package org.openmetadata.service.util;

import at.favre.lib.crypto.bcrypt.BCrypt;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import org.openmetadata.api.configuration.airflow.AuthConfiguration;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.schema.api.configuration.airflow.AirflowConfiguration;
import org.openmetadata.schema.auth.BasicAuthMechanism;
import org.openmetadata.schema.auth.JWTAuthMechanism;
import org.openmetadata.schema.auth.JWTTokenExpiry;
import org.openmetadata.schema.auth.SSOAuthMechanism;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig;
import org.openmetadata.schema.type.EntityReference;
import org.openmetadata.service.Entity;
import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.exception.EntityNotFoundException;
import org.openmetadata.service.jdbi3.EntityRepository;
import org.openmetadata.service.jdbi3.UserRepository;
import org.openmetadata.service.resources.teams.RoleResource;
import org.openmetadata.service.resources.teams.UserResource;
import org.openmetadata.service.security.jwt.JWTTokenGenerator;
import org.openmetadata.service.util.EntityUtil;
import org.openmetadata.service.util.RestUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/util/UserUtil.class */
public final class UserUtil {
    private static final Logger LOG = LoggerFactory.getLogger(UserUtil.class);
    private static final String COLON_DELIMITER = ":";

    public static void handleBasicAuth(Set<String> set, String str) {
        try {
            for (String str2 : set) {
                if (str2.contains(COLON_DELIMITER)) {
                    String[] split = str2.split(COLON_DELIMITER);
                    addUserForBasicAuth(split[0], split[1], str);
                } else {
                    boolean equals = str2.equals(Entity.ADMIN_USER_NAME);
                    String generateRandomPassword = PasswordUtil.generateRandomPassword();
                    if (equals) {
                        generateRandomPassword = Entity.ADMIN_USER_NAME;
                    }
                    addUserForBasicAuth(str2, generateRandomPassword, str);
                }
            }
        } catch (IOException e) {
            LOG.error("Failed in Basic Auth Setup. Reason : {}", e.getMessage());
        }
    }

    public static void addUserForBasicAuth(String str, String str2, String str3) throws IOException {
        EntityRepository entityRepository = Entity.getEntityRepository(Entity.USER);
        try {
            List<String> allowedFieldsCopy = entityRepository.getAllowedFieldsCopy();
            allowedFieldsCopy.add(UserResource.USER_PROTECTED_FIELDS);
            User byName = entityRepository.getByName(null, str, new EntityUtil.Fields(allowedFieldsCopy, String.join(",", allowedFieldsCopy)));
            if (byName.getAuthenticationMechanism() == null) {
                updateUserWithHashedPwd(byName, str2);
            }
            addOrUpdateUser(byName);
        } catch (EntityNotFoundException e) {
            User withIsEmailVerified = user(str, str3, str).withIsAdmin(true).withIsEmailVerified(true);
            updateUserWithHashedPwd(withIsEmailVerified, str2);
            addOrUpdateUser(withIsEmailVerified);
            EmailUtil.sendInviteMailToAdmin(withIsEmailVerified, str2);
        }
    }

    public static void updateUserWithHashedPwd(User user, String str) {
        user.setAuthenticationMechanism(new AuthenticationMechanism().withAuthType(AuthenticationMechanism.AuthType.BASIC).withConfig(new BasicAuthMechanism().withPassword(BCrypt.withDefaults().hashToString(12, str.toCharArray()))));
    }

    public static void addUsers(Set<String> set, String str, Boolean bool) {
        for (String str2 : set) {
            addOrUpdateUser(user(str2, str, str2).withIsAdmin(bool));
        }
    }

    public static User addOrUpdateUser(User user) {
        try {
            RestUtil.PutResponse createOrUpdate = Entity.getEntityRepository(Entity.USER).createOrUpdate(null, user);
            LOG.debug("Added user entry: {}", ((User) createOrUpdate.getEntity()).getName());
            return (User) createOrUpdate.getEntity();
        } catch (Exception e) {
            LOG.debug("Caught exception", e);
            user.setAuthenticationMechanism((AuthenticationMechanism) null);
            LOG.debug("User entry: {} already exists.", user.getName());
            return null;
        }
    }

    public static User user(String str, String str2, String str3) {
        return new User().withId(UUID.randomUUID()).withName(str).withFullyQualifiedName(str).withEmail(str + "@" + str2).withUpdatedBy(str3).withUpdatedAt(Long.valueOf(System.currentTimeMillis())).withIsBot(false);
    }

    public static User addOrUpdateBotUser(User user, OpenMetadataApplicationConfig openMetadataApplicationConfig) {
        User retrieveWithAuthMechanism = retrieveWithAuthMechanism(user);
        AirflowConfiguration airflowConfiguration = openMetadataApplicationConfig.getAirflowConfiguration();
        AuthenticationMechanism authenticationMechanism = retrieveWithAuthMechanism != null ? retrieveWithAuthMechanism.getAuthenticationMechanism() : null;
        if (authConfigPresent(airflowConfiguration) && authenticationMechanism == null) {
            AuthConfiguration authConfig = airflowConfiguration.getAuthConfig();
            String provider = openMetadataApplicationConfig.getAuthenticationConfiguration().getProvider();
            if ("openmetadata".equals(airflowConfiguration.getAuthProvider()) && !"basic".equals(provider)) {
                authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.JWT, buildJWTAuthMechanism(authConfig.getOpenmetadata(), user));
            } else if ("basic".equals(provider)) {
                authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.JWT, buildJWTAuthMechanism(null, user));
            } else {
                boolean z = -1;
                switch (provider.hashCode()) {
                    case -1823858507:
                        if (provider.equals("custom-oidc")) {
                            z = 5;
                            break;
                        }
                        break;
                    case -1240244679:
                        if (provider.equals("google")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 3413321:
                        if (provider.equals("okta")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 93181832:
                        if (provider.equals("auth0")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 93332111:
                        if (provider.equals("azure")) {
                            z = true;
                            break;
                        }
                        break;
                    case 2063557172:
                        if (provider.equals("no-auth")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        break;
                    case true:
                        authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.SSO, buildAuthMechanismConfig(SSOAuthMechanism.SsoServiceType.AZURE, authConfig.getAzure()));
                        break;
                    case true:
                        authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.SSO, buildAuthMechanismConfig(SSOAuthMechanism.SsoServiceType.GOOGLE, authConfig.getGoogle()));
                        break;
                    case true:
                        authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.SSO, buildAuthMechanismConfig(SSOAuthMechanism.SsoServiceType.OKTA, authConfig.getOkta()));
                        break;
                    case true:
                        authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.SSO, buildAuthMechanismConfig(SSOAuthMechanism.SsoServiceType.AUTH_0, authConfig.getAuth0()));
                        break;
                    case true:
                        authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.SSO, buildAuthMechanismConfig(SSOAuthMechanism.SsoServiceType.CUSTOM_OIDC, authConfig.getCustomOidc()));
                        break;
                    default:
                        throw new IllegalArgumentException(String.format("Unexpected auth provider [%s] for bot [%s]", provider, user.getName()));
                }
            }
        } else if (authenticationMechanism == null) {
            authenticationMechanism = buildAuthMechanism(AuthenticationMechanism.AuthType.JWT, buildJWTAuthMechanism(null, user));
        }
        user.setAuthenticationMechanism(authenticationMechanism);
        user.setDescription(user.getDescription());
        user.setDisplayName(user.getDisplayName());
        return addOrUpdateUser(user);
    }

    private static boolean authConfigPresent(AirflowConfiguration airflowConfiguration) {
        return (airflowConfiguration == null || airflowConfiguration.getAuthConfig() == null) ? false : true;
    }

    private static JWTAuthMechanism buildJWTAuthMechanism(OpenMetadataJWTClientConfig openMetadataJWTClientConfig, User user) {
        return (Objects.isNull(openMetadataJWTClientConfig) || CommonUtil.nullOrEmpty(openMetadataJWTClientConfig.getJwtToken())) ? JWTTokenGenerator.getInstance().generateJWTToken(user, JWTTokenExpiry.Unlimited) : new JWTAuthMechanism().withJWTToken(openMetadataJWTClientConfig.getJwtToken()).withJWTTokenExpiry(JWTTokenExpiry.Unlimited);
    }

    private static SSOAuthMechanism buildAuthMechanismConfig(SSOAuthMechanism.SsoServiceType ssoServiceType, Object obj) {
        return new SSOAuthMechanism().withSsoServiceType(ssoServiceType).withAuthConfig(obj);
    }

    private static AuthenticationMechanism buildAuthMechanism(AuthenticationMechanism.AuthType authType, Object obj) {
        return new AuthenticationMechanism().withAuthType(authType).withConfig(obj);
    }

    private static User retrieveWithAuthMechanism(User user) {
        try {
            return ((EntityRepository) UserRepository.class.cast(Entity.getEntityRepository(Entity.USER))).getByName(null, user.getName(), new EntityUtil.Fields(List.of(UserResource.USER_PROTECTED_FIELDS)));
        } catch (IOException | EntityNotFoundException e) {
            LOG.debug("Bot entity: {} does not exists.", user);
            return null;
        }
    }

    public static List<EntityReference> getRoleForBot(String str) {
        String str2;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1915568226:
                if (str.equals(Entity.INGESTION_BOT_NAME)) {
                    z = false;
                    break;
                }
                break;
            case -560980999:
                if (str.equals(Entity.QUALITY_BOT_NAME)) {
                    z = true;
                    break;
                }
                break;
            case 1239319011:
                if (str.equals(Entity.PROFILER_BOT_NAME)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                str2 = Entity.INGESTION_BOT_ROLE;
                break;
            case true:
                str2 = Entity.QUALITY_BOT_ROLE;
                break;
            case true:
                str2 = Entity.PROFILER_BOT_ROLE;
                break;
            default:
                throw new IllegalArgumentException("No role found for the bot " + str);
        }
        return Arrays.asList(RoleResource.getRole(str2));
    }
}
