package org.apache.inlong.manager.service.user;

import com.github.pagehelper.Page;
import com.github.pagehelper.PageHelper;
import com.google.common.base.Joiner;
import com.google.common.collect.Sets;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.inlong.manager.common.consts.InlongConstants;
import org.apache.inlong.manager.common.enums.ErrorCodeEnum;
import org.apache.inlong.manager.common.enums.TenantUserTypeEnum;
import org.apache.inlong.manager.common.exceptions.BusinessException;
import org.apache.inlong.manager.common.util.AESUtils;
import org.apache.inlong.manager.common.util.CommonBeanUtils;
import org.apache.inlong.manager.common.util.DateUtils;
import org.apache.inlong.manager.common.util.Preconditions;
import org.apache.inlong.manager.common.util.RSAUtils;
import org.apache.inlong.manager.common.util.SHAUtils;
import org.apache.inlong.manager.dao.entity.DataNodeEntity;
import org.apache.inlong.manager.dao.entity.InlongClusterEntity;
import org.apache.inlong.manager.dao.entity.InlongClusterTagEntity;
import org.apache.inlong.manager.dao.entity.InlongConsumeEntity;
import org.apache.inlong.manager.dao.entity.InlongGroupEntity;
import org.apache.inlong.manager.dao.entity.UserEntity;
import org.apache.inlong.manager.dao.mapper.DataNodeEntityMapper;
import org.apache.inlong.manager.dao.mapper.InlongClusterEntityMapper;
import org.apache.inlong.manager.dao.mapper.InlongClusterTagEntityMapper;
import org.apache.inlong.manager.dao.mapper.InlongConsumeEntityMapper;
import org.apache.inlong.manager.dao.mapper.InlongGroupEntityMapper;
import org.apache.inlong.manager.dao.mapper.UserEntityMapper;
import org.apache.inlong.manager.pojo.cluster.ClusterPageRequest;
import org.apache.inlong.manager.pojo.cluster.ClusterTagPageRequest;
import org.apache.inlong.manager.pojo.common.PageResult;
import org.apache.inlong.manager.pojo.consume.InlongConsumePageRequest;
import org.apache.inlong.manager.pojo.group.InlongGroupPageRequest;
import org.apache.inlong.manager.pojo.node.DataNodePageRequest;
import org.apache.inlong.manager.pojo.user.LoginUserUtils;
import org.apache.inlong.manager.pojo.user.UserInfo;
import org.apache.inlong.manager.pojo.user.UserLoginLockStatus;
import org.apache.inlong.manager.pojo.user.UserLoginRequest;
import org.apache.inlong.manager.pojo.user.UserRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.support.DefaultSubjectContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:org/apache/inlong/manager/service/user/UserServiceImpl.class */
public class UserServiceImpl implements UserService {
    private static final Logger LOGGER = LoggerFactory.getLogger(UserServiceImpl.class);
    private static final Integer SECRET_KEY_SIZE = 16;
    private static final Integer LOCKED_TIME = 3;
    private static final Integer LOCKED_THRESHOLD = 10;
    private final Map<String, UserLoginLockStatus> loginLockStatusMap = new ConcurrentHashMap();

    @Autowired
    private UserEntityMapper userMapper;

    @Autowired
    private TenantRoleService tenantRoleService;

    @Autowired
    private InlongGroupEntityMapper groupMapper;

    @Autowired
    private InlongClusterEntityMapper clusterMapper;

    @Autowired
    private InlongClusterTagEntityMapper clusterTagMapper;

    @Autowired
    private DataNodeEntityMapper dataNodeMapper;

    @Autowired
    private InlongConsumeEntityMapper consumeMapper;

    @Override // org.apache.inlong.manager.service.user.UserService
    public Integer save(UserRequest userRequest, String str) {
        String name = userRequest.getName();
        UserEntity selectByName = this.userMapper.selectByName(name);
        String password = userRequest.getPassword();
        Preconditions.expectNull(selectByName, "username [" + name + "] already exists");
        Preconditions.expectTrue(StringUtils.isNotBlank(password), "password cannot be blank");
        UserEntity userEntity = new UserEntity();
        userEntity.setName(name);
        userEntity.setPassword(SHAUtils.encrypt(password));
        userEntity.setAccountType(userRequest.getAccountType());
        userEntity.setDueDate(DateUtils.getExpirationDate(userRequest.getValidDays()));
        userEntity.setCreator(str);
        userEntity.setModifier(str);
        userEntity.setExtParams(userRequest.getExtParams());
        try {
            Map generateRSAKeyPairs = RSAUtils.generateRSAKeyPairs();
            String str2 = (String) generateRSAKeyPairs.get("RSAPublicKey");
            String str3 = (String) generateRSAKeyPairs.get("RSAPrivateKey");
            String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(SECRET_KEY_SIZE.intValue());
            Integer currentVersion = AESUtils.getCurrentVersion((Properties) null);
            userEntity.setEncryptVersion(currentVersion);
            userEntity.setPublicKey(AESUtils.encryptToString(str2.getBytes(StandardCharsets.UTF_8), currentVersion));
            userEntity.setPrivateKey(AESUtils.encryptToString(str3.getBytes(StandardCharsets.UTF_8), currentVersion));
            userEntity.setSecretKey(AESUtils.encryptToString(randomAlphanumeric.getBytes(StandardCharsets.UTF_8), currentVersion));
            Preconditions.expectTrue(this.userMapper.insert(userEntity) > 0, "Create user failed");
            Preconditions.expectTrue(this.tenantRoleService.saveDefault(name, str).intValue() > 0, "Add default tenant role failed");
            LOGGER.debug("success to create user info={}", userRequest);
            return userEntity.getId();
        } catch (Exception e) {
            String format = String.format("generate rsa key error: %s", e.getMessage());
            LOGGER.error(format, e);
            throw new BusinessException(format);
        }
    }

    @Override // org.apache.inlong.manager.service.user.UserService
    public UserInfo getById(Integer num, String str) {
        Preconditions.expectNotNull(num, "User id cannot be null");
        UserEntity selectById = this.userMapper.selectById(num);
        Preconditions.expectNotNull(selectById, "User not exists with id " + num);
        Preconditions.expectTrue(Objects.equals(TenantUserTypeEnum.TENANT_ADMIN.getCode(), this.userMapper.selectByName(str).getAccountType()) || Objects.equals(selectById.getName(), str), "Current user does not have permission to get other users' info");
        UserInfo userInfo = new UserInfo();
        userInfo.setId(selectById.getId());
        userInfo.setName(selectById.getName());
        userInfo.setValidDays(DateUtils.getValidDays(selectById.getCreateTime(), selectById.getDueDate()));
        userInfo.setAccountType(selectById.getAccountType());
        userInfo.setVersion(selectById.getVersion());
        if (StringUtils.isNotBlank(selectById.getSecretKey()) && StringUtils.isNotBlank(selectById.getPublicKey())) {
            try {
                Integer encryptVersion = selectById.getEncryptVersion();
                byte[] decryptAsString = AESUtils.decryptAsString(selectById.getSecretKey(), encryptVersion);
                byte[] decryptAsString2 = AESUtils.decryptAsString(selectById.getPublicKey(), encryptVersion);
                userInfo.setSecretKey(new String(decryptAsString, StandardCharsets.UTF_8));
                userInfo.setPublicKey(new String(decryptAsString2, StandardCharsets.UTF_8));
            } catch (Exception e) {
                String format = String.format("decryption error: %s", e.getMessage());
                LOGGER.error(format, e);
                throw new BusinessException(format);
            }
        }
        LOGGER.debug("success to get user info by id={}", num);
        return userInfo;
    }

    @Override // org.apache.inlong.manager.service.user.UserService
    public UserInfo getByName(String str) {
        Preconditions.expectNotBlank(str, ErrorCodeEnum.INVALID_PARAMETER, "User name cannot be null");
        UserEntity selectByName = this.userMapper.selectByName(str);
        if (selectByName == null) {
            return null;
        }
        UserInfo userInfo = (UserInfo) CommonBeanUtils.copyProperties(selectByName, UserInfo::new);
        userInfo.setValidDays(DateUtils.getValidDays(selectByName.getCreateTime(), selectByName.getDueDate()));
        return userInfo;
    }

    @Override // org.apache.inlong.manager.service.user.UserService
    public PageResult<UserInfo> list(UserRequest userRequest) {
        PageHelper.startPage(userRequest.getPageNum(), userRequest.getPageSize());
        Page selectByCondition = this.userMapper.selectByCondition(userRequest);
        List copyListProperties = CommonBeanUtils.copyListProperties(selectByCondition, UserInfo::new);
        copyListProperties.forEach(userInfo -> {
            userInfo.setStatus(userInfo.getDueDate().after(new Date()) ? "valid" : "invalid");
        });
        PageResult<UserInfo> pageResult = new PageResult<>(copyListProperties, Long.valueOf(selectByCondition.getTotal()), Integer.valueOf(selectByCondition.getPageNum()), Integer.valueOf(selectByCondition.getPageSize()));
        LOGGER.debug("success to list users for request={}, result size={}", userRequest, pageResult.getTotal());
        return pageResult;
    }

    @Override // org.apache.inlong.manager.service.user.UserService
    public Integer update(UserRequest userRequest, String str) {
        LOGGER.debug("begin to update user info={} by {}", userRequest, str);
        Preconditions.expectNotNull(userRequest, "Userinfo cannot be null");
        Preconditions.expectNotNull(userRequest.getId(), "User id cannot be null");
        UserEntity selectByName = this.userMapper.selectByName(str);
        String name = userRequest.getName();
        boolean equals = Objects.equals(TenantUserTypeEnum.TENANT_ADMIN.getCode(), selectByName.getAccountType());
        Preconditions.expectTrue(equals || Objects.equals(name, str), "You are not a manager and do not have permission to update other users");
        Preconditions.expectFalse(equals && Objects.equals(TenantUserTypeEnum.TENANT_OPERATOR.getCode(), userRequest.getAccountType()) && Objects.equals(str, name), "You are a manager and you cannot change to an ordinary user");
        UserEntity selectById = this.userMapper.selectById(userRequest.getId());
        Preconditions.expectNotNull(selectById, "User not exists with id=" + userRequest.getId());
        String format = String.format("user has already updated with username=%s, reqVersion=%s, storedVersion=%s", name, userRequest.getVersion(), selectById.getVersion());
        if (!Objects.equals(selectById.getVersion(), userRequest.getVersion())) {
            LOGGER.error(format);
            throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED);
        }
        UserEntity selectByName2 = this.userMapper.selectByName(name);
        Preconditions.expectTrue(Objects.isNull(selectByName2) || Objects.equals(selectByName2.getName(), selectById.getName()), "Username [" + name + "] already exists");
        if (!equals) {
            Preconditions.expectTrue(SHAUtils.encrypt(userRequest.getPassword()).equals(selectById.getPassword()), "Old password is wrong");
            Preconditions.expectTrue(userRequest.getValidDays().intValue() <= DateUtils.getValidDays(selectById.getCreateTime(), selectById.getDueDate()).intValue(), "Ordinary users are not allowed to add valid days");
            Preconditions.expectTrue(Objects.equals(selectById.getAccountType(), userRequest.getAccountType()), "Ordinary users are not allowed to update account type");
        }
        if (!StringUtils.isBlank(userRequest.getNewPassword())) {
            selectById.setPassword(SHAUtils.encrypt(userRequest.getNewPassword()));
        }
        selectById.setDueDate(DateUtils.getExpirationDate(userRequest.getValidDays()));
        selectById.setAccountType(userRequest.getAccountType());
        selectById.setName(name);
        selectById.setExtParams(userRequest.getExtParams());
        if (this.userMapper.updateByPrimaryKeySelective(selectById) != InlongConstants.AFFECTED_ONE_ROW.intValue()) {
            LOGGER.error(format);
            throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED);
        }
        LOGGER.debug("success to update user info={} by {}", userRequest, str);
        return selectById.getId();
    }

    @Override // org.apache.inlong.manager.service.user.UserService
    public Boolean delete(Integer num, String str) {
        Preconditions.expectNotNull(num, "User id should not be empty");
        UserEntity selectByName = this.userMapper.selectByName(str);
        UserEntity selectById = this.userMapper.selectById(num);
        Preconditions.expectTrue(selectByName.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode()), "Current user is not a manager and does not have permission to delete users");
        Preconditions.expectTrue(!Objects.equals(selectById.getName(), str), "Current user does not have permission to delete himself");
        String name = selectById.getName();
        removeInChargeForGroup(name, str);
        removeInChargeForCluster(name, str);
        removeInChargeForClusterTag(name, str);
        removeInChargeForDataNode(name, str);
        removeInChargeForConsume(name, str);
        this.userMapper.deleteById(num);
        removeUserFromSession(num, str);
        LOGGER.debug("success to delete user by id={}, current user={}", num, str);
        return true;
    }

    @Override // org.apache.inlong.manager.service.user.UserService
    public void login(UserLoginRequest userLoginRequest) {
        String username = userLoginRequest.getUsername();
        UserLoginLockStatus orDefault = this.loginLockStatusMap.getOrDefault(username, new UserLoginLockStatus());
        LocalDateTime lockoutTime = orDefault.getLockoutTime();
        if (lockoutTime != null && lockoutTime.isAfter(LocalDateTime.now())) {
            throw new BusinessException("account has been locked, please try again in " + (Duration.between(LocalDateTime.now(), lockoutTime).toMinutes() + 1) + " minutes");
        }
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(new UsernamePasswordToken(username, userLoginRequest.getPassword()));
            LoginUserUtils.setUserLoginInfo((UserInfo) subject.getPrincipal());
            orDefault.setLoginErrorCount(0);
            this.loginLockStatusMap.put(username, orDefault);
        } catch (AuthenticationException e) {
            LOGGER.error("login error for request {}", userLoginRequest, e);
            int loginErrorCount = orDefault.getLoginErrorCount() + 1;
            if (loginErrorCount % LOCKED_THRESHOLD.intValue() == 0) {
                LocalDateTime plusMinutes = LocalDateTime.now().plusMinutes(LOCKED_TIME.intValue());
                orDefault.setLockoutTime(plusMinutes);
                LOGGER.error("account {} is locked, lockout time: {}", username, plusMinutes);
            }
            orDefault.setLoginErrorCount(loginErrorCount);
            this.loginLockStatusMap.put(username, orDefault);
            throw e;
        }
    }

    @Override // org.apache.inlong.manager.service.user.UserService
    public void checkUser(String str, String str2, String str3) {
        Preconditions.expectTrue(Preconditions.inSeparatedString(str2, str, ",") || TenantUserTypeEnum.TENANT_ADMIN.getCode().equals(this.userMapper.selectByName(str2).getAccountType()), str3);
    }

    public void removeInChargeForGroup(String str, String str2) {
        InlongGroupPageRequest inlongGroupPageRequest = new InlongGroupPageRequest();
        inlongGroupPageRequest.setCurrentUser(str);
        inlongGroupPageRequest.setIsAdminRole(false);
        for (InlongGroupEntity inlongGroupEntity : this.groupMapper.selectByCondition(inlongGroupPageRequest)) {
            if (Objects.equals(inlongGroupEntity.getCreator(), str)) {
                inlongGroupEntity.setCreator("admin");
            }
            HashSet newHashSet = Sets.newHashSet(inlongGroupEntity.getInCharges().split(","));
            newHashSet.remove(str);
            inlongGroupEntity.setInCharges(Joiner.on(",").join(newHashSet));
            inlongGroupEntity.setModifier(str2);
            if (this.groupMapper.updateByIdentifierSelective(inlongGroupEntity) != InlongConstants.AFFECTED_ONE_ROW.intValue()) {
                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, String.format("record has already updated with group id=%s, curVersion=%d", inlongGroupEntity.getInlongGroupId(), inlongGroupEntity.getVersion()));
            }
        }
    }

    public void removeInChargeForCluster(String str, String str2) {
        ClusterPageRequest clusterPageRequest = new ClusterPageRequest();
        clusterPageRequest.setCurrentUser(str);
        clusterPageRequest.setIsAdminRole(false);
        for (InlongClusterEntity inlongClusterEntity : this.clusterMapper.selectByCondition(clusterPageRequest)) {
            if (Objects.equals(inlongClusterEntity.getCreator(), str)) {
                inlongClusterEntity.setCreator("admin");
            }
            HashSet newHashSet = Sets.newHashSet(inlongClusterEntity.getInCharges().split(","));
            newHashSet.remove(str);
            inlongClusterEntity.setInCharges(Joiner.on(",").join(newHashSet));
            inlongClusterEntity.setModifier(str2);
            if (this.clusterMapper.updateByIdSelective(inlongClusterEntity) != InlongConstants.AFFECTED_ONE_ROW.intValue()) {
                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, String.format("cluster has already updated with name=%s, type=%s, curVersion=%d", inlongClusterEntity.getName(), inlongClusterEntity.getType(), inlongClusterEntity.getVersion()));
            }
        }
    }

    public void removeInChargeForClusterTag(String str, String str2) {
        ClusterTagPageRequest clusterTagPageRequest = new ClusterTagPageRequest();
        clusterTagPageRequest.setCurrentUser(str);
        clusterTagPageRequest.setIsAdminRole(false);
        for (InlongClusterTagEntity inlongClusterTagEntity : this.clusterTagMapper.selectByCondition(clusterTagPageRequest)) {
            if (Objects.equals(inlongClusterTagEntity.getCreator(), str)) {
                inlongClusterTagEntity.setCreator("admin");
            }
            HashSet newHashSet = Sets.newHashSet(inlongClusterTagEntity.getInCharges().split(","));
            newHashSet.remove(str);
            inlongClusterTagEntity.setInCharges(Joiner.on(",").join(newHashSet));
            inlongClusterTagEntity.setModifier(str2);
            if (this.clusterTagMapper.updateByIdSelective(inlongClusterTagEntity) != InlongConstants.AFFECTED_ONE_ROW.intValue()) {
                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, String.format("cluster tag has already updated with name=%s, curVersion=%s", inlongClusterTagEntity.getClusterTag(), inlongClusterTagEntity.getVersion()));
            }
        }
    }

    public void removeInChargeForDataNode(String str, String str2) {
        DataNodePageRequest dataNodePageRequest = new DataNodePageRequest();
        dataNodePageRequest.setCurrentUser(str);
        dataNodePageRequest.setIsAdminRole(false);
        for (DataNodeEntity dataNodeEntity : this.dataNodeMapper.selectByCondition(dataNodePageRequest)) {
            if (Objects.equals(dataNodeEntity.getCreator(), str)) {
                dataNodeEntity.setCreator("admin");
            }
            HashSet newHashSet = Sets.newHashSet(dataNodeEntity.getInCharges().split(","));
            newHashSet.remove(str);
            dataNodeEntity.setInCharges(Joiner.on(",").join(newHashSet));
            dataNodeEntity.setModifier(str2);
            int updateByIdSelective = this.dataNodeMapper.updateByIdSelective(dataNodeEntity);
            if (updateByIdSelective != InlongConstants.AFFECTED_ONE_ROW.intValue()) {
                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, String.format("failure to update data node with name=%s, type=%s, request version=%d, updated row=%d", dataNodeEntity.getName(), dataNodeEntity.getType(), dataNodeEntity.getVersion(), Integer.valueOf(updateByIdSelective)));
            }
        }
    }

    public void removeInChargeForConsume(String str, String str2) {
        InlongConsumePageRequest inlongConsumePageRequest = new InlongConsumePageRequest();
        inlongConsumePageRequest.setCurrentUser(str);
        inlongConsumePageRequest.setIsAdminRole(false);
        for (InlongConsumeEntity inlongConsumeEntity : this.consumeMapper.selectByCondition(inlongConsumePageRequest)) {
            if (Objects.equals(inlongConsumeEntity.getCreator(), str)) {
                inlongConsumeEntity.setCreator("admin");
            }
            HashSet newHashSet = Sets.newHashSet(inlongConsumeEntity.getInCharges().split(","));
            newHashSet.remove(str);
            inlongConsumeEntity.setInCharges(Joiner.on(",").join(newHashSet));
            inlongConsumeEntity.setModifier(str2);
            if (this.consumeMapper.updateByIdSelective(inlongConsumeEntity) != InlongConstants.AFFECTED_ONE_ROW.intValue()) {
                LOGGER.error("inlong consume has already updated, id={}, curVersion={}", inlongConsumeEntity.getId(), inlongConsumeEntity.getVersion());
                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED);
            }
        }
    }

    public void removeUserFromSession(Integer num, String str) {
        UserInfo userInfo;
        SessionDAO sessionDAO = SecurityUtils.getSecurityManager().getSessionManager().getSessionDAO();
        Collection<Session> activeSessions = sessionDAO.getActiveSessions();
        if (activeSessions.size() >= 1) {
            for (Session session : activeSessions) {
                Object attribute = session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
                if (attribute != null && (userInfo = (UserInfo) ((SimplePrincipalCollection) attribute).getPrimaryPrincipal()) != null && Objects.equals(userInfo.getId(), num)) {
                    sessionDAO.delete(session);
                    LOGGER.info("success remove user from session by id={}, current user={}", userInfo.getId(), str);
                }
            }
        }
    }
}
