package org.apache.kylin.rest.service;

import com.google.common.base.Preconditions;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.naming.directory.SearchControls;
import org.apache.commons.lang.StringUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.common.util.CaseInsensitiveStringMap;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.tool.util.LdapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.userdetails.LdapUserDetailsService;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:org/apache/kylin/rest/service/LdapUserService.class */
public class LdapUserService implements UserService {
    private static final String LDAP_USERS = "ldap_users";
    private static final String SKIPPED_LDAP = "skipped-ldap";
    private static final String LDAP_VALID_DN_MAP_KEY = "ldap_valid_dn_map_key";

    @Autowired
    @Qualifier("ldapTemplate")
    private SpringSecurityLdapTemplate ldapTemplate;

    @Autowired
    @Qualifier("ldapUserDetailsService")
    private LdapUserDetailsService ldapUserDetailsService;

    @Autowired
    @Qualifier("userGroupService")
    private LdapUserGroupService userGroupService;

    @Autowired
    private SearchControls searchControls;
    private static final Logger logger = LoggerFactory.getLogger(LdapUserService.class);
    private static final AtomicBoolean LOAD_TASK_STATUS = new AtomicBoolean(Boolean.FALSE.booleanValue());
    private static final ThreadPoolExecutor LOAD_TASK_POOL = new ThreadPoolExecutor(1, 1, 0, TimeUnit.MILLISECONDS, new ArrayBlockingQueue(1), Executors.defaultThreadFactory(), (runnable, threadPoolExecutor) -> {
    });
    private static final Cache<String, Map<String, ManagedUser>> ldapUsersCache = CacheBuilder.newBuilder().maximumSize(KylinConfig.getInstanceFromEnv().getServerUserCacheMaxEntries()).expireAfterWrite(KylinConfig.getInstanceFromEnv().getServerUserCacheExpireSeconds(), TimeUnit.SECONDS).build();
    private static final Cache<String, Map<String, String>> LDAP_VALID_DN_MAP_CACHE = CacheBuilder.newBuilder().maximumSize(KylinConfig.getInstanceFromEnv().getServerUserCacheMaxEntries()).expireAfterWrite(KylinConfig.getInstanceFromEnv().getServerUserCacheExpireSeconds(), TimeUnit.SECONDS).build();

    public void createUser(UserDetails userDetails) {
        throw new UnsupportedOperationException(MsgPicker.getMsg().getUserEditNotAllowed());
    }

    public void updateUser(UserDetails userDetails) {
        throw new UnsupportedOperationException(MsgPicker.getMsg().getUserEditNotAllowed());
    }

    public void deleteUser(String str) {
        throw new UnsupportedOperationException(MsgPicker.getMsg().getUserEditNotAllowed());
    }

    public void changePassword(String str, String str2) {
        throw new UnsupportedOperationException(MsgPicker.getMsg().getUserEditNotAllowed());
    }

    public boolean userExists(String str) {
        Map<String, ManagedUser> lDAPUsersCache = getLDAPUsersCache();
        if (Objects.nonNull(lDAPUsersCache)) {
            return lDAPUsersCache.containsKey(str);
        }
        UserDetails loadUserByUsername = this.ldapUserDetailsService.loadUserByUsername(str);
        asyncLoadCacheData();
        return Objects.nonNull(loadUserByUsername);
    }

    public UserDetails loadUserByUsername(String str) {
        Map<String, ManagedUser> lDAPUsersCache = getLDAPUsersCache();
        if (!Objects.nonNull(lDAPUsersCache)) {
            UserDetails loadUserByUsername = this.ldapUserDetailsService.loadUserByUsername(str);
            asyncLoadCacheData();
            if (Objects.isNull(loadUserByUsername)) {
                throw new UsernameNotFoundException(String.format(Locale.ROOT, MsgPicker.getMsg().getUserNotFound(), str));
            }
            return new ManagedUser(loadUserByUsername.getUsername(), SKIPPED_LDAP, false, loadUserByUsername.getAuthorities());
        }
        for (Map.Entry<String, ManagedUser> entry : lDAPUsersCache.entrySet()) {
            if (StringUtils.equalsIgnoreCase(str, entry.getKey())) {
                return entry.getValue();
            }
        }
        throw new UsernameNotFoundException(String.format(Locale.ROOT, MsgPicker.getMsg().getUserNotFound(), str));
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<ManagedUser> listUsers() {
        Map map = (Map) ldapUsersCache.getIfPresent(LDAP_USERS);
        if (CollectionUtils.isEmpty(map)) {
            logger.info("Failed to read users from cache, reload from ldap server.");
            map = new CaseInsensitiveStringMap();
            for (String str : getAllUsers()) {
                ManagedUser managedUser = new ManagedUser(str, SKIPPED_LDAP, false, Lists.newArrayList());
                try {
                    completeUserInfoInternal(managedUser);
                    map.put(str, managedUser);
                } catch (IncorrectResultSizeDataAccessException e) {
                    logger.warn("Complete user {} info exception", managedUser.getUsername(), e);
                }
            }
            ldapUsersCache.put(LDAP_USERS, Preconditions.checkNotNull(map, "Failed to load users from ldap server, something went wrong."));
            logger.info("Get all users size: {}", Integer.valueOf(map.size()));
        }
        return Collections.unmodifiableList(new ArrayList(map.values()));
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<String> listAdminUsers() throws IOException {
        ArrayList arrayList = new ArrayList();
        Iterator<ManagedUser> it = this.userGroupService.getGroupMembersByName(KylinConfig.getInstanceFromEnv().getLDAPAdminRole()).iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getUsername());
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.apache.kylin.rest.service.UserService
    public void completeUserInfo(ManagedUser managedUser) {
    }

    public void completeUserInfoInternal(ManagedUser managedUser) {
        for (Map.Entry<String, List<String>> entry : this.userGroupService.getUserAndUserGroup().entrySet()) {
            String key = entry.getKey();
            if (new HashSet(entry.getValue()).contains(managedUser.getUsername())) {
                if (key.equals(KylinConfig.getInstanceFromEnv().getLDAPAdminRole())) {
                    managedUser.addAuthorities(key);
                    managedUser.addAuthorities("ROLE_ADMIN");
                } else {
                    managedUser.addAuthorities(key);
                }
            }
        }
    }

    public void onUserAuthenticated(String str) {
        if (userExists(str)) {
            return;
        }
        logger.info("User {} not exists, invalidate cache {}.", str, LDAP_USERS);
        ldapUsersCache.invalidate(LDAP_USERS);
    }

    private Set<String> getAllUsers() {
        Map<String, String> allValidUserDnMap = LdapUtils.getAllValidUserDnMap(this.ldapTemplate, this.searchControls);
        LDAP_VALID_DN_MAP_CACHE.put(LDAP_VALID_DN_MAP_KEY, ImmutableMap.copyOf(allValidUserDnMap));
        return new HashSet(allValidUserDnMap.values());
    }

    public Map<String, String> getDnMapperMap() {
        ImmutableMap immutableMap = (Map) LDAP_VALID_DN_MAP_CACHE.getIfPresent(LDAP_VALID_DN_MAP_KEY);
        if (null == immutableMap) {
            immutableMap = ImmutableMap.copyOf(LdapUtils.getAllValidUserDnMap(this.ldapTemplate, this.searchControls));
            LDAP_VALID_DN_MAP_CACHE.put(LDAP_VALID_DN_MAP_KEY, immutableMap);
        }
        return immutableMap;
    }

    private Map<String, ManagedUser> getLDAPUsersCache() {
        return (Map) Optional.ofNullable(ldapUsersCache.getIfPresent(LDAP_USERS)).map(Collections::unmodifiableMap).orElse(null);
    }

    private void asyncLoadCacheData() {
        if (null != getLDAPUsersCache() || LOAD_TASK_STATUS.get()) {
            return;
        }
        try {
            LOAD_TASK_POOL.execute(() -> {
                if (null == getLDAPUsersCache() && LOAD_TASK_STATUS.compareAndSet(Boolean.FALSE.booleanValue(), Boolean.TRUE.booleanValue())) {
                    try {
                        try {
                            listUsers();
                            LOAD_TASK_STATUS.set(Boolean.FALSE.booleanValue());
                        } catch (Exception e) {
                            logger.error("Failed to refresh cache asynchronously", e);
                            LOAD_TASK_STATUS.set(Boolean.FALSE.booleanValue());
                        }
                    } catch (Throwable th) {
                        LOAD_TASK_STATUS.set(Boolean.FALSE.booleanValue());
                        throw th;
                    }
                }
            });
        } catch (Exception e) {
            logger.error("load user cache task error", e);
        }
    }
}
