package org.openmetadata.service.jdbi3;

import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.ws.rs.core.UriInfo;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.schema.api.teams.CreateTeam;
import org.openmetadata.schema.auth.SSOAuthMechanism;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.entity.teams.Team;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.type.EntityReference;
import org.openmetadata.schema.type.Include;
import org.openmetadata.schema.type.Relationship;
import org.openmetadata.service.Entity;
import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.exception.CatalogExceptionMessage;
import org.openmetadata.service.jdbi3.CollectionDAO;
import org.openmetadata.service.jdbi3.EntityRepository;
import org.openmetadata.service.resources.teams.UserResource;
import org.openmetadata.service.secrets.SecretsManager;
import org.openmetadata.service.secrets.SecretsManagerFactory;
import org.openmetadata.service.security.JwtFilter;
import org.openmetadata.service.security.SecurityUtil;
import org.openmetadata.service.security.policyevaluator.SubjectCache;
import org.openmetadata.service.util.EntityUtil;
import org.openmetadata.service.util.JsonUtils;
import org.openmetadata.service.util.UserUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/jdbi3/UserRepository.class */
public class UserRepository extends EntityRepository<User> {
    private static final Logger LOG = LoggerFactory.getLogger(UserRepository.class);
    static final String USER_PATCH_FIELDS = "profile,roles,teams,authenticationMechanism,isEmailVerified";
    static final String USER_UPDATE_FIELDS = "profile,roles,teams,authenticationMechanism,isEmailVerified";
    private final EntityReference organization;

    /* loaded from: input_file:org/openmetadata/service/jdbi3/UserRepository$UserUpdater.class */
    public class UserUpdater extends EntityRepository<User>.EntityUpdater {
        public UserUpdater(User user, User user2, EntityRepository.Operation operation) {
            super(user, user2, operation);
        }

        @Override // org.openmetadata.service.jdbi3.EntityRepository.EntityUpdater
        public void entitySpecificUpdate() throws IOException {
            updateRoles(this.original, this.updated);
            updateTeams(this.original, this.updated);
            recordChange("profile", this.original.getProfile(), this.updated.getProfile(), true);
            recordChange("timezone", this.original.getTimezone(), this.updated.getTimezone());
            recordChange(JwtFilter.BOT_CLAIM, this.original.getIsBot(), this.updated.getIsBot());
            recordChange("isAdmin", this.original.getIsAdmin(), this.updated.getIsAdmin());
            recordChange("email", this.original.getEmail(), this.updated.getEmail());
            recordChange("isEmailVerified", this.original.getIsEmailVerified(), this.updated.getIsEmailVerified());
            updateAuthenticationMechanism(this.original, this.updated);
        }

        private void updateRoles(User user, User user2) throws IOException {
            UserRepository.this.deleteFrom(user.getId(), Entity.USER, Relationship.HAS, Entity.ROLE);
            UserRepository.this.assignRoles(user2, user2.getRoles());
            List listOrEmpty = CommonUtil.listOrEmpty(user.getRoles());
            List listOrEmpty2 = CommonUtil.listOrEmpty(user2.getRoles());
            listOrEmpty.sort(EntityUtil.compareEntityReference);
            listOrEmpty2.sort(EntityUtil.compareEntityReference);
            recordListChange("roles", listOrEmpty, listOrEmpty2, new ArrayList(), new ArrayList(), EntityUtil.entityReferenceMatch);
        }

        private void updateTeams(User user, User user2) throws IOException {
            UserRepository.this.deleteTo(user.getId(), Entity.USER, Relationship.HAS, Entity.TEAM);
            UserRepository.this.assignTeams(user2, user2.getTeams());
            List listOrEmpty = CommonUtil.listOrEmpty(user.getTeams());
            List listOrEmpty2 = CommonUtil.listOrEmpty(user2.getTeams());
            listOrEmpty.sort(EntityUtil.compareEntityReference);
            listOrEmpty2.sort(EntityUtil.compareEntityReference);
            recordListChange("teams", listOrEmpty, listOrEmpty2, new ArrayList(), new ArrayList(), EntityUtil.entityReferenceMatch);
        }

        private void updateAuthenticationMechanism(User user, User user2) throws IOException {
            AuthenticationMechanism authenticationMechanism = user.getAuthenticationMechanism();
            AuthenticationMechanism authenticationMechanism2 = user2.getAuthenticationMechanism();
            if (authenticationMechanism == null && authenticationMechanism2 != null) {
                recordChange(UserResource.USER_PROTECTED_FIELDS, user.getAuthenticationMechanism(), "new-encrypted-value");
            } else {
                if (authenticationMechanism == null || authenticationMechanism2 == null || JsonUtils.areEquals(authenticationMechanism, authenticationMechanism2)) {
                    return;
                }
                recordChange(UserResource.USER_PROTECTED_FIELDS, "old-encrypted-value", "new-encrypted-value");
            }
        }
    }

    public UserRepository(CollectionDAO collectionDAO) {
        super(UserResource.COLLECTION_PATH, Entity.USER, User.class, collectionDAO.userDAO(), collectionDAO, "profile,roles,teams,authenticationMechanism,isEmailVerified", "profile,roles,teams,authenticationMechanism,isEmailVerified");
        this.organization = collectionDAO.teamDAO().findEntityReferenceByName(Entity.ORGANIZATION_NAME, Include.ALL);
    }

    public final EntityUtil.Fields getFieldsWithUserAuth(String str) {
        List<String> allowedFieldsCopy = getAllowedFieldsCopy();
        if (str == null || !str.equals("*")) {
            return new EntityUtil.Fields(allowedFieldsCopy, str);
        }
        allowedFieldsCopy.add(UserResource.USER_PROTECTED_FIELDS);
        return new EntityUtil.Fields(allowedFieldsCopy, String.join(",", allowedFieldsCopy));
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void prepare(User user) throws IOException {
        validateTeams(user);
        validateRoles(user.getRoles());
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void restorePatchAttributes(User user, User user2) {
        user2.withId(user.getId()).withName(user.getName()).withInheritedRoles(user.getInheritedRoles()).withAuthenticationMechanism(user.getAuthenticationMechanism());
    }

    private List<EntityReference> getInheritedRoles(User user) throws IOException {
        if (Boolean.TRUE.equals(user.getIsBot())) {
            return null;
        }
        getTeams(user);
        if (SubjectCache.getInstance() != null) {
            return SubjectCache.getInstance().getRolesForTeams(getTeams(user));
        }
        return null;
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void storeEntity(User user, boolean z) throws IOException {
        List roles = user.getRoles();
        List teams = user.getTeams();
        user.withRoles((List) null).withTeams((List) null).withHref((URI) null).withInheritedRoles((List) null);
        SecretsManager secretsManager = SecretsManagerFactory.getSecretsManager();
        if (secretsManager != null && Boolean.TRUE.equals(user.getIsBot())) {
            user.withAuthenticationMechanism(secretsManager.encryptOrDecryptAuthenticationMechanism(user.getName(), user.getAuthenticationMechanism(), true));
        }
        store(user, z);
        user.withRoles(roles).withTeams(teams);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void storeRelationships(User user) throws IOException {
        assignRoles(user, user.getRoles());
        assignTeams(user, user.getTeams());
        user.setInheritedRoles(getInheritedRoles(user));
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public UserUpdater getUpdater(User user, User user2, EntityRepository.Operation operation) {
        return new UserUpdater(user, user2, operation);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void postDelete(User user) {
        SubjectCache.getInstance().invalidateUser(user.getName());
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public User setFields(User user, EntityUtil.Fields fields) throws IOException {
        user.setProfile(fields.contains("profile") ? user.getProfile() : null);
        user.setTeams(fields.contains("teams") ? getTeams(user) : null);
        user.setOwns(fields.contains("owns") ? getOwns(user) : null);
        user.setFollows(fields.contains("follows") ? getFollows(user) : null);
        user.setRoles(fields.contains("roles") ? getRoles(user) : null);
        user.setAuthenticationMechanism(fields.contains(UserResource.USER_PROTECTED_FIELDS) ? user.getAuthenticationMechanism() : null);
        user.setIsEmailVerified(fields.contains("isEmailVerified") ? user.getIsEmailVerified() : null);
        return user.withInheritedRoles(fields.contains("roles") ? getInheritedRoles(user) : null);
    }

    public boolean isTeamJoinable(String str) throws IOException {
        return this.daoCollection.teamDAO().findEntityById(UUID.fromString(str), Include.NON_DELETED).getIsJoinable().booleanValue();
    }

    public void validateTeams(User user) throws IOException {
        List<EntityReference> teams = user.getTeams();
        if (teams == null) {
            user.setTeams(new ArrayList(List.of(this.organization)));
            return;
        }
        for (EntityReference entityReference : teams) {
            EntityUtil.copy(this.daoCollection.teamDAO().findEntityReferenceById(entityReference.getId()), entityReference);
        }
        teams.sort(EntityUtil.compareEntityReference);
    }

    public void validateTeamAddition(UUID uuid, UUID uuid2) throws IOException {
        User user = (User) this.dao.findEntityById(uuid);
        Optional<EntityReference> findFirst = getTeams(user).stream().filter(entityReference -> {
            return entityReference.getId().equals(uuid2);
        }).findFirst();
        if (findFirst.isPresent()) {
            throw new IllegalArgumentException(CatalogExceptionMessage.userAlreadyPartOfTeam(user.getName(), findFirst.get().getDisplayName()));
        }
    }

    public boolean checkEmailAlreadyExists(String str) {
        return this.daoCollection.userDAO().checkEmailExists(str) > 0;
    }

    public void initializeUsers(OpenMetadataApplicationConfig openMetadataApplicationConfig) {
        HashSet hashSet = new HashSet(openMetadataApplicationConfig.getAuthorizerConfiguration().getAdminPrincipals());
        LOG.debug("Checking user entries for admin users {}", hashSet);
        String domain = SecurityUtil.getDomain(openMetadataApplicationConfig);
        if (openMetadataApplicationConfig.getAuthenticationConfiguration().getProvider().equals(SSOAuthMechanism.SsoServiceType.BASIC.value())) {
            UserUtil.handleBasicAuth(hashSet, domain);
        } else {
            UserUtil.addUsers(hashSet, domain, true);
        }
        LOG.debug("Checking user entries for test users");
        UserUtil.addUsers(new HashSet(openMetadataApplicationConfig.getAuthorizerConfiguration().getTestPrincipals()), domain, null);
    }

    private List<EntityReference> getOwns(User user) throws IOException {
        List<CollectionDAO.EntityRelationshipRecord> findTo = this.daoCollection.relationshipDAO().findTo(user.getId().toString(), Entity.USER, Relationship.OWNS.ordinal());
        Iterator<EntityReference> it = (user.getTeams() == null ? getTeams(user) : user.getTeams()).iterator();
        while (it.hasNext()) {
            findTo.addAll(this.daoCollection.relationshipDAO().findTo(it.next().getId().toString(), Entity.TEAM, Relationship.OWNS.ordinal()));
        }
        return EntityUtil.getEntityReferences(findTo);
    }

    private List<EntityReference> getFollows(User user) throws IOException {
        return EntityUtil.getEntityReferences(this.daoCollection.relationshipDAO().findTo(user.getId().toString(), Entity.USER, Relationship.FOLLOWS.ordinal()));
    }

    private List<EntityReference> getTeamChildren(UUID uuid) throws IOException {
        return uuid.equals(this.organization.getId()) ? EntityUtil.populateEntityReferencesById(EntityUtil.toIDs(this.daoCollection.teamDAO().listTeamsUnderOrganization(uuid.toString())), Entity.TEAM) : EntityUtil.populateEntityReferences(findTo(uuid, Entity.TEAM, Relationship.PARENT_OF, Entity.TEAM), Entity.TEAM);
    }

    public List<EntityReference> getGroupTeams(UriInfo uriInfo, String str) throws IOException {
        return getGroupTeams(getTeams(getByName(uriInfo, str, EntityUtil.Fields.EMPTY_FIELDS, Include.ALL)));
    }

    private List<EntityReference> getGroupTeams(List<EntityReference> list) throws IOException {
        HashSet hashSet = new HashSet();
        for (EntityReference entityReference : list) {
            Team team = (Team) Entity.getEntity(entityReference, EntityUtil.Fields.EMPTY_FIELDS, Include.ALL);
            if (CreateTeam.TeamType.GROUP.equals(team.getTeamType())) {
                hashSet.add(entityReference);
            } else {
                hashSet.addAll(getGroupTeams(getTeamChildren(team.getId())));
            }
        }
        return new ArrayList(hashSet);
    }

    private List<EntityReference> getRoles(User user) throws IOException {
        return EntityUtil.populateEntityReferences(findTo(user.getId(), Entity.USER, Relationship.HAS, Entity.ROLE), Entity.ROLE);
    }

    private List<EntityReference> getTeams(User user) throws IOException {
        List<EntityReference> list = (List) EntityUtil.populateEntityReferences(findFrom(user.getId(), Entity.USER, Relationship.HAS, Entity.TEAM), Entity.TEAM).stream().filter(entityReference -> {
            return !entityReference.getDeleted().booleanValue();
        }).collect(Collectors.toList());
        return CommonUtil.listOrEmpty(list).isEmpty() ? new ArrayList(List.of(this.organization)) : list;
    }

    private void assignRoles(User user, List<EntityReference> list) {
        Iterator it = CommonUtil.listOrEmpty(list).iterator();
        while (it.hasNext()) {
            addRelationship(user.getId(), ((EntityReference) it.next()).getId(), Entity.USER, Entity.ROLE, Relationship.HAS);
        }
    }

    private void assignTeams(User user, List<EntityReference> list) {
        List<EntityReference> listOrEmpty = CommonUtil.listOrEmpty(list);
        for (EntityReference entityReference : listOrEmpty) {
            if (!entityReference.getId().equals(this.organization.getId())) {
                addRelationship(entityReference.getId(), user.getId(), Entity.TEAM, Entity.USER, Relationship.HAS);
            }
        }
        if (listOrEmpty.size() > 1) {
            user.setTeams((List) listOrEmpty.stream().filter(entityReference2 -> {
                return !entityReference2.getId().equals(this.organization.getId());
            }).collect(Collectors.toList()));
        }
    }
}
