package org.cloudfoundry.identity.uaa.scim.jdbc;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable;
import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory;
import org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter;
import org.cloudfoundry.identity.uaa.scim.ScimGroup;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMember;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager;
import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException;
import org.cloudfoundry.identity.uaa.scim.exception.MemberAlreadyExistsException;
import org.cloudfoundry.identity.uaa.scim.exception.MemberNotFoundException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceConstraintFailedException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.PreparedStatementSetter;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SingleColumnRowMapper;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManager.class */
public class JdbcScimGroupMembershipManager extends AbstractQueryable<ScimGroupMember> implements ScimGroupMembershipManager {
    private JdbcTemplate jdbcTemplate;
    private final Log logger;
    public static final String MEMBERSHIP_TABLE = "group_membership";
    private ScimUserProvisioning userProvisioning;
    private ScimGroupProvisioning groupProvisioning;
    private Map<IdentityZone, Set<ScimGroup>> defaultUserGroups;
    public static final String ADD_MEMBER_SQL = String.format("insert into %s ( %s ) values (?,?,?,?,?,?,?)", "group_membership", "group_id,member_id,member_type,authorities,added,origin,identity_zone_id");
    public static final String UPDATE_MEMBER_SQL = String.format("update %s set authorities=? where group_id=? and member_id=?", "group_membership");
    public static final String MEMBERSHIP_FIELDS = "group_id,member_id,member_type,authorities,added,origin";
    public static final String GET_MEMBERS_FILTER_SQL = String.format("select %s from %s where identity_zone_id='%%s'", MEMBERSHIP_FIELDS, "group_membership");
    public static final String GET_GROUPS_BY_MEMBER_SQL = String.format("select distinct(group_id) from %s where member_id=? and identity_zone_id=?", "group_membership");
    public static final String GET_MEMBERS_WITH_AUTHORITY_SQL = String.format("select %s from %s where group_id=? and lower(authorities) like ?", MEMBERSHIP_FIELDS, "group_membership");
    public static final String GET_MEMBER_SQL = String.format("select %s from %s where member_id=? and group_id=? and identity_zone_id=?", MEMBERSHIP_FIELDS, "group_membership");
    public static final String DELETE_MEMBER_SQL = String.format("delete from %s where member_id=? and group_id = ? and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBERS_IN_GROUP_SQL = String.format("delete from %s where group_id=? and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBER_IN_GROUPS_SQL_USER = String.format("delete from %s where member_id=? and member_type='USER' and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBER_IN_GROUPS_SQL_GROUP = String.format("delete from %s where member_id=? and member_type='GROUP' and identity_zone_id=?", "group_membership");

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManager$ScimGroupMemberRowMapper.class */
    private static final class ScimGroupMemberRowMapper implements RowMapper<ScimGroupMember> {
        private ScimGroupMemberRowMapper() {
        }

        /* renamed from: mapRow, reason: merged with bridge method [inline-methods] */
        public ScimGroupMember m114mapRow(ResultSet resultSet, int i) throws SQLException {
            String string = resultSet.getString(2);
            String string2 = resultSet.getString(3);
            String string3 = resultSet.getString(4);
            resultSet.getDate(5);
            String string4 = resultSet.getString(6);
            ScimGroupMember scimGroupMember = new ScimGroupMember(string, ScimGroupMember.Type.valueOf(string2), getAuthorities(string3));
            scimGroupMember.setOrigin(string4);
            return scimGroupMember;
        }

        private List<ScimGroupMember.Role> getAuthorities(String str) {
            ArrayList arrayList = new ArrayList();
            for (String str2 : str.split(",")) {
                if ("read".equalsIgnoreCase(str2)) {
                    str2 = "reader";
                } else if ("write".equalsIgnoreCase(str2)) {
                    str2 = "writer";
                }
                arrayList.add(ScimGroupMember.Role.valueOf(str2.toUpperCase()));
            }
            return arrayList;
        }
    }

    public void setDefaultUserGroups(Set<String> set) {
        HashSet hashSet = new HashSet();
        for (String str : set) {
            List<ScimGroup> query = this.groupProvisioning.query(String.format("displayName co \"%s\" and identity_zone_id eq \"" + IdentityZone.getUaa().getId() + "\"", str));
            if (query.isEmpty()) {
                hashSet.add(this.groupProvisioning.create(new ScimGroup((String) null, str, IdentityZone.getUaa().getId())));
            } else {
                hashSet.add(query.get(0));
            }
        }
        this.defaultUserGroups.put(IdentityZone.getUaa(), hashSet);
    }

    public Set<ScimGroup> getDefaultUserGroups(IdentityZone identityZone) {
        Set<ScimGroup> set = this.defaultUserGroups.get(identityZone);
        return set == null ? Collections.EMPTY_SET : set;
    }

    public void setScimUserProvisioning(ScimUserProvisioning scimUserProvisioning) {
        this.userProvisioning = scimUserProvisioning;
    }

    public void setScimGroupProvisioning(ScimGroupProvisioning scimGroupProvisioning) {
        this.groupProvisioning = scimGroupProvisioning;
    }

    public JdbcScimGroupMembershipManager(JdbcTemplate jdbcTemplate, JdbcPagingListFactory jdbcPagingListFactory) {
        super(jdbcTemplate, jdbcPagingListFactory, new ScimGroupMemberRowMapper());
        this.logger = LogFactory.getLog(getClass());
        this.defaultUserGroups = new ConcurrentHashMap();
        Assert.notNull(jdbcTemplate);
        this.jdbcTemplate = jdbcTemplate;
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable
    protected String getBaseSqlQuery() {
        return String.format(GET_MEMBERS_FILTER_SQL, IdentityZoneHolder.get().getId());
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable
    protected String getTableName() {
        return "group_membership";
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable, org.cloudfoundry.identity.uaa.resources.Queryable
    public int delete(String str) {
        SearchQueryConverter.ProcessedFilter convert = getQueryConverter().convert(str, null, false);
        this.logger.debug("Filtering groups with SQL: " + convert);
        try {
            String str2 = "DELETE FROM " + getTableName() + " WHERE group_id IN (SELECT id FROM groups WHERE identity_zone_id='" + IdentityZoneHolder.get().getId() + "') AND  " + convert.getSql();
            this.logger.debug("delete sql: " + str2 + ", params: " + convert.getParams());
            return new NamedParameterJdbcTemplate(this.jdbcTemplate).update(str2, convert.getParams());
        } catch (DataAccessException e) {
            this.logger.debug("Filter '" + str + "' generated invalid SQL", e);
            throw new IllegalArgumentException("Invalid delete filter: " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable
    protected String getQuerySQL(String str, SearchQueryConverter.ProcessedFilter processedFilter) {
        boolean contains = getBaseSqlQuery().contains(" where ");
        if (str == null || str.trim().length() == 0) {
            return getBaseSqlQuery();
        }
        return getBaseSqlQuery() + (contains ? " and " : " where ") + processedFilter.getSql();
    }

    public boolean isDefaultGroup(String str) {
        Iterator<ScimGroup> it = getDefaultUserGroups(IdentityZoneHolder.get()).iterator();
        while (it.hasNext()) {
            if (it.next().getId().equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public ScimGroupMember addMember(final String str, final ScimGroupMember scimGroupMember) throws ScimResourceNotFoundException, MemberAlreadyExistsException {
        if (isDefaultGroup(str)) {
            throw new MemberAlreadyExistsException("Trying to add member to default group");
        }
        validateRequest(str, scimGroupMember);
        final String groupAuthorities = getGroupAuthorities(scimGroupMember);
        final String type = (scimGroupMember.getType() == null ? ScimGroupMember.Type.USER : scimGroupMember.getType()).toString();
        try {
            this.logger.debug("Associating group:" + str + " with member:" + scimGroupMember);
            this.jdbcTemplate.update(ADD_MEMBER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.1
                public void setValues(PreparedStatement preparedStatement) throws SQLException {
                    preparedStatement.setString(1, str);
                    preparedStatement.setString(2, scimGroupMember.getMemberId());
                    preparedStatement.setString(3, type);
                    preparedStatement.setString(4, groupAuthorities);
                    preparedStatement.setTimestamp(5, new Timestamp(new Date().getTime()));
                    preparedStatement.setString(6, scimGroupMember.getOrigin());
                    preparedStatement.setString(7, IdentityZoneHolder.get().getId());
                }
            });
            return getMemberById(str, scimGroupMember.getMemberId());
        } catch (DuplicateKeyException e) {
            throw new MemberAlreadyExistsException(scimGroupMember.getMemberId() + " is already part of the group: " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public List<ScimGroupMember> getMembers(String str, String str2, boolean z) throws ScimResourceNotFoundException {
        String format;
        if (StringUtils.hasText(str2)) {
            getQueryConverter().convert(str2, "member_id", true);
            format = String.format("group_id eq \"%s\" and (%s)", str, str2);
        } else {
            format = String.format("group_id eq \"%s\"", str);
        }
        List<ScimGroupMember> query = query(format, "member_id", true);
        if (z) {
            for (ScimGroupMember scimGroupMember : query) {
                if (scimGroupMember.getType().equals(ScimGroupMember.Type.USER)) {
                    scimGroupMember.setEntity(this.userProvisioning.retrieve(scimGroupMember.getMemberId()));
                } else if (scimGroupMember.getType().equals(ScimGroupMember.Type.GROUP)) {
                    scimGroupMember.setEntity(this.groupProvisioning.retrieve(scimGroupMember.getMemberId()));
                }
            }
        }
        return new ArrayList(query);
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public Set<ScimGroup> getGroupsWithMember(String str, boolean z) throws ScimResourceNotFoundException {
        ArrayList arrayList = new ArrayList();
        getGroupsWithMember(arrayList, str, z);
        if (isUser(str)) {
            arrayList.addAll(getDefaultUserGroups(IdentityZoneHolder.get()));
        }
        return new HashSet(arrayList);
    }

    private void getGroupsWithMember(List<ScimGroup> list, final String str, boolean z) {
        List<String> list2;
        if (list == null) {
            return;
        }
        try {
            list2 = this.jdbcTemplate.query(GET_GROUPS_BY_MEMBER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.2
                public void setValues(PreparedStatement preparedStatement) throws SQLException {
                    preparedStatement.setString(1, str);
                    preparedStatement.setString(2, IdentityZoneHolder.get().getId());
                }
            }, new SingleColumnRowMapper(String.class));
        } catch (EmptyResultDataAccessException e) {
            list2 = Collections.EMPTY_LIST;
        }
        for (String str2 : list2) {
            try {
                ScimGroup retrieve = this.groupProvisioning.retrieve(str2);
                if (!list.contains(retrieve)) {
                    list.add(retrieve);
                    if (z) {
                        getGroupsWithMember(list, str2, z);
                    }
                }
            } catch (ScimResourceNotFoundException e2) {
            }
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public List<ScimGroupMember> getMembers(final String str, final ScimGroupMember.Role role) throws ScimResourceNotFoundException {
        this.logger.debug("getting members of type: " + role + " from group: " + str);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.jdbcTemplate.query(GET_MEMBERS_WITH_AUTHORITY_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.3
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, "%" + role.toString().toLowerCase() + "%");
            }
        }, this.rowMapper));
        return arrayList;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public ScimGroupMember getMemberById(String str, String str2) throws ScimResourceNotFoundException, MemberNotFoundException {
        try {
            return (ScimGroupMember) this.jdbcTemplate.queryForObject(GET_MEMBER_SQL, this.rowMapper, new Object[]{str2, str, IdentityZoneHolder.get().getId()});
        } catch (EmptyResultDataAccessException e) {
            throw new MemberNotFoundException("Member " + str2 + " does not exist in group " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public ScimGroupMember updateMember(final String str, final ScimGroupMember scimGroupMember) throws ScimResourceNotFoundException, MemberNotFoundException {
        validateRequest(str, scimGroupMember);
        final String groupAuthorities = getGroupAuthorities(scimGroupMember);
        int update = this.jdbcTemplate.update(UPDATE_MEMBER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.4
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setString(1, groupAuthorities);
                preparedStatement.setString(2, str);
                preparedStatement.setString(3, scimGroupMember.getMemberId());
            }
        });
        if (update == 0) {
            throw new MemberNotFoundException("Member " + scimGroupMember.getMemberId() + " does not exist in group " + str);
        }
        if (update != 1) {
            throw new IncorrectResultSizeDataAccessException("unexpected number of members updated", 1, update);
        }
        return getMemberById(str, scimGroupMember.getMemberId());
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public List<ScimGroupMember> updateOrAddMembers(String str, List<ScimGroupMember> list) throws ScimResourceNotFoundException {
        List<ScimGroupMember> members = getMembers(str, null, false);
        this.logger.debug("current-members: " + members + ", in request: " + list);
        ArrayList arrayList = new ArrayList(members);
        arrayList.removeAll(list);
        this.logger.debug("removing members: " + arrayList);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeMemberById(str, ((ScimGroupMember) it.next()).getMemberId());
        }
        ArrayList arrayList2 = new ArrayList(list);
        arrayList2.removeAll(members);
        this.logger.debug("adding new members: " + arrayList2);
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            addMember(str, (ScimGroupMember) it2.next());
        }
        ArrayList arrayList3 = new ArrayList(list);
        arrayList3.retainAll(members);
        this.logger.debug("updating members: " + arrayList3);
        Iterator it3 = arrayList3.iterator();
        while (it3.hasNext()) {
            updateMember(str, (ScimGroupMember) it3.next());
        }
        return getMembers(str, null, false);
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public ScimGroupMember removeMemberById(final String str, final String str2) throws ScimResourceNotFoundException, MemberNotFoundException {
        ScimGroupMember memberById = getMemberById(str, str2);
        int update = this.jdbcTemplate.update(DELETE_MEMBER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.5
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setString(2, str);
                preparedStatement.setString(1, str2);
                preparedStatement.setString(3, IdentityZoneHolder.get().getId());
            }
        });
        if (update != 1) {
            throw new IncorrectResultSizeDataAccessException("unexpected number of members removed", 1, update);
        }
        return memberById;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public List<ScimGroupMember> removeMembersByGroupId(final String str) throws ScimResourceNotFoundException {
        List<ScimGroupMember> members = getMembers(str, null, false);
        this.logger.debug("removing " + members + " members from group: " + str);
        int update = this.jdbcTemplate.update(DELETE_MEMBERS_IN_GROUP_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.6
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, IdentityZoneHolder.get().getId());
            }
        });
        if (update != members.size()) {
            throw new IncorrectResultSizeDataAccessException("unexpected number of members removed", members.size(), update);
        }
        return members;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public Set<ScimGroup> removeMembersByMemberId(final String str) throws ScimResourceNotFoundException {
        Set<ScimGroup> groupsWithMember = getGroupsWithMember(str, false);
        this.logger.debug("removing " + str + " from groups: " + groupsWithMember);
        String str2 = DELETE_MEMBER_IN_GROUPS_SQL_GROUP;
        if (isUser(str)) {
            str2 = DELETE_MEMBER_IN_GROUPS_SQL_USER;
        }
        int update = this.jdbcTemplate.update(str2, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.7
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, IdentityZoneHolder.get().getId());
            }
        });
        int size = isUser(str) ? groupsWithMember.size() - getDefaultUserGroups(IdentityZoneHolder.get()).size() : groupsWithMember.size();
        if (update != size) {
            throw new IncorrectResultSizeDataAccessException("unexpected number of members removed", size, update);
        }
        return groupsWithMember;
    }

    @Override // org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable
    protected void validateOrderBy(String str) throws IllegalArgumentException {
        super.validateOrderBy(str, MEMBERSHIP_FIELDS);
    }

    private boolean isUser(String str) {
        try {
            this.userProvisioning.retrieve(str);
            return true;
        } catch (ScimResourceNotFoundException e) {
            return false;
        }
    }

    private void validateRequest(String str, ScimGroupMember scimGroupMember) {
        if (!StringUtils.hasText(str) || !StringUtils.hasText(scimGroupMember.getMemberId()) || !StringUtils.hasText(scimGroupMember.getOrigin())) {
            throw new InvalidScimResourceException("group-id, member-id, origin and member-type must be non-empty");
        }
        if (str.equals(scimGroupMember.getMemberId())) {
            throw new InvalidScimResourceException("trying to nest group within itself, aborting");
        }
        ScimGroup retrieve = this.groupProvisioning.retrieve(str);
        String zoneId = scimGroupMember.getType() == ScimGroupMember.Type.GROUP ? this.groupProvisioning.retrieve(scimGroupMember.getMemberId()).getZoneId() : this.userProvisioning.retrieve(scimGroupMember.getMemberId()).getZoneId();
        if (!zoneId.equals(retrieve.getZoneId())) {
            throw new ScimResourceConstraintFailedException("The zone of the group and the member must be the same.");
        }
        if (!zoneId.equals(IdentityZoneHolder.get().getId())) {
            throw new ScimResourceConstraintFailedException("Unable to make membership changes in a different zone");
        }
    }

    private String getGroupAuthorities(ScimGroupMember scimGroupMember) {
        return (scimGroupMember.getRoles() == null || scimGroupMember.getRoles().isEmpty()) ? StringUtils.collectionToCommaDelimitedString(ScimGroupMember.GROUP_MEMBER) : StringUtils.collectionToCommaDelimitedString(scimGroupMember.getRoles());
    }
}
