package org.apache.kylin.rest.service;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.naming.directory.SearchControls;
import org.apache.commons.lang3.StringUtils;
import org.apache.kylin.common.KapConfig;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.common.scheduler.EventBusFactory;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.metadata.usergroup.UserGroup;
import org.apache.kylin.rest.response.UserGroupResponseKI;
import org.apache.kylin.rest.security.AdminUserSyncEventNotifier;
import org.apache.kylin.tool.util.LdapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.support.SingleContextSource;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;

/* loaded from: input_file:org/apache/kylin/rest/service/LdapUserGroupService.class */
public class LdapUserGroupService extends NUserGroupService {
    private static final String LDAP_GROUPS = "ldap_groups";
    private static final String SKIPPED_LDAP = "skipped-ldap";

    @Autowired
    @Qualifier("ldapTemplate")
    private SpringSecurityLdapTemplate ldapTemplate;

    @Autowired
    @Qualifier("userService")
    private LdapUserService ldapUserService;

    @Autowired
    private SearchControls searchControls;
    private static final Logger logger = LoggerFactory.getLogger(LdapUserGroupService.class);
    private static final Cache<String, Set<String>> ldapGroupsCache = CacheBuilder.newBuilder().maximumSize(KylinConfig.getInstanceFromEnv().getServerUserCacheMaxEntries()).expireAfterWrite(KylinConfig.getInstanceFromEnv().getServerUserCacheExpireSeconds(), TimeUnit.SECONDS).build();
    private static final Cache<String, List<ManagedUser>> ldapGroupsMembersCache = CacheBuilder.newBuilder().maximumSize(KylinConfig.getInstanceFromEnv().getServerUserCacheMaxEntries()).expireAfterWrite(KylinConfig.getInstanceFromEnv().getServerUserCacheExpireSeconds(), TimeUnit.SECONDS).build();
    private static final Cache<String, List<String>> ldapGroupsAndMembersCache = CacheBuilder.newBuilder().maximumSize(KylinConfig.getInstanceFromEnv().getServerUserCacheMaxEntries()).expireAfterWrite(KylinConfig.getInstanceFromEnv().getServerUserCacheExpireSeconds(), TimeUnit.SECONDS).build();

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public void addGroup(String str) {
        throw new UnsupportedOperationException(MsgPicker.getMsg().getGroupEditNotAllowed());
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public void deleteGroup(String str) {
        throw new UnsupportedOperationException(MsgPicker.getMsg().getGroupEditNotAllowed());
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public void modifyGroupUsers(String str, List<String> list) {
        throw new UnsupportedOperationException(MsgPicker.getMsg().getGroupEditNotAllowed());
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public List<String> getAllUserGroups() {
        Set set = (Set) ldapGroupsCache.getIfPresent(LDAP_GROUPS);
        if (set == null || set.isEmpty()) {
            logger.info("Can not get groups from cache, ask ldap instead.");
            String lDAPGroupSearchBase = KylinConfig.getInstanceFromEnv().getLDAPGroupSearchBase();
            String lDAPGroupSearchFilter = KapConfig.getInstanceFromEnv().getLDAPGroupSearchFilter();
            String lDAPGroupIDAttr = KapConfig.getInstanceFromEnv().getLDAPGroupIDAttr();
            Integer lDAPMaxPageSize = KapConfig.getInstanceFromEnv().getLDAPMaxPageSize();
            logger.info("ldap group search config, base: {}, filter: {}, identifier attribute: {}, member search filter: {}, member identifier: {}, maxPageSize: {}", new Object[]{lDAPGroupSearchBase, lDAPGroupSearchFilter, lDAPGroupIDAttr, KapConfig.getInstanceFromEnv().getLDAPGroupMemberSearchFilter(), KapConfig.getInstanceFromEnv().getLDAPGroupMemberAttr(), lDAPMaxPageSize});
            PagedResultsDirContextProcessor pagedResultsDirContextProcessor = new PagedResultsDirContextProcessor(lDAPMaxPageSize.intValue());
            ContextMapper contextMapper = obj -> {
                return ((DirContextAdapter) obj).getAttributes().get(lDAPGroupIDAttr).get().toString();
            };
            set = (Set) SingleContextSource.doWithSingleContext(this.ldapTemplate.getContextSource(), ldapOperations -> {
                HashSet hashSet = new HashSet();
                do {
                    hashSet.addAll(ldapOperations.search(lDAPGroupSearchBase, lDAPGroupSearchFilter, this.searchControls, contextMapper, pagedResultsDirContextProcessor));
                } while (pagedResultsDirContextProcessor.hasMore());
                return hashSet;
            });
            ldapGroupsCache.put(LDAP_GROUPS, set);
        }
        logger.info("Get all groups size: {}", Integer.valueOf(set.size()));
        return Collections.unmodifiableList(Lists.newArrayList(set));
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public List<UserGroup> listUserGroups() {
        return getUserGroupSpecialUuid();
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public Map<String, List<String>> getUserAndUserGroup() {
        HashMap newHashMap = Maps.newHashMap();
        for (String str : getAllUserGroups()) {
            newHashMap.put(str, getGroupUsernameList(str));
        }
        return Collections.unmodifiableMap(newHashMap);
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public List<UserGroup> getUserGroupsFilterByGroupName(String str) {
        this.aclEvaluate.checkIsGlobalAdmin();
        return (List) listUserGroups().stream().filter(userGroup -> {
            return StringUtils.isEmpty(str) || userGroup.getGroupName().toUpperCase(Locale.ROOT).contains(str.toUpperCase(Locale.ROOT));
        }).collect(Collectors.toList());
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public List<ManagedUser> getGroupMembersByName(String str) {
        List<ManagedUser> list = (List) ldapGroupsMembersCache.getIfPresent(str);
        if (null == list) {
            logger.info("Can not get the group {}'s all members from cache, ask ldap instead.", str);
            list = new ArrayList();
            for (String str2 : getGroupUsernameList(str)) {
                if (this.userService.userExists(str2)) {
                    ManagedUser managedUser = new ManagedUser(str2, SKIPPED_LDAP, false, Lists.newArrayList());
                    this.ldapUserService.completeUserInfoInternal(managedUser);
                    list.add(managedUser);
                }
            }
            ldapGroupsMembersCache.put(str, Collections.unmodifiableList(list));
        }
        return list;
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public List<UserGroupResponseKI> getUserGroupResponse(List<UserGroup> list) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (UserGroup userGroup : list) {
            arrayList.add(new UserGroupResponseKI(userGroup.getUuid(), userGroup.getGroupName(), new TreeSet(getGroupUsernameList(userGroup.getGroupName()))));
        }
        return arrayList;
    }

    private List<String> getGroupUsernameList(String str) {
        List<String> list = (List) ldapGroupsAndMembersCache.getIfPresent(str);
        if (null == list) {
            list = new ArrayList();
            Set set = (Set) LdapUtils.getAllGroupMembers(this.ldapTemplate, str).stream().filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).collect(Collectors.toSet());
            Map<String, String> dnMapperMap = this.ldapUserService.getDnMapperMap();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                Optional ofNullable = Optional.ofNullable(dnMapperMap.get((String) it.next()));
                list.getClass();
                ofNullable.ifPresent((v1) -> {
                    r1.add(v1);
                });
            }
            List<String> unmodifiableList = Collections.unmodifiableList(list);
            syncAdminUser(str, unmodifiableList);
            ldapGroupsAndMembersCache.put(str, unmodifiableList);
        }
        return list;
    }

    private void syncAdminUser(String str, List<String> list) {
        if (KylinConfig.getInstanceFromEnv().getLDAPAdminRole().equalsIgnoreCase(str)) {
            EventBusFactory.getInstance().postSync(new AdminUserSyncEventNotifier(list, true));
        }
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public String getGroupNameByUuid(String str) {
        return str;
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public String getUuidByGroupName(String str) {
        return str;
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public boolean exists(String str) {
        return getAllUserGroups().contains(str);
    }

    @Override // org.apache.kylin.rest.service.NUserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public Set<String> listUserGroups(String str) {
        return (Set) getAllUserGroups().stream().filter(str2 -> {
            return getGroupMembersByName(str2).stream().anyMatch(managedUser -> {
                return StringUtils.equalsIgnoreCase(str, managedUser.getUsername());
            });
        }).collect(Collectors.toSet());
    }
}
