package org.artifactory.storage.db.security.service.access;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSetMultimap;
import java.sql.SQLException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.artifactory.api.security.PasswordExpiryUser;
import org.artifactory.common.crypto.CryptoHelper;
import org.artifactory.common.home.ArtifactoryHome;
import org.artifactory.config.CentralConfigKey;
import org.artifactory.descriptor.config.CentralConfigDescriptor;
import org.artifactory.factory.InfoFactoryHolder;
import org.artifactory.md.Properties;
import org.artifactory.model.xstream.fs.PropertiesImpl;
import org.artifactory.model.xstream.security.UserImpl;
import org.artifactory.security.GroupInfo;
import org.artifactory.security.MutableGroupInfo;
import org.artifactory.security.MutableUserInfo;
import org.artifactory.security.SaltedPassword;
import org.artifactory.security.UserInfo;
import org.artifactory.security.UserPropertyInfo;
import org.artifactory.security.access.AccessService;
import org.artifactory.spring.Reloadable;
import org.artifactory.storage.StorageException;
import org.artifactory.storage.db.security.service.access.UserMapper;
import org.artifactory.storage.security.service.UserGroupStoreService;
import org.artifactory.version.CompoundVersionDetails;
import org.jfrog.access.client.AccessClient;
import org.jfrog.access.client.AccessClientHttpException;
import org.jfrog.access.client.user.FindUsersRequest;
import org.jfrog.access.client.user.UsersClient;
import org.jfrog.access.model.UserStatus;
import org.jfrog.access.rest.group.ManageGroupMembersRequest;
import org.jfrog.access.rest.user.UpdateUserRequest;
import org.jfrog.access.rest.user.User;
import org.jfrog.access.rest.user.UserBase;
import org.jfrog.access.rest.user.UserRequest;
import org.jfrog.common.ThrowingFunction;
import org.jfrog.common.config.diff.DataDiff;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
@Reloadable(beanClass = UserGroupStoreService.class, initAfter = {AccessService.class}, listenOn = {CentralConfigKey.none})
/* loaded from: input_file:org/artifactory/storage/db/security/service/access/AccessUserGroupStoreService.class */
public class AccessUserGroupStoreService implements UserGroupStoreService {
    private static final Logger log = LoggerFactory.getLogger(AccessUserGroupStoreService.class);

    @Autowired
    private AccessService accessService;
    public static final String REMEMBER_ME_SCOPE = "authentication:remember-me";

    /* loaded from: input_file:org/artifactory/storage/db/security/service/access/AccessUserGroupStoreService$GroupFilter.class */
    public enum GroupFilter {
        ALL(groupInfo -> {
            return true;
        }),
        ADMIN((v0) -> {
            return v0.isAdminPrivileges();
        }),
        DEFAULTS((v0) -> {
            return v0.isNewUserDefault();
        }),
        EXTERNAL(groupInfo2 -> {
            return !"internal".equals(groupInfo2.getRealm());
        }),
        INTERNAL(groupInfo3 -> {
            return groupInfo3.getRealm() == null || groupInfo3.getRealm().equals("internal");
        });

        public final Predicate<GroupInfo> filterFunction;

        GroupFilter(Predicate predicate) {
            this.filterFunction = predicate;
        }
    }

    public boolean createUser(UserInfo userInfo) {
        return createUserWithProperties(userInfo, false);
    }

    public boolean createUserWithProperties(UserInfo userInfo, boolean z) {
        if (userExists(userInfo.getUsername())) {
            return false;
        }
        getClient().users().createUser(UserMapper.toAccessUser(copyUser(userInfo), z));
        return true;
    }

    public void updateUser(MutableUserInfo mutableUserInfo) {
        if (!Strings.isNullOrEmpty(mutableUserInfo.getPassword())) {
            getClient().token().revokeAllForUserAndScope(mutableUserInfo.getUsername(), REMEMBER_ME_SCOPE);
        }
        getClient().users().updateUser(UserMapper.toUpdateUserRequest(copyUser(mutableUserInfo), true));
    }

    private UserImpl copyUser(UserInfo userInfo) {
        return new UserImpl(userInfo);
    }

    public UserInfo findUser(String str) {
        return (UserInfo) findUserInternal(str, true).map(UserMapper::toArtifactoryUser).map((v0) -> {
            return UserPropertiesSearchHelper.decryptUserProperties(v0);
        }).orElse(null);
    }

    private Optional<? extends UserBase> findUserInternal(String str, boolean z) {
        UsersClient users = getClient().users();
        return (Optional) this.accessService.ensureAuth(() -> {
            return z ? users.findUserWithGroupsByUsername(str) : users.findUserByUsername(str);
        });
    }

    public void deleteAllGroupsAndUsers() {
        getAllGroups().forEach(groupInfo -> {
            getClient().groups().deleteGroup(groupInfo.getGroupName());
        });
        getAllUsers(true, false).forEach(userInfo -> {
            getClient().users().deleteUser(userInfo.getUsername());
        });
    }

    public boolean adminUserExists() {
        return CollectionUtils.isNotEmpty(getClient().users().findUsersByCustomData(UserMapper.ArtifactoryBuiltInUserProperty.artifactory_admin.name(), "true", true).getUsers());
    }

    public boolean userExists(String str) {
        return findUserInternal(str, false).isPresent();
    }

    public void deleteUser(String str) {
        try {
            getClient().users().deleteUser(str);
        } catch (AccessClientHttpException e) {
            if (e.getStatusCode() != 404) {
                throw e;
            }
        }
    }

    @Nullable
    public UserInfo findUserByProperty(String str, String str2, boolean z) {
        return UserPropertiesSearchHelper.findUserByProperty(getClient(), str, str2, z);
    }

    @Nullable
    public String findUserProperty(String str, String str2) {
        UserInfo findUser = findUser(str);
        if (findUser != null) {
            return (String) findUser.getUserProperty(str2).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).map(str3 -> {
                return CryptoHelper.decryptIfNeeded(ArtifactoryHome.get(), str3);
            }).orElse(null);
        }
        log.debug("User {} doesn't exist. Cannot find property", str);
        return null;
    }

    public boolean addUserProperty(String str, String str2, String str3) {
        if (!userExists(str)) {
            log.debug("User {} doesn't exist. Cannot add property", str);
            return false;
        }
        UpdateUserRequest create = UpdateUserRequest.create();
        create.username(str).addCustomData(str2, str3, true);
        UserPropertiesSearchHelper.addSearchablePropIfNeeded(create, str2, str3);
        getClient().users().updateUser(create);
        return true;
    }

    public boolean deleteUserProperty(String str, String str2) {
        if (!userExists(str)) {
            log.debug("User {} doesn't exist. Cannot delete property {}", str, str2);
            return false;
        }
        UserInfo findUser = findUser(str);
        if (findUser != null) {
            return deleteUserProperty(findUser, str2);
        }
        log.debug("User {} doesn't exist. Cannot delete property {}", str, str2);
        return false;
    }

    private boolean deleteUserProperty(UserInfo userInfo, String str) {
        if (!userInfo.getUserProperty(str).isPresent()) {
            log.debug("User {} doesn't have the specified property: {}.", userInfo.getUsername(), str);
            return false;
        }
        UpdateUserRequest create = UpdateUserRequest.create();
        create.username(userInfo.getUsername()).addCustomData(str, (String) null);
        UserPropertiesSearchHelper.deleteSearchablePropIfNeeded(create, str);
        getClient().users().updateUser(create);
        return true;
    }

    public void deletePropertyFromAllUsers(String str) {
        getClient().users().findUsersByCustomData(str, true).getUsers().stream().map((v0) -> {
            return UserMapper.toArtifactoryUser(v0);
        }).forEach(mutableUserInfo -> {
            deleteUserProperty((UserInfo) mutableUserInfo, str);
        });
    }

    public Properties findPropertiesForUser(String str) {
        UserInfo findUser = findUser(str);
        if (findUser == null) {
            log.debug("User {} not found. Returning empty properties", str);
            return new PropertiesImpl();
        }
        PropertiesImpl propertiesImpl = new PropertiesImpl();
        for (UserPropertyInfo userPropertyInfo : findUser.getUserProperties()) {
            propertiesImpl.put(userPropertyInfo.getPropKey(), CryptoHelper.decryptIfNeeded(ArtifactoryHome.get(), userPropertyInfo.getPropValue()));
        }
        return propertiesImpl;
    }

    public List<UserInfo> getAllUsers(boolean z, boolean z2) {
        return getAllUsers(z, z2, true);
    }

    private List<UserInfo> getAllUsers(boolean z, boolean z2, boolean z3) {
        Stream filter = getAllUsersInternal(z2).stream().map((v0) -> {
            return UserMapper.toArtifactoryUser(v0);
        }).map((v0) -> {
            return UserPropertiesSearchHelper.decryptUserProperties(v0);
        }).filter(userInfo -> {
            return z || !userInfo.isAdmin();
        });
        if (z3) {
            List<String> allAdminGroupsNames = getAllAdminGroupsNames();
            filter = filter.map(userInfo2 -> {
                boolean anyMatch = userInfo2.getGroups().stream().anyMatch(userGroupInfo -> {
                    return allAdminGroupsNames.contains(userGroupInfo.getGroupName());
                });
                MutableUserInfo copyUser = InfoFactoryHolder.get().copyUser(userInfo2);
                copyUser.setGroupAdmin(Boolean.valueOf(anyMatch));
                return copyUser;
            });
        }
        return (List) filter.collect(Collectors.toList());
    }

    public Map<String, Boolean> getAllUsersAndAdminStatus(boolean z) {
        return (Map) getAllUsers(true, false, true).stream().filter(userInfo -> {
            return !z || userInfo.isEffectiveAdmin();
        }).collect(Collectors.toMap((v0) -> {
            return v0.getUsername();
        }, (v0) -> {
            return v0.isEffectiveAdmin();
        }));
    }

    public List<String> getAllAdminGroupsNames() {
        return (List) getGroupsByFilter(GroupFilter.ADMIN).stream().map((v0) -> {
            return v0.getGroupName();
        }).collect(Collectors.toList());
    }

    private List<User> getAllUsersInternal(boolean z) {
        return !z ? getClient().users().findUsers().getUsers() : getClient().users().findUsers(new FindUsersRequest().expand(UserRequest.Expand.passwords).expand(UserRequest.Expand.encryptedData)).getUsers();
    }

    public ImmutableSetMultimap<String, String> getAllUsersInGroups() {
        ImmutableSetMultimap.Builder builder = ImmutableSetMultimap.builder();
        getAllUsers(true, false).forEach(userInfo -> {
            builder.putAll(userInfo.getUsername(), (Iterable) userInfo.getGroups().stream().map((v0) -> {
                return v0.getGroupName();
            }).collect(Collectors.toList()));
        });
        return builder.build();
    }

    public void updateUserLastLogin(String str, long j, String str2) {
        getClient().users().replaceUserLastLogin(str, j, str2);
    }

    public void lockUser(@Nonnull String str) {
        handleLockException(r7 -> {
            return patchUser(createUpdateUserRequest(str, updateUserRequest -> {
                return updateUserRequest.status(UserStatus.LOCKED);
            }));
        }, str, "lock");
    }

    public void unlockUser(@Nonnull String str) {
        handleLockException(r7 -> {
            return patchUser(createUpdateUserRequest(str, updateUserRequest -> {
                return updateUserRequest.status(UserStatus.ENABLED);
            }));
        }, str, "unlock");
    }

    private void handleLockException(ThrowingFunction<Void, User, Exception> throwingFunction, String str, String str2) {
        try {
            throwingFunction.apply((Object) null);
        } catch (Exception e) {
            throwStorageException(str, str2, e);
        } catch (AccessClientHttpException e2) {
            if (e2.getStatusCode() == 404) {
                log.debug("User {} to {} not found. Ignoring", str, str2);
            } else {
                throwStorageException(str, str2, e2);
            }
        }
    }

    private void throwStorageException(String str, String str2, Exception exc) {
        log.debug("Could not {} user {}, cause: {}", new Object[]{str2, str, exc});
        throw new StorageException("Could not lock user " + str + ", reason: " + exc.getMessage());
    }

    public boolean isUserLocked(String str) {
        Optional<U> map = findUserInternal(str, false).map((v0) -> {
            return v0.getStatus();
        });
        UserStatus userStatus = UserStatus.LOCKED;
        Objects.requireNonNull(userStatus);
        return ((Boolean) map.map((v1) -> {
            return r1.equals(v1);
        }).orElse(false)).booleanValue();
    }

    private AccessClient getClient() {
        return this.accessService.getAccessClient();
    }

    public void unlockAllUsers() {
        getLockedUsers().forEach(this::unlockUser);
    }

    public void unlockAdminUsers() {
        getAllUsersInternal(false).stream().filter(user -> {
            return UserStatus.LOCKED.equals(user.getStatus());
        }).map((v0) -> {
            return UserMapper.toArtifactoryUser(v0);
        }).filter((v0) -> {
            return v0.isAdmin();
        }).map((v0) -> {
            return v0.getUsername();
        }).forEach(this::unlockUser);
    }

    public Set<String> getLockedUsers() {
        return (Set) getAllUsersInternal(false).stream().filter(user -> {
            return UserStatus.LOCKED.equals(user.getStatus());
        }).map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toSet());
    }

    private User patchUser(UpdateUserRequest updateUserRequest) {
        return getClient().users().updateUser(updateUserRequest);
    }

    private UpdateUserRequest createUpdateUserRequest(String str, Function<UpdateUserRequest, UserRequest> function) {
        return function.apply((UpdateUserRequest) UpdateUserRequest.create().username(str));
    }

    public void changePassword(UserInfo userInfo, SaltedPassword saltedPassword, String str) {
        patchUser(createUpdateUserRequest(userInfo.getUsername(), updateUserRequest -> {
            return updateUserRequest.password(str);
        }));
    }

    public boolean isUserPasswordExpired(String str, int i) {
        return ((Boolean) Optional.ofNullable(findUser(str)).map((v0) -> {
            return v0.isCredentialsExpired();
        }).orElse(false)).booleanValue();
    }

    public void expireUserPassword(String str) {
        patchUser(createUpdateUserRequest(str, updateUserRequest -> {
            return updateUserRequest.passwordExpired(true);
        }));
    }

    public void revalidatePassword(String str) {
        patchUser(createUpdateUserRequest(str, updateUserRequest -> {
            return updateUserRequest.passwordExpired(false);
        }));
    }

    public void expirePasswordForAllUsers() {
        getAllUsers(true, false).stream().map((v0) -> {
            return v0.getUsername();
        }).forEach(this::expireUserPassword);
    }

    public void revalidatePasswordForAllUsers() {
        getAllUsers(true, false).stream().map((v0) -> {
            return v0.getUsername();
        }).forEach(this::revalidatePassword);
    }

    public List<String> markUsersCredentialsExpired(int i) {
        return Collections.emptyList();
    }

    public void expirePasswordForUserIds(Set<Long> set) throws SQLException {
    }

    public Long getUserPasswordCreationTime(String str) {
        return (Long) findUserInternal(str, false).map((v0) -> {
            return v0.getPasswordLastModified();
        }).orElse(0L);
    }

    public Set<PasswordExpiryUser> getUsersWhichPasswordIsAboutToExpire(int i, int i2) {
        return (Set) this.accessService.getAccessClient().users().findUsers(new FindUsersRequest().daysToExpire(Integer.valueOf(i))).getUsers().stream().map(user -> {
            return Pair.of(user, UserMapper.toArtifactoryUser(user));
        }).filter(pair -> {
            return "internal".equals(((MutableUserInfo) pair.getRight()).getRealm());
        }).map(pair2 -> {
            return new PasswordExpiryUser(((User) pair2.getLeft()).getUsername(), ((User) pair2.getLeft()).getEmail(), ((User) pair2.getLeft()).getPasswordLastModified());
        }).collect(Collectors.toSet());
    }

    @Nullable
    public GroupInfo findGroup(String str) {
        return (GroupInfo) getClient().groups().findGroupByName(str).map(GroupMapper::toArtifactoryGroup).orElse(null);
    }

    public boolean createGroup(GroupInfo groupInfo) {
        try {
            getClient().groups().createGroup(GroupMapper.toAccessGroup(groupInfo));
            return true;
        } catch (AccessClientHttpException e) {
            log.debug("Create group failed: {}", Integer.valueOf(e.getStatusCode()), e);
            if (e.getStatusCode() == 404 || e.getStatusCode() == 409) {
                return false;
            }
            throw e;
        }
    }

    public void addUsersToGroup(String str, List<String> list) {
        this.accessService.getAccessClient().groups().manageGroupUsers(str, new ManageGroupMembersRequest().addUsers((String[]) list.toArray(new String[0])));
    }

    public void removeUsersFromGroup(String str, List<String> list) {
        this.accessService.getAccessClient().groups().manageGroupUsers(str, new ManageGroupMembersRequest().removeUsers((String[]) list.toArray(new String[0])));
    }

    public List<String> findUsersInGroup(String str) {
        return (List) this.accessService.getAccessClient().groups().findGroupUsers(str).getUsers().stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toList());
    }

    public boolean deleteGroup(String str) {
        try {
            getClient().groups().deleteGroup(str);
            return true;
        } catch (AccessClientHttpException e) {
            log.debug("Delete group failed: {}", Integer.valueOf(e.getStatusCode()), e);
            if (e.getStatusCode() == 404) {
                return false;
            }
            throw e;
        }
    }

    public List<GroupInfo> getAllGroups() {
        return (List) getClient().groups().findGroups().getGroups().stream().map(GroupMapper::toArtifactoryGroup).collect(Collectors.toList());
    }

    public Map<String, GroupInfo> getAllGroupsByNames(List<String> list) {
        return (Map) getClient().groups().findGroupsByNames(list).getGroups().stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, GroupMapper::toArtifactoryGroup));
    }

    private List<GroupInfo> getGroupsByFilter(GroupFilter groupFilter) {
        return (List) getAllGroups().stream().filter(groupFilter.filterFunction).collect(Collectors.toList());
    }

    public List<GroupInfo> getNewUserDefaultGroups() {
        return getGroupsByFilter(GroupFilter.DEFAULTS);
    }

    public List<GroupInfo> getAllExternalGroups() {
        return getGroupsByFilter(GroupFilter.EXTERNAL);
    }

    public List<GroupInfo> getInternalGroups() {
        return getGroupsByFilter(GroupFilter.INTERNAL);
    }

    public Set<String> getNewUserDefaultGroupsNames() {
        return (Set) getNewUserDefaultGroups().stream().map((v0) -> {
            return v0.getGroupName();
        }).collect(Collectors.toSet());
    }

    public boolean updateGroup(MutableGroupInfo mutableGroupInfo) {
        try {
            getClient().groups().updateGroup(GroupMapper.toUpdateAccessGroup(mutableGroupInfo));
            return true;
        } catch (AccessClientHttpException e) {
            if (e.getStatusCode() == 404) {
                return false;
            }
            log.debug("Update group failed: {}", Integer.valueOf(e.getStatusCode()), e);
            return false;
        }
    }

    public void init() {
        if (this.accessService.getAccessClient() == null) {
            throw new IllegalStateException("Access client cannot be null at this point");
        }
    }

    public void reload(CentralConfigDescriptor centralConfigDescriptor, List<DataDiff<?>> list) {
    }

    public void convert(CompoundVersionDetails compoundVersionDetails, CompoundVersionDetails compoundVersionDetails2) {
    }
}
