package org.opencastproject.userdirectory.sakai;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.ExecutionError;
import com.google.common.util.concurrent.UncheckedExecutionException;
import java.io.BufferedInputStream;
import java.io.FileNotFoundException;
import java.io.StringReader;
import java.lang.management.ManagementFactory;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.PatternSyntaxException;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.opencastproject.security.api.CachingUserProviderMXBean;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.JaxbUser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserProvider;
import org.opencastproject.util.XmlSafeParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/opencastproject/userdirectory/sakai/SakaiUserProviderInstance.class */
public class SakaiUserProviderInstance implements UserProvider, RoleProvider, CachingUserProviderMXBean {
    private static final String LTI_LEARNER_ROLE = "Learner";
    private static final String LTI_INSTRUCTOR_ROLE = "Instructor";
    public static final String PROVIDER_NAME = "sakai";
    private static final String OC_USERAGENT = "Opencast";
    private static final Logger logger = LoggerFactory.getLogger(SakaiUserProviderInstance.class);
    private Organization organization;
    private LoadingCache<String, Object> cache;
    private String sakaiUrl;
    private String sakaiUsername;
    private String sakaiPassword;
    private String sitePattern;
    private String userPattern;
    private Set<String> instructorRoles;
    private AtomicLong requests = null;
    private AtomicLong sakaiLoads = null;
    protected Object nullToken = new Object();

    public SakaiUserProviderInstance(String str, Organization organization, String str2, String str3, String str4, String str5, String str6, Set<String> set, int i, int i2) {
        this.organization = null;
        this.cache = null;
        this.sakaiUrl = null;
        this.sakaiUsername = null;
        this.sakaiPassword = null;
        this.organization = organization;
        this.sakaiUrl = str2;
        this.sakaiUsername = str3;
        this.sakaiPassword = str4;
        this.sitePattern = str5;
        this.userPattern = str6;
        this.instructorRoles = set;
        logger.info("Creating new SakaiUserProviderInstance(pid={}, url={}, cacheSize={}, cacheExpiration={})", new Object[]{str, str2, Integer.valueOf(i), Integer.valueOf(i2)});
        this.cache = CacheBuilder.newBuilder().maximumSize(i).expireAfterWrite(i2, TimeUnit.MINUTES).build(new CacheLoader<String, Object>() { // from class: org.opencastproject.userdirectory.sakai.SakaiUserProviderInstance.1
            public Object load(String str7) throws Exception {
                User loadUserFromSakai = SakaiUserProviderInstance.this.loadUserFromSakai(str7);
                return loadUserFromSakai == null ? SakaiUserProviderInstance.this.nullToken : loadUserFromSakai;
            }
        });
        registerMBean(str);
    }

    public String getName() {
        return PROVIDER_NAME;
    }

    protected void registerMBean(String str) {
        this.requests = new AtomicLong();
        this.sakaiLoads = new AtomicLong();
        try {
            ObjectName objectName = SakaiUserProviderFactory.getObjectName(str);
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            try {
                platformMBeanServer.unregisterMBean(objectName);
            } catch (InstanceNotFoundException e) {
                logger.debug(objectName + " was not registered");
            }
            platformMBeanServer.registerMBean(this, objectName);
        } catch (Exception e2) {
            logger.error("Unable to register {} as an mbean: {}", this, e2);
        }
    }

    public String getOrganization() {
        return this.organization.getId();
    }

    public User loadUser(String str) {
        logger.debug("loaduser(" + str + ")");
        try {
            if (this.userPattern != null && !str.matches(this.userPattern)) {
                logger.debug("load user {} failed regexp {}", str, this.userPattern);
                return null;
            }
        } catch (PatternSyntaxException e) {
            logger.warn("Invalid regular expression for user pattern {} - disabling checks", this.userPattern);
            this.userPattern = null;
        }
        this.requests.incrementAndGet();
        try {
            Object unchecked = this.cache.getUnchecked(str);
            if (unchecked == this.nullToken) {
                logger.debug("Returning null user from cache");
                return null;
            }
            logger.debug("Returning user " + str + " from cache");
            return (JaxbUser) unchecked;
        } catch (UncheckedExecutionException e2) {
            logger.warn("Exception while loading user {}", str, e2);
            return null;
        } catch (ExecutionError e3) {
            logger.warn("Exception while loading user {}", str, e3);
            return null;
        }
    }

    protected User loadUserFromSakai(String str) {
        if (this.cache == null) {
            throw new IllegalStateException("The Sakai user detail service has not yet been configured");
        }
        if ("admin".equals(str) || "".equals(str) || "anonymous".equals(str)) {
            this.cache.put(str, this.nullToken);
            logger.debug("we don't answer for: " + str);
            return null;
        }
        logger.debug("In loadUserFromSakai, currently processing user : {}", str);
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(this.organization);
        this.sakaiLoads.incrementAndGet();
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        try {
            String[] sakaiUser = getSakaiUser(str);
            if (sakaiUser == null) {
                logger.debug("User {} not found in Sakai system", str);
                this.cache.put(str, this.nullToken);
                currentThread.setContextClassLoader(contextClassLoader);
                return null;
            }
            String str2 = sakaiUser[0];
            String str3 = sakaiUser[1];
            String str4 = sakaiUser[2];
            String[] rolesFromSakai = getRolesFromSakai(str2);
            if (rolesFromSakai == null) {
                this.cache.put(str, this.nullToken);
                currentThread.setContextClassLoader(contextClassLoader);
                return null;
            }
            logger.debug("Sakai roles for eid " + str + " id " + str2 + ": " + Arrays.toString(rolesFromSakai));
            HashSet hashSet = new HashSet();
            boolean z = false;
            for (String str5 : rolesFromSakai) {
                hashSet.add(new JaxbRole(str5, fromOrganization, "Sakai external role", Role.Type.EXTERNAL));
                if (str5.endsWith(LTI_INSTRUCTOR_ROLE)) {
                    z = true;
                }
            }
            hashSet.add(new JaxbRole("ROLE_GROUP_SAKAI", fromOrganization, "Sakai Users", Role.Type.EXTERNAL_GROUP));
            if (z) {
                hashSet.add(new JaxbRole("ROLE_GROUP_SAKAI_INSTRUCTOR", fromOrganization, "Sakai Instructors", Role.Type.EXTERNAL_GROUP));
            }
            logger.debug("Returning JaxbRoles: " + hashSet);
            JaxbUser jaxbUser = new JaxbUser(str, (String) null, str4, str3, PROVIDER_NAME, fromOrganization, hashSet);
            this.cache.put(str, jaxbUser);
            logger.debug("Returning user {}", str);
            currentThread.setContextClassLoader(contextClassLoader);
            return jaxbUser;
        } catch (Throwable th) {
            currentThread.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    private boolean verifySakaiUser(String str) {
        logger.debug("verifySakaiUser({})", str);
        try {
            if (this.userPattern != null && !str.matches(this.userPattern)) {
                logger.debug("verify user {} failed regexp {}", str, this.userPattern);
                return false;
            }
        } catch (PatternSyntaxException e) {
            logger.warn("Invalid regular expression for user pattern {} - disabling checks", this.userPattern);
            this.userPattern = null;
        }
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.sakaiUrl + "/direct/user/" + str + "/exists").openConnection();
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setRequestProperty("User-Agent", OC_USERAGENT);
            httpURLConnection.connect();
            return httpURLConnection.getResponseCode() == 200;
        } catch (Exception e2) {
            logger.warn("Exception verifying Sakai user " + str + " at " + this.sakaiUrl + ": " + e2.getMessage());
            return false;
        }
    }

    private boolean verifySakaiSite(String str) {
        logger.debug("verifySakaiSite(" + str + ")");
        try {
            if (this.sitePattern != null && !str.matches(this.sitePattern)) {
                logger.debug("verify site {} failed regexp {}", str, this.sitePattern);
                return false;
            }
        } catch (PatternSyntaxException e) {
            logger.warn("Invalid regular expression for site pattern {} - disabling checks", this.sitePattern);
            this.sitePattern = null;
        }
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.sakaiUrl + "/direct/site/" + str + "/exists").openConnection();
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setRequestProperty("User-Agent", OC_USERAGENT);
            httpURLConnection.connect();
            return httpURLConnection.getResponseCode() == 200;
        } catch (Exception e2) {
            logger.warn("Exception verifying Sakai site " + str + " at " + this.sakaiUrl + ": " + e2.getMessage());
            return false;
        }
    }

    private String[] getRolesFromSakai(String str) {
        logger.debug("getRolesFromSakai(" + str + ")");
        try {
            URL url = new URL(this.sakaiUrl + "/direct/membership/fastroles/" + str + ".xml?__auth=basic");
            String encodeBase64String = Base64.encodeBase64String((this.sakaiUsername + ":" + this.sakaiPassword).getBytes("utf8"));
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestProperty("Authorization", "Basic " + encodeBase64String);
            httpURLConnection.setRequestProperty("User-Agent", OC_USERAGENT);
            String iOUtils = IOUtils.toString(new BufferedInputStream(httpURLConnection.getInputStream()));
            logger.debug(iOUtils);
            NodeList elementsByTagName = XmlSafeParser.newDocumentBuilderFactory().newDocumentBuilder().parse(new InputSource(new StringReader(iOUtils))).getDocumentElement().getElementsByTagName("membership");
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                Element element = (Element) elementsByTagName.item(i);
                String tagValue = getTagValue("memberRole", element);
                String tagValue2 = getTagValue("locationReference", element);
                if (!"/site/!admin".equals(tagValue2)) {
                    arrayList.add(buildOpencastRole(tagValue2, tagValue));
                }
            }
            return (String[]) arrayList.toArray(new String[0]);
        } catch (FileNotFoundException e) {
            logger.debug("user id " + str + " not found on " + this.sakaiUrl);
            return null;
        } catch (Exception e2) {
            logger.warn("Exception getting site/role membership for Sakai user {} at {}: {}", new Object[]{str, this.sakaiUrl, e2.getMessage()});
            return null;
        }
    }

    private String[] getSakaiUser(String str) {
        try {
            URL url = new URL(this.sakaiUrl + "/direct/user/" + str + ".xml?__auth=basic");
            logger.debug("Sakai URL: " + this.sakaiUrl);
            String encodeBase64String = Base64.encodeBase64String((this.sakaiUsername + ":" + this.sakaiPassword).getBytes("utf8"));
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestProperty("Authorization", "Basic " + encodeBase64String);
            httpURLConnection.setRequestProperty("User-Agent", OC_USERAGENT);
            String iOUtils = IOUtils.toString(new BufferedInputStream(httpURLConnection.getInputStream()));
            logger.debug(iOUtils);
            Element documentElement = XmlSafeParser.newDocumentBuilderFactory().newDocumentBuilder().parse(new InputSource(new StringReader(iOUtils))).getDocumentElement();
            return new String[]{getTagValue("id", documentElement), getTagValue("email", documentElement), getTagValue("displayName", documentElement)};
        } catch (FileNotFoundException e) {
            logger.debug("user {} does not exist on Sakai system: {}", str, e);
            return null;
        } catch (Exception e2) {
            logger.warn("Exception getting Sakai user information for user {} at {}: {}", new Object[]{str, this.sakaiUrl, e2});
            return null;
        }
    }

    public float getCacheHitRatio() {
        if (this.requests.get() == 0) {
            return 0.0f;
        }
        return ((float) (this.requests.get() - this.sakaiLoads.get())) / ((float) this.requests.get());
    }

    private String buildOpencastRole(String str, String str2) {
        return str.substring(str.indexOf("/", 2) + 1) + "_" + (this.instructorRoles.contains(str2) ? LTI_INSTRUCTOR_ROLE : LTI_LEARNER_ROLE);
    }

    private static String getTagValue(String str, Element element) {
        Node item;
        if (element.getElementsByTagName(str) == null || (item = element.getElementsByTagName(str).item(0).getChildNodes().item(0)) == null) {
            return null;
        }
        return item.getNodeValue();
    }

    public Iterator<User> findUsers(String str, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        if (str.endsWith("%")) {
            str = str.substring(0, str.length() - 1);
        }
        if (!str.isEmpty() && verifySakaiUser(str)) {
            LinkedList linkedList = new LinkedList();
            linkedList.add(new JaxbUser(str, PROVIDER_NAME, JaxbOrganization.fromOrganization(this.organization), new HashSet()));
            return linkedList.iterator();
        }
        return Collections.emptyIterator();
    }

    public Iterator<User> getUsers() {
        return Collections.emptyIterator();
    }

    public void invalidate(String str) {
        this.cache.invalidate(str);
    }

    public long countUsers() {
        return 0L;
    }

    public List<Role> getRolesForUser(String str) {
        LinkedList linkedList = new LinkedList();
        if ("admin".equals(str) || "".equals(str) || "anonymous".equals(str)) {
            logger.debug("we don't answer for: " + str);
            return linkedList;
        }
        logger.debug("getRolesForUser(" + str + ")");
        User loadUser = loadUser(str);
        if (loadUser != null) {
            logger.debug("Returning cached roleset for {}", str);
            return new ArrayList(loadUser.getRoles());
        }
        logger.debug("Return empty roleset for {} - not found on Sakai");
        return new LinkedList();
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        logger.debug("findRoles(query=" + str + " offset=" + i + " limit=" + i2 + ")");
        if (target == Role.Target.USER) {
            return Collections.emptyIterator();
        }
        boolean z = true;
        boolean z2 = false;
        if (str.endsWith("%")) {
            z = false;
            str = str.substring(0, str.length() - 1);
        }
        if (str.isEmpty()) {
            return Collections.emptyIterator();
        }
        if (z && !str.endsWith("_Learner") && !str.endsWith("_Instructor")) {
            return Collections.emptyIterator();
        }
        String str2 = null;
        if (str.endsWith("_Learner")) {
            str2 = str.substring(0, str.lastIndexOf("_Learner"));
            z2 = true;
        } else if (str.endsWith("_Instructor")) {
            str2 = str.substring(0, str.lastIndexOf("_Instructor"));
            z2 = true;
        }
        if (!z2) {
            str2 = str;
        }
        if (!verifySakaiSite(str2)) {
            return Collections.emptyIterator();
        }
        LinkedList linkedList = new LinkedList();
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(this.organization);
        if (z2) {
            linkedList.add(new JaxbRole(str, fromOrganization, "Sakai Site Role", Role.Type.EXTERNAL));
        } else {
            linkedList.add(new JaxbRole(str2 + "_Instructor", fromOrganization, "Sakai Site Instructor Role", Role.Type.EXTERNAL));
            linkedList.add(new JaxbRole(str2 + "_Learner", fromOrganization, "Sakai Site Learner Role", Role.Type.EXTERNAL));
        }
        return linkedList.iterator();
    }
}
