package org.apache.kylin.helper;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import javax.naming.directory.SearchControls;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.util.EncryptUtil;
import org.apache.kylin.metadata.upgrade.GlobalAclVersionManager;
import org.apache.kylin.tool.util.LdapUtils;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;

/* loaded from: input_file:org/apache/kylin/helper/UpdateUserAclToolHelper.class */
public class UpdateUserAclToolHelper {
    private UpdateUserAclToolHelper() {
    }

    public static UpdateUserAclToolHelper getInstance() {
        return new UpdateUserAclToolHelper();
    }

    public Set<String> getLdapAdminUsers() {
        SpringSecurityLdapTemplate createLdapTemplate = createLdapTemplate();
        Set<String> allGroupMembers = LdapUtils.getAllGroupMembers(createLdapTemplate, KylinConfig.getInstanceFromEnv().getLDAPAdminRole());
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        Map<String, String> allValidUserDnMap = LdapUtils.getAllValidUserDnMap(createLdapTemplate, searchControls);
        HashSet hashSet = new HashSet();
        Iterator<String> it = allGroupMembers.iterator();
        while (it.hasNext()) {
            Optional ofNullable = Optional.ofNullable(allValidUserDnMap.get(it.next()));
            hashSet.getClass();
            ofNullable.ifPresent((v1) -> {
                r1.add(v1);
            });
        }
        return hashSet;
    }

    private SpringSecurityLdapTemplate createLdapTemplate() {
        Properties exportToProperties = KylinConfig.getInstanceFromEnv().exportToProperties();
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(exportToProperties.getProperty("kylin.security.ldap.connection-server"));
        defaultSpringSecurityContextSource.setUserDn(exportToProperties.getProperty("kylin.security.ldap.connection-username"));
        defaultSpringSecurityContextSource.setPassword(getPassword(exportToProperties));
        defaultSpringSecurityContextSource.afterPropertiesSet();
        return new SpringSecurityLdapTemplate(defaultSpringSecurityContextSource);
    }

    public String getPassword(Properties properties) {
        return EncryptUtil.decrypt(properties.getProperty("kylin.security.ldap.connection-password"));
    }

    public boolean isUpgraded() {
        return GlobalAclVersionManager.getInstance(KylinConfig.getInstanceFromEnv()).exists();
    }
}
