package org.apache.ranger.biz;

import java.util.HashSet;
import java.util.Iterator;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.db.XXRoleRefGroupDao;
import org.apache.ranger.db.XXRoleRefRoleDao;
import org.apache.ranger.db.XXRoleRefUserDao;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXRole;
import org.apache.ranger.entity.XXRoleRefGroup;
import org.apache.ranger.entity.XXRoleRefRole;
import org.apache.ranger.entity.XXRoleRefUser;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.service.RangerAuditFields;
import org.apache.ranger.service.RangerTransactionService;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXGroup;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/ranger/biz/RoleRefUpdater.class */
public class RoleRefUpdater {
    private static final Log LOG = LogFactory.getLog(RoleRefUpdater.class);

    @Autowired
    RangerDaoManager daoMgr;

    @Autowired
    RangerAuditFields<?> rangerAuditFields;

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    XUserMgr xUserMgr;

    @Autowired
    XUserService xUserService;

    @Autowired
    XGroupService xGroupService;

    @Autowired
    RangerTransactionSynchronizationAdapter rangerTransactionSynchronizationAdapter;

    @Autowired
    RangerTransactionService transactionService;

    @Autowired
    RangerBizUtil xaBizUtil;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ranger/biz/RoleRefUpdater$RoleGroupCreateContext.class */
    public static final class RoleGroupCreateContext {
        final VXGroup group;
        final Long roleId;

        RoleGroupCreateContext(VXGroup vXGroup, Long l) {
            this.group = vXGroup;
            this.roleId = l;
        }

        public String toString() {
            return "{group=" + this.group + ", roleId=" + this.roleId + "}";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ranger/biz/RoleRefUpdater$RoleUserCreateContext.class */
    public static final class RoleUserCreateContext {
        final String userName;
        final Long roleId;

        RoleUserCreateContext(String str, Long l) {
            this.userName = str;
            this.roleId = l;
        }

        public String toString() {
            return "{userName=" + this.userName + ", roleId=" + this.roleId + "}";
        }
    }

    public void createNewRoleMappingForRefTable(RangerRole rangerRole, Boolean bool) throws Exception {
        if (rangerRole == null) {
            return;
        }
        cleanupRefTables(rangerRole);
        Long id = rangerRole.getId();
        HashSet<String> hashSet = new HashSet();
        HashSet<String> hashSet2 = new HashSet();
        HashSet<String> hashSet3 = new HashSet();
        Iterator it = rangerRole.getUsers().iterator();
        while (it.hasNext()) {
            hashSet.add(((RangerRole.RoleMember) it.next()).getName());
        }
        Iterator it2 = rangerRole.getGroups().iterator();
        while (it2.hasNext()) {
            hashSet2.add(((RangerRole.RoleMember) it2.next()).getName());
        }
        Iterator it3 = rangerRole.getRoles().iterator();
        while (it3.hasNext()) {
            hashSet3.add(((RangerRole.RoleMember) it3.next()).getName());
        }
        if (CollectionUtils.isNotEmpty(hashSet)) {
            for (String str : hashSet) {
                if (!StringUtils.isBlank(str)) {
                    Long l = null;
                    XXUser findByUserName = this.daoMgr.getXXUser().findByUserName(str);
                    if (findByUserName != null) {
                        l = findByUserName.getId();
                    } else {
                        if (!bool.booleanValue() || !this.xaBizUtil.checkAdminAccess()) {
                            throw this.restErrorUtil.createRESTException("user with name: " + str + " does not exist ", MessageEnums.INVALID_INPUT_DATA);
                        }
                        LOG.warn("User specified in role does not exist in ranger admin, creating new user, User = " + str);
                        final RoleUserCreateContext roleUserCreateContext = new RoleUserCreateContext(str, id);
                        this.rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.1
                            @Override // java.lang.Runnable
                            public void run() {
                                RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.1.1
                                    @Override // java.lang.Runnable
                                    public void run() {
                                        RoleRefUpdater.this.doCreateAndAssociateRoleUser(roleUserCreateContext);
                                    }
                                }, 0L);
                            }
                        });
                    }
                    if (null != l) {
                        userRoleAssociation(id, l, str);
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(hashSet2)) {
            for (String str2 : hashSet2) {
                if (!StringUtils.isBlank(str2)) {
                    Long l2 = null;
                    XXGroup findByGroupName = this.daoMgr.getXXGroup().findByGroupName(str2);
                    if (findByGroupName != null) {
                        l2 = findByGroupName.getId();
                    } else {
                        if (!bool.booleanValue() || !this.xaBizUtil.checkAdminAccess()) {
                            throw this.restErrorUtil.createRESTException("group with name: " + str2 + " does not exist ", MessageEnums.INVALID_INPUT_DATA);
                        }
                        LOG.warn("Group specified in role does not exist in ranger admin, creating new group, Group = " + str2);
                        VXGroup vXGroup = new VXGroup();
                        vXGroup.setName(str2);
                        vXGroup.setDescription(str2);
                        vXGroup.setGroupSource(1);
                        final RoleGroupCreateContext roleGroupCreateContext = new RoleGroupCreateContext(vXGroup, id);
                        this.rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.2
                            @Override // java.lang.Runnable
                            public void run() {
                                RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.2.1
                                    @Override // java.lang.Runnable
                                    public void run() {
                                        RoleRefUpdater.this.doCreateAndAssociateRoleGroup(roleGroupCreateContext);
                                    }
                                }, 0L);
                            }
                        });
                    }
                    if (null != l2) {
                        groupRoleAssociation(id, l2, str2);
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(hashSet3)) {
            for (String str3 : hashSet3) {
                if (!StringUtils.isBlank(str3)) {
                    XXRole findByRoleName = this.daoMgr.getXXRole().findByRoleName(str3);
                    if (findByRoleName == null) {
                        throw this.restErrorUtil.createRESTException("Role with name: " + str3 + " does not exist ", MessageEnums.INVALID_INPUT_DATA);
                    }
                    XXRoleRefRole xXRoleRefRole = (XXRoleRefRole) this.rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefRole());
                    xXRoleRefRole.setRoleId(id);
                    xXRoleRefRole.setSubRoleId(findByRoleName.getId());
                    xXRoleRefRole.setSubRoleName(str3);
                    xXRoleRefRole.setSubRoleType(0);
                    this.daoMgr.getXXRoleRefRole().create(xXRoleRefRole);
                }
            }
        }
    }

    public Boolean cleanupRefTables(RangerRole rangerRole) {
        Long id = rangerRole.getId();
        if (id == null) {
            return false;
        }
        XXRoleRefUserDao xXRoleRefUser = this.daoMgr.getXXRoleRefUser();
        XXRoleRefGroupDao xXRoleRefGroup = this.daoMgr.getXXRoleRefGroup();
        XXRoleRefRoleDao xXRoleRefRole = this.daoMgr.getXXRoleRefRole();
        Iterator<XXRoleRefUser> it = xXRoleRefUser.findByRoleId(id).iterator();
        while (it.hasNext()) {
            xXRoleRefUser.remove((XXRoleRefUserDao) it.next());
        }
        Iterator<XXRoleRefGroup> it2 = xXRoleRefGroup.findByRoleId(id).iterator();
        while (it2.hasNext()) {
            xXRoleRefGroup.remove((XXRoleRefGroupDao) it2.next());
        }
        Iterator<XXRoleRefRole> it3 = xXRoleRefRole.findByRoleId(id).iterator();
        while (it3.hasNext()) {
            xXRoleRefRole.remove((XXRoleRefRoleDao) it3.next());
        }
        return true;
    }

    public void groupRoleAssociation(Long l, Long l2, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> groupRoleAssociation()");
        }
        XXRoleRefGroup xXRoleRefGroup = (XXRoleRefGroup) this.rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefGroup());
        xXRoleRefGroup.setRoleId(l);
        xXRoleRefGroup.setGroupId(l2);
        xXRoleRefGroup.setGroupName(str);
        xXRoleRefGroup.setGroupType(0);
        this.daoMgr.getXXRoleRefGroup().create(xXRoleRefGroup);
    }

    void doCreateAndAssociateRoleGroup(final RoleGroupCreateContext roleGroupCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> doCreateAndAssociateRoleGroup()");
        }
        XXGroup findByGroupName = this.daoMgr.getXXGroup().findByGroupName(roleGroupCreateContext.group.getName());
        try {
            if (findByGroupName != null) {
                groupRoleAssociation(roleGroupCreateContext.roleId, findByGroupName.getId(), roleGroupCreateContext.group.getName());
                return;
            }
            try {
                VXGroup createXGroupWithOutLogin = this.xGroupService.createXGroupWithOutLogin(roleGroupCreateContext.group);
                if (null != createXGroupWithOutLogin) {
                    this.xaBizUtil.createTrxLog(this.xGroupService.getTransactionLog(createXGroupWithOutLogin, "create"));
                }
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.3
                    @Override // java.lang.Runnable
                    public void run() {
                        RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.3.1
                            @Override // java.lang.Runnable
                            public void run() {
                                RoleRefUpdater.this.doAssociateRoleGroup(roleGroupCreateContext);
                            }
                        }, 0L);
                    }
                });
            } catch (Exception e) {
                LOG.error("Failed to create Group or to associate group and role, RoleGroupContext:[" + roleGroupCreateContext + "]", e);
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.3
                    @Override // java.lang.Runnable
                    public void run() {
                        RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.3.1
                            @Override // java.lang.Runnable
                            public void run() {
                                RoleRefUpdater.this.doAssociateRoleGroup(roleGroupCreateContext);
                            }
                        }, 0L);
                    }
                });
            }
        } catch (Throwable th) {
            this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.3
                @Override // java.lang.Runnable
                public void run() {
                    RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.3.1
                        @Override // java.lang.Runnable
                        public void run() {
                            RoleRefUpdater.this.doAssociateRoleGroup(roleGroupCreateContext);
                        }
                    }, 0L);
                }
            });
            throw th;
        }
    }

    void doAssociateRoleGroup(RoleGroupCreateContext roleGroupCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> doAssociateRoleGroup()");
        }
        XXGroup findByGroupName = this.daoMgr.getXXGroup().findByGroupName(roleGroupCreateContext.group.getName());
        if (findByGroupName == null) {
            LOG.error("No Group created!! Irrecoverable error! RoleGroupContext:[" + roleGroupCreateContext + "]");
            return;
        }
        try {
            groupRoleAssociation(roleGroupCreateContext.roleId, findByGroupName.getId(), roleGroupCreateContext.group.getName());
        } catch (Exception e) {
            LOG.error("Failed to associate group and role, RoleGroupContext:[" + roleGroupCreateContext + "]", e);
        }
    }

    public void userRoleAssociation(Long l, Long l2, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> userRoleAssociation()");
        }
        XXRoleRefUser xXRoleRefUser = (XXRoleRefUser) this.rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefUser());
        xXRoleRefUser.setRoleId(l);
        xXRoleRefUser.setUserId(l2);
        xXRoleRefUser.setUserName(str);
        xXRoleRefUser.setUserType(0);
        this.daoMgr.getXXRoleRefUser().create(xXRoleRefUser);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<=== userRoleAssociation()");
        }
    }

    void doCreateAndAssociateRoleUser(final RoleUserCreateContext roleUserCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> doCreateAndAssociateRoleUser()");
        }
        XXUser findByUserName = this.daoMgr.getXXUser().findByUserName(roleUserCreateContext.userName);
        try {
            if (findByUserName != null) {
                userRoleAssociation(roleUserCreateContext.roleId, findByUserName.getId(), roleUserCreateContext.userName);
                return;
            }
            try {
                this.xUserMgr.createServiceConfigUser(roleUserCreateContext.userName);
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.4
                    @Override // java.lang.Runnable
                    public void run() {
                        RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.4.1
                            @Override // java.lang.Runnable
                            public void run() {
                                RoleRefUpdater.this.doAssociateRoleUser(roleUserCreateContext);
                            }
                        }, 0L);
                    }
                });
            } catch (Exception e) {
                LOG.error("Failed to create User or to associate user and role, RoleUserContext:[" + roleUserCreateContext + "]", e);
                this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.4
                    @Override // java.lang.Runnable
                    public void run() {
                        RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.4.1
                            @Override // java.lang.Runnable
                            public void run() {
                                RoleRefUpdater.this.doAssociateRoleUser(roleUserCreateContext);
                            }
                        }, 0L);
                    }
                });
            }
        } catch (Throwable th) {
            this.rangerTransactionSynchronizationAdapter.executeOnTransactionCompletion(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.4
                @Override // java.lang.Runnable
                public void run() {
                    RoleRefUpdater.this.transactionService.scheduleToExecuteInOwnTransaction(new Runnable() { // from class: org.apache.ranger.biz.RoleRefUpdater.4.1
                        @Override // java.lang.Runnable
                        public void run() {
                            RoleRefUpdater.this.doAssociateRoleUser(roleUserCreateContext);
                        }
                    }, 0L);
                }
            });
            throw th;
        }
    }

    void doAssociateRoleUser(RoleUserCreateContext roleUserCreateContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===> doAssociateRoleUser()");
        }
        XXUser findByUserName = this.daoMgr.getXXUser().findByUserName(roleUserCreateContext.userName);
        if (findByUserName == null) {
            LOG.error("No User created!! Irrecoverable error! RoleUserContext:[" + roleUserCreateContext + "]");
            return;
        }
        try {
            userRoleAssociation(roleUserCreateContext.roleId, findByUserName.getId(), roleUserCreateContext.userName);
        } catch (Exception e) {
            LOG.error("Failed to associate user and role, RoleUserContext:[" + roleUserCreateContext + "]", e);
        }
    }
}
