
        }
        if (userByName.getUsers() == null || userByName.getUsers().isEmpty() || !"1".equals(((User) userByName.getUsers().get(0)).getUserType())) {
            return;
        }
        LOG.error("The user :{} is machine account, cannot be locked.", StringHelper.replaceBlank(str));
        throw new InternalServerException("12-5000118", "RESID_OM_API_AUTHORITY_0189");
    }

    public void reConstructUserPassword(APIUserPwdResetRequest aPIUserPwdResetRequest, boolean z) {
        if (z) {
            aPIUserPwdResetRequest.setNewPassword(SessionConverter.base64Decode(aPIUserPwdResetRequest.getNewPassword()));
        }
    }

    private ListUserResponse getUserByName(String str) {
        try {
            return (ListUserResponse) this.restTemplate.getForObject(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/user/xml/queryuser?username=" + str + "&lan=" + APIContextUtil.getLanguage(), ListUserResponse.class, new Object[0]);
        } catch (Exception e) {
            LOG.error("Query user faild.", e);
            throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
        }
    }

    public void checkUserGroupExist(String str, APIUserGroup aPIUserGroup) {
        RESTResponse<List<UserGroup>> queryGroupByName = APIContextUtil.getSecurityClient().queryGroupByName(str, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != queryGroupByName.getErrorCode() && GET_USER_GROUP_FAILED_CODE != queryGroupByName.getErrorCode()) {
            LOG.error("User group :{} is not exist", StringHelper.replaceBlank(str));
            handleErrorCode(queryGroupByName.getErrorCode());
        }
        if (ValidateUtil.isNull(new Object[]{queryGroupByName.getResObj()}) || queryGroupByName.getResObj().size() == 0) {
            LOG.error("User group :{} is not exist", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4040002", "RESID_OM_API_AUTHORITY_0040");
        }
        aPIUserGroup.setGroupSource(AuthModelConverter.convert2APIGroupSource(queryGroupByName.getResObj().get(0).getGroupSource()));
        if (str.equals(INDEPDT_GROUP)) {
            LOG.error("Cannot modify independent group.");
            throw new InternalServerException("12-5000096", "RESID_OM_API_AUTHORITY_0139");
        }
    }

    public void checkUserRoleExist(String str) {
        RESTResponse<RoleInforQueryResponse> queryRoleByName = APIContextUtil.getSecurityClient().queryRoleByName(str, APIContextUtil.getLanguage());
        if (ResultEnum.SUCCESS.getResultCode() != queryRoleByName.getErrorCode() && GET_USER_ROLE_FAILED_CODE != queryRoleByName.getErrorCode()) {
            LOG.error("Get user role faild");
            handleErrorCode(queryRoleByName.getErrorCode());
        }
        if (queryRoleByName.getResObj().getTotalCount() == 0) {
            LOG.error("User role :{} is not exist", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4040003", "RESID_OM_API_AUTHORITY_0041");
        }
        RoleInforQueryResponse resObj = queryRoleByName.getResObj();
        if (resObj.getRoleInformations() == null || resObj.getRoleInformations().get(0) == null || !((RoleInformation) resObj.getRoleInformations().get(0)).getDefaultFlag()) {
            return;
        }
        LOG.error("The default role {} does not support this function.", StringHelper.replaceBlank(str));
        throw new ResourceNotFoundException("12-5000011", "RESID_OM_API_AUTHORITY_0054");
    }

    public void cleanTemporaryFiles(String str) {
        try {
            File file = new File(str);
            final long currentTimeMillis = System.currentTimeMillis();
            File[] listFiles = file.listFiles(new FilenameFilter() { // from class: com.huawei.bigdata.om.web.api.service.AuthorityResourceService.1
                @Override // java.io.FilenameFilter
                public boolean accept(File file2, String str2) {
                    String str3 = str2.split("_")[1];
                    long j = 0;
                    try {
                        j = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").parse(str3.substring(0, str3.lastIndexOf(".zip"))).getTime();
                    } catch (Exception e) {
                        AuthorityResourceService.LOG.error("Time format parsing error when clean temp export file.", e);
                    }
                    return j < currentTimeMillis - 10800000;
                }
            });
            if (listFiles != null) {
                for (File file2 : listFiles) {
                    FilesUtil.deleteDirectory(file2);
                }
            }
            List asList = Arrays.asList(file.listFiles());
            if (asList.size() > 10) {
                DownloadFileUtil.orderFileByName(asList);
                for (int i = 0; i < asList.size() - 10; i++) {
                    if (((File) asList.get(i)).isFile()) {
                        DownloadFileUtil.deleteFile(FileUtil.getCanonicalPath((File) asList.get(i)));
                    }
                }
            }
        } catch (Exception e) {
            LOG.error("Delete temp export files failed.", e);
        }
    }

    public void handleErrorCode(int i) {
        LOG.error(AuthResultConvertMap.getErrorMessageIdByCode(i));
        throw new InternalServerException(AuthResultConvertMap.getErrorCodeIdByCode(i), AuthResultConvertMap.getErrorMessageIdByCode(i));
    }

    public void handleErrorCode(int i, String... strArr) {
        LOG.error(AuthResultConvertMap.getErrorMessageIdByCode(i));
        throw new InternalServerException(AuthResultConvertMap.getErrorCodeIdByCode(i), AuthResultConvertMap.getErrorMessageIdByCode(i), strArr);
    }

    public void handleErrorCode(int i, Map<String, String> map) {
        LOG.error(AuthResultConvertMap.getErrorMessageIdByCode(i));
        throw new InternalServerException(AuthResultConvertMap.getErrorCodeIdByCode(i), AuthResultConvertMap.getErrorMessageIdByCode(i), new Object[]{map});
    }

    public boolean checkUserAndUserGroup(String str, APIUser aPIUser) {
        ListUserResponse userByName = getUserByName(str);
        if (userByName.getTotal() == 0) {
            LOG.error("User :{} is not exist", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4040001", "RESID_OM_API_AUTHORITY_0039");
        }
        User user = (User) userByName.getUsers().get(0);
        if (StringUtils.equals(user.getUserType(), aPIUser.getUserType().equals("HM") ? "0" : "1")) {
            aPIUser.setUserSource(AuthModelConverter.convert2APIUserSource(user.getUserSource()));
            return ((User) userByName.getUsers().get(0)).getGroupList().contains(INDEPDT_GROUP);
        }
        LOG.error("User type cannot be modified.");
        throw new InternalServerException("12-5000098", "RESID_OM_API_AUTHORITY_0141");
    }

    public boolean checkAdUserAndUserGroup(String str, APIUser aPIUser) {
        RESTResponse<ListUserResponse> queryAdUserByName = APIContextUtil.getSecurityClient().queryAdUserByName(str);
        if (queryAdUserByName.getResObj().getUsers().size() == 0) {
            LOG.error("User :{} is not exist", StringHelper.replaceBlank(str));
            throw new ResourceNotFoundException("12-4040001", "RESID_OM_API_AUTHORITY_0039");
        }
        User user = (User) queryAdUserByName.getResObj().getUsers().get(0);
        if (StringUtils.equals(user.getUserType(), aPIUser.getUserType().equals("HM") ? "0" : "1")) {
            return user.getGroupList().contains(INDEPDT_GROUP);
        }
        LOG.error("User type cannot be modified.");
        throw new InternalServerException("12-5000098", "RESID_OM_API_AUTHORITY_0141");
    }

    public IsFirstLoginResponse isFirstLogin(String str) {
        String str2 = new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/user/xml/isfirstlogin?userName=" + str;
        try {
            LOG.info("Begin to check is first login, userName = {}.", StringHelper.replaceBlank(str));
            IsFirstLoginResponse isFirstLoginResponse = (IsFirstLoginResponse) this.restTemplate.getForObject(str2, IsFirstLoginResponse.class, new Object[0]);
            if (isFirstLoginResponse != null) {
                return isFirstLoginResponse;
            }
            LOG.error("Get user isFirstLogin status.");
            throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
        } catch (Exception e) {
            LOG.error("The connection to acs is not available.");
            throw new InternalServerException("12-5000090", "RESID_OM_API_AUTHORITY_0133");
        }
    }

    public void checkUserGroup(List<String> list) {
        if (list.contains(INDEPDT_GROUP)) {
            LOG.error("The user cannot be added to independent group when add user.");
            throw new InternalServerException("12-5000097", "RESID_OM_API_AUTHORITY_0140");
        }
    }

    public APIUserGroups getApiUserGroups(ListUserGroupResponse listUserGroupResponse) {
        APIUserGroups aPIUserGroups = new APIUserGroups();
        aPIUserGroups.setTotalCount(listUserGroupResponse.getTotal());
        List<UserGroup> userGroups = listUserGroupResponse.getUserGroups();
        if (!ValidateUtil.isNull(new Object[]{userGroups}) && userGroups.size() > 0) {
            ArrayList arrayList = new ArrayList();
            boolean isContainHDCluster = isContainHDCluster();
            for (UserGroup userGroup : userGroups) {
                if (!DEFAULT_SUPER_GROUP.equals(userGroup.getGroupName()) || isContainHDCluster) {
                    arrayList.add(AuthModelConverter.convert2APIUserGroup(userGroup));
                }
            }
            aPIUserGroups.setUserGroups(arrayList);
        }
        return aPIUserGroups;
    }

    private boolean isContainHDCluster() {
        try {
            List clusterInfos = this.controllerClient.getClusterInfos();
            if (clusterInfos == null) {
                return false;
            }
            Iterator it = clusterInfos.iterator();
            while (it.hasNext()) {
                if (SUPERGROUPCLUB.contains(((Cluster) it.next()).getProduct())) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            LOG.error("Get cluster info error:", e);
            return false;
        }
    }

    public void buildUserRoleSource(APIUserRole aPIUserRole) {
        List list = null;
        try {
            list = this.controllerClient.getClusterInfos();
        } catch (Exception e) {
            LOG.error("Get cluster info error:", e);
            handleErrorCode(-2);
        }
        boolean z = false;
        int i = -1;
        if (CollectionUtils.isEmpty(list)) {
            LOG.error("Get cluster info error null");
            handleErrorCode(-2);
        } else if (list.size() > 1) {
            z = false;
        } else {
            i = ((Cluster) list.get(0)).getId();
            z = true;
        }
        for (APIAuthResourceModel aPIAuthResourceModel : aPIUserRole.getAuthModel()) {
            if (StringUtils.isEmpty(aPIAuthResourceModel.getSource()) && z && !StringUtils.equals("Manager", aPIAuthResourceModel.getServiceName())) {
                aPIAuthResourceModel.setSource(Integer.toString(i));
            }
        }
    }
}
