package org.apache.ranger.biz;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXAccessTypeDef;
import org.apache.ranger.entity.XXDataMaskTypeDef;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPolicy;
import org.apache.ranger.entity.XXPolicyConditionDef;
import org.apache.ranger.entity.XXPolicyRefAccessType;
import org.apache.ranger.entity.XXPolicyRefCondition;
import org.apache.ranger.entity.XXPolicyRefDataMaskType;
import org.apache.ranger.entity.XXPolicyRefGroup;
import org.apache.ranger.entity.XXPolicyRefResource;
import org.apache.ranger.entity.XXPolicyRefRole;
import org.apache.ranger.entity.XXPolicyRefUser;
import org.apache.ranger.entity.XXResourceDef;
import org.apache.ranger.entity.XXRole;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.service.RangerAuditFields;
import org.apache.ranger.service.RangerTransactionService;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/ranger/biz/PolicyRefUpdater.class */
public class PolicyRefUpdater {
    private static final Log LOG = LogFactory.getLog(PolicyRefUpdater.class);

    @Autowired
    RangerDaoManager daoMgr;

    @Autowired
    RangerAuditFields<?> rangerAuditFields;

    @Autowired
    XUserMgr xUserMgr;

    @Autowired
    XUserService xUserService;

    @Autowired
    RoleDBStore roleStore;

    @Autowired
    RangerBizUtil rangerBizUtil;

    @Autowired
    XGroupService xGroupService;

    @Autowired
    RangerTransactionSynchronizationAdapter rangerTransactionSynchronizationAdapter;

    @Autowired
    RangerTransactionService transactionService;

    @Autowired
    RESTErrorUtil restErrorUtil;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ranger/biz/PolicyRefUpdater$PolicyGroupCreateContext.class */
    public static final class PolicyGroupCreateContext {
        final VXGroup group;
        final XXPolicy xPolicy;

        PolicyGroupCreateContext(VXGroup vXGroup, XXPolicy xXPolicy) {
            this.group = vXGroup;
            this.xPolicy = xXPolicy;
        }

        public String toString() {
            return "{group=" + this.group + ", xPolicy=" + this.xPolicy + "}";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ranger/biz/PolicyRefUpdater$PolicyUserCreateContext.class */
    public static final class PolicyUserCreateContext {
        final String userName;
        final XXPolicy xPolicy;

        PolicyUserCreateContext(String str, XXPolicy xXPolicy) {
            this.userName = str;
            this.xPolicy = xXPolicy;
        }

        public String toString() {
            return "{userName=" + this.userName + ", xPolicy=" + this.xPolicy + "}";
        }
    }

    public void createNewPolMappingForRefTable(RangerPolicy rangerPolicy, XXPolicy xXPolicy, XXServiceDef xXServiceDef, RangerService rangerService) throws Exception {
        Long createRoleForPolicy;
        if (rangerPolicy == null) {
            return;
        }
        cleanupRefTables(rangerPolicy);
        Set<String> keySet = rangerPolicy.getResources().keySet();
        HashSet<String> hashSet = new HashSet();
        HashSet<String> hashSet2 = new HashSet();
        HashSet<String> hashSet3 = new HashSet();
        HashSet<String> hashSet4 = new HashSet();
        HashSet<String> hashSet5 = new HashSet();
        HashSet<String> hashSet6 = new HashSet();
        boolean isBulkMode = RangerBizUtil.isBulkMode();
        List conditions = rangerPolicy.getConditions();
        if (CollectionUtils.isNotEmpty(conditions)) {
            Iterator it = conditions.iterator();
            while (it.hasNext()) {
                hashSet5.add(((RangerPolicy.RangerPolicyItemCondition) it.next()).getType());
            }
        }
        for (List<? extends RangerPolicy.RangerPolicyItem> list : getAllPolicyItems(rangerPolicy)) {
            if (!CollectionUtils.isEmpty(list)) {
                Iterator<? extends RangerPolicy.RangerPolicyItem> it2 = list.iterator();
                while (it2.hasNext()) {
                    RangerPolicy.RangerDataMaskPolicyItem rangerDataMaskPolicyItem = (RangerPolicy.RangerPolicyItem) it2.next();
                    hashSet.addAll(rangerDataMaskPolicyItem.getRoles());
                    hashSet2.addAll(rangerDataMaskPolicyItem.getGroups());
                    hashSet3.addAll(rangerDataMaskPolicyItem.getUsers());
                    if (CollectionUtils.isNotEmpty(rangerDataMaskPolicyItem.getAccesses())) {
                        Iterator it3 = rangerDataMaskPolicyItem.getAccesses().iterator();
                        while (it3.hasNext()) {
                            hashSet4.add(((RangerPolicy.RangerPolicyItemAccess) it3.next()).getType());
                        }
                    }
                    if (CollectionUtils.isNotEmpty(rangerDataMaskPolicyItem.getConditions())) {
                        Iterator it4 = rangerDataMaskPolicyItem.getConditions().iterator();
                        while (it4.hasNext()) {
                            hashSet5.add(((RangerPolicy.RangerPolicyItemCondition) it4.next()).getType());
                        }
                    }
                    if (rangerDataMaskPolicyItem instanceof RangerPolicy.RangerDataMaskPolicyItem) {
                        hashSet6.add(rangerDataMaskPolicyItem.getDataMaskInfo().getDataMaskType());
                    }
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        for (String str : keySet) {
            XXResourceDef findByNameAndPolicyId = this.daoMgr.getXXResourceDef().findByNameAndPolicyId(str, rangerPolicy.getId());
            if (findByNameAndPolicyId == null) {
                throw new Exception(str + ": is not a valid resource-type. policy='" + rangerPolicy.getName() + "' service='" + rangerPolicy.getService() + "'");
            }
            XXPolicyRefResource xXPolicyRefResource = (XXPolicyRefResource) this.rangerAuditFields.populateAuditFields(new XXPolicyRefResource(), xXPolicy);
            xXPolicyRefResource.setPolicyId(rangerPolicy.getId());
            xXPolicyRefResource.setResourceDefId(findByNameAndPolicyId.getId());
            xXPolicyRefResource.setResourceName(str);
            arrayList.add(xXPolicyRefResource);
        }
        this.daoMgr.getXXPolicyRefResource().batchCreate(arrayList);
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : hashSet) {
            if (!StringUtils.isBlank(str2)) {
                XXRole findByRoleName = this.daoMgr.getXXRole().findByRoleName(str2);
                if (findByRoleName != null) {
                    createRoleForPolicy = findByRoleName.getId();
                } else {
                    RangerBizUtil.setBulkMode(false);
                    createRoleForPolicy = createRoleForPolicy(str2, rangerService);
                }
                Long l = createRoleForPolicy;
                XXPolicyRefRole xXPolicyRefRole = (XXPolicyRefRole) this.rangerAuditFields.populateAuditFields(new XXPolicyRefRole(), xXPolicy);
                xXPolicyRefRole.setPolicyId(rangerPolicy.getId());
                xXPolicyRefRole.setRoleId(l);
                xXPolicyRefRole.setRoleName(str2);
                arrayList2.add(xXPolicyRefRole);
            }
        }
        RangerBizUtil.setBulkMode(isBulkMode);
        this.daoMgr.getXXPolicyRefRole().batchCreate(arrayList2);
        for (String str3 : hashSet2) {
            if (!StringUtils.isBlank(str3)) {
                XXGroup findByGroupName = this.daoMgr.getXXGroup().findByGroupName(str3);
                if (findByGroupName != null) {
                    groupPolicyAssociation(xXPolicy, findByGroupName.getId(), str3);
                } else {
                    if (!this.rangerBizUtil.checkAdminAccess() && !this.rangerBizUtil.isUserServiceAdmin(rangerService, this.rangerBizUtil.getCurrentUserLoginId())) {
                        VXResponse vXResponse = new VXResponse();
                        vXResponse.setStatusCode(400);
                        vXResponse.setMsgDesc("Operation denied. Group name: " + str3 + " specified in policy does not exist in ranger admin.");
                        throw this.restErrorUtil.generateRESTException(vXResponse);
                    }
                    createGroupForPolicy(str3, xXPolicy);
                }
            }
        }
        new ArrayList();
        for (String str4 : hashSet3) {
            if (!StringUtils.isBlank(str4)) {
                XXUser findByUserName = this.daoMgr.getXXUser().findByUserName(str4);
                if (findByUserName != null) {
                    userPolicyAssociation(xXPolicy, findByUserName.getId(), str4);
                } else {
                    if (!this.rangerBizUtil.checkAdminAccess() && !this.rangerBizUtil.isUserServiceAdmin(rangerService, this.rangerBizUtil.getCurrentUserLoginId())) {
                        VXResponse vXResponse2 = new VXResponse();
                        vXResponse2.setStatusCode(400);
                        vXResponse2.setMsgDesc("Operation denied. User name: " + str4 + " specified in policy does not exist in ranger admin.");
                        throw this.restErrorUtil.generateRESTException(vXResponse2);
                    }
                    createUserForPolicy(str4, xXPolicy);
                }
            }
        }
        ArrayList arrayList3 = new ArrayList();
        for (String str5 : hashSet4) {
            XXAccessTypeDef findByNameAndServiceId = this.daoMgr.getXXAccessTypeDef().findByNameAndServiceId(str5, xXPolicy.getService());
            if (findByNameAndServiceId == null) {
                throw new Exception(str5 + ": is not a valid access-type. policy='" + rangerPolicy.getName() + "' service='" + rangerPolicy.getService() + "'");
            }
            XXPolicyRefAccessType xXPolicyRefAccessType = (XXPolicyRefAccessType) this.rangerAuditFields.populateAuditFields(new XXPolicyRefAccessType(), xXPolicy);
            xXPolicyRefAccessType.setPolicyId(rangerPolicy.getId());
            xXPolicyRefAccessType.setAccessDefId(findByNameAndServiceId.getId());
            xXPolicyRefAccessType.setAccessTypeName(str5);
            arrayList3.add(xXPolicyRefAccessType);
        }
        this.daoMgr.getXXPolicyRefAccessType().batchCreate(arrayList3);
        ArrayList arrayList4 = new ArrayList();
        for (String str6 : hashSet5) {
            XXPolicyConditionDef findByServiceDefIdAndName = this.daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xXServiceDef.getId(), str6);
            if (findByServiceDefIdAndName == null) {
                throw new Exception(str6 + ": is not a valid condition-type. policy='" + xXPolicy.getName() + "' service='" + xXPolicy.getService() + "'");
            }
            XXPolicyRefCondition xXPolicyRefCondition = (XXPolicyRefCondition) this.rangerAuditFields.populateAuditFields(new XXPolicyRefCondition(), xXPolicy);
            xXPolicyRefCondition.setPolicyId(rangerPolicy.getId());
            xXPolicyRefCondition.setConditionDefId(findByServiceDefIdAndName.getId());
            xXPolicyRefCondition.setConditionName(str6);
            arrayList4.add(xXPolicyRefCondition);
        }
        this.daoMgr.getXXPolicyRefCondition().batchCreate(arrayList4);
        ArrayList arrayList5 = new ArrayList();
        for (String str7 : hashSet6) {
            XXDataMaskTypeDef findByNameAndServiceId2 = this.daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(str7, xXPolicy.getService());
            if (findByNameAndServiceId2 == null) {
                throw new Exception(str7 + ": is not a valid datamask-type. policy='" + rangerPolicy.getName() + "' service='" + rangerPolicy.getService() + "'");
            }
            XXPolicyRefDataMaskType xXPolicyRefDataMaskType = new XXPolicyRefDataMaskType();
            xXPolicyRefDataMaskType.setPolicyId(rangerPolicy.getId());
            xXPolicyRefDataMaskType.setDataMaskDefId(findByNameAndServiceId2.getId());
            xXPolicyRefDataMaskType.setDataMaskTypeName(str7);
            arrayList5.add(xXPolicyRefDataMaskType);
        }
        this.daoMgr.getXXPolicyRefDataMaskType().batchCreate(arrayList5);
    }

    public Boolean cleanupRefTables(RangerPolicy rangerPolicy) {
        Long id = rangerPolicy == null ? null : rangerPolicy.getId();
        if (id == null) {
            return false;
        }
        this.daoMgr.getXXPolicyRefResource().deleteByPolicyId(id);
        this.daoMgr.getXXPolicyRefRole().deleteByPolicyId(id);
        this.daoMgr.getXXPolicyRefGroup().deleteByPolicyId(id);
        this.daoMgr.getXXPolicyRefUser().deleteByPolicyId(id);
        this.daoMgr.getXXPolicyRefAccessType().deleteByPolicyId(id);
        this.daoMgr.getXXPolicyRefCondition().deleteByPolicyId(id);
        this.daoMgr.getXXPolicyRefDataMaskType().deleteByPolicyId(id);
        return true;
    }

    public static List<List<? extends RangerPolicy.RangerPolicyItem>> getAllPolicyItems(RangerPolicy rangerPolicy) {
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isNotEmpty(rangerPolicy.getPolicyItems())) {
            arrayList.add(rangerPolicy.getPolicyItems());
        }
        if (CollectionUtils.isNotEmpty(rangerPolicy.getDenyPolicyItems())) {
            arrayList.add(rangerPolicy.getDenyPolicyItems());
        }
        if (CollectionUtils.isNotEmpty(rangerPolicy.getAllowExceptions())) {
            arrayList.add(rangerPolicy.getAllowExceptions());
        }
        if (CollectionUtils.isNotEmpty(rangerPolicy.getDenyExceptions())) {
            arrayList.add(rangerPolicy.getDenyExceptions());
        }
        if (CollectionUtils.isNotEmpty(rangerPolicy.getDataMaskPolicyItems())) {
            arrayList.add(rangerPolicy.getDataMaskPolicyItems());
        }
        if (CollectionUtils.isNotEmpty(rangerPolicy.getRowFilterPolicyItems())) {
            arrayList.add(rangerPolicy.getRowFilterPolicyItems());
        }
        return arrayList;
    }

    private void createUserForPolicy(String str, XXPolicy xXPolicy) {
        LOG.warn("User specified in policy does not exist in ranger admin, creating new user, User = " + str);
        final PolicyUserCreateContext policyUserCreateContext = new PolicyUserCreateContext(str, xXPolicy);
        this.rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.1
            @Override // java.lang.Runnable
            public void run() {
                PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.1.1
                    @Override // java.lang.Runnable
                    public void run() {
                        PolicyRefUpdater.this.doCreateAndAssociatePolicyUser(policyUserCreateContext);
                    }
                }, 0L);
            }
        });
    }

    private void createGroupForPolicy(String str, XXPolicy xXPolicy) {
        LOG.warn("Group specified in policy does not exist in ranger admin, creating new group, Group = " + str);
        VXGroup vXGroup = new VXGroup();
        vXGroup.setName(str);
        vXGroup.setDescription(str);
        vXGroup.setGroupSource(1);
        final PolicyGroupCreateContext policyGroupCreateContext = new PolicyGroupCreateContext(vXGroup, xXPolicy);
        this.rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.2
            @Override // java.lang.Runnable
            public void run() {
                PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.2.1
                    @Override // java.lang.Runnable
                    public void run() {
                        PolicyRefUpdater.this.doCreateAndAssociatePolicyGroup(policyGroupCreateContext);
                    }
                }, 0L);
            }
        });
    }

    private Long createRoleForPolicy(String str, RangerService rangerService) throws Exception {
        LOG.warn("Role specified in policy does not exist in ranger admin, creating new role = " + str);
        if (this.rangerBizUtil.checkAdminAccess() || this.rangerBizUtil.isUserServiceAdmin(rangerService, this.rangerBizUtil.getCurrentUserLoginId())) {
            return this.roleStore.createRole(new RangerRole(str, (String) null, (Map) null, (List) null, (List) null), false).getId();
        }
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(400);
        vXResponse.setMsgDesc("Operation denied. Role name: " + str + " specified in policy does not exist in ranger admin.");
        throw this.restErrorUtil.generateRESTException(vXResponse);
    }

    public void groupPolicyAssociation(XXPolicy xXPolicy, Long l, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> PolicyRefUpdater.groupPolicyAssociation()");
        }
        XXPolicyRefGroup xXPolicyRefGroup = (XXPolicyRefGroup) this.rangerAuditFields.populateAuditFields(new XXPolicyRefGroup(), xXPolicy);
        xXPolicyRefGroup.setPolicyId(xXPolicy.getId());
        xXPolicyRefGroup.setGroupId(l);
        xXPolicyRefGroup.setGroupName(str);
        this.daoMgr.getXXPolicyRefGroup().create(xXPolicyRefGroup);
    }

    void doAssociatePolicyGroup(PolicyGroupCreateContext policyGroupCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> PolicyRefUpdater.doAssociatePolicyGroup()");
        }
        XXGroup findByGroupName = this.daoMgr.getXXGroup().findByGroupName(policyGroupCreateContext.group.getName());
        if (findByGroupName == null) {
            LOG.error("No Group created!! Irrecoverable error! PolicyGroupContext:[" + policyGroupCreateContext + "]");
            return;
        }
        try {
            groupPolicyAssociation(policyGroupCreateContext.xPolicy, findByGroupName.getId(), policyGroupCreateContext.group.getName());
        } catch (Exception e) {
            LOG.error("Failed to associate group and policy, PolicyGroupContext:[" + policyGroupCreateContext + "]", e);
        }
    }

    void doCreateAndAssociatePolicyGroup(final PolicyGroupCreateContext policyGroupCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> PolicyRefUpdater.doCreateAndAssociatePolicyGroup()");
        }
        XXGroup findByGroupName = this.daoMgr.getXXGroup().findByGroupName(policyGroupCreateContext.group.getName());
        if (findByGroupName != null) {
            groupPolicyAssociation(policyGroupCreateContext.xPolicy, findByGroupName.getId(), policyGroupCreateContext.group.getName());
            return;
        }
        try {
            try {
                VXGroup createXGroupWithOutLogin = this.xGroupService.createXGroupWithOutLogin(policyGroupCreateContext.group);
                if (null != createXGroupWithOutLogin) {
                    List<XXTrxLog> transactionLog = this.xGroupService.getTransactionLog(createXGroupWithOutLogin, "create");
                    for (XXTrxLog xXTrxLog : transactionLog) {
                        xXTrxLog.setAddedByUserId(policyGroupCreateContext.xPolicy.getAddedByUserId());
                        xXTrxLog.setUpdatedByUserId(policyGroupCreateContext.xPolicy.getAddedByUserId());
                    }
                    this.rangerBizUtil.createTrxLog(transactionLog);
                }
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.3
                    @Override // java.lang.Runnable
                    public void run() {
                        PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.3.1
                            @Override // java.lang.Runnable
                            public void run() {
                                PolicyRefUpdater.this.doAssociatePolicyGroup(policyGroupCreateContext);
                            }
                        }, 0L);
                    }
                });
            } catch (Exception e) {
                LOG.error("Failed to create Group or to associate group and policy, PolicyGroupContext:[" + policyGroupCreateContext + "]", e);
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.3
                    @Override // java.lang.Runnable
                    public void run() {
                        PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.3.1
                            @Override // java.lang.Runnable
                            public void run() {
                                PolicyRefUpdater.this.doAssociatePolicyGroup(policyGroupCreateContext);
                            }
                        }, 0L);
                    }
                });
            }
        } catch (Throwable th) {
            this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.3
                @Override // java.lang.Runnable
                public void run() {
                    PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.3.1
                        @Override // java.lang.Runnable
                        public void run() {
                            PolicyRefUpdater.this.doAssociatePolicyGroup(policyGroupCreateContext);
                        }
                    }, 0L);
                }
            });
            throw th;
        }
    }

    public void userPolicyAssociation(XXPolicy xXPolicy, Long l, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> PolicyRefUpdater.userPolicyAssociation()");
        }
        XXPolicyRefUser xXPolicyRefUser = (XXPolicyRefUser) this.rangerAuditFields.populateAuditFields(new XXPolicyRefUser(), xXPolicy);
        xXPolicyRefUser.setPolicyId(xXPolicy.getId());
        xXPolicyRefUser.setUserId(l);
        xXPolicyRefUser.setUserName(str);
        this.daoMgr.getXXPolicyRefUser().create(xXPolicyRefUser);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<=== PolicyRefUpdater.userPolicyAssociation()");
        }
    }

    void doAssociatePolicyUser(PolicyUserCreateContext policyUserCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> PolicyRefUpdater.doAssociatePolicyUser()");
        }
        XXUser findByUserName = this.daoMgr.getXXUser().findByUserName(policyUserCreateContext.userName);
        if (findByUserName == null) {
            LOG.error("No User created!! Irrecoverable error! PolicyUserContext:[" + policyUserCreateContext + "]");
            return;
        }
        try {
            userPolicyAssociation(policyUserCreateContext.xPolicy, findByUserName.getId(), policyUserCreateContext.userName);
        } catch (Exception e) {
            LOG.error("Failed to associate user and policy, PolicyUserContext:[" + policyUserCreateContext + "]", e);
        }
    }

    void doCreateAndAssociatePolicyUser(final PolicyUserCreateContext policyUserCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> PolicyRefUpdater.doCreateAndAssociatePolicyUser()");
        }
        XXUser findByUserName = this.daoMgr.getXXUser().findByUserName(policyUserCreateContext.userName);
        try {
            if (findByUserName != null) {
                userPolicyAssociation(policyUserCreateContext.xPolicy, findByUserName.getId(), policyUserCreateContext.userName);
                return;
            }
            try {
                this.xUserMgr.createServiceConfigUser(policyUserCreateContext.userName);
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.4
                    @Override // java.lang.Runnable
                    public void run() {
                        PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.4.1
                            @Override // java.lang.Runnable
                            public void run() {
                                PolicyRefUpdater.this.doAssociatePolicyUser(policyUserCreateContext);
                            }
                        }, 0L);
                    }
                });
            } catch (Exception e) {
                LOG.error("Failed to create User or to associate user and policy, PolicyUserContext:[" + policyUserCreateContext + "]", e);
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.4
                    @Override // java.lang.Runnable
                    public void run() {
                        PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.4.1
                            @Override // java.lang.Runnable
                            public void run() {
                                PolicyRefUpdater.this.doAssociatePolicyUser(policyUserCreateContext);
                            }
                        }, 0L);
                    }
                });
            }
        } catch (Throwable th) {
            this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.4
                @Override // java.lang.Runnable
                public void run() {
                    PolicyRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.PolicyRefUpdater.4.1
                        @Override // java.lang.Runnable
                        public void run() {
                            PolicyRefUpdater.this.doAssociatePolicyUser(policyUserCreateContext);
                        }
                    }, 0L);
                }
            });
            throw th;
        }
    }
}
