package org.pentaho.di.repository.pur;

import com.pentaho.di.purge.PurgeResource;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.core.MediaType;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.json.JSONException;
import org.json.JSONObject;
import org.pentaho.di.core.exception.KettleException;
import org.pentaho.di.i18n.BaseMessages;
import org.pentaho.di.repository.IUser;
import org.pentaho.di.repository.pur.model.IEEUser;
import org.pentaho.di.repository.pur.model.IRole;
import org.pentaho.di.ui.repository.pur.services.IRoleSupportSecurityManager;
import org.pentaho.platform.api.engine.security.userroledao.UserRoleInfo;
import org.pentaho.platform.security.userrole.ws.IUserRoleListWebService;
import org.pentaho.platform.security.userroledao.ws.IUserRoleWebService;
import org.pentaho.platform.security.userroledao.ws.ProxyPentahoRole;
import org.pentaho.platform.security.userroledao.ws.ProxyPentahoUser;
import org.pentaho.platform.security.userroledao.ws.UserRoleException;
import org.pentaho.platform.security.userroledao.ws.UserRoleSecurityInfo;

/* loaded from: input_file:org/pentaho/di/repository/pur/UserRoleDelegate.class */
public class UserRoleDelegate implements Serializable {
    private static final String TRUST_USER = "_trust_user_";
    private static final long serialVersionUID = 1295309456550391059L;
    private UserRoleListChangeListenerCollection userRoleListChangeListeners;
    private final Log logger;
    IUserRoleWebService userRoleWebService;
    IUserRoleListWebService userDetailsRoleListWebService;
    IRoleSupportSecurityManager rsm;
    UserRoleLookupCache lookupCache;
    UserRoleSecurityInfo userRoleSecurityInfo;
    UserRoleInfo userRoleInfo;
    boolean hasNecessaryPermissions = false;
    boolean managed = true;

    public UserRoleDelegate(IRoleSupportSecurityManager iRoleSupportSecurityManager, PurRepositoryMeta purRepositoryMeta, IUser iUser, Log log, ServiceManager serviceManager) {
        this.logger = log;
        String login = iUser.getLogin();
        String password = iUser.getPassword();
        try {
            this.userDetailsRoleListWebService = (IUserRoleListWebService) serviceManager.createService(login, password, IUserRoleListWebService.class);
            this.userRoleWebService = (IUserRoleWebService) serviceManager.createService(login, password, IUserRoleWebService.class);
            this.rsm = iRoleSupportSecurityManager;
            initManaged(purRepositoryMeta, iUser);
            updateUserRoleInfo();
        } catch (Exception e) {
            this.logger.error(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0001_UNABLE_TO_INITIALIZE_USER_ROLE_WEBSVC", new String[0]), e);
        }
    }

    UserRoleDelegate(Log log, IUserRoleListWebService iUserRoleListWebService, IUserRoleWebService iUserRoleWebService) {
        this.logger = log;
        this.userDetailsRoleListWebService = iUserRoleListWebService;
        this.userRoleWebService = iUserRoleWebService;
    }

    private void initManaged(PurRepositoryMeta purRepositoryMeta, IUser iUser) throws JSONException {
        String url = purRepositoryMeta.getRepositoryLocation().getUrl();
        String str = url + (url.endsWith(PurgeResource.PATH_SEPARATOR) ? "" : PurgeResource.PATH_SEPARATOR) + "api/system/authentication-provider";
        HTTPBasicAuthFilter hTTPBasicAuthFilter = new HTTPBasicAuthFilter(iUser.getLogin(), iUser.getPassword());
        Client client = new Client();
        client.addFilter(hTTPBasicAuthFilter);
        WebResource.Builder accept = client.resource(str).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE});
        if (StringUtils.isNotBlank(System.getProperty("pentaho.repository.client.attemptTrust"))) {
            accept = (WebResource.Builder) accept.header(TRUST_USER, iUser.getLogin());
        }
        this.managed = "jackrabbit".equals(new JSONObject((String) accept.get(String.class)).getString("authenticationType"));
    }

    public void updateUserRoleInfo() throws UserRoleException {
        if (!isManaged()) {
            this.userRoleInfo = this.userDetailsRoleListWebService.getUserRoleInfo();
            this.hasNecessaryPermissions = false;
        } else {
            this.userRoleSecurityInfo = this.userRoleWebService.getUserRoleSecurityInfo();
            this.lookupCache = new UserRoleLookupCache(this.userRoleSecurityInfo, this.rsm);
            this.hasNecessaryPermissions = true;
        }
    }

    public boolean isManaged() {
        return this.managed;
    }

    private void ensureHasPermissions() throws KettleException {
        if (!this.hasNecessaryPermissions) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0014_INSUFFICIENT_PRIVILEGES", new String[0]));
        }
    }

    public void createUser(IUser iUser) throws KettleException {
        ensureHasPermissions();
        ProxyPentahoUser convertToPentahoProxyUser = UserRoleHelper.convertToPentahoProxyUser(iUser);
        try {
            if (existsAmong(this.userRoleWebService.getUsers(), convertToPentahoProxyUser)) {
                throw userExistsException();
            }
            try {
                this.userRoleWebService.createUser(convertToPentahoProxyUser);
                if (iUser instanceof IEEUser) {
                    this.userRoleWebService.setRoles(convertToPentahoProxyUser, UserRoleHelper.convertToPentahoProxyRoles(((IEEUser) iUser).getRoles()));
                }
                this.lookupCache.insertUserToLookupSet(iUser);
                fireUserRoleListChange();
            } catch (Exception e) {
                if (!e.getCause().toString().contains("org.pentaho.platform.api.engine.security.userroledao.AlreadyExistsException")) {
                    throw cannotCreateUserException(iUser, e);
                }
                throw userExistsException();
            }
        } catch (UserRoleException e2) {
            throw cannotCreateUserException(iUser, e2);
        }
    }

    private boolean existsAmong(ProxyPentahoUser[] proxyPentahoUserArr, ProxyPentahoUser proxyPentahoUser) {
        if (proxyPentahoUserArr == null) {
            return false;
        }
        String name = proxyPentahoUser.getName();
        for (ProxyPentahoUser proxyPentahoUser2 : proxyPentahoUserArr) {
            if (name.equals(proxyPentahoUser2.getName())) {
                return true;
            }
        }
        return false;
    }

    private KettleException userExistsException() {
        return new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0015_USER_NAME_ALREADY_EXISTS", new String[0]));
    }

    private KettleException cannotCreateUserException(IUser iUser, Exception exc) {
        return new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0002_UNABLE_TO_CREATE_USER", new String[]{iUser.getName()}), exc);
    }

    public void deleteUsers(List<IUser> list) throws KettleException {
        ensureHasPermissions();
        try {
            this.userRoleWebService.deleteUsers(UserRoleHelper.convertToPentahoProxyUsers(list));
            this.lookupCache.removeUsersFromLookupSet(list);
            fireUserRoleListChange();
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0003_UNABLE_TO_DELETE_USERS", new String[]{e.getLocalizedMessage()}), e);
        }
    }

    public void deleteUser(String str) throws KettleException {
        ensureHasPermissions();
        try {
            ProxyPentahoUser user = this.userRoleWebService.getUser(str);
            if (user == null) {
                throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0004_UNABLE_TO_DELETE_USER", new String[]{str}));
            }
            this.userRoleWebService.deleteUsers(new ProxyPentahoUser[]{user});
            fireUserRoleListChange();
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0004_UNABLE_TO_DELETE_USER", new String[]{str}), e);
        }
    }

    public void setUsers(List<IUser> list) throws KettleException {
    }

    public IUser getUser(String str, String str2) throws KettleException {
        ensureHasPermissions();
        IUser iUser = null;
        try {
            ProxyPentahoUser user = this.userRoleWebService.getUser(str);
            if (user != null && user.getName().equals(str) && user.getPassword().equals(str2)) {
                iUser = UserRoleHelper.convertToUserInfo(user, this.userRoleWebService.getRolesForUser(user), this.rsm);
            }
            return iUser;
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0005_UNABLE_TO_GET_USER", new String[]{str}), e);
        }
    }

    public IUser getUser(String str) throws KettleException {
        ensureHasPermissions();
        IUser iUser = null;
        try {
            ProxyPentahoUser user = this.userRoleWebService.getUser(str);
            if (user != null && user.getName().equals(str)) {
                iUser = UserRoleHelper.convertToUserInfo(user, this.userRoleWebService.getRolesForUser(user), this.rsm);
            }
            return iUser;
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0005_UNABLE_TO_GET_USER", new String[]{str}), e);
        }
    }

    public List<IUser> getUsers() throws KettleException {
        try {
            return this.hasNecessaryPermissions ? UserRoleHelper.convertFromProxyPentahoUsers(this.userRoleSecurityInfo, this.rsm) : UserRoleHelper.convertFromNonPentahoUsers(this.userRoleInfo, this.rsm);
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0006_UNABLE_TO_GET_USERS", new String[0]), e);
        }
    }

    public void updateUser(IUser iUser) throws KettleException {
        ensureHasPermissions();
        try {
            ProxyPentahoUser convertToPentahoProxyUser = UserRoleHelper.convertToPentahoProxyUser(iUser);
            this.userRoleWebService.updateUser(convertToPentahoProxyUser);
            if (iUser instanceof IEEUser) {
                this.userRoleWebService.setRoles(convertToPentahoProxyUser, UserRoleHelper.convertToPentahoProxyRoles(((IEEUser) iUser).getRoles()));
            }
            this.lookupCache.updateUserInLookupSet(iUser);
            fireUserRoleListChange();
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0007_UNABLE_TO_UPDATE_USER", new String[]{iUser.getLogin()}), e);
        }
    }

    public void createRole(IRole iRole) throws KettleException {
        ensureHasPermissions();
        ProxyPentahoRole convertToPentahoProxyRole = UserRoleHelper.convertToPentahoProxyRole(iRole);
        try {
            if (existsAmong(this.userRoleWebService.getRoles(), convertToPentahoProxyRole)) {
                throw roleExistsException();
            }
            try {
                this.userRoleWebService.createRole(convertToPentahoProxyRole);
                this.userRoleWebService.setUsers(convertToPentahoProxyRole, UserRoleHelper.convertToPentahoProxyUsers(iRole.getUsers()));
                this.lookupCache.insertRoleToLookupSet(iRole);
                fireUserRoleListChange();
            } catch (UserRoleException e) {
                throw cannotCreateRoleException(iRole, e);
            } catch (Exception e2) {
                if (e2.getCause().toString().contains("org.pentaho.platform.api.engine.security.userroledao.AlreadyExistsException")) {
                    throw roleExistsException();
                }
            }
        } catch (UserRoleException e3) {
            throw cannotCreateRoleException(iRole, e3);
        }
    }

    private boolean existsAmong(ProxyPentahoRole[] proxyPentahoRoleArr, ProxyPentahoRole proxyPentahoRole) {
        if (proxyPentahoRoleArr == null) {
            return false;
        }
        String name = proxyPentahoRole.getName();
        for (ProxyPentahoRole proxyPentahoRole2 : proxyPentahoRoleArr) {
            if (name.equalsIgnoreCase(proxyPentahoRole2.getName())) {
                return true;
            }
        }
        return false;
    }

    private KettleException roleExistsException() {
        return new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0016_ROLE_NAME_ALREADY_EXISTS", new String[0]));
    }

    private KettleException cannotCreateRoleException(IRole iRole, Exception exc) {
        return new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0008_UNABLE_TO_CREATE_ROLE", new String[]{iRole.getName()}), exc);
    }

    public void deleteRoles(List<IRole> list) throws KettleException {
        ensureHasPermissions();
        try {
            this.userRoleWebService.deleteRoles(UserRoleHelper.convertToPentahoProxyRoles(list));
            this.lookupCache.removeRolesFromLookupSet(list);
            fireUserRoleListChange();
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0009_UNABLE_TO_DELETE_ROLES", new String[0]), e);
        }
    }

    public IRole getRole(String str) throws KettleException {
        ensureHasPermissions();
        try {
            return UserRoleHelper.convertFromProxyPentahoRole(this.userRoleWebService, UserRoleHelper.getProxyPentahoRole(this.userRoleWebService, str), this.lookupCache, this.rsm);
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0010_UNABLE_TO_GET_ROLE", new String[]{str}), e);
        }
    }

    public List<IRole> getRoles() throws KettleException {
        try {
            return this.hasNecessaryPermissions ? UserRoleHelper.convertToListFromProxyPentahoRoles(this.userRoleSecurityInfo, this.rsm) : UserRoleHelper.convertToListFromNonPentahoRoles(this.userRoleInfo, this.rsm);
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0011_UNABLE_TO_GET_ROLES", new String[0]), e);
        }
    }

    public List<IRole> getDefaultRoles() throws KettleException {
        ensureHasPermissions();
        try {
            return UserRoleHelper.convertToListFromProxyPentahoDefaultRoles(this.userRoleSecurityInfo, this.rsm);
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0011_UNABLE_TO_GET_ROLES", new String[0]), e);
        }
    }

    public void updateRole(IRole iRole) throws KettleException {
        ensureHasPermissions();
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<IUser> it = iRole.getUsers().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getLogin());
            }
            this.userRoleWebService.updateRole(iRole.getName(), iRole.getDescription(), arrayList);
            this.lookupCache.updateRoleInLookupSet(iRole);
            fireUserRoleListChange();
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0012_UNABLE_TO_UPDATE_ROLE", new String[]{iRole.getName()}), e);
        }
    }

    public void deleteRole(String str) throws KettleException {
        ensureHasPermissions();
        try {
            ProxyPentahoRole proxyPentahoRole = UserRoleHelper.getProxyPentahoRole(this.userRoleWebService, str);
            if (proxyPentahoRole == null) {
                throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0013_UNABLE_TO_DELETE_ROLE", new String[]{str}));
            }
            this.userRoleWebService.deleteRoles(new ProxyPentahoRole[]{proxyPentahoRole});
            fireUserRoleListChange();
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(UserRoleDelegate.class, "UserRoleDelegate.ERROR_0013_UNABLE_TO_DELETE_ROLE", new String[]{str}), e);
        }
    }

    public void setRoles(List<IRole> list) throws KettleException {
    }

    public void addUserRoleListChangeListener(IUserRoleListChangeListener iUserRoleListChangeListener) {
        if (this.userRoleListChangeListeners == null) {
            this.userRoleListChangeListeners = new UserRoleListChangeListenerCollection();
        }
        this.userRoleListChangeListeners.add(iUserRoleListChangeListener);
    }

    public void removeUserRoleListChangeListener(IUserRoleListChangeListener iUserRoleListChangeListener) {
        if (this.userRoleListChangeListeners != null) {
            this.userRoleListChangeListeners.remove(iUserRoleListChangeListener);
        }
    }

    void fireUserRoleListChange() {
        if (this.userRoleListChangeListeners != null) {
            this.userRoleListChangeListeners.fireOnChange();
        }
    }
}
